GRYT Health Privacy Policy

Effective Date: 02/04/2016

Last Reviewed on: 10/08/2021

GRYT Health, Inc., its subsidiaries and other affiliate companies (collectively, “Company,” “we,” “us” or “our”) respect your privacy and are committed to protecting it through our compliance with this policy.

This privacy policy (“Privacy Policy”) describes our privacy practices in connection with www.grythealth.com and any other website or mobile application that we own or control and which posts or links to this Privacy Policy, and our privacy practices in connection with other aspects of our business, including our offline interactions and physical locations and our products and services related thereto (collectively, the “Sites”).  This Privacy Policy also describes the rights and choices available to individuals with respect to their information.  We may provide additional or supplemental privacy policies to individuals for specific interactions at the time we collect personal information, such as employment interactions. Any such supplemental privacy policies will govern how we may process the information in the context of the specific interaction.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using our Sites, you agree to this Privacy Policy. This Privacy Policy may change from time to time.  Your continued use of any Site after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

How We Collect Information About You

“Personal Information” is information that is not publicly available that identifies, relates to, describes or may be associated with you.  We may collect such Personal Information in any of the following ways:

Directly from you.  Personal Information you provide directly to us through the Site or otherwise.  Such Personal Information may include business and personal contact information, such as your first and last name, email and mailing address, phone number, professional information, and such information you may upload to our Sites, including in the process of creating an online account.

Social Media.  We may maintain pages for the Company on social media platforms, including Facebook, Twitter, Google, LinkedIn, Instagram, and other third party platforms.  When you visit our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information.  You or the platform may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Third Parties.  We may obtain Personal Information about you from third parties, for example, if a friend or family member shares your information through our Site or if you are a researcher and your information is shared with us by the principal investigator or institution.

What Personal Information We Collect

When you visit our Site, including when you sign up for an account through our Site, we may collect, use and store Personal Information about you that falls into one or more of the following categories:

Identifiers.  Examples of identifiers may include your real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, medical information, or other similar identifiers.

Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).  Examples of Personal Information under the California Customer Records statute may include your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Protected classification characteristics under California or federal law.  Examples of protected classification characteristics may include age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status.

Internet or other similar network activity.  Examples of internet and network activity may include browsing history, search history, information on a consumer’s interaction with a Site, application, or advertisement.

In addition to the above categories, visitors that sign up for an account on our Site may choose to share additional Personal Information that may fall into one or more of the following categories:

Professional or employment-related information.  Professional or employment-related information may include any information relating to a person’s current, past or prospective employment or professional experience (e.g., job history, performance evaluations).

Sensory data.  Sensory data may include audio, electronic, visual, thermal, olfactory, or similar information, including videos and recorded voice messages.

How We May Use Personal Information That We Collect

We and our service providers may use Personal Information for the following purposes:

Provide Our Services.  We will use your Personal Information to respond to your inquiries and to provide you with the information, resources and support services you request.  We may use your Personal Information to better communicate with you, including to keep you informed about new developments, research and opportunities.  We may also use your Personal Information to understand how our services are used and to develop, evaluate and improve our programs and services.

Data Analytics.  We perform data analysis and research activities to gain a greater general understanding of visitors to our Site and the communities that we serve.

Other Business Purposes.  We may use your Personal Information when necessary to maintain the safety, security, and integrity of our Site, services, community and business.

Legal Obligation.  In rare cases, we may share your Personal Information to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

With Your Consent.  In addition to the other uses described in this section, we may also use your information as you expressly authorize us to do so.

With Whom We May Share Your Personal Information

We do not sell your Personal Information.  To provide our services, your Personal Information may be shared with:

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Site (such as customer support, hosting, analytics, email delivery, and database management services). These third parties may use your personal information only as directed or authorized by us and are prohibited from using or disclosing your information for any other purpose.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Governmental authorities. We may disclose your personal information to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Sites and our products and services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

Your Consent. In addition to the other disclosures described in this section, we may also disclose your information as you expressly authorize us to do so.

Other Information We Collect

We may collect information that does not reveal your specific identity or does not directly relate to an identifiable individual, referred to throughout this Privacy Statement as “Other Information,” including browser and device information, App usage data, Internet Protocol address, information collected through cookies, pixel tags and other technologies.  Other Information also includes information that has been anonymized or aggregated in a manner that it no longer reveals your specific identity.

De-Identified or Aggregate Information. We use De-Identified Information and Aggregate Information for activities including data analysis and research to gain a greater general understanding of the communities we serve. “De-Identified Information” means information where identifiers have been removed so that it does not directly or indirectly identify and cannot reasonably be used to identify an individual. “Aggregate Information” means information about groups or categories of individuals which does not identify and cannot reasonably be used to identify an individual.  For example, we may use Aggregate Information to compare the types of services our constituents utilize in one geographic location with another to understand how the two groups are different or similar.

Log Files: Most Internet browsers transmit certain information to Sites that you visit, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files. We use this information to ensure that the Site functions properly.

Cookies: Cookies are text files, containing small amounts of information, which are downloaded to your browsing device (such as a computer or smartphone) when you visit a Site. Cookies allow us to recognize your browsing device and preferences and generally help to improve your online experience, as well as to provide us with anonymous information to check the usefulness of, and make improvements to, our Site. Cookies may be placed on your computer and/or mobile device by both us and by third parties with whom we have a relationship, such as web analytics services. You may refuse cookies by activating the setting on your browser. However, if you select this setting, you may not have the same user experience. To learn more about how to manage cookies, visit www.allaboutcookies.org/manage-cookies/ (please note that this Site is not connected to us and we are not responsible for its content).

Web Beacons and Pixel Tags: We may utilize a technology called a “web beacon” or “pixel tag”.  We may use web beacons to help determine which email messages sent by us were opened and whether a message was acted upon. Web beacons also help analyze the effectiveness of Sites by measuring the number of visitors to a site or how many visitors clicked on key elements of a site.

Third Party Analytics: We also use automated devices and applications, such as Google Analytics (more info https://support.google.com/analytics/answer/6004245?hl=en-GB, please note that this Site is not connected to us and we are not responsible for its content) to evaluate the use of our Site. We use these tools to gather non-personal data about users to help us improve our services and user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on our Site with other information they have collected for their own purposes. This Privacy Policy does not cover such uses of data by third parties.

Your Choices About How We Use and Disclose Other Information

Uses and Disclosures of Other Information. We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do this, we will treat the combined information as Personal Information. For example, we may work with data providers to tailor our communications to you, including research and outreach communications, based on your areas of interest and other information about you. To do this, we may place cookies on your browser and combine IP address or browsing history with other de-identified data (such as a hashed, non-readable e-mail or postal address). We may then communicate with you through mail, email or other channels.

Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s Site. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

Marketing Communications. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by sending your request to contact@grythealth.com. You can also always opt-out by following the opt-out or unsubscribe instructions at the bottom of the email.  Please note that such requests may take up to ten (10) business days to become effective.  You may continue to receive service-related and other non-marketing emails.  If you receive marketing text messages from us, you may be able to opt-out of receiving further marketing text messages from us by replying STOP to our marketing message, or by contacting us at contact@grythealth.com.

Telephone Communications. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.

Modify Your Information.   You may request to review, correct, update, suppress or otherwise modify any Personal Information that you have previously provided to us through the Site, or object to the use of such Personal Information by us.  For your protection, we will only implement requests with respect to the Personal Information associated with the particular individual if we can verify the identity of that individual. We aim to comply with requests as soon as reasonably practicable.

Notice to California Residents

The California Consumer Privacy Act (CCPA) provides California residents with specific rights regarding their Personal Information.  This section describes California residents’ CCPA rights and explains how to exercise those rights.  These rights are not absolute and, in certain cases, we may decline a request as permitted by law.

Information Rights.  California residents have the right to request details of the specific categories and Personal Information collected about them over the past twelve months.

Access Rights.  California residents have the right to request a copy of the Personal Information that we have collected about them during the past 12 months.

Deletion Request Rights.  California residents have the right to ask us to delete any of their Personal Information that we have collected and retained, subject to certain limitations.  We may deny a Deletion Request and will provide notice of our legal basis for denying such request.

If you are a California resident and wish to exercise one or more of your rights as provided above, please use one of the contact methods provided under “Contacting Us.” We will need to confirm your identity to process your requests to exercise your information, access or deletion rights.  We cannot process your request if you do not provide us with sufficient detail to allow us to verify your identity, and understand and respond to the request.

Non-Discrimination.  You are entitled to exercise the rights described above free from discrimination.  This means that we will not penalize you for exercising your rights by taking actions such as denying you services, increasing the price/rate of services, decreasing service quality, or suggesting that we may penalize you as described above for exercising your rights.

Lawful Basis for Processing Personal Information

The laws in some countries require us to tell you about the lawful grounds we rely on to collect, use, disclose, and otherwise process your Personal Information. To the extent those laws apply, we have several different lawful bases for processing your Personal Information including: (a) as necessary to provide a service or information you request; (b) to comply with legal obligations; (c) based on your consent, and (d)   in support of our legitimate interests, where those interests are not overridden by your fundamental rights and freedoms. In many cases, we handle Personal Information because it furthers our legitimate business and charitable interests. This includes:

  • Providing a safe user experience on our Site;
  • Customer service;
  • Protecting users, our employees, our volunteers, and our property;
  • Analyzing and improving our operations (e.g., optimizing the design and operation of our Site); and
  • Managing legal issues.

Jurisdiction and Cross-Border Transfer

We are located in the United States but offer our website to users internationally.  Your Personal Information may be transferred to the United States or other locations outside of your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities may be entitled to access your Personal Information. Where required, data transfers will be made subject to the terms of the applicable Standard Contractual Clauses or with your consent.

Information on Third-Parties

If you disclose any Personal Information relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

Third Party Sites

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site to which this Site contains a link. Please read the terms, conditions and policies of such third party sites before accessing or using such sites. The inclusion of a link on the Site does not imply any endorsement of the linked site by us or by our affiliates.

Security

To prevent unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and to ensure the correct use of information, we employ physical, technical and administrative procedures to safeguard this Site and the personal information we collect. All of our employees and any third parties we employ to process your personal information are obliged to respect its confidentiality. However, transmission of information through the internet is not secure. Although we seek to protect your information as described above, we cannot guarantee the security of any information you transmit to the Site or to us, and you transmit such information at your own risk.  Please do not send sensitive or confidential information to us by email or by any other means in connection with the Site. If you have reason to believe that your communications with us have been compromised in any way, please immediately notify us of the problem by contacting us as provided in the “Contacting Us” section below.

Retention Period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law.

Use Of Site By Minors

Our Site is not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Site. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Site or through any of its features, register on the Site, use any of the interactive or public comment features of this Site, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us using a method provided under the heading “Contacting Us.”

Governing Law and Jurisdiction

All matters relating to the Site and the Privacy Policy, and any dispute or claim arising therefrom or related thereto, shall be governed by and construed in accordance with the internal laws of the State of California without giving effect to any choice or conflict of law provision or rule (whether of the State of California or any other jurisdiction).  This Site is operated, in whole or in part, from the United States.  Text on this Site may be published in languages other than English.  In all instances, the English language version of any text, including this Privacy Policy, controls the legal impact and interpretation of this Site and its use.

Contacting Us

If you have any questions or comments about this notice, the ways in which GRYT Health collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California or other applicable law, please do not hesitate to contact us by:

Phone: 844-ITS-GRYT (844-487-4132)

Site: https://grythealth.com/about/contact-us/

Email: contact@grythealth.com

 

Postal Address:

GRYT Health, Inc.

919 Winton Road South

Suite 307

Rochester, NY 14618

 

Rights in the European Union

If you are in the European Union or a resident of the European Union, the General Data Protection Regulation (GDPR) gives certain rights to applicable individuals in relation to their personal data. As applicable, we put transparency and access controls into place to help GDPR-based users exercise those rights. As required under GDPR, the rights afforded to you are: 

 

A Right of Access.  You have the right to obtain (i) confirmation as to whether personal data concerning you are processed or not and, (ii) if processed, to obtain access to such data and a copy of such data.

 

A Right to Rectification.  You have the right to obtain the rectification of any inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

A Right to Erasure.  In some cases, you have the right to obtain the erasure of personal data concerning you. Upon request, GRYT Health will permanently and irrevocably anonymize your data such that it can never be reconstructed to identify you as an individual. However, this is not an absolute right and GRYT Health may have legal or legitimate grounds for keeping such data.

 

A Right to Restriction of Processing.  In some cases, you have the right to restrict the processing of your personal data.

 

A Right to Data Portability.  You have the right to receive the personal data concerning you which you have provided to GRYT Health, in a structured, commonly used, and machine-readable format, and you have the right to transmit such data to another controller without hindrance from GRYT Health. This right only applies when the processing of your personal data is based on your consent or a contract and such processing is carried out by automated means.

 

A Right to Object to Processing.  You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when such processing is based on the legitimate interest of GRYT Health. We may, however, invoke compelling legitimate grounds for continued processing. When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of such data. You may, in particular, exercise that right by clicking on the “unsubscribe” link provided at the bottom of any messages received, or by contacting us at contact@grythealth.com.

 

A Right to Lodge a Complaint with the Competent Supervisory Authority.  You have the right to contact the supervisory authority to complain about our personal data protection practices.

 

A Right to Give Instructions Concerning the Use of Your Data After Your Death.  As required by applicable law, you may have the right to give GRYT Health instructions concerning the use of your personal data after your death. To exercise one or more of these rights, you can email contact@grythealth.com. You may access your personal data to modify or update at any time via your account on the website, or by emailing contact@grythealth.com.

 

We will respond to your request in a reasonable timeframe in accordance with applicable law.

 

GDPR Legal Bases for Processing Personal Data

In accordance with GDPR, GRYT Health provides the following information regarding its Article 6 legal bases for personal data processing:

  • The performance of the contract between you and GRYT Health for the data processing relating to your use of our services;
  • Our business interest in providing you with emails and push notifications for timely introductory materials and information about GRYT Health, our services, features, and updates;
  • Our business interest in offering you particularized or adapted content based on your usage of our services;
  • Our business interest in collecting data regarding your general usage activities for the purpose of improving our overall user experience;
  • Our business interest in providing you with communications regarding your account, questions about our content offerings, or any other matters directed to customer service staff, in order to have clear and easy communication with you and to respond to all your requests;
  • Our business interest in collecting data related to unplanned downtime or errors in the services; and
  • Our business interests in complying with our legal obligations.

 

To the extent that you have provided appropriate consent under applicable law to certain processing activities, such consent can be withdrawn at any time by emailing contact@grythealth.com.

 

Representation for Data Subjects in the European Union

 

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/13401180630.