Back to Home

Privacy Policy

Last updated: January 3, 2025

Introduction

Grillo Ltd ("Grillo", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy complies with the UK General Data Protection Regulation (UK GDPR), as defined by the Data Protection Act 2018, and explains how we collect, use, and protect your personal information when you visit our website or use our earthquake monitoring services.

This policy also informs you about your privacy rights and how the law protects you. We are registered with the Information Commissioner's Office (ICO) and process data in accordance with UK data protection laws.

Data Controller

Grillo Ltd (Company Number: 16693406) is the data controller responsible for your personal data. If you have any questions about this privacy policy or our privacy practices, please contact us at:

  • Email: hello@grillo.io
  • Address: Grillo Ltd, 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
  • Company Number: 16693406

The Data We Collect About You

Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you:

Categories of Personal Data

  • Identity Data: first name, last name, title, company name
  • Contact Data: email address, telephone numbers, postal address
  • Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device information
  • Usage Data: information about how you use our website, products and services, including pages visited, time spent on pages, click-through rates
  • Location Data: geographic location data for earthquake monitoring services (where you have explicitly consented)
  • Marketing and Communications Data: your preferences in receiving marketing from us and your communication preferences

Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely on are:

Contract (Article 6(1)(b))

We process Identity and Contact Data to:

  • Provide our earthquake monitoring services to you
  • Process and deliver service orders
  • Manage payments, fees and charges
  • Provide customer support

Legitimate Interests (Article 6(1)(f))

We process Technical and Usage Data for our legitimate interests to:

  • Improve our website and services
  • Ensure network and information security
  • Prevent fraud and enhance safety
  • Understand how customers use our products
  • Develop new products and features

Consent (Article 6(1)(a))

We process data based on your explicit consent for:

  • Marketing communications (where you have opted in)
  • Location data for earthquake alerts
  • Analytics and non-essential cookies

Legal Obligation (Article 6(1)(c))

We may process your data to comply with legal obligations, such as:

  • Tax and accounting requirements
  • Responding to legal requests from authorities
  • Health and safety obligations

Cookie Policy

We use cookies and similar tracking technologies to track activity on our website and hold certain information. You can control cookies through our cookie consent banner that appears when you first visit our site.

Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly. These include session cookies and security cookies. Legal basis: Legitimate interests.
  • Analytics Cookies: Help us understand how visitors interact with our website by collecting information anonymously. We use these only with your consent. Legal basis: Consent.
  • Functional Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences. Legal basis: Consent.
  • Marketing Cookies: Used to track visitors across websites to display relevant advertisements. Currently not in use, but would require explicit consent. Legal basis: Consent.

Managing Cookies

You can manage your cookie preferences at any time through our cookie consent banner. You can also control cookies through your browser settings. Please note that refusing cookies may impact the functionality of our website.

Third-Party Data Sharing

We may share your personal data with third parties in the following circumstances:

Service Providers

We share data with trusted third-party service providers who assist us in operating our website and delivering our services, including:

  • Cloud hosting providers (AWS)
  • Email service providers
  • Payment processors
  • Customer support tools
  • Analytics services (only with your consent)

All service providers are contractually required to keep your data secure and process it only according to our instructions.

Legal Requirements

We may disclose your data if required by law or in response to valid requests by public authorities (e.g., courts or government agencies).

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your personal data becomes subject to a different privacy policy.

International Data Transfers

Some of our service providers are based outside the UK and European Economic Area (EEA). When we transfer your personal data outside the UK, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: We transfer data to countries that the UK government has determined provide adequate data protection
  • Standard Contractual Clauses: We use UK-approved standard contractual clauses with service providers in countries without adequacy decisions
  • Technical Safeguards: All data transfers are encrypted and secured using industry-standard protocols

You can request details of the specific safeguards applied to your data transfers by contacting us at hello@grillo.io.

Data Security

We have implemented appropriate technical and organisational measures to secure your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures
  • Regular staff training on data protection
  • Incident response and data breach procedures

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including satisfying legal, regulatory, tax, accounting, or reporting requirements.

To determine appropriate retention periods, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The purposes for which we process your personal data
  • Legal requirements to retain data for minimum periods
  • Statute of limitations for legal claims

Your Legal Rights

Under UK GDPR, you have the following rights regarding your personal data:

Your Rights Include:

  • Right to Access: Request a copy of your personal data (commonly known as a "data subject access request")
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request restriction of processing in certain circumstances
  • Right to Data Portability: Request transfer of your data to another controller in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests, direct marketing, or research/statistics
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time
  • Rights Related to Automated Decision-Making: Right not to be subject to solely automated decision-making, including profiling

Exercising Your Rights

To exercise any of these rights, please contact us at hello@grillo.io. We will respond to your request within one month, though complex requests may take longer (up to three months total). We will not charge a fee unless your request is clearly unfounded, repetitive, or excessive.

Right to Complain to the ICO

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not complied with the requirements of the UK GDPR regarding your personal data.

ICO Contact Details:

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Live chat: Available on the ICO website
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Children's Privacy

Our services are not directed to individuals under 16 years of age, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as soon as possible.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new privacy policy on this page and updating the "last updated" date. For significant changes, we may also notify you by email or through a notice on our website.

Contact Us

If you have any questions about this privacy policy, your personal data, or wish to exercise your rights, please contact us at:

  • Email: hello@grillo.io
  • Address: Grillo Ltd, 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom

We aim to resolve any privacy concerns you may have promptly and fairly.