Effective Date: 02/04/2016
Last Reviewed on: 10/08/2021
GRYT Health, Inc., its subsidiaries and other affiliate companies (collectively, “Company,” “we,” “us” or “our”) respect your privacy and are committed to protecting it through our compliance with this policy.
How We Collect Information About You
“Personal Information” is information that is not publicly available that identifies, relates to, describes or may be associated with you. We may collect such Personal Information in any of the following ways:
Directly from you. Personal Information you provide directly to us through the Site or otherwise. Such Personal Information may include business and personal contact information, such as your first and last name, email and mailing address, phone number, professional information, and such information you may upload to our Sites, including in the process of creating an online account.
Third Parties. We may obtain Personal Information about you from third parties, for example, if a friend or family member shares your information through our Site or if you are a researcher and your information is shared with us by the principal investigator or institution.
What Personal Information We Collect
When you visit our Site, including when you sign up for an account through our Site, we may collect, use and store Personal Information about you that falls into one or more of the following categories:
Identifiers. Examples of identifiers may include your real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, medical information, or other similar identifiers.
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Examples of Personal Information under the California Customer Records statute may include your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Protected classification characteristics under California or federal law. Examples of protected classification characteristics may include age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status.
Internet or other similar network activity. Examples of internet and network activity may include browsing history, search history, information on a consumer’s interaction with a Site, application, or advertisement.
In addition to the above categories, visitors that sign up for an account on our Site may choose to share additional Personal Information that may fall into one or more of the following categories:
Professional or employment-related information. Professional or employment-related information may include any information relating to a person’s current, past or prospective employment or professional experience (e.g., job history, performance evaluations).
Sensory data. Sensory data may include audio, electronic, visual, thermal, olfactory, or similar information, including videos and recorded voice messages.
How We May Use Personal Information That We Collect
We and our service providers may use Personal Information for the following purposes:
Provide Our Services. We will use your Personal Information to respond to your inquiries and to provide you with the information, resources and support services you request. We may use your Personal Information to better communicate with you, including to keep you informed about new developments, research and opportunities. We may also use your Personal Information to understand how our services are used and to develop, evaluate and improve our programs and services.
Data Analytics. We perform data analysis and research activities to gain a greater general understanding of visitors to our Site and the communities that we serve.
Other Business Purposes. We may use your Personal Information when necessary to maintain the safety, security, and integrity of our Site, services, community and business.
Legal Obligation. In rare cases, we may share your Personal Information to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
With Your Consent. In addition to the other uses described in this section, we may also use your information as you expressly authorize us to do so.
With Whom We May Share Your Personal Information
We do not sell your Personal Information. To provide our services, your Personal Information may be shared with:
Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Site (such as customer support, hosting, analytics, email delivery, and database management services). These third parties may use your personal information only as directed or authorized by us and are prohibited from using or disclosing your information for any other purpose.
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Governmental authorities. We may disclose your personal information to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Sites and our products and services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Your Consent. In addition to the other disclosures described in this section, we may also disclose your information as you expressly authorize us to do so.
Other Information We Collect
We may collect information that does not reveal your specific identity or does not directly relate to an identifiable individual, referred to throughout this Privacy Statement as “Other Information,” including browser and device information, App usage data, Internet Protocol address, information collected through cookies, pixel tags and other technologies. Other Information also includes information that has been anonymized or aggregated in a manner that it no longer reveals your specific identity.
De-Identified or Aggregate Information. We use De-Identified Information and Aggregate Information for activities including data analysis and research to gain a greater general understanding of the communities we serve. “De-Identified Information” means information where identifiers have been removed so that it does not directly or indirectly identify and cannot reasonably be used to identify an individual. “Aggregate Information” means information about groups or categories of individuals which does not identify and cannot reasonably be used to identify an individual. For example, we may use Aggregate Information to compare the types of services our constituents utilize in one geographic location with another to understand how the two groups are different or similar.
Log Files: Most Internet browsers transmit certain information to Sites that you visit, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files. We use this information to ensure that the Site functions properly.
Web Beacons and Pixel Tags: We may utilize a technology called a “web beacon” or “pixel tag”. We may use web beacons to help determine which email messages sent by us were opened and whether a message was acted upon. Web beacons also help analyze the effectiveness of Sites by measuring the number of visitors to a site or how many visitors clicked on key elements of a site.
Your Choices About How We Use and Disclose Other Information
Uses and Disclosures of Other Information. We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do this, we will treat the combined information as Personal Information. For example, we may work with data providers to tailor our communications to you, including research and outreach communications, based on your areas of interest and other information about you. To do this, we may place cookies on your browser and combine IP address or browsing history with other de-identified data (such as a hashed, non-readable e-mail or postal address). We may then communicate with you through mail, email or other channels.
Marketing Communications. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by sending your request to firstname.lastname@example.org. You can also always opt-out by following the opt-out or unsubscribe instructions at the bottom of the email. Please note that such requests may take up to ten (10) business days to become effective. You may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may be able to opt-out of receiving further marketing text messages from us by replying STOP to our marketing message, or by contacting us at email@example.com.
Telephone Communications. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.
Modify Your Information. You may request to review, correct, update, suppress or otherwise modify any Personal Information that you have previously provided to us through the Site, or object to the use of such Personal Information by us. For your protection, we will only implement requests with respect to the Personal Information associated with the particular individual if we can verify the identity of that individual. We aim to comply with requests as soon as reasonably practicable.
Notice to California Residents
The California Consumer Privacy Act (CCPA) provides California residents with specific rights regarding their Personal Information. This section describes California residents’ CCPA rights and explains how to exercise those rights. These rights are not absolute and, in certain cases, we may decline a request as permitted by law.
Information Rights. California residents have the right to request details of the specific categories and Personal Information collected about them over the past twelve months.
Access Rights. California residents have the right to request a copy of the Personal Information that we have collected about them during the past 12 months.
Deletion Request Rights. California residents have the right to ask us to delete any of their Personal Information that we have collected and retained, subject to certain limitations. We may deny a Deletion Request and will provide notice of our legal basis for denying such request.
If you are a California resident and wish to exercise one or more of your rights as provided above, please use one of the contact methods provided under “Contacting Us.” We will need to confirm your identity to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to verify your identity, and understand and respond to the request.
Non-Discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services, increasing the price/rate of services, decreasing service quality, or suggesting that we may penalize you as described above for exercising your rights.
Lawful Basis for Processing Personal Information
The laws in some countries require us to tell you about the lawful grounds we rely on to collect, use, disclose, and otherwise process your Personal Information. To the extent those laws apply, we have several different lawful bases for processing your Personal Information including: (a) as necessary to provide a service or information you request; (b) to comply with legal obligations; (c) based on your consent, and (d) in support of our legitimate interests, where those interests are not overridden by your fundamental rights and freedoms. In many cases, we handle Personal Information because it furthers our legitimate business and charitable interests. This includes:
- Providing a safe user experience on our Site;
- Customer service;
- Protecting users, our employees, our volunteers, and our property;
- Analyzing and improving our operations (e.g., optimizing the design and operation of our Site); and
- Managing legal issues.
Jurisdiction and Cross-Border Transfer
We are located in the United States but offer our website to users internationally. Your Personal Information may be transferred to the United States or other locations outside of your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities may be entitled to access your Personal Information. Where required, data transfers will be made subject to the terms of the applicable Standard Contractual Clauses or with your consent.
Information on Third-Parties
Third Party Sites
To prevent unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and to ensure the correct use of information, we employ physical, technical and administrative procedures to safeguard this Site and the personal information we collect. All of our employees and any third parties we employ to process your personal information are obliged to respect its confidentiality. However, transmission of information through the internet is not secure. Although we seek to protect your information as described above, we cannot guarantee the security of any information you transmit to the Site or to us, and you transmit such information at your own risk. Please do not send sensitive or confidential information to us by email or by any other means in connection with the Site. If you have reason to believe that your communications with us have been compromised in any way, please immediately notify us of the problem by contacting us as provided in the “Contacting Us” section below.
Use Of Site By Minors
Our Site is not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Site. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Site or through any of its features, register on the Site, use any of the interactive or public comment features of this Site, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us using a method provided under the heading “Contacting Us.”
Governing Law and Jurisdiction
If you have any questions or comments about this notice, the ways in which GRYT Health collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California or other applicable law, please do not hesitate to contact us by:
Phone: 844-ITS-GRYT (844-487-4132)
GRYT Health, Inc.
919 Winton Road South
Rochester, NY 14618
Rights in the European Union
If you are in the European Union or a resident of the European Union, the General Data Protection Regulation (GDPR) gives certain rights to applicable individuals in relation to their personal data. As applicable, we put transparency and access controls into place to help GDPR-based users exercise those rights. As required under GDPR, the rights afforded to you are:
A Right of Access. You have the right to obtain (i) confirmation as to whether personal data concerning you are processed or not and, (ii) if processed, to obtain access to such data and a copy of such data.
A Right to Rectification. You have the right to obtain the rectification of any inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
A Right to Erasure. In some cases, you have the right to obtain the erasure of personal data concerning you. Upon request, GRYT Health will permanently and irrevocably anonymize your data such that it can never be reconstructed to identify you as an individual. However, this is not an absolute right and GRYT Health may have legal or legitimate grounds for keeping such data.
A Right to Restriction of Processing. In some cases, you have the right to restrict the processing of your personal data.
A Right to Data Portability. You have the right to receive the personal data concerning you which you have provided to GRYT Health, in a structured, commonly used, and machine-readable format, and you have the right to transmit such data to another controller without hindrance from GRYT Health. This right only applies when the processing of your personal data is based on your consent or a contract and such processing is carried out by automated means.
A Right to Object to Processing. You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when such processing is based on the legitimate interest of GRYT Health. We may, however, invoke compelling legitimate grounds for continued processing. When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of such data. You may, in particular, exercise that right by clicking on the “unsubscribe” link provided at the bottom of any messages received, or by contacting us at firstname.lastname@example.org.
A Right to Lodge a Complaint with the Competent Supervisory Authority. You have the right to contact the supervisory authority to complain about our personal data protection practices.
A Right to Give Instructions Concerning the Use of Your Data After Your Death. As required by applicable law, you may have the right to give GRYT Health instructions concerning the use of your personal data after your death. To exercise one or more of these rights, you can email email@example.com. You may access your personal data to modify or update at any time via your account on the website, or by emailing firstname.lastname@example.org.
We will respond to your request in a reasonable timeframe in accordance with applicable law.
GDPR Legal Bases for Processing Personal Data
In accordance with GDPR, GRYT Health provides the following information regarding its Article 6 legal bases for personal data processing:
- The performance of the contract between you and GRYT Health for the data processing relating to your use of our services;
- Our business interest in providing you with emails and push notifications for timely introductory materials and information about GRYT Health, our services, features, and updates;
- Our business interest in offering you particularized or adapted content based on your usage of our services;
- Our business interest in collecting data regarding your general usage activities for the purpose of improving our overall user experience;
- Our business interest in providing you with communications regarding your account, questions about our content offerings, or any other matters directed to customer service staff, in order to have clear and easy communication with you and to respond to all your requests;
- Our business interest in collecting data related to unplanned downtime or errors in the services; and
- Our business interests in complying with our legal obligations.
To the extent that you have provided appropriate consent under applicable law to certain processing activities, such consent can be withdrawn at any time by emailing email@example.com.
Representation for Data Subjects in the European Union
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/13401180630.