Grayshift LLC Privacy Policy

Last Updated: May 2021

This privacy policy will explain how Grayshift, LLC (931 Monroe Dr NE Suite A102-340 Atlanta, GA 30308, UNITED STATES) collects and uses your personal data collected via our website and/or our products or services.

Topics:

• What personal data do we collect from you?
• How do we collect your data?
• Why will we use your data?
• How will we share your data?
• Marketing
• What are cookies?
• How do we use cookies?
• What types of cookies do we use?
• Cookie declaration
• How to manage your cookies
• Third party analytics
• Do not track
• Third party ad networks
• Security of your data
• Privacy policies of other websites
• Children under the age of 18
• Changes to our privacy policy
• How to contact us
• Additional information for persons in the UK or EEA

What personal data do we collect from you?

Grayshift may collect the following data:

• Personal identification information (name, email address, phone number, etc.)
• IP addresses of connected devices and users
• Device network configuration
• Location data
• Organization names
• Partial UDID of connected devices (phone, tablet)
• Website browsing data (the content you viewed, the links you followed, and information about your browser, device, and your IP address)

How do we collect your data?

You directly provide Grayshift with most of the data we collect. We collect data and process  data directly when you:

• Register online, place an order for any of our products or services or through interaction with Grayshift Customer Success.
• Voluntarily complete a customer survey or provide feedback on any of our message boards or via
• Upload offline device diagnostics to Grayshift Support.

We also collect your data via automated means, such as via cookies and similar technologies.   We collect data and process data automatically when you:

• Use online Grayshift products or services.
• Use or view our website.

Why will we use your data?

Grayshift collects your data so that we can:

• Provide information about our products and services at your request.
• Process your order/provide our products and services and manage your account.
• Register and enforce your license.
• Diagnostics and troubleshooting, including to better understand how users access and use our website and products and services.
• Send you information or special offers on other Grayshift products and services we think you might like.
• To tailor the online advertising, content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the website and our products and services.
• To comply with legal obligations, as part of our general business operations, and for other business administration purposes.
• Where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of this privacy policy.
• To exercise or defend legal claims or respond to legal process.
• To buy, sell, form, or otherwise reorganize (including by bankruptcy or insolvency proceedings) one or more of our businesses, obtain financing or investments, or sell stock or assets (for example, as the result of a sale, merger, reorganization or liquidation). A transaction of this type may involve the disclosure of your information to prospective purchasers, investors or partners who have signed a confidentiality agreement with us and their respective advisors. If a change happens to our business, then the new owners or purchaser of our assets may use your personal data in the same way as set out in this policy.

How will we share your data?

Grayshift may share your data as follows:

• We may share your data with service providers, contractors, or agents who perform functions on our behalf, such as credit reference agencies to prevent fraudulent purchases.
• We may share your data with our affiliates or subsidiaries.
• If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer your data to the other company. As part of the business transfer process, we may share some of your data with lenders, auditors, and third-party advisors, including attorneys and consultants.
• We may share your data to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
• We may share your data when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this privacy policy, or as evidence in litigation in which we are involved.

Marketing

Grayshift would like to send you information about products and services of ours that we think you might like.

If you have agreed to receive marketing, you may always opt out at a later date.

You have the right at any time to stop Grayshift from contacting you for marketing purposes.

If you no longer wish to be contacted for marketing purposes, please follow the opt-out instructions included in the email you received or contact privacy@grayshift.com.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and website visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org.

How do we use cookies?

Grayshift uses cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in.
• Understanding how you use our website.

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

• Functionality – Grayshift uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party (stored by us) and third-party (stored by someone other than us) cookies are used.
• Advertising – Grayshift uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed, and information about your browser, device, and your IP address. Grayshift sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

Cookie Declaration

How to manage cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Third party analytics

We use automated devices and applications, such as Google Analytics, to evaluate usage of our website. We also may use other analytic means to evaluate our website. We use these tools to help us improve our website’s performance and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects, to perform their services. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Do not track

Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies).  You also may opt-out of targeted advertising by following the instructions in the “Third-Party Ad Networks” section below.

Third party ad networks

We use third parties such as network advertisers to serve advertisements on third party websites or other media (e.g., social networking platforms). This enables us and these third parties to target advertisements to you for products and services in which you might be interested. Third party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), local storage objects and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third party cookies and other technologies are governed by each third party’s specific privacy policy, not this one. We may provide these third party advertisers with information about you.

Users in the United States may opt out of many third party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest based advertising and their choices regarding having information used by NAI members.

Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest based content or ads to you, but it does not mean you will no longer receive any advertising on our website or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at  www.networkadvertising.org.

Security of your data

We have implemented reasonable precautions to protect your data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can ever completely guarantee security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords.

Privacy policies of other websites

The Grayshift website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Children under the age of 18

Our website and products and services are not designed for children under 18. If we discover that a child under 18 has provided us with data, we will delete such data from our systems.

Changes to our privacy policy

Grayshift keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated as of the date shown at the top of this policy.

How to contact us

If you have any questions about Grayshift’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Contact Grayshift: privacy@grayshift.com

Additional Information for persons in the UK or EEA

Justification for processing personal data (legal basis)

We will only process your personal data if we have a legally-recognized justification (legal basis) for doing so, as described below.

Contract Performance: In some circumstances, we need to process personal data to perform our obligations under a contract with you or your organization. In other cases, we need to process personal data at your request in order to enter into a contract with you or your organization. When we need to process data to perform a contract or take steps to enter into a contract, your failure to provide such personal data may result in our inability to provide services or take requested steps that require such data. The purposes of processing personal data for contract performance are:

• Provide information about our products and Services at your request.
• Process your order/provide our products and Services and manage your account.
• Register and enforce your license.

Legitimate Interest: We sometimes process personal data to further our legitimate interest or that of third parties, and in particular our interest in developing and marketing our products and services in order to grow our business and reputation. The purposes of processing personal data to pursue our legitimate interest are:

• Diagnostics and troubleshooting, including to better understand how users access and use our website and products and services.
• Send you information or special offers on other Grayshift products and services we think you might like.
• To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the website and our products and services.
• To comply with non-UK or EEA legal obligations, as part of our general business operations, and for other business administration purposes.
• Where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of this privacy policy.
• To exercise or defend non-UK or EEA legal claims or respond to non-UK or EEA legal process.
• To buy, sell, form, or otherwise reorganize (including by bankruptcy or insolvency proceedings) one or more of our businesses, obtain financing or investments, or sell stock or assets (for example, as the result of a sale, merger, reorganization or liquidation). A transaction of this type may involve the disclosure of your information to prospective purchasers, investors or partners who have signed a confidentiality agreement with us and their respective advisors. If a change happens to our business, then the new owners or purchaser of our assets may use your personal data in the same way as set out in this policy.

Consent: In some cases, we may process personal data based on the consent you grant to us at the time we collect such data. Our purposes of processing personal data when you consent are:

• Send you information or special offers on other Grayshift products and services we think you might like, when applicable law requires your consent to send you such information or offers.

UK/EEA Legal Obligation: In other cases, we may be required to process personal data under laws of the UK or EEA that apply to us. The purposes of processing personal data under UK/EEA law are:

• To respond to UK or EEA legal process.
• To comply with UK or EEA legal obligations such as accounting and tax requirements.

UK and EEA Data Subject Rights

You have certain rights with respect to your personal data as set forth below. Some of these rights are subject to specific conditions pursuant to applicable law.

Access:  You can obtain more information about the personal data we hold about you and request access to and a copy of such personal data.

Rectification:  If any personal data we are holding about you is incorrect or incomplete, you can require that we correct or supplement such data.

Erasure:  You can require that we erase some or all of your personal data from our systems under specific conditions set forth in applicable law, such as when processing is based solely on your consent and you withdraw it, or when data has been unlawfully processed, and provided that we do not have a UK or EEA legal obligation to continue processing the data.

Portability:  Where we process your personal data based on your consent, or to perform a contract with you, you are entitled to receive a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller.

Objection:  You can contact us to let us know that you object to the further use or disclosure of your personal data that we process in furtherance of our legitimate interests, on grounds relating to your particular situation.  

You have the right object at any time to our processing of your personal data for direct marketing purposes.

Withdrawal of Consent:  If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

Restriction of Processing: Under specific conditions you can require us to restrict processing of your personal data so that we may only store it and not further process it, such as during the period when we verify the accuracy of your personal data if you claim the data is inaccurate.

For more information about these rights, or to submit a request, please email us at privacy@grayshift.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is excessive or manifestly unfounded, if it jeopardizes the rights of others, or if it is not required by applicable law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

Right to File a Complaint:  You also have the right to lodge a complaint about Grayshift’s practices with respect to your personal data with the supervisory authority of your country. The supervisory authority in the UK is the ICO Home | ICO.  A list of supervisory authorities in the EU is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Transfers of personal data

Grayshift and its service providers are located in the U.S., where the laws are not considered by the European Commission to provide adequate protection to personal data. Transfers of personal data to the U.S. are made (i) on the basis of your explicit consent, or (ii) where necessary to perform a contract with you or your organization, or take pre-contractual steps that you have requested, or (iv) pursuant to Standard Contractual Clauses approved by the European Commission. Where we rely on the Clauses, you may obtain a copy of them by contacting us at privacy@grayshift.com.

Retention of personal data

We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. We typically retain certain elements of your personal data for a period of time corresponding to a statute of limitation, for example to maintain an accurate record of your dealings with us, such as pursuant to a contract so that we can raise or defend a legal claim. In some circumstances we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal requirements, where it is necessary for the establishment, exercise or defense of legal claims, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.