hello@grailinsights.com

Privacy Policy

LAST REVISION UPDATE: February 4, 2020

Grail Insights, Inc. ("Grail Insights" or “We” or “Us” or “Our”) recognizes the importance of protecting your privacy. The following privacy policy ("Privacy Policy") applies to all of our customers and website visitors and describes what information Grail Insights collects on this website (the "Site") and through its business activities, how Grail Insights collects that information, and how Grail Insights stores, uses, transfers, and discloses (collectively "Uses") the collected information. This Privacy Policy is subject to Grail Insights’ Terms and Conditions ("T&Cs") at https://www.grailinsights.com/terms-conditions/. Grail Insights may update or amend this Privacy Policy from time to time, as Grail Insights deems necessary. When Grail Insights updates or amends its Privacy Policy, We will post the revision date of the updated or amended Privacy Policy at the top of the document.

EU – U.S. PRIVACY SHIELD AND SWISS – U.S. PRIVACY SHIELD COMPLIANT

Grail Insights is committed to and fully complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Grail Insights has certified to the Department of Commerce that it adheres to the seven Privacy Shield Principles of Notice: Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

AFFILIATE, PARTNER AND THIRD-PARTY WEB SITES

This Privacy Policy applies to this Site only. To the extent that this Site permits you to link to other websites of Grail Insights’ affiliates, partners, or other third parties, separate privacy policies may apply to those linked websites. Those separate privacy policies may contain different terms that are not the same as those terms contained in Grail Insights’ Privacy Policy. Your access to and use of such linked websites through links that are provided on this Site are not governed by this Privacy Policy. Rather, your access to and use of such linked websites are governed by the privacy policies in those linked websites, and Grail Insights expressly disclaims any and all responsibility for your access to and use of such linked websites, as well as for any use of the Personal Information (defined below) that you may provide, or any Personal Information that may be collected about you (including via cookies), at such linked websites.

PURPOSE OF COLLECTION OF PERSONAL INFORMATION

“Personal Data" is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that We have access to. Grail Insights collects Personal Information in order to provide you with enhanced features such as customized content, access to special sections on Our website, or e-mail delivery of blog posts. Further, this Personal Information will enable Us to respond to your requests, to communicate with you, to support or enhance your relationship with Us, and improve Our services.  Where you have consented to a particular processing, you have a right to withdraw the consent at any time.

WHAT PERSONAL INFORMATION GRAIL INSIGHTS ACTIVELY COLLECTS

Such Personal Information is provided by you on a voluntary basis, and by submitting your Personal Information you consent to its use in a manner consistent with the Privacy Policy. You can choose not to provide certain information, but then you may not be able to take advantage of or participate in some of the Site’s features.

WHAT PERSONAL INFORMATION GRAIL INSIGHTS PASSIVELY COLLECTS: COOKIES AND OTHER TECHNOLOGIES

This Site, Grail Insights’ online services, applications, platforms, email messages, and advertisements, if any, may use "cookies" and other technologies to collect information about you. A cookie is a small data file stored on the web browser on your computer’s hard drive. A cookie associates the identification numbers built into the cookie with information about you that you have provided to Us. This association allows Us to recognize you when you arrive at our website. Other technologies tell Us where on our website you have visited, counts how many users visited certain web pages within Our website, and measures the effectiveness of advertisements, if any, and web searches.

Like most websites, We also automatically collect some tracking information and store that tracking information in an anonymous, aggregated and non-personal format. This tracking information includes Internet Protocol (IP) addresses, browser type and language, Internet Service Provider (ISP), operating system used, date and time stamps and click stream data. We use this tracking information to understand and analyze trends, to administer Our website, and to learn about user behavior on Our website. However, Grail Insights may use IP addresses to identify you when Grail Insights feels, in its sole discretion, that it is necessary to enforce compliance with its T&Cs, this Privacy Policy, to protect Our services, website, systems, information, employees, business partners, affiliates, users, customers or others, or when required by law. We also may determine what technology is available through your browser in order to serve you the most appropriate version of a web page. For example, We may determine that you have installed a version of Flash, and We will then send you the appropriate Flash version of the web page rather than an HTML page.

LIMITATIONS ON USE AND DISCLOSURE OF PERSONAL INFORMATION

As a general rule, Grail Insights does not share with or disclose to any third parties any specific Personal Information collected from you, except (a) as otherwise described in this Privacy Policy, (b) when Grail Insights has your permission, (c) other than to support Grail Insights’ operations and as necessary to facilitate the purpose for which you provided it, or (d) under special circumstances such as, but not limited to, when Grail Insights believes in good faith that the law requires such disclosure, or when the disclosure will protect the safety of others.

Affiliates: Grail Insights may share any or all of your Personal Information with and among Our affiliated or related entities, including Grail Insights affiliates located in the EU and elsewhere. These affiliated companies will use your Personal Information only to accomplish the purposes for which the Personal Information was collected. Any onward transfer of your Personal Information may also be done to allow these entities to offer you information about their businesses, products or services that may be of interest to you, or for other lawful business purposes.

Accountability for Onward Transfer (Transfers to Third Parties): If Grail Insights transfers information to a third party that is acting as its agent, Grail Insights will require the third party to have adequate privacy protection as is required by the relevant Privacy Shield Principles or under other data protection laws. With respect to onward transfers, Grail Insights remains liable under the Principles if Our agent processes personal information in a manner inconsistent with the Principles, unless Grail Insights proves that it is not responsible for the event giving rise to the damage.

Other: Grail Insights may, if required by law, legal process, litigation and/or requests from public or governmental authorities, disclose your Personal Information. We may also disclose Personal Information about you if We determine, in good faith and in Our sole discretion, that such disclosure is necessary for purposes of national security, law enforcement, the prevention of a crime, or other issues of public importance. We may also disclose Personal Information about you if We determine, in Our sole discretion, that it is reasonably necessary to enforce the T&Cs, or to protect Our operations or users. Additionally, in the event of a corporate reorganization, merger or acquisition, or sale, We may transfer any and all Personal Information we collect to a relevant third party.

OPTING OUT: HOW YOU CONTROL THE USE OF YOUR PERSONAL INFORMATION

In the event you decide that you want to opt out from Grail Insights’ use of your Personal Information that you previously provided to Grail Insights, you may opt out of Our use of your Personal Information by using the "Contact Us" option at https://www.grailinsights.com/contact.

Additionally, you can contact Us regarding exercising the following rights:

INTEGRITY, PROTECTION AND RETENTION OF YOUR PERSONAL INFORMATION

While Grail Insights endeavors to protect your Personal Information, We cannot warrant the security of any Personal Information, and ultimately you provide your Personal Information to Us at your own risk. Grail Insights uses commercially reasonable efforts and security practices to safeguard your Personal Information, and employs security measures designed to protect your Personal Information from access by unauthorized persons. Some of those measures include, but may not be limited to, encryption, physical access controls, restricted access to data, monitoring for threats and vulnerabilities, and firewalls and use of Secure Socket Layers (SSL). Grail Insights retains your Personal Information for the period necessary to fulfil the purpose for which it was collected, as outlined previously in this Privacy Policy, unless a longer retention period is mandated or permitted by law.

CHILDREN

This website is not intended for use by children. Grail Insights does not knowingly solicit or collect Personal Information from children under the age of 13. If you are under the age of 18, you must obtain the consent of your parent or guardian to use this website. Grail Insights encourages parents and guardians to take an active role in their children’s online activities and interests.

FEDERAL TRADE COMMISION ENFORCEMENT POWERS

As a Privacy Shield participating organization, Grail Insights is subject to the jurisdiction of the Federal Trade Commission.  Under the Federal Trade Commission Act, an organization’s failure to abide by commitments to implement the Privacy Shield Principles may be challenged as deceptive by the FTC.  The FTC has the power to prohibit such misrepresentations through administrative orders or by seeking court orders.

INQUIRIES AND COMPLAINTS

In compliance with EU – U.S. Privacy Shield and Swiss – U.S. Privacy Shield principles, Grail Insights commits to respond to inquiries and resolve complaints about your privacy and Our collection or use of your Personal Information. Any individual with inquiries or complaints regarding this Privacy Policy and/or his or her Personal Information should first contact the following Grail Insights E-mail: privacy@grailinsights.com

Grail Insights has further committed to refer unresolved privacy complaints to the EU Data Protection Authorities (EU DPAs). To find your country’s Data Protection Authority, please click here https://edpb.europa.eu/about-edpb/board/members_en.  Grail Insights commits to cooperate with EU DPAs and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.  You may have the ability, under certain conditions, to invoke binding arbitration with a Privacy Shield Panel for complaints regarding Grail Insights’ Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information regarding this arbitration, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

General Data Protection Regulation (GDPR) Compliance

Grail Insights is a business process outsourcing company and may process European Economic Area (“EEA”) residents’ personal data.  When it does, it does so in compliance with the General Data Protection Regulation (“GDPR”).

Under the GDPR, there are 6 legal bases for processing personal data of EEA residents:

Under the GDPR, EEA residents have the following rights:

Rights related to automated decision making and profiling.

Grail Insights will continue to (and ensure that any subprocessor acting under its authority will):

Employee education is an important component of Grail Insights’ security and privacy regime.  Regular awareness and education about the importance of information security are provided to all Grail Insights employees through newsletters, awareness posters, trainings, and infomercials.

California Consumer Privacy Act of 2018 (CCPA) Compliance

California residents have been afforded new rights under the CCPA.  Specifically, a California resident has the right to:

Personal information or erasure requests may be submitted on Grail Insights’ website’s contact page found here: https://www.grailinsights.com/contact.  Alternatively, such a request can be made by calling the following toll-free number: +1 (800) 895-9186 or dropping email at privacy@grailinsights.com.

In the past twelve months since the policy effective date, Grail Insights has collected the following categories of personal data: contact information, government IDs, cookies, social security number, health information, information on race, gender, and ethnicity, professional, educational, and employment information.  The source of all of these categories’ personal information is either from law firm or corporate clients for whom Grail Insights processes data on behalf of (almost always electronically), Grail Insights’ human resources department via the receipt of resumes and job applications on the Grail Insights website, and Grail Insights’ marketing department via cookies on the Grail Insights website as well as a “Contact Us” submission page.  All categories of data are used either in support of the data processing services Grail Insights provides to its clients as a business process outsourcing company, for its own internal market research and human resources functions, or for legal and compliance purposes.  Grail Insights only discloses personal information for its business process outsourcing operations in accordance with instructions it receives from its clients -- the data controllers.

CHANGES TO THIS PRIVACY POLICY AND NOTIFICATION TO YOU

Grail Insights reserves the right, in its sole discretion, to make changes to this Privacy Policy. When changes are made to the Privacy Policy, the "Last Revision Date" field at the top of the Privacy Policy will be updated accordingly. Changes to the Privacy Policy become effective upon posting and updating the "Last Revision Date." Grail Insights encourages you to periodically review the Privacy Policy to be informed of any changes.  Grail Insights will at a minimum update the Privacy Policy annually.