Grid Dynamics uses the information you provide us in the following general ways: service provision, service improvement, contact, research and promotion.
Grid Dynamics will not share or sell your email address and other personal information with any third parties except our designated service providers. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purpose.
If you provide Grid Dynamics with your email address, you may be contacted by Grid Dynamics for marketing and campaign update purposes. When you become a Grid Dynamics customer, you will be subscribed to our automated campaign update emails. If at any time you do not wish to receive email from Grid Dynamics in the future, you can unsubscribe.
In order to unsubscribe from a mailing list, you may choose any of the following options:
• Follow the unsubscribe link found at the bottom of the email you’ve received.
• Contact your client success team or our customer service and ask to be unsubscribed from automated marketing and/or campaign update emails.
• Remove yourself from Grid Dynamics’s automated campaign update emails by visiting our unsubscribe page. We will promptly update your preferences for this email address.
Please be aware that if you are a Grid Dynamics customer, a member of our client success team may continue to manually contact you via email for administrative or informational purposes, including follow-up messages regarding business transactions between Grid Dynamics and yourself. By law, such messages are not considered to be commercial e-mail.
We store your data in a secure database provided by third-party vendors and hosting partners that provide the necessary hardware, software and storage to offer you the services you request. These vendors and partners were verified and approved by our dedicated security team prior to us entering a contractual agreement with them, which includes a strict non-disclosure agreement mandating non-disclosure of any personal information provided to them by Grid Dynamics.
Grid Dynamics has a robust ISO 27001:2013-compliant information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of applicable security measures, including:
- strict data classification system that defines all personally identifiable information as Highly Confidential by default with security controls such as listed below applied and enforced
- two factor authentication
- strong data encryption in transit and at rest
- strict password policy enforcement and regular password strength checks
- need-to-know access rights only, regularly reviewed for all access types
- network separation of systems that hold sensitive data
- high priority of regular vulnerability scanning of such systems
- high priority of any alerts originating from these systems
- Intrusion Detection, centralised logging and monitoring
- business antimalware updated in real time at all systems involved
- security awareness training and testing of our employees who have access to personal data which includes regular phishing tests
We may disclose personally identifiable information under exceptional circumstances, such as to comply with court subpoenas, warrants, and other valid legal processes. It may be necessary to share such information with law enforcement authorities in order to investigate, prevent, or take action regarding suspected or actual illegal activities, including without limitation, fraud, situations involving potential threats to the physical safety of any person, or as otherwise permitted or required by law.
We use this information to enhance your experience of using Grid Dynamics website and online services, and may use it to provide you promotional information regarding our services.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
As per Grid Dynamics Data Retention, Archiving and Destruction Policy all personal information is done in a secure manner conformant to, or equivalent to the current recommendations of NIST SP 800-88 Guidelines for Media Sanitization.