PRIVACY & DATA PROTECTION POLICY

Last updated: February 1st, 2026

This Privacy & Data Protection Policy explains how Grand Intelligence Group and its affiliates (together, Grand, we, us, our) collect, use, share, and protect personal data when providing our websites, platforms, applications, APIs, products, and services (together, the Services).

This policy is intended to comply with the EU General Data Protection Regulation (GDPR), UK GDPR, and applicable data protection laws.

1. WHO WE ARE

Grand Intelligence Group provides business profiling, monitoring, trust, and risk-related services for the trade economy. Our Services are designed to support commercial decision-making by providing structured business information, monitoring signals, and contextual insights.

Grand Intelligence Group is not a consumer credit reference agency and does not provide consumer credit reports.

Depending on the context, Grand Intelligence Group may act as:

  • an independent Data Controller, or
  • a Data Processor on behalf of its customers.

Further details are set out below.

2. PERSONAL DATA WE PROCESS

We may process the following categories of personal data.

2.1 Business-related personal data

  • Names, job titles, and business contact details
  • Directors, officers, partners, shareholders, and beneficial owners
  • Signatories and authorised representatives
  • Professional roles and affiliations

2.2 Public and third-party sourced data

  • Company registry and filing information
  • Insolvency, liquidation, and administration records
  • Court judgments, enforcement actions, and public notices
  • Regulatory, licensing, and compliance information
  • Media and publicly available online sources

2.3 Platform and usage data

  • Account credentials and authentication data
  • Platform usage logs and interactions
  • Technical identifiers, IP addresses, device and browser data

2.4 Transactional and behavioural signals

  • Payment-adjacent indicators where enabled
  • Monitoring signals derived from changes in data over time
  • Network and relationship indicators between businesses

Grand Intelligence Group does not intentionally collect special category personal data unless required by law.

3. SOURCES OF PERSONAL DATA

We obtain personal data from:

  • Customers and users of the Services
  • Publicly accessible sources and official registries
  • Lawful third-party data providers
  • Monitoring and enrichment processes operated by Grand Intelligence Group
  • Integrated service providers, where authorised

4. PURPOSES OF PROCESSING

We process personal data for the following purposes:

  • Providing and operating the Services
  • Business profiling and monitoring
  • Detecting risk, fraud, anomalies, and changes over time
  • Supporting trust and relationship assessment
  • Improving the accuracy, quality, and performance of our Services
  • Meeting legal, regulatory, and compliance obligations
  • Security, audit, and misuse prevention
  • Customer support and service communications

5. LEGAL BASES FOR PROCESSING

Grand Intelligence Group relies on the following legal bases under GDPR and UK GDPR.

5.1 Legitimate interests

Processing necessary for:

  • Commercial risk assessment
  • Fraud prevention and detection
  • Business monitoring and intelligence
  • Network and relationship analysis
  • Product improvement and integrity

These interests are balanced against the rights and freedoms of individuals.

5.2 Contractual necessity

Processing required to:

  • Provide Services requested by customers
  • Manage accounts, access, and entitlements
  • Deliver agreed features and functionality

5.3 Legal obligation

Processing required to:

  • Comply with applicable laws
  • Respond to lawful requests from authorities
  • Meet regulatory and supervisory requirements

5.4 Consent

Where required by law, including for certain cookies and optional features.

6. AUTOMATED PROCESSING AND AI

Grand Intelligence Group uses automated processing, including machine-assisted and AI-supported analysis, to generate insights, alerts, and monitoring outputs.

Key points:

  • Outputs are contextual, analytical, and probabilistic
  • Outputs are not statements of fact, guarantees, or determinations
  • Grand Intelligence Group does not make solely automated decisions producing legal or similarly significant effects on individuals unless permitted by law
  • Human oversight is applied where legally required

7. DATA SHARING AND DISCLOSURE

We may share personal data with:

  • Customers, where relevant to the Services they receive
  • Service providers and subprocessors
  • Professional advisers, auditors, and insurers
  • Regulatory and law enforcement authorities where required
  • Group companies and affiliates

We do not sell personal data.

8. INTERNATIONAL DATA TRANSFERS

Personal data may be transferred outside the EEA or the UK.

Where this occurs, Grand Intelligence Group implements appropriate safeguards, including:

  • Adequacy decisions
  • Standard Contractual Clauses
  • Other lawful transfer mechanisms

9. DATA RETENTION

Personal data is retained only for as long as necessary for:

  • The purposes described in this policy
  • Legal, regulatory, and audit obligations
  • Legitimate business needs

Retention periods vary depending on data type, source, and use.

10. DATA SUBJECT RIGHTS

Individuals have rights under applicable data protection law, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability, where applicable
  • Right to lodge a complaint with a supervisory authority

Certain rights may be restricted where processing is necessary for:

  • Compliance with legal obligations
  • Fraud prevention and detection
  • Protection of commercial confidentiality
  • Protection of the rights and freedoms of others

11. CONTROLLER AND PROCESSOR ROLES

11.1 Grand Intelligence Group as Controller

Grand Intelligence Group acts as an independent Data Controller in relation to:

  • Monitoring and enrichment data
  • Network, relationship, and trust analysis
  • Risk and intelligence signals generated by our systems

11.2 Grand Intelligence Group as Processor

Grand Intelligence Group acts as a Data Processor where customers submit personal data and instruct processing for defined purposes.

A Data Processing Agreement applies where required.

12. SECURITY

We implement appropriate technical and organisational measures to protect personal data, including:

  • Role-based access controls
  • Encryption and secure storage
  • Monitoring, logging, and audit trails
  • Incident response and breach management procedures

13. CONTACT DETAILS

For privacy enquiries or to exercise data subject rights:

Email: legal@heygrand.com

Address: 

Ireland: 24A Baggot Street Upper, Dublin, D04 N528, Ireland

United Kingdom: Ground Floor, Gallery Building 65-69 Dublin Rd, Belfast, BT2 7HG, Northern Ireland.

14. CHANGES TO THIS POLICY

This policy may be updated from time to time. Updates will be published on our website or platform.