Privacy Policy for Gruveo Services

What Is This Policy?

This is our data protection and privacy policy that explains who we are, why and how we process personal data and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.

This information is provided to explain our online information practices and the choices you have in the way information is collected on our websites at www.gruveo.com, about.gruveo.com and videola.io (“Gruveo Websites”) as well as our applications for Android and iOS (“Gruveo Apps”) (Gruveo Websites and Gruveo Apps jointly hereinafter referred to as the “Gruveo Services”). Unless provided otherwise, the information in this Privacy Policy applies to the latest published versions of the Gruveo Websites and the Gruveo Apps.

Who Are We?

We are Gruveo, s.r.o. with its registered seat at Dénešova 71, 040 23 Košice, Slovak republic (“Gruveo”). Our contact details are set out at the end of this policy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy or our contract with you explains otherwise).

Our mission is to enhance and simplify the way people communicate over the Internet.

Whose Personal Data Do We Process?

We may process personal data relating to you if:

  • You are a user or a subscriber of Gruveo Services;
  • You are a supplier of ours;
  • You work for a user or a subscriber or a supplier of ours, or for someone who uses Gruveo Services.
  • You are someone (or you work for someone) to whom we want to advertise our Gruveo Services. In this case, we may have obtained your details direct from you (for example, via Gruveo Websites you may send us your email address for the newsletter purposes).

What Personal Data Do We Process?

We may process personal data relating to you that we have acquired from you, or obtained from somewhere else (for example, from your employer).  The personal data relating to you that we process may include the information set out below.

Personal Details of Gruveo’s Users and Subscribers

We may process your personal details pursuant to our “customer class” that you choose at Gruveo Services, including:

  • Anonymous user
    You have not created an account and/or log at Gruveo Services and you join only anonymous call rooms as well as call Gruveo handles. We do not collect any personally identifiable information from you if you use Gruveo without creating an account.
  • Free users registered at Gruveo Services until October 2017
    You chose to create a Gruveo account until October 25, 2017. You provided us only your email address to prove account ownership. Your email address will never be shared with any third parties.
  • Paid subscribers
    You have created our paid Gruveo account. Therefore, we have to process your name, surname, email address, business name (if you are not a natural person), phone number. Please note that we do not process your payment data from credit/debit card.
  • API users
    If you have chosen our API user account, we shall process the following data:
    - paying via FastSpring: name, email address, company name, phone number;
    - paying via PayPal: name, company name, email address;
    - paying directly via Gruveo: name, company name, address, VAT number.

Please note that the provision of this personal data is a contractual requirement that will enable us to fulfil the contract concerning your use of Gruveo services and in the event of failure to provide such data you are unable to use certain functions of Gruveo Services.

What Personal Data Do We Process when You Use Our Gruveo Services?

We process the electronic communications data only if it is necessary to achieve the transmission, distribution or exchange of the Internet communication among the users (for example, metadata) and for the duration necessary for that purpose.

We also collect usage statistics for Gruveo users and subscribers, where we collect the following information:

  • Date and time of the call;
  • Subscriber username;
  • Call duration;
  • Whether the call was an incoming or outgoing one;
  • Maximum number of participants achieved in the call.

We do not provide this information to any third party.

How Do We Process Your IP Address and Logs?

IP Address

We process your IP address to receive information about in which devices the Gruveo Services are used. The purpose for processing the IP address is to find the devices and the nearest server to connect to. The legal basis for our processing of the IP address is that it is necessary to fulfil the contract concerning your use of Gruveo Services. Without collecting the IP address from you and processing it, we cannot connect you to the nearest server, which is necessary for the provision of Gruveo Services.

All user’s or subscriber’s IP addresses are fully anonymized by masking the last octet of the IP address.

Logs

We collect server logs to monitor the performance and security of Gruveo Services as well as to ensure the proper functioning of the service.

The characteristics of each type of logs we collect are following:

  • Web server access logs on www.gruveo.com:
    • Kept for a maximum of 31 days;
    • No user IP addresses are logged.
  • Signaling server logs (connection logs):
    • Kept for a maximum of 31 days;
    • All user IP addresses in logs are anonymized by masking the last octet of the IP address;
    • Gruveo handles (i.e. usernames) are not logged to lower the possibility of tracing calls made by logged in users to their username.

Would You Like to Receive Our Gruveo Connect Newsletter?

You may choose to sign up to our Gruveo Connect Newsletter by providing your email address for subsequent communication. If you subscribe for our newsletter via the Gruveo Website or Apps, you give us your consent with emailing you with our Gruveo Connect Newsletter.

Your email will never be shared with any third parties and you will receive only the type of content for which you signed up. You can unsubscribe at any time.

Please note that subscribing to the newsletter is not required to use the Gruveo service.

How Is Security Ensured at Gruveo's Services?

General

All Gruveo calls are encrypted, with one-on-one calls being encrypted end-to-end as per the WebRTC standard. One-on-one calls are always relayed via one of our TURN servers, to prevent the participants from exposing their IP addresses to each other. A TURN server is not capable of decrypting call content.

Group calls and recorded calls are routed through our SFU servers (see below), which naturally conceal the participants' IP addresses.

All text messages on Gruveo are relayed in encrypted form via our secure servers.

All personal data processed by Gruveo are stored securely and protected by using appropriate technology. Where you choose your access details for your account at Gruveo Services, you are responsible for keeping these details confidential. Gruveo asks you not to share these details with anyone.

Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your data, we will use strict security features to try to prevent unauthorised access.

Group Calls

Once the number of participants in a call changes from two to three, the call is re-routed through one of Gruveo’s SFU servers to make a group call possible. Just like in the case of call recording (see below), the call content is then encrypted in transit to and from the SFU server.

Connecting to the Intended Users

By nature of how Gruveo Services works, it is not impossible that you may get connected to a user different from the person(s) you originally intended to connect to. This may happen if the third party connects to Gruveo Services using your agreed upon room name before your counterpart(s) do. Therefore, please note that all Gruveo users are encouraged to choose longer, non-trivial and specific room names for establishing their calls, as well as to lock the room once all of the expected participants have joined.

May User’s and Subscriber’s Content be Recorded by Us?

Unless call recording has been explicitly initiated by a subscriber (see below), we do not store any parts of the call content such as audio/video, screenshots, text messages and the like on our servers.

Call Recording

We offer the call recording feature to Gruveo subscribers. A Gruveo subscriber can record the audio and video of any part of a Gruveo call they are participating in for future playback and/or downloading. All call participants are alerted of a recording taking place with a visual indicator that is displayed for the duration of the recording, as well as an audible beep that sounds at the beginning of the recording.

If a recording has been started during a call, the call is re-routed through one of Gruveo’s SFU servers to make the recording possible. In this case, the call content is encrypted in transit to and from the SFU server.

Text Chat History

Gruveo subscribers have the option to have the history of their text chats sent to them via email at the end of each call. The chat history is sent in unencrypted email messages. Please note that due to the nature of the email protocol, the content of such messages can be potentially readable to third parties.

We never record any your content without your explicit instruction (i.e. consent) expressed in your account. We do not share recorded content with any third parties, nor do we provide them with access to any call content otherwise.

Information We Obtain from Communications with Us

We may process information that we obtain from communicating with you, including:

  • Information about you that you give us by communicating with us by phone, by e-mail, via our website, via social media or otherwise.
  • Information you give us or that we obtain when you use our website, obtain or subscribe to our services, supply us with goods or services, enquire about a services, or contact us to report a problem, or do any of these things on behalf of the person that you work for.

Information Relating to Our Dealings with You or the Person You Work for

We may process information relating to our dealings with you or the person that you work for, including:

  • Information relating to transactions with us involving you or the person that you work for (for example, details of services that we have supplied to, or obtained from, you or the person you work for).
  • Other information relating to you which it is necessary for us to process in order to enter into or perform a contract with you or the person that you work for.

Cookies

Our use of cookies to process personal data is explained in our cookie policy, which you should please read.

What Do We Do with Your Personal Data?

We may process your personal data for the following purposes:

  • To enter into, and to perform, contracts with you or the person that you work for.
  • To:
    • provide Gruveo Services to users and subscribers;
    • obtain services from our suppliers;
    • manage and administer our relationships with users, subscribers or suppliers;
      where you or the person that you work for may be the relevant user, subscriber or supplier of services for these purposes.
  • To advertise our Gruveo Services. This may be via direct marketing communications (such as emails) or telephone calls. This may include making suggestions and recommendations about Gruveo Services that may interest you or the person that you work for.
  • To administer Gruveo Website and Apps for internal operations, including troubleshooting, and data analysis, testing, research, statistical and survey purposes.
  • To improve Gruveo Services to ensure that content is presented in the most effective manner for you and for your devices.
  • To keep our Gruveo Services and other systems safe and secure.
  • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising.

What Are the Legal Grounds for Our Processing of Your Personal Data?

The legal basis on which we process your personal data is as follows:

  • Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (see below for how to withdraw your consent at any time).
    In general, we need your consent, if you are not Gruveo user and you would like to receive our Gruveo Connect Newsletters. Also your consent is required, if you will choose recording of your content at Gruveo Services (see Call Recording and Text Message History).
  • Otherwise, we will process your personal data where the processing is necessary:
    • for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract.
      For example, we rely on the contract where we process personal data of our subscribers and other electronic communications data in order to the Gruveo services may be duly provided;
    • for compliance with a legal obligation to which we are a subject; or
    • for the purposes of the legitimate interests pursued by us, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data (see below for how to object to processing at any time).
      For example, our processing is based on our legitimate interest in the most circumstances in which we process your personal data in relation to a relationship that we have with the person that you work. We also rely on our legitimate interest, if we process data due to keeping our systems safe and secure.

Who Do We Share Your Personal Data With?

Your personal data are safe with us. We do not trade your data to any other third parties. Please note that we may only disclose personal data to our authorised service providers. When we share personal information with others we require them to keep it safe. In this section you may learn more about who we share your personal information with.

We may share your personal data with the following recipients:

  • authorised IT service providers, but only to the extent necessary in order to fulfil their obligations in relation to Gruveo for your use of the Gruveo website and application;
  • authorised service providers who offer a subscription billing service and eCommerce platforms;
  • our auditors, legal advisors, accountant and other professional advisors or service providers;
  • In relation to information obtained via cookies at our website:
    • our advertisers and advertising networks that may require the data for providing of their services. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience and subject to the cookie section of this policy;
    • analytics and search engine providers that may assist us in the improvement and optimisation of Gruveo website and applications; please see our cookie section of this policy.

Other Disclosures We May Make

Please be informed that on the basis of our legitimate interest we may disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets concerning Gruveo, in which case we have to disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions or other contracts with you; or to protect our rights, property, or safety of IT systems.

Where Do We Process Personal Data?

If you are an EU citizen and are using Gruveo services within EU/EEA, by default we do not transfer your personal data outside of EU/EEA.

However, under some circumstances the data may be processed by staff situated outside the European Economic Area ("EEA") who works for Gruveo. Under some special circumstances, the data that we process in relation to you may be also transferred to, and processed at, a location outside the EEA that may not be subject to equivalent data protection law.

Where personal data is transferred in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism which may include by entering into EC approved standard contractual clauses relevant to transfers of personal information (see http://ec.europa.eu/justice/dataprotection/internationaltransfers/transfer/index_en.html) and that it is treated securely and in accordance with this privacy policy.

How Long Do We Process Personal Data For?

We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.

What Are Your Rights?

This section explains the rights you have regarding your personal data. If you would like to exercise any of your rights, or receive more information about them, please contact us via the contact details below and we will help you out. Please note that some of the rights may not be applicable to your situation.

You have the following rights under the conditions of Chapter III of the EU General Data Protection Regulation:

  • Right of access
    • You have the right to gain access to information about the personal data that we process about you. Should you have any questions regarding the processing, or would you like to have more insight in the personal data we process from you, please contact us via the contact details below and we will provide you with further information.
  • Right to rectification
    • You can request us to correct information inaccurately stored by us without undue delay. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure
    • You have the right to request of us to permanently delete your personal information. You can make such a request if you for example believe that the personal data are no longer necessary in relation to the purpose for which the personal data were collected or otherwise processed.
  • Right to restrict the processing activities
    • You have the right to request from us to restrict our processing activities.
  • Right to data portability
    • You have the right to request from us that we send your personal information in a structured, commonly used and machine-readable format, and to transmit those data to another controller, where technically feasible.
  • Right to withdraw your consent
    • Where we are processing your personal data on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint with a supervisory authority
    • If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal compliant with the Office for Personal Data Protection of the Slovak Republic (https://dataprotection.gov.sk/uoou/).

Right to Object the Processing

You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons - where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the event that your data are processed on the legal basis of our legitimate interest, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data - we shall no longer process the personal data on this legal basis unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

How to Withdraw Your Consent to Processing?

You can withdraw your consent to any relevant processing of personal data:

How to Exercise Your Data Protection Rights?

You can exercise your rights to your personal data:

Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.

Our Details – Who to Contact?

If you have questions about our privacy policy or practices, please feel free to get in touch. You can contact us at:

Gruveo, s.r.o.
Dénešova 71
040 23 Košice
Slovak Republic

Contact: Artem Matsak
Phone: +421903879078
Email: support@gruveo.com

Changes to This Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Date of This Policy

This policy was last updated on May 25, 2018.