Privacy Policy

Last updated: 15th January 2026

Introduction

This Privacy Policy explains how grasmovelix.top Ltd ("we", "our", or "us") collects, uses, and protects your personal information when you use our digital certification management platform and services. We are committed to protecting your privacy and ensuring transparency about our data practices in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

The data controller for your personal information is:

grasmovelix.top Ltd
Eyre Square 1
Limerick, V12 1515
Ireland
Registration Number: CRO412596
VAT Number: IE4196857T

Data We Collect

The data we collect depends on how you interact with our platform and services. We collect personal data through various means including direct provision by users, automatic collection through our platform, and from third-party integrations. The types of personal information we may collect include:

Information You Provide Directly

  • Name, email address, and contact details when you register for our services or contact us
  • Educational institution information and professional details
  • Student information and certification data when using our platform
  • Communication preferences and feedback
  • Payment information for billing purposes

Information Collected Automatically

  • Technical information such as IP address, browser type, and device information
  • Usage data including pages visited, features used, and time spent on our platform
  • Cookies and similar tracking technologies (see our Cookie Policy for details)
  • Log files and system performance data

How We Use Your Information

We use of your data is based on legitimate legal grounds under GDPR. The specific purposes for which we process your personal information include:

Service Provision

  • To provide and maintain our digital certification management platform
  • To process and issue digital certificates
  • To manage user accounts and authentication
  • To provide customer support and technical assistance

Communication

  • To respond to enquiries and provide customer support
  • To send important service updates and notifications
  • To provide information about new features and services (with your consent)

Legal and Compliance

  • To comply with legal obligations and regulatory requirements
  • To protect our rights and interests
  • To ensure platform security and prevent fraud

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract: Processing necessary for the performance of our service agreement with you
  • Legitimate Interest: For business operations, security, and service improvement
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • With trusted service providers who assist in operating our platform (under strict confidentiality agreements)
  • In connection with a business transfer, merger, or acquisition
  • To protect our rights, property, or safety, or that of our users

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specific data retention periods include:

  • Account information: Retained while your account is active and for 7 years after closure for legal compliance
  • Certification records: Retained for the lifetime of the certificate plus 10 years for verification purposes
  • Communication records: Retained for 3 years for customer service purposes
  • Technical logs: Retained for 12 months for security and performance monitoring

When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention schedule.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of processing in certain circumstances
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the details provided in the contact section below. We will respond to your request within one month of receipt.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules or other appropriate safeguards

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication systems
  • Employee training on data protection and security
  • Incident response procedures

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice such as email notification.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Privacy Officer
Email: [email protected]
Phone: +353 611602336
Address: Eyre Square 1, Limerick, V12 1515, Ireland

You also have the right to lodge a complaint with the Irish Data Protection Commission if you believe we have not complied with applicable data protection laws:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Phone: +353 57 868 4800
Email: [email protected]