GreyMatter Product
User Privacy Notice

ReliaQuest, LLC (“ReliaQuest”) is a Florida limited liability company located at 1001 Water Street, Suite 1900, Tampa, Florida 33602, United States of America. ReliaQuest and its subsidiaries (“Company,” “We,” “Us” or “Our”) describe in this GreyMatter Product User Privacy Notice (“Notice”) Our practices for handling the data or information related to an identifiable person (“User Information”) that are collected by or made available to Us through or in connection with users’ download of, installation of, registration or authentication with, access to, or use of the ReliaQuest GreyMatter browser-based web application (“GreyMatter Web”) and the ReliaQuest GreyMatter mobile application (“GreyMatter Mobile,” and together, with GreyMatter Web, “GreyMatter”). In particular, this Notice describes:

The types of User Information We may collect or that users may make available to Us when users download, install, register or authenticate with, access, or use GreyMatter (see Collection of User Information); and
Our practices for using, disclosing, maintaining and protecting User Information that We may collect or that users may make available to Us when users download, install, register or authenticate with, access, or use GreyMatter (see Use of User Information, Disclosure of User Information, and Data Security and Retention).

This Notice applies only to User Information We collect through or in connection with GreyMatter. This Notice does not apply to data or information that We collect offline, separately from GreyMatter, or on any other Company websites or applications or to data or information that users may provide to, or may be collected by, any third party (see Information Collection by Third Parties). Our other websites and applications, and those of any third parties, have their own privacy policies and practices, which We encourage users of GreyMatter to read before providing information on or through them.

Please read this Notice carefully to understand Our policies and practices regarding User Information and how We will handle User Information. If users do not agree with Our policies and practices as described in this Notice, then users should not download, install, register or authenticate with, access, or use GreyMatter. By installing, downloading, registering or authenticating with, accessing, or using GreyMatter, users accept the policies and practices outlined in this Notice. This Notice must be read in conjunction with the GreyMatter Platform and Support Agreement and the GreyMatter Mobile Application License Agreement, which govern access to and use of GreyMatter Web and GreyMatter Mobile, respectively.

Depending on where users reside or the jurisdiction in or through which users download, install, register or authenticate with, access, or use GreyMatter and the laws applicable to such users and the relevant User Information in those circumstances, users may be entitled to certain additional rights with respect to their User Information (see Jurisdiction-Specific Information on Privacy Rights).

This Notice may change from time to time (see Changes to this Notice). Continued access to or use of GreyMatter after We revise this Notice means users accept the changes to Our policies and practices outlined in the Notice, as revised.

Collection of User Information

When users download, install, register or authenticate with, access, or use GreyMatter, users may make available to Us, We may ask users to provide, or GreyMatter may automatically collect User Information as provided in the following chart:

Category	Examples	Collected?
Personal identifiers	Name or other unique identifier (name, username, account name); relevant user or account information	Yes
Demographic data	Age, race, gender or other protected classifications (citizenship, religion, disability, sexual orientation, veteran)	No
Commercial information	Products or services purchased; purchase or consuming histories or tendencies; consumer profile metrics (aggregate or prediction interests, habits, trends)	No
Biometric information	Genetic, physiological, behavioural and biological characteristics; fingerprints, faceprints, voiceprints, iris or retina scans; health-related data	No
Device or network activity data	Unique identifiers (IP address, MAC address, device serial number); log data (browser type or operating system); browsing or search history; application interaction or engagement analytics	Yes
Geolocation data	Physical location; movement tracking	No
Sensory data	Audio or visual records (users communications with Us)	Yes
Career information	Resume; job title, employment history	No
Non-public education information	Student or school records; grades or transcripts	No
Sensitive information	Government identifiers (social security number, driver’s license number); genetic or biometric data; precise geolocation; third-party communications; health or sexual information	No

Users may also provide User Information to Us by interacting with GreyMatter, such as by corresponding with Us using free-text response forms in GreyMatter or reporting issues or errors users encounter with respect to GreyMatter. We do not control users’ decisions to provide additional User Information when users interact with such free-text response forms or when reporting issues or errors users encounter with respect to GreyMatter, and users are responsible for the contents of the specific information, including any User Information, that users provide to Us in those cases.

Usage Data and Analytics Technologies

We may automatically collect User Information about users’ interaction with GreyMatter. For example, we use third-party session replay technologies, like Pendo.ai, to generate replays of user sessions in GreyMatter based on users’ clicks, mouse or cursor movements, scrolls, and keystrokes or similar device interfaces. We leverage usage data and analytics technologies to collect and analyze metadata and related information about how users interact with GreyMatter, which allows Our product development, security, and management teams to, among other things, prepare reports on the use of GreyMatter, analyze GreyMatter insights, monitor and maintain the security of GreyMatter, create new features or functionalities for, or further develop, GreyMatter, and enrich the GreyMatter user interface and experience. The metadata and related information may include User Information. If users do not want Us to collect metadata and related information with respect to users’ interactions with GreyMatter, users may notify Us of their specific request in the manner described in the Contact Information section of this Notice.

Biometric Authentication for GreyMatter Mobile

If users voluntarily use GreyMatter Mobile with or on an Apple or an Android/Google mobile device with biometric authentication functionality, We may offer users the optional capability to authenticate, access, and use GreyMatter Mobile through FaceID or TouchID for Apple devices or Face Unlock or Fingerprint Unlock for Android/Google devices. To enable and use biometric authentication functionality with GreyMatter Mobile, a user must use GreyMatter Mobile with or on a mobile device with biometric authentication functionality and save the user’s login credentials for GreyMatter Mobile on the user’s mobile device. If a user enables and uses biometric authentication functionality with GreyMatter Mobile, anyone with access to the user’s biometric information, such as the user’s fingerprint(s) or face, may be able to access GreyMatter Mobile on the user’s behalf. We recommend that users employ a strong device password or other security measures as an additional layer of security for the user’s device. Neither We nor GreyMatter Mobile have direct access to a user’s fingerprint(s), facial recognition information, or other biometric authentication information stored or processed on the user’s device.

For additional information on the biometric authentication functionality for Apple devices, see the Apple Platform Security documentation, available as of the Effective Date at https://support.apple.com/guide/security/welcome/web. For additional information on the biometric authentication functionality for Android/Google devices, see the Android security documentation, available as of the Effective Date at https://source.android.com/docs/security. You should also review your mobile device manufacturer’s product manual or other operating instructions for additional information on the biometric authentication functionality available on or with your device, if any.

Information Collection by Third Parties

In the course of downloading, installing, registering or authenticating with, accessing, or using GreyMatter, users may provide User Information to third parties or third parties may use information collection or tracking technologies to collect User Information about users or their devices. These third parties may include:

The users’ electronic communication devices (e.g., mobile phones, tablets, laptops, and desktop computers) or telecommunications service provider;
The manufacturers, distributors, or retailers of the users’ electronic communication devices (and their components), as well the parties who may control or access the users’ electronic communication devices, such as their employers;
The developers of the operating system or other applications operating on the users’ electronic communications devices or with which the users interact using their electronic communication devices, including the digital marketplaces or Internet browsers through which GreyMatter is made available to users; or
The persons responsible for developing, hosting or otherwise making available webpages and associated content, including the third parties of such persons, to the extent users interact with links or plug-ins to other webpages and associated content through or in connection with GreyMatter.

The User Information these third parties collect may be associated with users directly, or the third parties may collect User Information about particular users over time and across different websites, apps, and other online or offline services or interactions. We do not control these third parties’ information collection or tracking technologies, and this Notice does not detail the data handling policies and practices of such third parties. If users have any questions about the data handling policies and practices of the third parties described in this section of the Notice (Information Collection by Third Parties), users should contact the relevant third party directly.

Use of User Information

We use User Information that We collect, as outlined elsewhere in this notice (see Collection of User Information), for the following purposes:

ReliaQuest solutions: To make GreyMatter available to users and Our other customers and to enable the download of, installation of, registration or authentication with, access to, or use of use of GreyMatter, including to communicate the content, notifications, updates, and other features in or about GreyMatter and to configure, provide training and support regarding, and monitor usage of GreyMatter.
Support: To support Our provisioning and users’ download of, installation of, registration or authentication with, access to, or use of GreyMatter, as well as any technical or customer support users may require in connection with GreyMatter.
Business analysis and improvement: To pursue Our legitimate interests in analyzing, understanding, and improving Our business and its operations through means such as identifying and tracking usage patterns with respect to GreyMatter; benchmarking, auditing, developing or improving GreyMatter; or monitoring the health, performance and security of GreyMatter.
Legal interests: To comply with, conform to the requirements of, or carry out Our obligations and enforce Our rights arising under any applicable law or legal agreements between Us and users or the persons on whose behalf users act, such as users’ employers, to the extent We believe necessary or appropriate in the relevant circumstances. We also use User Information to further our legitimate interest in preventing, detecting, and deterring fraudulent activities, misuse of GreyMatter, or other inappropriate conduct and to promote the health, safety, and security of Us, Our users and customers, and other third parties.
Administrative and corporate transactions: For general business and administrative purposes and to explore or consummate certain corporate or enterprise transactions, such as a reorganization, merger, liquidation, receivership or transfer of some or all of Our business assets or equity.
Consent or instruction: To discharge actions that users instruct us to undertake or for which users provide consent or to interact with and respond to users’ others inquiries, communications, or requests for information.

We do not sell User Information for monetary consideration, and we will not sell User Information without providing any notice or right of opt-out as may be required under applicable law.

Disclosure of User Information

We disclose User Information that We collect and use, as outlined elsewhere in this Notice (see Collection of User Information and Use of User Information), to the following groups of persons:

ReliaQuest group: To Our personnel, subsidiaries, parent, and holding companies, and other interests under Our control to provide GreyMatter and to communicate with users and for our general business and administrative purposes.
Service providers: To Our service providers, contractors, vendors, Subprocessors, and other third parties, who support or enable Us to engage in Our business and to provide GreyMatter, to communicate with users, and to perform related services, such as web hosting providers, customer relationship management tool providers, information technology service providers, analytics providers, and those applicable persons identified in Our current list of Third Party Platform Providers.
Authorized resellers: To Our authorized resellers and channel vendors, who assist Us in selling or delivering GreyMatter.
Professional advisers and government entities: To consultants, advisers, and similar professional service providers, public or private adjudicative bodies (such as courts, arbitrators or administrative tribunals), public or private enforcement, legislative or investigative bodies (such as regulatory or law enforcement agencies), and other affected or interested persons in connection with Our efforts to comply with, conform to the requirements of, or carry out Our obligations and enforce Our rights arising under any applicable law or legal agreements between Us and users or the persons on whose behalf users act, such as users’ employers, to the extent We believe necessary or appropriate in the relevant circumstances and to further Our legitimate interest in preventing, detecting, and deterring fraudulent activities, misuse of GreyMatter, or other inappropriate conduct and to promote the health, safety, and security of Us, Our users and customers, and other third parties.
Administrative and corporate transactions: To consultants, advisers, and similar professional service providers, and targets, bidders, financiers, and similar interested persons in connection with our exploration or consummation of certain corporate or enterprise transactions.
Consent or instruction: To the persons necessary or appropriate for Us to discharge actions that users instruct Us to undertake or for which users provide consent or to interact with and respond to users’ others inquiries, communications, or requests for information, as applicable.

Jurisdiction-Specific Information on Privacy Rights

Depending on where users reside or the jurisdiction in or through which users download, install, register or authenticate with, access, or use GreyMatter and the laws applicable to such users and the relevant User Information in those circumstances, users may be able to exercise one or more of the following privacy rights related to the User Information that We collect or that users make available to Us through or in connection with GreyMatter:

Right of access: The right to request access to User Information that We hold about the requesting user and information about Our use of such User Information and with whom We share such User Information. This may include the right to request that We provide a copy of the requesting user’s User Information, as well as the following information about Our collection, use, and disclosure of such User Information over the twelve-month period preceding the request: (i) the categories of and specific items of User Information We have collected about the requesting user; (ii) the categories of sources from which We collect such User Information; (iii) the categories of business or commercial purposes for collecting such User Information; (iv) the categories of third parties to whom such User Information was disclosed for a business purpose; and/or (v) and categories of User Information disclosed for a business purpose.
Right of correction: The right to request that We correct inaccurate User Information maintained about the requesting user.
Right to erase or delete: The right to request that We delete the requesting user’s User Information in certain circumstances and subject to certain exceptions. We cannot delete User Information except by also deleting the relevant user account.
Right to object or restrict: The right to object to Our processing of the objecting user’s User Information and, in certain circumstances, the right to require Us to stop processing such User Information We hold about the objecting user other than for storage purposes and/or the right to restrict or limit Our use or disclosure of sensitive User Information, if any, to only what is necessary to provide GreyMatter.
Right to portability: The right to request the portability of the requesting user’s User Information that We process.
Right to withdraw consent: Where We rely on consent to process a user’s User Information, the right to withdraw consent at any time by notifying Us in the manner described in the Contact Information section of this Notice. Withdrawing consent will not affect the lawfulness of Our processing before the user withdrew the user’s consent or the processing of the user’s User Information on another lawful basis.
Right to nondiscrimination: We will not discriminate against a user for exercising the rights to which the user is entitled.
Right to opt-out of sale: We do not sell User Information. To the extent that We sold User Information, the user would have the right to instruct Us not to sell the instructing user’s User Information.

If a user is entitled to one or more of the foregoing rights, the user may exercise the right(s) to which the user is entitled by notifying Us of the user’s specific request in the manner described in the Contact Information section of this Notice. If a user is unsure if the user is entitled to one or more of the foregoing rights, the user should consult the laws and regulations of the user’s applicable jurisdiction. We will use commercially reasonable efforts to comply with users’ requests.

For users’ protection, We will only respond to verifiable requests. Accordingly, We may need to collect certain information from the requesting user to verify the user’s identity, such as the user’s email address, government-issued identification, or date of birth, before providing a substantive response to the user’s request. We may need to retain certain information for recordkeeping or legal purposes or to complete any transactions initiated before the user’s request.

The user may also be able to designate an authorized agent to exercise the right(s) to which the user is entitled. To do so, the user must provide the authorized agent written and signed permission to exercise such rights on the user’s behalf. We reserve the right to require the user’s agent to verify the agent’s identity and to confirm directly with the user that the user has provided the authorized agent permission to exercise the user’s right(s).

The rights and procedures described this section are in addition to the other terms of this Notice and are intended to supplement the remainder of this Notice where required by applicable law. The rights to which users may be entitled vary by the applicable jurisdiction and the facts and circumstances in which the rights are invoked, and, accordingly, one or more of the rights or procedures described in this section of the Notice may not apply, in full or in part, to a particular user. Furthermore, some rights may be limited by applicable law, such as if fulfilling a user’s request for access to or deletion of User Information will adversely affect other individuals or Our trade secrets or intellectual property, an overriding public interest justifications exist, or We are by law required to disclose, retain, or delete or to deny access to User Information.

International Transfers of User Information

ReliaQuest is based in the United States of America (“USA”), but We have global operations. When users download, install, register or authenticate with, access, or use GreyMatter, users provide User Information to ReliaQuest in the USA. ReliaQuest’s subsidiaries and the third parties to whom ReliaQuest discloses or from whom ReliaQuest receives User Information are based in the USA, European Union, United Kingdom, India, Singapore and other jurisdictions, some of which may not have laws that require the same level of protection for User Information as where a user resides or the jurisdiction in which the user downloads, installs, registers or authenticates with, accesses, or uses GreyMatter. We implement appropriate transfer mechanisms in accordance with applicable law to protect the User Information that We transfer, including by using the standard contractual clauses approved by the European Union’s European Commission and the United Kingdom’s Information Commissioner’s Office and as further described below. Users may request additional information about the transfer mechanisms employed by ReliaQuest in the manner described in the Contact Information section of this Notice.

Additionally, ReliaQuest complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF,” and together with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, the “DPF”) as set forth by the U.S. Department of Commerce. ReliaQuest has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. ReliaQuest has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles,” and together with the EU-U.S. DPF Principles, the “Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF and the Principles, and to view Our certification, please visit https://www.dataprivacyframework.gov/.

We describe elsewhere in this Notice the types of User Information that We collect or that users make available to Us through or in connection with GreyMatter (see Collection of User Information), the purposes for which We use User Information (see Use of User Information), the types of third parties to whom We disclose User Information and the purposes for which We make such disclosures (see Disclosure of User Information), the privacy rights that certain users may exercise with respect to their User Information (see Jurisdiction-Specific Information on Privacy Rights), and how users may contact and communicate with Us regarding Our collection, use, and disclosure of User Information, including the options users may have for limiting such collection, use, or disclosure (see Contact Information)

In compliance with the DPF and the Principles, ReliaQuest commits to resolve complaints about Our collection, use, or disclosure of User Information. Users residing in or subject to the laws of the European Union, the United Kingdom, or the Swiss Confederation with inquiries or complaints regarding our compliance with the DPF and the Principles should first contact ReliaQuest in the manner described in the Contact Information section of this Notice. If a user does not receive timely acknowledgement of the user’s complaint from Us, or if We have not addressed the user’s complaint to the user’s satisfaction, users may refer a complaint to the data protection supervisory authority (or its designee) in the user’s applicable jurisdiction. If neither We nor the applicable data protection supervisor authority address a user’s complaint, the user may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on the Data Privacy Framework Panel, users should review Annex I of the EU-U.S. DPF Principles.

ReliaQuest is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”), and the FTC has jurisdiction over ReliaQuest’s compliance with the DPF and the Principles. In certain circumstances, We may be required to disclose User Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In cases of onward transfer to third parties of User Information relating to users residing in or subject to the laws of the European Union, the United Kingdom, or the Swiss Confederation pursuant to the DPF and the Principles where such User Information is not protected in accordance with the DPF and the Principles, ReliaQuest is potentially liable.

Children Under the Age of 13

GreyMatter is not intended for children under 13 years of age, and We do not knowingly collect User Information from children under 13 years of age. If We learn We have collected or received User Information from a child under 13 years of age without verification of parental consent, We will delete that User Information. If you believe We might control any information from or about a child under 13 years of age, please contact Us in the manner described in the Contact Information section of this Notice.

Data Security and Retention

We have implemented measures designed to secure User Information under Our control from accidental loss and from unauthorized access, use, alteration, and disclosure. All User Information under Our control is stored on Our secure servers behind firewalls.

The safety and security of User Information also depends on users. Where We have given users (or where users have chosen) credentials to access to GreyMatter, the users are responsible for keeping their respective credentials confidential. We ask users not to share their respective credentials with anyone.

Unfortunately, the transmission and storage of information via the Internet, telecommunications infrastructure, and other electronic communications platforms or devices is not completely secure. Although We intend to protect User Information, We cannot guarantee the security of User Information transmitted or stored through or in connection with GreyMatter. Any transmission of User Information to Us is at the user’s own risk. We are not responsible for circumvention of any privacy settings or security measures We provide.

We will retain User Information only for as long as necessary to fulfill the purposes for which We collected or received the User Information. To determine the appropriate retention period, We consider the amount, nature and sensitivity of the User Information, the potential risk of harm from unauthorized use or disclosure of the User Information, the purposes for which We process the User Information, and whether We can achieve those purposes through other means in accordance with applicable legal requirements. We will also retain and use User Information to the extent necessary to comply with Our legal obligations, resolve disputes, and enforce Our policies (see Use of User Information and Disclosure of User Information). If a user stops using GreyMatter or if a user deletes the user’s account with Us, We will store and delete the relevant User Information in accordance with Our standard data retention and deletion policies, unless We are earlier instructed to delete the relevant User Information or as necessary to comply with Our legal obligations, resolve disputes and enforce Our policies.

Changes to this Notice

We may update this Notice from time to time. If We make material changes to Our policies and practices for handling User Information, we will post a revised version of this Notice on this page.

The date on which this Notice was last revised is identified at the top of this page. Continued use of GreyMatter after We revise this Notice means users accept the changes to Our policies and practices outlined in the Notice, as revised. Users are responsible for periodically visiting this page and reviewing this Notice to check for any changes.

Contact Information

To ask questions about or comment on this Notice and Our privacy policies and practices or to submit a complaint with respect to GreyMatter or this Notice, users may contact Us by:

Sending an email to privacy@reliaquest.com
Calling us at 1-(800)-925-2159
Sending a letter to ReliaQuest, LLC, 1001 Water Street, Suite 1900, Tampa, Florida, 33602, United States of America, Attention: Legal Department.

Depending on where a user resides or the jurisdiction in or through which a user downloads, installs, registers or authenticates with, accesses, or uses GreyMatter and the laws applicable to the user and the user’s User Information in those circumstances, the user may also be entitled to complain to the data protection supervisory authority in the applicable member state.

GreyMatter Product
User Privacy Notice

Unify Security Operations

Why ReliaQuest

Learn

Company

GreyMatter ProductUser Privacy Notice

GreyMatter Product
User Privacy Notice