Privacy Notice

Last Updated: August 7th, 2023

At Greymatter Behavioral Sciences (“Greymatter”, “we”, “us”), we are committed to ensuring the privacy of the information we obtain about you when you visit our website or engage with us via email or on social media. This Privacy Notice outlines:

  • The type of information we collect, why we collect it, and the circumstances under which the information is collected
  • What we do with the information we collect, including how we safeguard your privacy
  • Your rights regarding the information we collect

Please note that this Privacy Notice may be updated from time to time as our services and use of technology evolve and as regulations change. We encourage you to review this Privacy Notice periodically when you visit our website or engage with us via email or on social media. By using our website, or by engaging with us via email or on social media, you consent to the collection, use and disclosure of your information in accordance with this Privacy Notice.

The Information We Collect

We collect the following types of “personal information” when you visit our website, or when you engage with us through the website, via email, or on social media:

  • Self-Disclosed Personal Information: This is information you voluntarily disclose that can be related to you as an identifiable natural person. It includes information that could either identify you directly on its own or be put together with other information in such a way as to be used to identify you. Examples of self-disclosed personal information we collect include your name, physical address, email address, phone number, social media username, or other personal contact information. We collect this information when you engage with us through the contact form on the website, via email, or over any social media platform, such as (but not limited to) LinkedIn, Twitter, or Facebook, where we have an account or where our content appears. If you have an account on a social media platform, then we may also collect any personal information tied to your account profile, including your likeness (e.g., your profile picture), that you choose to make publicly available to other platform users.

We do not automatically collect this information when you visit our website. Your decision to disclose this information to us is entirely voluntary. If you do engage with us via the website’s contact form, over email, or through social media, you may limit the personal information that you share with us. You may also configure the privacy settings on any social media platform where you have an account so that the personal information in your profile is not made available to us.

  • Online Identifiers: This is information we collect from your device regarding the tools, applications, or devices that you use to visit our website. As with other forms of personal information, this information could either identify you directly on its own or be put together with other information in such a way as to be used to identify you. It includes technical data from your device, such as your internet protocol (IP) address, operating system, browser type, language preference, and, if you are using a mobile device, your device ID, model, and manufacturer, location information, and other mobile network information. It also includes data from tracking technologies, such as log files, cookies, and pixel tags (also called web beacons), which are discussed in more detail below.

These data are collected by third-party tools and services, such as Bluehost, WordPress.org, Jetpack, Akismet, and Google Analytics, that are part of the hosting, functionality, security, and performance monitoring of our website. They are collected automatically when you visit our website or engage with us through our website. Except when used to mitigate against fraud or abuse or to fulfill legal obligations, we do not access your online identifier data. Instead, these data are retained by the third parties that collect them, and we then receive from these third parties only summary information, aggregated over many of our website’s visitors, to help us perform certain functions, such as monitor our website's performance. You may block the collection of online identifiers through your device and browser privacy settings, some of which we discuss in more detail below.

In addition, we also automatically collect certain forms of digital information that are nonpersonal or nonidentifying, such as the date and time when you visit a page on our website, the number of items on our website that you click, and any referring sites, such as Google.com, where you may have come from to arrive at our website. As with online identifiers, these data are collected by third-party tools and services that are part of the hosting, functionality, security, and performance monitoring of our website. These data are retained by these third parties, and, except when used to mitigate against fraud or abuse or to fulfill legal obligations, are reported to us only in the aggregate or in a form that is not combined with other information in a way that could identify you.

How We Use Your Information

We use your personal information to:

  • Respond to your questions or comments about our services or any content we produce
  • Share content that we think might be of interest to you
  • Engage with you about potential opportunities to provide services to, or receive services from, you
  • Transact business with you
  • Update you on modifications to our policies or procedures, or on any material changes to our business that could have an impact on you
  • Fulfill our obligations to you, including our obligations under this Privacy Notice
  • Improve our website, services, and communications
  • Prevent fraudulent activity
  • Comply with legal and regulatory requirements and mandates
  • Protect our legal interests

The legal grounds for our collection and use of your personal information include:

  • Our legitimate business interests in communicating about our services, learning about services you may offer us, sharing content that is relevant to our service offerings, answering your questions about our services or content, and improving our services and communications
  • Performance of a contract in which we agree to provide you services, or you agree to provide us services
  • Your consent to this Privacy Notice
  • Our legal obligations

We do not sell or rent your personal information to any third parties. We do not use your personal information to engage in targeted online advertising, nor do we disclose your personal information to third parties for them to engage in targeted online advertising.

Use of Tracking Technologies

As described above, our website uses third-party tools and services that make use of the data from various tracking technologies to support one or more key functions for our website. These tracking technologies include:

  • Log Files: These are files that contain a record of all individual visits to our website, along with activities, such as requests to see specific pages, and resulting events, such as errors, that are associated with these visits. The information in these files includes IP addresses, user agent information such as browser and operating system type, page requests, date and time stamps, referring page information, and, in some cases, number of clicks. This information is used for website security auditing and performance monitoring. It is not linked to any other information that can personally identify you.
  • Cookies: These are small text files that are sent to your computer from our website. They contain a unique identifier, usually a string of numbers and letters, that becomes associated with your activity on the website. This makes it possible for your activity on the site to be tracked over time. Because these cookies originate from third-party tools and services that support our website, they may also allow your activity to be tracked across other websites using those same tools and services. We use cookies for website security and performance monitoring. We also use them to determine the popularity of our content and to understand where the traffic to our website originates. We do not use cookies for targeted online advertising, either for our benefit or on behalf of third parties.
  • Pixel Tags: Sometimes also known as “web beacons”, these are small graphic files embedded in web pages which your web browser responds to by sending us identifying information, such as your IP address along with your browser and operating system type, as well as a date and time stamp and information about whether your browser is already storing one of our cookies. We’re then able to track your activity on our website by monitoring your interactions with these pixel tags over time. As with cookies, we do not use pixel tags for targeted online advertising, either for our benefit or on behalf of third parties.

Although we take reasonable precautions to use tools and services from reputable third parties that can be trusted to handle website user data responsibly, we do not have full control over their use of data from the tracking technologies they build into the tools and services they provide to us. We recommend that you review the privacy policies of these third-party suppliers and contact them directly if you have questions. Some of these polices can be found by visiting the following websites:

Managing Cookie Preferences: You can configure your browser settings to enable or disable the use of cookies. You can find out more about whether your browser is currently configured to enable cookies, and how to view, delete, and block cookies on common browsers and mobile devices, by visiting the following websites:

Do Not Track: Some browsers’ privacy settings offer what is called a “Do Not Track”, or DNT, option. If your browser has this option and it is currently turned on, your browser will automatically ask every website you visit to not use tracking technologies to track your online activities. The request will also automatically extend to any third parties that may be providing content on the website you visit. Currently, no industry standard exists for DNT, and, as noted above, we do not use tracking technologies for the purpose of targeted online advertising. Consequently, we do not respond to DNT signals. Note that this does not preclude you from taking other steps, such as blocking cookies, using anti-tracking plugins, or using a “very private network, or VPN, to minimize the opportunities to be tracked.

Google Analytics Opt-Out: We may use Google Analytics to help us monitor and analyze the performance of our website. You can opt-out of having your activity on our website made available to Google Analytics by installing the Google Analytics opt-out browser add-on. To learn more about this add-on, visit: https://tools.google.com/dlpage/gaoptout.

Sensitive Data

We do not knowingly solicit, nor do we intentionally collect, any of the following forms of sensitive data when you visit our website or engage with us via the website or on social media:

  • Personal information about your race/ethnicity, sexual orientation, sexual practices, gender orientation/identification, health, union membership, past criminal convictions, or political, religious, or philosophical beliefs
  • Genetic information
  • Any government identifiers, such as driver’s license or social security numbers
  • Your financial account information or card numbers
  • Login credentials for any of your personal accounts

We request that you do not send us this sensitive data when you communicate with us through our website or on social media. If you do send us this data, then you consent to its use, storage, and processing by us as we would use, store, or process any other form of personal information we collect from you under the terms of this Privacy Notice.

International Data

Our company is located in the United States. When we collect your self-disclosed personal information, we rely on Greymatter personnel within the United States to access, process, and, in some cases, store that information locally in order to use that information for our legitimate business purposes. Therefore, if you reside outside the United States, your self-disclosed personal information will be transferred to, and accessed, processed, and stored by Greymatter personnel within the United States. Note as well that, because our third-party website host, email, and cloud storage services utilize servers that can exist anywhere in the world, your personal information, both self-disclosed and in the form of online identifiers, may be transferred not only to the United States, but to any other country where our third-party website host, email, and cloud storage services maintain their servers. By using our website, or by engaging with us via our website, email, or on social media, you consent to the transfer of your information to the United States and to any other country where our third-party website host and email services maintain their servers.

Data from Children

We do not knowingly solicit, nor do we intentionally collect, information from anyone who is younger than 16 years of age. If you are not 16 years old or older, we ask that you do not access our website, or engage with us through our website, via email, or on social media.

Confidentiality, and the Sharing of Your Information

We may share your personal information with third parties under the following circumstances:

  • Business Operations: We may reveal your personal information to third parties that assist us with the day-to-day operations of our business. These third parties may include technology companies that provide us with email, website hosting, and cloud storage services; information technology specialists who help us build and maintain our information technology infrastructure; and website developers who support us with the functionality of our website. We may also share your personal information with third parties that provide a legitimate function in the process of transacting business with you. These third parties may include legal services that assist us with contracting; vendors or suppliers whom you agree in writing to perform services for us as part of our process by which we perform services for you; and financial institutions that process payments between us. We reveal your personal information to these third parties on a strictly need-to-know basis. We do not authorize these third parties to disclose the information we share with them, or to use the information for any other purpose than for the legitimate function they are to perform for us. We also only share with them the minimal amount of your personal information that is needed for them to perform these functions.
  • External Links: Our website may include hyperlinks to other websites that are not controlled by us. Although we use reasonable care when including any third-party hyperlinks on our website, we do not regularly monitor these third-party websites, and they are not bound by our privacy policies. We are not responsible for any personal information disclosures that occur as a consequence of your use of these third-party hyperlinks. We encourage you to exercise caution when clicking on any third-party hyperlinks on our website, and to read the privacy policies of these third-party websites before interacting with them.
  • Legal Proceedings: We may reveal your personal information to regulatory agencies, law enforcement, emergency personnel, civil and criminal courts, and parties to litigation if we are obligated to do by search warrant, subpoena, or court order, or as otherwise mandated by law. We may also reveal your personal information to the appropriate third parties if it becomes necessary to protect Greymatter’s legal rights and property. In these cases, we take reasonable steps to maintain the confidentiality of your information and to reveal only the minimum amount of information that is necessary to fulfill our legal obligations under these circumstances.
  • Business Transfers: In the event that Greymatter engages in a merger, acquisition, reorganization, or similar transaction in which our assets are acquired by a third party, we may transfer or share your personal information as part of that transaction. You acknowledge that such business transfers may occur and that your information can continue to be stored, used, or processed as otherwise set forth in this Privacy Notice.

The legal grounds for our sharing of your personal information include:

  • Our right to protect and promote our legitimate business interests
  • Your consent to this Privacy Notice
  • Our legal obligations

Data Retention

We retain your personal information for as long as is needed for the legitimate business purposes under which that information was gathered. When we share your personal information with third parties, we take steps to have them permanently delete the information once they no longer need it for the specific purpose it was shared with them. Personal information within Greymatter’s possession is otherwise retained indefinitely by Greymatter unless you request that we delete the information sooner and there are no circumstances that would preclude us from fulfilling your request, or we are required by legal obligation to delete your personal information sooner.

Please note that we do not control the retention policies of third parties that provide tools or services for the hosting, functionality, security, and performance monitoring of our website or our email accounts. Although we take steps to work only with third parties that have reasonable data retention policies for the handling of our users’ information (including permanent deletion of your information once we no longer use their tools or services), we cannot guarantee their adherence to those policies. You acknowledge that these third parties may retain your personal information for longer than is needed for them to perform functions or services for us. If you wish to have any of these third parties delete your personal information, you may need to contact those third parties directly. You may request from us a list of these third parties.

Data Security

We take all commercially reasonable precautions to keep your personal information secure. We maintain our website on third party servers, and utilize third-party tools and services for our website and email, that have adequate safeguards for data storage and transfer. We implement technical, physical, and administrative safeguards to protect the personal information we collect from loss or theft, or from unauthorized access, disclosure, copying, alteration, or destruction. In the event that we need to transfer your personal information to other third parties, we do so only when they have similar safeguards in place and they have agreed to apply those safeguards when handling your information.

Because no method of transferring and storing information is ever 100% secure, we cannot guarantee the absolute security of the personal information we collect on you, and you accept this risk when you visit our website, or when you engage with us through our website, via email, or on social media. In the event that the security of your personal information is ever compromised, we will investigate the incident the moment it comes to our attention and will take steps to correct it to the extent possible. If we discover that the incident resulted in an unauthorized disclosure of your personal information (a “data breach”), we will notify you about the incident, the information that was compromised, and the steps we have taken to rectify the breach. We will also take any other steps in our response that are required by regulatory agencies or as otherwise mandated by law. You otherwise acknowledge that, in the event of a data incident or breach, your personal information may become available, via the internet, around the world, and we will not be able to prevent the misuse of your information by other third parties.

Your Rights

You have certain rights when it comes to your personal information, including:

  • The right to know and inquire about the information we hold on you, including what we do with that information, how we obtained it, who we disclose it to, and the purposes for which we collect, store, use, and disclose it
  • The right to access the personal information we hold on you
  • The right to request corrections to incorrect, inaccurate, or incomplete personal information we hold on you
  • The right to request that the personal information we hold on you be deleted if it is no longer needed
  • The right to determine where your personal information is stored
  • The right to request restrictions on how your personal information is used, including with whom it is shared
  • The right to object to the use of your personal information for marketing purposes
  • The right to revoke any consent you provide for the collection, use, or disclosure of your personal information

You may make requests, ask questions, or submit complaints regarding your personal information by contacting us at privacy@greymatterbehavioralsciences.com. Please include your US state or country of residence in your email when you contact us. If you wish to access, review, amend, or delete your personal information, or to move where it is stored, you will need to provide us with some information, such as your name, email address, and contact information, so that we can verify your identity and track down your information.

Note that we may deny your request to access, review, amend, or delete your personal information, or to move where it is stored, if we cannot verify your identity or if granting the request would result in any of the following:

  • It would interfere with our legal rights, or the legal rights of other third parties
  • It would interfere with our ability to fulfill a legal obligation
  • It would interfere with our ability to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • It would interfere with our ability to deliver goods or services that we already owe you

We will reply to your requests, questions, or complaints within 30 calendar days of receipt.

Notice to California Residents

We comply with the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 Et Seq. (CCPA). Under the CCPA, you have:

  • The right to know about, and request to correct or delete, the personal information we hold on you as described above
  • The right to opt out of the selling of your personal information, or the sharing of it for marketing purposes
  • The right to limit the use or disclosure of sensitive personal information
  • The right to not be discriminated against simply for having exercised your rights under the CCPA

To find out more about the CCPA, please visit: https://www.oag.ca.gov/privacy/ccpa.

Notice to European Union (EU) Residents

If you are a resident of a European Union (EU) country, you have the right to complain to a supervising authority if you believe have violated your rights under this Privacy Notice or applicable law. You may do so in the EU member state in which you reside or have your place of business, or in which the alleged violation took place.