We are Gruveo, s.r.o. with its registered seat at Dénešova 71, 040 23 Košice, Slovak republic (“Gruveo”). Our contact details are set out at the end of this policy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy or our contract with you explains otherwise).
Our mission is to enhance and simplify the way people communicate over the Internet.
We may process personal data relating to you if:
We may process personal data relating to you that we have acquired from you, or obtained from somewhere else (for example, from your employer). The personal data relating to you that we process may include the information set out below.
We may process your personal details pursuant to our “customer class” that you choose at Gruveo Services, including:
Please note that the provision of this personal data is a contractual requirement that will enable us to fulfil the contract concerning your use of Gruveo services and in the event of failure to provide such data you are unable to use certain functions of Gruveo Services.
We process the electronic communications data only if it is necessary to achieve the transmission, distribution or exchange of the Internet communication among the users (for example, metadata) and for the duration necessary for that purpose.
We also collect usage statistics for Gruveo users and subscribers, where we collect the following information:
We do not provide this information to any third party.
We process your IP address to receive information about in which devices the Gruveo Services are used. The purpose for processing the IP address is to find the devices and the nearest server to connect to. The legal basis for our processing of the IP address is that it is necessary to fulfil the contract concerning your use of Gruveo Services. Without collecting the IP address from you and processing it, we cannot connect you to the nearest server, which is necessary for the provision of Gruveo Services.
All user’s or subscriber’s IP addresses are fully anonymized by masking the last octet of the IP address.
We collect server logs to monitor the performance and security of Gruveo Services as well as to ensure the proper functioning of the service.
The characteristics of each type of logs we collect are following:
You may choose to sign up to our Gruveo Connect Newsletter by providing your email address for subsequent communication. If you subscribe for our newsletter via the Gruveo Website or Apps, you give us your consent with emailing you with our Gruveo Connect Newsletter.
Your email will never be shared with any third parties and you will receive only the type of content for which you signed up. You can unsubscribe at any time.
Please note that subscribing to the newsletter is not required to use the Gruveo service.
All Gruveo calls are encrypted, with one-on-one calls being encrypted end-to-end as per the WebRTC standard. Wherever the users’ firewall configurations permit, one-on-one calls are established directly between the users’ devices. A one-on-one call may get relayed via one of our TURN servers due to restrictive firewalls, but even in that case the TURN server would not be capable of decrypting the call content.
All text messages on Gruveo are relayed in encrypted form via our secure servers.
Moreover, all personal data processed by Gruveo are stored securely and protected by using appropriate technology.
Where you choose your access details for your account at Gruveo Services, you are responsible for keeping these details confidential. Gruveo asks you not to share these details with anyone.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your data, we will use strict security features to try to prevent unauthorised access.
Once the number of participants in a call changes from two to three, the call is re-routed through one of Gruveo’s SFU servers to make a group call possible. Just like in the case of call recording (see below), the call content is then encrypted in transit to and from the SFU server.
By nature of how Gruveo Services works, it is not impossible that you may get connected to a user different from the person(s) you originally intended to connect to. This may happen if the third party connects to Gruveo Services using your agreed upon room name before your counterpart(s) do. Therefore, please note that all Gruveo users are encouraged to choose longer, non-trivial and specific room names for establishing their calls, as well as to lock the room once all of the expected participants have joined.
Unless call recording has been explicitly initiated by a subscriber (see below), we do not store any parts of the call content such as audio/video, screenshots, text messages and the like on our servers.
We offer the call recording feature to Gruveo subscribers. A Gruveo subscriber can record the audio and video of any part of a Gruveo call they are participating in for future playback and/or downloading. All call participants are alerted of a recording taking place with a visual indicator that is displayed for the duration of the recording, as well as an audible beep that sounds at the beginning of the recording.
If a recording has been started during a call, the call is re-routed through one of Gruveo’s SFU servers to make the recording possible. In this case, the call content is encrypted in transit to and from the SFU server.
Gruveo subscribers have the option to have the history of their text chats sent to them via email at the end of each call. The chat history is sent in unencrypted email messages. Please note that due to the nature of the email protocol, the content of such messages can be potentially readable to third parties.
We never record any your content without your explicit instruction (i.e. consent) expressed in your account. We do not share recorded content with any third parties, nor do we provide them with access to any call content otherwise.
We may process information that we obtain from communicating with you, including:
We may process information relating to our dealings with you or the person that you work for, including:
We may process your personal data for the following purposes:
The legal basis on which we process your personal data is as follows:
Your personal data are safe with us. We do not trade your data to any other third parties. Please note that we may only disclose personal data to our authorised service providers. When we share personal information with others we require them to keep it safe. In this section you may learn more about who we share your personal information with.
We may share your personal data with the following recipients:
Please be informed that on the basis of our legitimate interest we may disclose your personal data to third parties:
If you are an EU citizen and are using Gruveo services within EU/EEA, by default we do not transfer your personal data outside of EU/EEA.
However, under some circumstances the data may be processed by staff situated outside the European Economic Area (“EEA”) who works for Gruveo. Under some special circumstances, the data that we process in relation to you may be also transferred to, and processed at, a location outside the EEA that may not be subject to equivalent data protection law.
We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
This section explains the rights you have regarding your personal data. If you would like to exercise any of your rights, or receive more information about them, please contact us via the contact details below and we will help you out. Please note that some of the rights may not be applicable to your situation.
You have the following rights under the conditions of Chapter III of the EU General Data Protection Regulation:
You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons – where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the event that your data are processed on the legal basis of our legitimate interest, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data – we shall no longer process the personal data on this legal basis unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You can withdraw your consent to any relevant processing of personal data:
You can exercise your rights to your personal data:
Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.
040 23 Košice
Contact: Artem Matsak
This policy was last updated on May 25, 2018.