1. Who We Are
GRUHS AG is a technology and governance architecture company headquartered in Liechtenstein.
For the purposes of the General Data Protection Regulation (GDPR) and the Liechtenstein Data Protection Act, GRUHS AG acts as the Data Controller for personal data processed via this website and related services.
2. Scope
This policy covers personal data processed when you browse our website, request a briefing, contact us, or engage with our services. It does not cover third-party websites linked from this site.
3. Data We Collect
- Identification Data: name, work email, company, role.
- Communication Data: messages, briefing requests, correspondence.
- Technical Data: IP address, device and browser metadata, access timestamps, and security logs.
- Optional Data: information you voluntarily provide in forms or during engagements.
We do not intentionally collect special category data unless required for compliance and based on your explicit consent.
4. Purposes & Legal Basis
We process personal data to:
- respond to enquiries and /LetsTalk.aspxbriefing requests;
- perform contracts and pre-contractual steps;
- operate, secure, and improve our services (fraud prevention, incident response, analytics with anonymisation);
- comply with legal obligations and regulatory requests;
- send optional updates with your consent.
Legal bases: contractual necessity, legitimate interests (security and service improvement), legal obligation, and consent where applicable.
5. Cookies & Tracking
We use minimal, privacy-preserving cookies for session management and security. Analytics, if used, is configured to anonymise IP and avoid cross-site tracking.
- Strictly necessary cookies: enable core functionality (e.g., session state, CSRF protection).
- Analytics cookies (optional): anonymised metrics to improve site performance.
You can adjust cookie preferences via your browser settings. Where legally required, we display a consent banner.
6. Data Sharing & Transfers
We share personal data only with vetted processors under contractual and cryptographic controls (confidentiality, purpose limitation, security, deletion). We do not sell personal data.
If data is transferred outside the EEA/Switzerland, we implement adequate safeguards (e.g., EU Standard Contractual Clauses, transfer risk assessments, and technical measures).
7. Security
- Zero-Trust patterns: every request authenticated, least-privilege enforced.
- Encryption: TLS 1.3 in transit and AES‑256 at rest where applicable.
- Integrity Chains™: immutable audit trails for critical actions.
- Digital Witness™: real-time policy conformance logging and identity verification telemetry.
Security is a continuous process. We monitor, test, and harden our controls routinely.
8. Retention
- Briefing requests: up to 12 months.
- Contractual and invoicing records: up to 10 years (legal requirement).
- Security logs: typically up to 6 months, extended if needed for investigations.
9. Your Rights
Under GDPR and Liechtenstein law you may:
- request access to your data;
- rectify inaccuracies;
- request erasure (where applicable);
- restrict or object to processing;
- receive data in a portable format;
- withdraw consent at any time (does not affect prior lawful processing).
To exercise your rights, contact us at mailto:privacy@gruhs.liprivacy@gruhs.li. We may need to verify your identity before fulfilling requests.
10. Children’s Data
Our services and website are intended for professional use and are not directed at children. We do not knowingly collect data from individuals under the age of 16.
11. Automated Decision-Making
We do not perform automated decision-making producing legal effects about you on this website. If such processing becomes relevant in a service context, we will provide a specific notice and lawful basis.
12. Changes to This Policy
We may update this notice to reflect legal, technical, or operational changes. The latest version will be published on this page, with the effective date updated accordingly.