Last updated: 01.04.2026
This Privacy Notice explains how Grigo processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).
1. Data Controller
Grigo
Grigo acts as the data controller for personal data collected through the platform.
2. Personal Data We Collect
We may process:
- Identification data (name, email)
- Account credentials (hashed passwords)
- Profile data
- Usage data (courses, sessions, interactions)
- Communication data (messages, support requests)
- Technical data (IP address, device, logs)
3. Legal Basis for Processing
We process personal data based on:
- Contract (Art. 6(1)(b)) – to provide platform services
- Legal obligation (Art. 6(1)(c)) – compliance with applicable laws
- Legitimate interests (Art. 6(1)(f)) – platform security, improvements
- Consent (Art. 6(1)(a)) – where required (e.g., cookies)
4. Purpose of Processing
We use data to:
- Provide and operate the platform
- Manage accounts and authentication
- Enable courses and live sessions
- Improve performance and functionality
- Ensure security and prevent misuse
5. Third-Party Services
We may use third-party providers, including Zoom Video Communications for live sessions.
These providers process data only as necessary to deliver their services.
6. Data Transfers
Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
7. Data Retention
We retain personal data only as long as necessary for:
- Service provision
- Legal obligations
- Legitimate business purposes
8. Your Rights (GDPR)
You have the right to:
- Access your data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase data (“right to be forgotten”, Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
You also have the right to lodge a complaint with a supervisory authority.
9. Security Measures
We implement appropriate technical and organizational measures, including:
- Encryption of sensitive data
- Secure authentication mechanisms
- Access controls
10. Automated Decision-Making
Grigo does not perform automated decision-making with legal or significant effects.
11. Changes
We may update this notice. Continued use implies acceptance.