Granular Group d.o.o., OIB: 15328152226, registered at the Commercial Court in Zagreb under MBS: 04992555, with its registered office at Petračićeva 6, 10 000 Zagreb, Republic of Croatia (hereinafter: “Granular Group”, “we”, “us”, or “our”), is committed to protecting and respecting your privacy.
This Privacy Policy explains what personal data we collect when you visit our website at https://granulargroup.com (hereinafter: the “Website”), how we use it, on what legal basis we process it, and what rights you have in relation to your personal data.
Granular Group acts as the data controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (hereinafter: “GDPR”) and the Croatian Act on the Implementation of the General Data Protection Regulation (NN 42/18).
1. What Personal Data We Collect
We collect personal data only when you voluntarily provide it or when it is automatically collected through standard internet communication protocols. We do not process any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data), nor do we collect information about criminal convictions and offences.
1.1 Data you provide directly
Contact form: When you submit an enquiry through our contact form, we collect your name, email address, and optionally your company URL.
Job applications: When you apply for a position through the contact form on our Careers page, we collect your name, surname, email address, message, and CV (curriculum vitae).
1.2 Data collected automatically
When you visit our Website, certain technical data is collected automatically, including your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited, time and date of access, and time spent on individual pages.
2. How and Why We Use Your Data
We use your personal data for the following purposes:
- To respond to your enquiries submitted through the contact form and to communicate with you regarding potential collaboration – legal basis: performance of a contract or steps taken at your request prior to entering into a contract (Article 6(1)(b) GDPR), and our legitimate interest in managing business communications (Article 6(1)(f) GDPR).
- To process your job applications and manage the recruitment process – legal basis: steps taken at your request prior to entering into a contract (Article 6(1)(b) GDPR), and our legitimate interest in finding suitable candidates (Article 6(1)(f) GDPR).
- To analyse website traffic and user behaviour in order to improve the performance, content, and functionality of our Website – legal basis: your consent obtained through our cookie consent mechanism (Article 6(1)(a) GDPR).
- To ensure the technical functioning, security, and integrity of our Website – legal basis: our legitimate interest in maintaining a secure and functional website (Article 6(1)(f) GDPR).
- To comply with legal obligations, including tax and accounting requirements – legal basis: compliance with a legal obligation (Article 6(1)(c) GDPR).
3. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies. A cookie is a small text file that is stored on your device (computer, smartphone, tablet) when you visit a website. Cookies help us understand how visitors use our Website and allow us to improve your browsing experience.
We use Cookiebot as our consent management platform. When you first visit our Website, a cookie consent banner is displayed, allowing you to accept or decline optional cookies. You can change your cookie preferences at any time through the Cookiebot widget on our Website.
3.1 Strictly necessary cookies
These cookies are essential for the Website to function properly. They enable basic features such as page navigation, security, and the cookie consent mechanism. These cookies cannot be disabled as the Website cannot function without them. They do not store any personally identifiable information.
3.2 Statistical / analytics cookies
We use Google Analytics 4 (GA4) to collect anonymised data about how visitors use our Website. GA4 uses cookies to collect information such as the number of visitors, the pages they visit, the source of traffic, and general user behaviour patterns. This data helps us understand which parts of our Website are most useful and how we can improve the user experience.
Google Analytics data is transmitted to and stored on servers operated by Google LLC in the United States. Google may use this data in accordance with its own privacy policy, available at https://policies.google.com/privacy.
You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout.
3.3 Marketing / advertising cookies
We do not currently use marketing or advertising cookies (such as Google Ads remarketing tags, Meta Pixel, or LinkedIn Insight Tag) on our Website. Should we introduce any such technologies in the future, this Privacy Policy will be updated accordingly, and your consent will be requested through our cookie consent mechanism before any such cookies are placed on your device.
We also use Google Tag Manager (GTM) to manage the deployment of analytics and other scripts on our Website. GTM itself does not collect personal data or set cookies, but it facilitates the loading of other tools (such as Google Analytics) that may do so.
You can manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, if you disable all cookies, some features of our Website may not function correctly. For more information about managing cookies, visit www.allaboutcookies.org or www.youronlinechoices.eu.
4. Third-Party Data Processors
We engage carefully selected third-party service providers who process personal data on our behalf and in accordance with our instructions. These processors are contractually bound to comply with the GDPR and to implement appropriate technical and organisational measures to protect your data.
Our current data processors include:
- Google LLC (Google Analytics 4, Google Tag Manager) – Privacy Policy: https://policies.google.com/privacy
- DigitalOcean, LLC (website hosting) – Privacy Policy: https://www.digitalocean.com/legal/privacy-policy
- Cookiebot (Cybot A/S) (cookie consent management) – Privacy Policy: https://www.cookiebot.com/en/privacy-policy/
We do not sell, rent, or otherwise distribute your personal data to third parties for their own marketing purposes.
5. International Data Transfers
Some of our third-party service providers (notably Google LLC and DigitalOcean, LLC) are based in the United States. When your personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with the GDPR, including the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs) adopted by the European Commission, or other legally recognised transfer mechanisms.
Granular Group also operates offices in Belgrade (Serbia), Wallace, NC (United States), and Singapore. Personal data is only transferred to these locations when necessary for our internal business operations, and appropriate safeguards are always applied.
6. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:
- Contact form enquiries: retained for up to 1 (one) year from the date of the enquiry, unless the enquiry leads to a contractual relationship, in which case retention periods are governed by the applicable contract and legal obligations.
- Job applications: retained for up to 2 (two) years from the date of submission, to allow us to consider your profile for future openings. If you wish your data to be deleted sooner, you may request this at any time (see Section 7).
- Analytics data (Google Analytics): retained in accordance with Google’s data retention settings, which we have configured to the minimum period offered. Aggregated and anonymised data may be retained indefinitely.
- Accounting and tax records: retained for the period required under Croatian law (currently 11 years for certain financial records).
After the applicable retention period expires, your personal data is securely deleted or anonymised.
7. Your Rights Under the GDPR
As a data subject, you have the following rights in relation to your personal data:
- Right of access (Article 15 GDPR) – You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with information about the processing.
- Right to rectification (Article 16 GDPR) – You have the right to request the correction of inaccurate personal data or the completion of incomplete data.
- Right to erasure / “right to be forgotten” (Article 17 GDPR) – You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing.
- Right to restriction of processing (Article 18 GDPR) – You have the right to request that we restrict the processing of your personal data in certain circumstances.
- Right to data portability (Article 20 GDPR) – You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
- Right to object (Article 21 GDPR) – You have the right to object to the processing of your personal data based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
- Right to withdraw consent (Article 7(3) GDPR) – Where processing is based on your consent (e.g. cookies), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right to lodge a complaint – You have the right to lodge a complaint with the Croatian supervisory authority: Agencija za zaštitu osobnih podataka (AZOP), Selska cesta 136, 10 000 Zagreb, Republic of Croatia, website: https://azop.hr.
To exercise any of these rights, please contact us using the details provided in Section 10. We will respond to your request within 30 days.
8. Data Security
We are committed to ensuring the security of your personal data. We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include the use of encrypted connections (SSL/TLS), secure hosting infrastructure, access controls, and regular security reviews.
However, due to the inherent nature of the internet, we cannot guarantee that data transmitted online is completely secure. Any transmission of personal data is at your own risk.
9. Links to Other Websites
Our Website may contain links to third-party websites, including social media platforms (such as LinkedIn and Facebook). We have no control over the content, privacy policies, or practices of these websites. We strongly encourage you to review the privacy policy of every website you visit. Granular Group is not responsible for the privacy practices or content of third-party websites.
10. Contact Information
If you have any questions about this Privacy Policy, wish to exercise your rights as a data subject, or have a complaint regarding the processing of your personal data, please contact us:
- Granular Group d.o.o.
- Petračićeva 6
- 10 000 Zagreb
- Republic of Croatia
- Email: info@granulargroup.com
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Effective date” at the top of this page. We encourage you to review this Privacy Policy periodically.
Continued use of the Website after changes are posted constitutes your acceptance of the updated Privacy Policy.
