Grona Tech
Data Privacy Terms
Parties

Data Controller: Grona Agenct

Data Processor: Ivan Anisimov

Effective Date: December 15, 2025

Recitals

WHEREAS, the Data Controller wishes to engage the Data Processor to perform certain data processing activities; and

WHEREAS, the parties desire to ensure compliance with data protection laws and regulations;

 1. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.

"Data Protection Laws" means all applicable legislation protecting the rights and privacy of individuals with respect to personal data.

"Processing" means any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, or alteration.

 2. Scope of Processing

2.1 Categories of Data Subjects

Website visitors; Clients and potential clients; Users of the Agency’s services; Representatives of corporate clients

2.2 Types of Personal Data

Contact Information: name, phone number, email address, postal address; Identification Data: IP address; Technical/Usage Data: browser type and version, pages visited, time and date of visits, time spent on pages, and other diagnostic statistics; Cookies and Tracking Data

2.3 Purposes of Processing

Providing and improving the Service: To deliver design and digital services to the user; Communication: To contact or identify the users and respond to their inquiries; Analytics and Personalization: To analyze how the Service is used and improve user experience

 3. Processor Obligations

  • Process personal data only on documented, lawful instructions from the Data Controller

  • Maintain strict confidentiality of all personal data

  • Process data solely for the specified, explicit, and legitimate purposes

  • Implement and maintain appropriate technical and organizational measures

  • Notify the Data Controller of any data breaches within 24 hours of discovery

 4. Security Measures

4.1 Technical Safeguards

  • Advanced encryption protocols for data in transit and at rest

  • Comprehensive access control systems with multi-factor authentication

  • Periodic security assessments and penetration testing

4.2 Organizational Measures

  • Regular staff training on data protection principles

  • Strict access management and principle of least privilege

  • Documented incident response and data breach notification procedures

 5. Sub-Processors

5.1 Approved Sub-processors

  • No sub-processors currently engaged

5.2 Sub-processor Management

Sub-processor engagement is permitted with post-notification to the Data Controller.

 6. Data Subject Rights

The Data Processor shall:

  • Assist the Data Controller in fulfilling data subject rights requests

  • Implement mechanisms to support rights of access, rectification, erasure, and data portability

  • Respond to data subject inquiries promptly and within legal timeframes

 7. Compliance and Audit

  • Maintain comprehensive records of processing activities

  • Cooperate fully with data protection authority investigations

  • Allow and facilitate audits by the Data Controller with reasonable notice

 8. Term and Termination

This agreement remains in effect until all personal data processing activities are complete. Upon termination, the Data Processor shall:

  • Return or securely delete all personal data

  • Provide a certificate of destruction

  • Cease all data processing activities