Privacy & Data Protection Policy

1. Who we are (Data Controller)

The data controller responsible for your personal data is Grannex Ltd, a company incorporated in the Republic of Cyprus, with its registered office at Dimitri Stavrou 1, Nicosia, Cyprus. Company registration number: CY10370471L. You can reach us about anything in this policy at info@grannex.com.

2. Scope of this policy

This policy covers personal data we collect through the Grannex website. It does not cover personal data exchanged through signed commercial contracts, KYC processes or unrelated business correspondence outside the website — those are governed by the relevant agreement between you and Grannex.

3. What we collect and why

We deliberately keep website data collection narrow. There are two sources of personal data on this site:

(a) Information you give us through the contact / product enquiry form. When you fill in an enquiry form, we collect your name, email, phone number, country, company name (optional), company profile (manufacturer, distributor, retailer or other) and your free-text message. If the form is opened from a product page we also include the product name and link in the email we receive. We use this information solely to read, route and answer your enquiry. The lawful basis is Article 6(1)(b) GDPR (steps prior to entering into a contract at your request) and, where you are not yet a counterparty, Article 6(1)(f) GDPR (our legitimate interest in responding to commercial enquiries directed at us).

(b) Limited technical information generated automatically when you visit the site, as described in sections 4 and 5 below. This is used to keep the site online, secure and performant, and to understand aggregate traffic patterns — not to build profiles of individual visitors.

4. Analytics and performance tools we use

We use a deliberately small set of privacy-respecting tools. We do not use Google Analytics, Meta Pixel, advertising trackers or cross-site retargeting on this website.

Vercel Web Analytics. Our hosting provider, Vercel Inc., provides a privacy-focused, cookieless analytics feature that we have enabled. It produces aggregate statistics such as page views, referring pages, country, browser family and device type. According to Vercel’s documentation it does not set cookies, does not store IP addresses in a way that identifies you, and does not track visitors across other websites. We use it only to understand which pages and products are useful to visitors so we can improve the site.

Vercel Speed Insights. Also provided by Vercel, this collects anonymous performance measurements (Core Web Vitals such as Largest Contentful Paint, Interaction to Next Paint and Cumulative Layout Shift) so we can see where the site is slow and fix it. It does not identify individual visitors.

Google Search Console. Google Search Console is a webmaster tool that reports how the Grannex site appears in Google search results (impressions, clicks, queries, indexing status). It runs on Google’s side based on data Google already holds about its own search results — it does not place trackers, scripts or cookies on this website.

5. Cookies and similar technologies

This website does not use advertising cookies, retargeting cookies or third-party tracking cookies. The analytics described above are cookieless. As a result we do not display a cookie consent banner, because nothing is set on your device that would require prior consent under Article 5(3) of the ePrivacy Directive. For full detail see our Cookie Policy.

6. Service providers (sub-processors)

We rely on a small number of carefully chosen service providers to operate the website. They process personal data only on our instructions and under contractual safeguards.

• Vercel Inc. — website hosting, content delivery, Web Analytics and Speed Insights.
• Resend (Resend.com). — transactional email delivery for messages sent through the contact / enquiry form.
• Upstash, Inc. — managed Redis used to apply a short-lived rate limit on the contact form (we store an incrementing counter keyed to your IP address for one hour, then it is automatically deleted). This protects the form from abuse.
• Google LLC — Google Search Console for search performance reporting (no scripts loaded on the site).

7. International data transfers

Some of our service providers are based outside the European Economic Area (notably in the United States). Where personal data is transferred outside the EEA, we rely on the safeguards offered by those providers, which include the European Commission’s Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

8. How long we keep your data

Enquiry emails are kept for as long as needed to handle the conversation and any resulting commercial relationship, and afterwards only as long as we are legally required to retain business correspondence. Rate-limit counters in Upstash Redis are deleted automatically after one hour. Aggregate analytics produced by Vercel do not identify you and are retained according to Vercel’s own retention defaults.

9. Your rights under GDPR

Subject to the conditions in the GDPR, you have the right to: access the personal data we hold about you; ask us to correct or delete it; restrict or object to processing; receive a copy of your data in a portable format; and, where processing is based on consent, withdraw that consent at any time without affecting prior processing.

To exercise any of these rights, please contact us at info@grannex.com. You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus, or with the supervisory authority in your country of residence.

10. Security

The website is served over HTTPS. We apply technical and organisational measures appropriate to the limited scope of data we collect, and we keep the number of people inside Grannex who can access enquiry messages to those who actually need it.

11. Changes to this policy

If we change our data practices we will update this page and refresh the “Last updated” date at the top. Material changes will be highlighted on the website.