This Privacy Policy sets forth how Grata Inc. (“Company”, “we”, “our” or “us”) collects and processes information through our website and the business search and discovery services that we provide through the website to registered users (collectively, the “Services”). Grata, Inc, is part of Datasite LLC and its affiliates (“Datasite”) Please read this Privacy Policy carefully to understand our policies and practices regarding the information we maintain and process, and how we will treat such information. If you do not agree with our policies and practices, you should not use our Services. By accessing or using our Services, you agree to this Privacy Policy.
Accessibility: If you are having any trouble accessing this Privacy Policy, please contact us at 516-875-5900. Our hours of operations are: 9am - 5pm EST.
OVERVIEW
INFORMATION COLLECTION
Our Service collects information that identifies a particular individual ("personal information"). The Company collects the following categories of personal information:
Personal identifiers, business contact information and professional or employment-related information
Name, email address, telephone number and similar information.
Business contact information and employment-related information
Internet or other electronic network activity information, including browsing activity
Browsing history, search history, information on an individual's interaction with our Services.
Geolocation data
Your general geographic location.
We also collect information that is not, by itself, personal information, such as the activities of the vehicle you are operating when a device using our Services is installed, present or activated.
Sensitive Personal Data
We do not collect sensitive personal data. Unless we specifically make a request and it is relevant to the services that we provide, we ask that you do not provide us with any sensitive personal data (meaning information revealing racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic, health, or biometric information, information about sex life or sexual orientation, or criminal convictions or offences) through our websites or mobile applications, or otherwise to us.
REGISTRATION INFORMATION
Your information is important to us. When you enter sensitive information (such as a credit card number or personal information), we encrypt that information using secure socket layer technology (SSL) and do not share it with third parties other than services that help us operate our system, including payment processors.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. However, no method of Internet transmission or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
COOKIES AND SIMILAR METHODS
Internet activity and browsing Information is automatically collected through various means such as cookies and pixels through our Services or in our emails. "Cookies" are pieces of information that may be placed on your device by a service for the purpose of facilitating and enhancing your communication and interaction with that service. Many services use cookies for these purposes. We may use cookies (and similar items such as clear gifs, web beacons, tags, etc…) through our Services to customize your visit, to analyze how you use our Services and for other purposes to make your visit more convenient, to manage your account or to enable us to enhance our Services. Cookies and similar items are not used by us to automatically retrieve personally identifiable information from your device without your knowledge, but may be used to store your login credentials. The type of Cookies that we use can be found at the footer of our website. You can control the Cookies via the Cookies Settings located as a footer to the Website.
We may use Google Analytics, which is a web analytics service provided by Google, Inc. Google and similar services collect certain information relating to your use of our Services. Such services may use cookies to help us analyze how users use our Services. You can find out more about how Google uses data when you use our Services by visiting “How Google uses data when you use our partners’ sites or apps” (located at www.google.com/policies/privacy/partners/).
Based on your web browser, you may have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the services. Further information on cookies is available at www.allaboutcookies.org.
HOW WE COLLECT INFORMATION FOR OUR SEARCHABLE DATABASES
We obtain contact data for in several ways, including the following:
HOW WE USE YOUR INFORMATION THAT WE COLLECT FROM YOU
We use information that we collect from you only as described in this Privacy Policy or as otherwise disclosed to you at the time of collection:
| Use of Personal Data | Legal Basis |
|---|---|
| To operate and provide you with our Services | Performance of contract with you |
| To provide you with information through our Services and website | Performance of contract with you Your consent |
| To aggregate data collected through our Services and website | Performance of contract with you Legitimate interests in improving our services |
| To perform customer surveys and [call recording] | consent |
| To facilitate marketing events and customer surveys | consent |
| To market products and services to you that we believe may be of interest | consent |
| To manage your account; process an order, issue invoices, take payment from, make payment to your organization, or manage account or payment history | Performance of contract with you Legitimate interest in providing and administering the Services |
| To analyse and improve our Services and conduct research and development | Legitimate interest in improving our Services |
| To process your application for a role | Consent - Legitimate interest in providing HR services to candidates |
| To respond to request for information in the event of a sale, merger, joint venture or other similar event | Legitimate interests as part of our corporate development |
| To disclose information in our databases and servers logs to comply with a legal requirement | Administration of justice and national security that is strictly necessary and proportionate Legitimate interests to minimize fraud |
Where we rely on our legitimate interest, we will balance that against our applicable legal obligations to you. We will not collect additional categories of personal data or use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you notice.
If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third-party partners, you may withdraw your consent by contacting those partners directly.
HOW WE USE YOUR INFORMATION THAT WE COLLECT THROUGH OUR SERVICES
We use the information that we collect from various sources to populate our databases, improve our Services and to enable registered users to search, access and download such information. The legal basis for the processing of your personal data is the performance of any contract with you for registered users, your consent where you have requested information or for our legitimate interests to improve our Services.
DISCLOSURE OF YOUR INFORMATION
We may disclose your information as described in this Privacy Policy or otherwise with your consent:
We may transfer your personal data to any third party who is not otherwise covered by the categories listed above where you have given us permission to do so, or with whom you have entered into a contract when we need to transfer your personal data to that party in order to fulfil that contract.
When we disclose your personal data for a business purpose, we enter a contract that requires that all third-party processors process your personal data with the same level of protection and in a manner consistent with the uses agreed upon in this Privacy Policy.
Browsing Information
Browsing Information and non-personally identifiable Service usage information may be disclosed to any number of third parties and used for any number of purposes as long as it is not directly linked to your personally identifiable information.
INTEREST-BASED ADS
We believe that advertising is more effective and relevant when it is targeted to your interests and behaviors. Therefore, we may work with third parties who collect information on our website through the use of cookies and similar methods in order to serve you with relevant advertisements on other websites and services or for measurement and analytical purposes, such as to determine that you have seen our advertisements elsewhere. You do have the ability to control certain advertising practices. We comply with the Self-Regulatory Principles for Online Behavioral Advertising as administered by the Digital Advertising Alliance (DAA). You can learn more about interest-based advertising and opt-out of targeted advertising from certain providers with whom we work by visiting https://youradchoices.com/control and the DAA’s consumer choice page.
You may opt-out of being tracked online by certain companies who are listed at http://www.aboutads.info/choices/ OR http://www.networkadvertising.org/managing/opt_out.asp and may also learn more about online behavioral advertising at such websites. If you opt-out, you will still receive advertisements, but they will not be delivered to you by such companies from whom you have opted-out based upon your behavioral data possessed by the companies from whom you have opted-out.
The opt-out process through the DAA relies upon the placement of an opt-out cookie on your device, and you must repeat this process on each device or if your cookies are purged from your device. Cookie-based opt-outs are not effective on certain mobile services. Users may opt out of certain advertisements on mobile applications or reset advertising identifiers via their device settings. To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links:
iOS - https://support.apple.com/en-us/HT202074
Android - https://support.google.com/ads/answer/2662922?hl=en
You may also download and set your preferences on the DAA’s App Choices mobile application(s) available in Google Play or the Apple App stores. More information about opting out on mobile devices is available here - https://www.networkadvertising.org/mobile-choice/
We do not respond to or honor “do not track” (a/k/a DNT) signals or similar mechanisms automatically transmitted by web browsers for which we are cannot evaluate your choice.
THIRD PARTY SERVICES
This Service may contain links and interactive features with various third parties, such as social media platforms. We do not endorse, or assume responsibility, for any third party services just because a link appears on our Service. If you already use these platforms, their cookies may be set on your device when using our Service and those providers may already be tracking you and collecting your information. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the personally identifiable information provided by you may be viewed and used by third parties for any number of purposes.
DATA RETENTION
We will retain your information for as long as your account is active or as needed for us to manage and provide our services and for our legitimate business needs. When personal data is no longer necessary or relevant for the stated purpose or to fulfil a legal or business requirement, it shall be securely destroyed. We will either physically or electronically erase the personal data. When processing in our role as a processor, we will retain personal data for as long as our customer instructs us to and/or as required by applicable law. Personal data about unsuccessful candidates will be held for 12 months before being destroyed or deleted.
Even if we delete some or all of your personal information, we may continue to retain and use de-identified or aggregate data previously collected.
OPT-OUT
If you want your personal information removed from our searchable databases, you should email privacy@grata.com with “Remove my contact information” in the subject line and include the following information in the body: your name, title, and contact information that you wish to have removed.
CALIFORNIA USER RIGHTS
This section applies to you if you are a resident of California and a consumer with rights under the California Consumer Privacy Act (CCPA) or have similar rights by law in your jurisdiction. Some CCPA rights may not be applicable to you when personal information is processed in connection with your employment or business dealings.
1. Right to Know About Personal Information Collected, Disclosed or Sold
You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Deletion and Opt-out Rights), and subject to certain limitations that we describe below, we will disclose such information to you.
You have the right to request any or all of the following:
2. Right to Request Deletion
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable individual request (see Exercising Access, Deletion and Opt-out Rights), we will delete (and direct our service providers to delete) your personal information from our records. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to perform certain actions, such as detecting security incidents and protecting us from illegal activity.
3. Sale of Personal Information
We do ‘sell’ personal information, as that term sell is defined under the CCPA, that is contained within our searchable databases. We do not “sell” your account registration information on our Service.
4. Exercising Access, Deletion and Opt-out Rights
To exercise the access and deletion rights described above, please submit a request to us by either:
or
or
The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information. Upon receiving your request, we may reach out to seek further verification from you. If you use an authorized agent to make request, you must provide the authorized agent written permission to do so, and we may require that you verify your identity directly with us. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method and information used to verify your identity will vary depending on the nature of the request, and may include your email address, government identification and/or signed affidavit. You have the right not to receive discriminatory treatment for exercising any of your privacy rights.
We have collected the categories of personal information identified in the chart above from individuals within the last twelve (12) months, and will continue to do so in the future.
SECURITY
We take the security of our data and information seriously. We take what we believe are reasonable organisational, administrative, technical and physical precautions to protect against unauthorized access to our systems and to prevent data from being disclosed to unauthorized parties. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.
CHANGES TO OUR PRIVACY POLICY
We may change this Privacy Policy at our discretion at any time. If we do make any changes, such change will appear on this page of our Services and we will provide notice of any material changes. The date the Privacy Policy was last revised is identified at the top of the page. Your continued use of our Services following any changes means that you have accepted, consent to, and agree to be bound by such revised Privacy Policy.
UNITED STATES OF AMERICA & CROSS BORDER DATA TRANSFERS
We may store your information in the United States of America and other locations. By accessing our Services, you freely and specifically give us your consent to export your information to the USA and such other locations designated by us and its storage and use as specified in this Privacy Policy. These countries may have data protection laws that are different to the laws of your country, and in some cases, may not provide an adequate level of protection for personal data provided by such laws as the EU’s GDPR or UK Data Protection Act. Where such laws are applicable to the processing of personal data, we will put in place the appropriate technical organisational and security measures. Information stored in the USA and other locations may be subject to lawful requests by the courts or law enforcement authorities ..
Datasite LLC maintains compliance with EU-U.S. Data Privacy Framework (and the UK Extension), and the Swiss-U.S. Data Privacy Framework and has certified to the Department of Commerce that it adheres to each Framework’s Principles regarding the collection, use and retention of personal data as well as the notice, choice, security, data integrity, access and enforcement requirements from European Union member countries, the United Kingdom and Switzerland. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. For a listing of U.S. organizations that have self-certified to the Department of Commerce and declared their commitment to adhere to the Principles, visit https://www.dataprivacyframework.gov/.
YOUR RIGHTS (EU, SWISS AND UK ONLY)
If you are based in the EU, Switzerland, the UK or where required by applicable law, you have the following rights:
In certain circumstances we may not be able to do this or may not be required to do this. If you would like to exercise, or discuss, any of these rights, please see below (“Exercising Rights)
AUTOMATED DECISION MAKING (EU, Swiss and UK Only)
You have the right not to be subject to automated decision making (e.g., profiling) that significantly affects you. The exercise of this right is not available to you in the following cases:
Unless the automated decision is authorized by local, English or EU law, you still have the right to obtain human intervention in respect of the decision, to express your point of view and to contest the decision.
EXERCISING RIGHTS(EU, Swiss and UK only)
To exercise your data quality, access, choice, and corrections rights described above, please submit a verifiable request by submitting a request to privacy@grata.com Only you may make a request related to your personal data. We endeavor to respond to a verifiable request within any legally required time limit or otherwise within thirty (30) days of its receipt, which thirty (30) day period may be extended with written notification, and deliver our response (or reasons we cannot comply with a request) via electronic mail. We will not discriminate against you for exercising any of your rights. We may make a charge, if excessive, repetitive, or manifestly unfounded.
For inquiries related to our activities in the EEA, you may contact our representative data protection contact at privacy@datasite.com or via mail at Datasite Germany GmbH, Company # 49989, Barckhaussstraße 12-16, 60325 Frankfurt am Main Germany.
For inquiries related to our activities in the UK, you may contact our UK representative data protection contact at privacy@datasite.com or via mail at Datasite UK Limited, 15 Bonhill Street, London, EC4A 2DN, United Kingdom
Grata Inc.
1410 Broadway
FL 2
New York, NY 10018