Go to contents

Data Protection and Information Security

Data protection

Data protection is part of Grano’s risk and continuity management and responsible operating principles. The ways in which the lawful processing of personal data and a high level of data protection are ensured in all the functions and countries of operation of the Grano Group are defined in the company’s data protection policy.

The scope and objectives of the data protection policy

Data protection encompasses the protection of private life and other rights concerning the protection of privacy in the context of the processing of personal data. The purpose of the data protection policy is to safeguard the personal data of Grano’s customers, employees and other stakeholders and to ensure that the obligations of processors are complied with.

The aim of Grano’s data protection principles is to ensure that personal data is

  • processed lawfully, appropriately and transparently from the perspective of the data subject
  • collected and processed for specific, explicit and lawful purposes
  • collected only to the extent necessary for the purpose of processing
  • updated whenever necessary: inaccurate and incorrect personal data must be deleted or corrected without delay
  • stored in a form that makes the data subject identifiable only for as long as is necessary for the purpose of the processing
  • processed confidentially and securely.

Learn more and download Grano's privacy policy here >>

Grano’s privacy statement >>


Information security

The information security policy is a strategic policy approved by the management of Grano Oy that defines Grano’s key information security objectives, the methods for achieving them, the organisation of information security management and related responsibilities. In this policy, information security means ensuring the confidentiality, integrity and availability of all forms of information. Information security is also about compliance with applicable laws and regulations and the information security requirements imposed by cooperation partners.

The objective of the information security policy

The policy defines the basic requirements for information security management and provides a basis for planning and implementing operations in compliance with the policy. To facilitate the practical implementation of the policy, Grano also maintains more detailed instructions focusing on specific areas of information security.

The information security policy expresses Grano’s ambition, which is clarified with the policy’s annexes and practical information security instructions. For external parties, such as subcontractors and service providers, the requirements of the policy are integrated into supply contracts where applicable.

The primary goal of information security management is to ensure the continuation of operations that Grano is responsible for in all circumstances. Appropriate and systematic information security management ensures the usability, data integrity and confidentiality of the ICT solutions linked to Grano’s operations. This principle must be realised under all circumstances and in the context of all processes, registers and services. The information security policy provides the basis for ensuring the disruption-free operation and secure information processing of Grano’s information systems.

At Grano, safeguarding customer data, the material supplied by customers and other data produced and processed by Grano’s functions is an essential part of responsible operation.

Learn more and download Grano's information security policy here >>