Legal

Data Privacy for Gripp, Inc

Gripp Global Data Privacy Statement

Gripp recognizes and respects the personal information privacy interest of individuals. When you provide Gripp with your personal information, you trust us to protect that information. Trust is the foundation of the relationships Gripp has with its employees, suppliers, customers, and all others. We collect and process only personal information needed or appropriate for business purposes and do so only by lawful and fair means. This Privacy Statement is meant to help you understand what personal data we collect, why we collect it, and what we do with it. We hope you take time to read it carefully.

Effective Date: October 15,2023

Updated: October 15, 2023

This Privacy Statement describes how Gripp collects, stores, uses, and transfers personal information. This Privacy Statement reflects the values and principles expressed in Gripp’s operating model.

SECTION 1. WHAT IS THE SCOPE OF THIS DOCUMENT?

This Privacy Statement applies to the Gripp subsidiaries, affiliates, and other entities controlled by Gripp Inc. as are identified in Schedule A (List of Gripp Data Controllers / Legal Entities) (collectively, “Gripp”). This Privacy Statement applies only when Gripp is collecting or otherwise processing personal information for Gripp’s purposes (i.e., when Gripp (either alone or in common with other entities) is a controller and therefore determines the purposes for which and the manner in which any personal information is processed). This Privacy Statement does not apply when Gripp is collecting or otherwise processing personal information on behalf of another company, such as Gripp’s suppliers, and customers.

The applicable Gripp entity that is the “controller” of your data is the one with which you have a relationship, including for example: as a customer (e.g., the Gripp company referred to in your purchase order or other agreement with Gripp), an employee(e.g., the Gripp company that you are attempting to or have entered into a relationship with), or a supplier (e.g., the Gripp company that you are attempting to or have entered into a supplier relationship with). Gripp encourages the periodic review of this Privacy Statement to stay aware of any changes to it.

For convenience, in several sections this Privacy Statement is organized by the category of data subjects identified below. Please note that in some situations, you may not fit perfectly into any one category (for example, more than one could apply, or you might not be a customer of Gripp, yet the customer section is the most applicable). Please review all of the language that is appropriate to your relationship with Gripp. This Privacy Statement covers the personal information of individuals who are:

  • Gripp candidates for employment or employees (meaning staff, personnel, and workers) or other persons currently or formerly employed to perform work for Gripp, including temporary employees (collectively, “employees”);
  • Associated with Gripp’s customers, including their dealers, dealers’ customers, their service providers, service providers’ customers, distributors, distributors’ customers, direct sale customers, sales representatives, and other resellers (collectively, “customers”); and
  • Associated with suppliers of Gripp, such as suppliers’ employees (temporary workers, staff, personnel, and contractors, etc.) (collectively, “suppliers”).

In this Privacy Statement, the term “processing” means any activity performed on personal information, including, for example, collecting, storing, modifying, transferring or otherwise using it. Additionally, this Privacy Statement does not apply to other information (non-Personal Information) that Gripp may collect or otherwise process. For more information on other information that Gripp may collect or otherwise process, please inquire about Gripp’s Data Governance Statement.

In addition to this Privacy Statement, some Gripp systems, applications, and processes may contain their own privacy notices, which provide additional details about what specific personal information is collected and how it is stored, used, and transferred.

Certain jurisdictions may prohibit or limit the collection, use or sharing of specific categories of personal information; accordingly, this Privacy Statement describing our practices may be limited by those laws and/or further clarified in any country-specific appendices applicable to you and attached to this Privacy Statement. When in conflict with this Privacy Statement, those appendices control.

SECTION 2. WHAT IS PERSONAL INFORMATION?

For the purposes of this Privacy Statement, personal information is any information about a specific individual or that identifies or may identify a specific individual. In other words, it is any piece of information that can be linked to you. Certain jurisdictions may prohibit or limit the collection of specific categories of personal information. Subject to local law and any attached appendices, examples of personal information that we may collect include, but are not limited to:

  • Contact Information (e.g., name, address, telephone number, emergency contact(s) information)
  • Information Security Data (e.g., communications created, stored, or transmitted by a person using Gripp’s information technology or communications equipment)
  • Information to fulfill items such as, but not limited to, communications, contracts, purchase orders, payments, and receivables; and
  • Other information required to comply with applicable laws, including valid search warrants, subpoenas, or court orders.

Different categories of persons may be subject to additional collection of personal information, including but not limited to:

Customers:

  • Business Contact Information (e.g., company name, address, telephone number)
  • Individual Representative Contact Information: (e.g., name, address, telephone number, email address)
  • Billing Information (e.g., financial account data, invoices, receipts)
  • Client Relationship Management Information (e.g., information necessary to populate a customer’s profile or to facilitate marketing automation)
  • Equipment Information (e.g., repair needs, status, purchase history, extended warranties);
  • Customer Satisfaction Information.

Gripp may receive equipment information that is personally identifiable by another party, e.g., the equipment owner, but in most instances, Gripp will not be the controller of that information.

Employees:

  • Background Information (e.g., birth date, marital status, dependent information, ethnicity and/or nationality)
  • Residency Information (e.g., work permit status)
  • Financial Account Information.
  • Reference Information (e.g., letters of recommendation or reference, or reports provided by former employers or colleagues)
  • Background Check Information (e.g., credit and criminal background checks, drug and alcohol testing)
  • Health Information (e.g., prescription records, benefit claims, and the Explanation of Benefits sent in connection with claims)
  • Biometric Information (e.g., thumbprints)
  • Professional Qualifications Information (e.g., work experience, education); and
  • Employment-related Information (e.g., work history, new hire forms, skills, education and training, performance appraisals, goals, attendance, work absences, vacation entitlement and requests, compensation history, workplace injury and illness reporting, disciplinary issues, and grievances).

Suppliers:

  • Residency Information (e.g., work permit status)
  • Financial Account Information.
  • Background Information (e.g., due diligence)
  • Professional Qualifications Information (e.g., work experience, education)
  • Reference Information (e.g., letters of recommendation or reference, or reports provided by former employers or colleagues); and
  • Biometric Information (e.g., thumbprints).

Depending on the applicable local law, some personal information collected by Gripp may be considered “sensitive personal information” (i.e., personal information subject to additional protections).

Additionally, in some cases, such as where you are the sole proprietor of a business, information about your company may be deemed personal information. This could include business information (e.g., office address), financial account information (e.g., bank account information, trade references, financial statements), assets (e.g., property ownership), credit rating, tax identification, and diversity classification.

Gripp may use anonymized (or de-identified information), that was derived from personal information, but in its anonymized form cannot be identified with a specific individual. This de-identified information is not considered personal information for purposes of this Privacy Statement and is not covered by this Privacy Statement. However, if such information is used or formatted in such a way that it is possible for that information to be identified with a specific individual, then it will be considered personal information as appropriate.

SECTION 3. HOW DOES GRIPP COLLECT PERSONAL INFORMATION?

Gripp collects personal information in a variety of contexts from different categories of persons.

Customers (either directly or, in some cases, through third parties) can provide personal information through the business relationship involved in acquiring, marketing, or selling Gripp products or services. This includes, for example, submission of personal information as part of a proposal, a contract, receiving and employing services or products (including equipment tracking services), and potentially accessing Gripp systems or monitoring Gripp processes. Throughout the duration of a customer relationship, Gripp reserves the right to request, as needed, other forms of personal information necessary to facilitate the purposes described below.

Employees can provide personal information directly during the application and on-boarding process, throughout the duration of employment, and, in some cases where permitted, upon separation. In addition, Gripp may collect the information described above from a third party, for example, when we contact references that were provided to Gripp by an employee, or when we obtain background check information in accordance with our policies and applicable laws in connection with an employee’s application or on-boarding process. Much of this information is voluntarily provided to Gripp as a condition of employment to facilitate Gripp’s management of the employer-employee relationship, which is vital to our collective success.

Suppliers can provide personal information through the business relationship involved in acquiring, marketing, or selling Gripp products or services. This includes, for example, submission of personal information as part of a proposal, a contract, delivering services or products, and potentially accessing Gripp systems or monitoring Gripp processes. Throughout the duration of a supplier relationship, Gripp reserves the right to request, as needed, other forms of personal information necessary to facilitate the purposes described below.

Gripp processes your personal information where it is permitted to do so under applicable data protection laws, including for the purposes of its legitimate interests, to comply with a legal obligation of Gripp, and where you have consented for Gripp to do so.

In some cases, your consent to the collection of your personal information may be provided in a manner appropriate to the context, meaning it can be provided orally, inwriting, electronically, or—when permitted by local laws—it may be implied where the purpose is apparent from the circumstances, and you voluntarily provide your personal information. Subject to local laws, and as may be articulated in the attached country-specific appendices, there may be circumstances under which Gripp must obtain explicit consent from you. Such consent is your choice and is entirely voluntary. In some circumstances, you may withdraw your consent to Gripp’s collection and use of personal information subject to contractual and legal restrictions and reasonable notice.

SECTION 4. HOW DOES GRIPP USE PERSONAL INFORMATION?

Gripp uses personal information in ways that are compatible with the purposes for which the information was originally collected. This may include use for a purpose that is reasonably related to the original purpose of collection. Gripp collects, uses, and discloses personal information as an essential part of operations.

Additional information describing how we use this personal information may be provided in the supplemental appendices that describe unique legal obligations and rights available in different jurisdictions.

Personal information may also be processed in order to meet legal requirements applicable to Gripp, such as filing with government agencies, complying with lawful orders to provide information, meeting contractual commitments, and in connection with Gripp safeguarding its rights and property.

Personal information is vital to our management and administration of customer, employment, and supplier relationships generally. Subject to local law and any attached appendices, personal information is collected from different categories of persons for different purposes. Below, we describe the different purposes for collecting personal information from customers, suppliers, and employees.

Customer Personal Information Collection Purposes

Gripp uses customer personal information to conduct business operations (e.g., satisfy customer orders), market new products through individual outreach or group communications (e.g., newsletters), assess internal performance, manage customer relationships, (e.g., invoicing and payments), manage risk and compliance, and support various administrative functions. Some examples of personal information Gripp may collect from customers and accompanying uses include:

Examples of Personal Information and Use

  • Individual Representative Contact Information (e.g., name, address, telephone number), to communicate with representatives of the customers and to manage the relationship.
  • Billing Information (e.g., financial account data, invoices, receipts), to complete customer orders and submit necessary billing information.
  • Identification and Verification Information (e.g., photographs, driver’s license, passport, other proofs of identity), to enable physical or remote access to Gripp facilities or systems. (e.g. authentication)
  • Information Security / Technology Data (e.g., information captured through the use of Gripp systems), to facilitate use of the applicable systems and security of those systems.

Employee Personal Information Collection Purposes

Gripp uses employee personal information to conduct business operations (e.g., managing access control, security systems, and updating personnel directories), foster employee development (e.g., Training), support various administrative functions (e.g., administering compensation plans, benefits, and leave schedules), and manage the operation of our businesses.

Some examples of personal information that Gripp may collect from employees and accompanying uses include:

Examples of Personal Information and Use

  • Contact Information of employee and family members (e.g., name, address, telephone number, emergency contact(s) information), to communicate with employees and to facilitate benefits.
  • Professional Qualifications Information (e.g., work experience, education), to evaluate and select individuals for a role within Gripp.
  • Employment-related Information (e.g., work history, performance appraisals, goals, attendance, work absences), to manage the employment relationship.
  • Employment-related Information (e.g., workplace injury), to meet compliance obligations and manage safety.
  •  Identification and Verification Information (e.g., photographs, driver’s license, passport, other proofs of identity), to meet compliance obligations and to enable physical or remote access to Gripp facilities or systems.
  • Biometric Information (e.g., thumbprints), to identify or authenticate users and for access control purposes.
  • Information Security / Technology Data (e.g., information captured through the use of Gripp systems), to facilitate use of the applicable systems and security of those systems.

Supplier Personal Information Collection Purposes

Gripp uses supplier personal information to conduct business operations (e.g., managing access control and security systems), select and approve new suppliers, assess supplier performance, manage supplier relationships, (e.g., invoicing, and payments), manage risk and compliance, and support various administrative functions.

Some examples of personal information Gripp may collect from suppliers and accompanying uses include:

Examples of Personal Information and Use

  • Contact Information (e.g., name, address, telephone number, emergency contact(s) information), listing in Gripp’s internal, enterprise-wide directory, which is used to communicate with representatives of the supplier and to manage the relationship.
  • Professional Qualifications Information (e.g., work experience, education), to evaluate and select suppliers.
  • Identification and Verification Information (e.g., photographs, driver’s license, passport, other proofs of identity), to enable physical or remote access to Gripp facilities or systems.
  • Information Security Data (e.g., information captured through the use of Gripp systems), to facilitate use of the applicable systems and security of those systems.
  • Image, Video (e.g., CCTV footage) (for visitors), to facilitate safety and security

SECTIONS 5-7. HOW DOES GRIPP SAFEGUARD, KEEP, AND DISPOSE OF PERSONAL INFORMATION?

Section 5. How does Gripp safeguard personal information?

Gripp utilizes reasonable measures, including information technology security and physical security measures, to protect personal information. These measures are appropriate to the risks posed by the processing of personal information and to the sensitivity of the personal information and take into account the requirements of applicable local law. Gripp requires all persons to abide by applicable security policies related to personal information when using Gripp systems.

Section 6. How long does Gripp keep personal information?

Gripp stores personal information as needed to accomplish the purposes identified above and to meet legal requirements, including record retention. Our retention of your personal information is at all times subject to local law. This storage period may extend beyond the term of your relationship with Gripp.

Section 7. How does Gripp dispose of personal information?

When personal information is no longer useful, or in any event, after legal authority to retain it has expired, personal information will be destroyed, in accordance with local law and pursuant to procedures established by the relevant Gripp system or process.

SECTION 8. HOW DOES GRIPP TRANSFER OR SHARE PERSONALINFORMATION THAT IS COLLECTED?

Because Gripp operates a global business, we may need to transfer your personal information to different jurisdictions for our business purposes. Gripp may transfer personal information to countries or jurisdictions that may not legally mandate the same level of data protection as the jurisdiction in which that personal information was collected. This Privacy Statement applies to all Gripp operations and their data processing activities and Gripp has entered into data transfer agreements with its affiliates worldwide to protect personal information.

Gripp only shares personal information with others in a manner consistent with this Privacy Statement, for the purposes stated above, when required by law, or with your consent. Information transfers to third parties will generally be transfers to third-party processors for those purposes consistent with this Privacy Statement. In addition, Gripp may transfer personal information to third-party data controllers as required by law, with your consent, or with approval from a relevant authority. In some jurisdictions, transfer of specifically delineated categories of data or transfer to certain third parties may require explicit consent from you. In all instances, the transfer of personal information is subject to local law and the attached appendices.

When Gripp shares personal information with third parties that process the personal information on Gripp’s behalf (e.g., contractors, consultants), Gripp takes reasonable steps to require such recipients to protect personal information in accordance with applicable laws. Examples of third parties with whom we may share information for any of these purposes include:

  • Vendors, service providers, and other partners who support our business, such as providing technical infrastructure services.
  • Law enforcement or other government agencies (when required by law; authorized by the customer; to protect Gripp, a person or property; and to support our business, such as in applications for government grants)
  • Subsidiaries, affiliates, and other entities controlled by Gripp.
  • Other third-party service providers that process personal information on behalf of Gripp
  • An acquiring entity (or an entity that is interested in acquiring) in the event that Gripp divests (or is considering divesting) a portion of its business; and
  • (Employees only) Vendors providing medical or financial planning services to employees.

SECTION 9. WHAT ARE YOUR ACCESS RIGHTS REGARDING PERSONAL INFORMATION?

Gripp takes steps to maintain the accuracy and completeness of personal information. You may request and will receive reasonable access to the personal information you have provided to Gripp and have an opportunity to correct it if necessary. Grip procedures grant you access to your personal information and enable the exercise of other rights that may be available to you under applicable local law.

Unless prohibited by local law or, in some cases, as mandated by local law, your right to access your personal information may be limited. Examples for why your access may be limited include:

  • The request relates to legal advice and proceedings.
  • A legal privilege may be claimed regarding the subject matter of the information.
  • The personal information also includes the personal information of a third party who has not consented to disclosure and whose privacy would be affected by any such disclosure.
  • The request is insufficiently detailed or has already been responded to.
  • The request is frivolous or vexatious; or
  • (Employees only) The information could disclose a confidential reference.

Gripp will consider local laws when reviewing requests to access or alter personal information held by Gripp.

If you are a customer, please contact the person representing Gripp to whom you have given your personal information for the proper procedure for obtaining access to your personal information.

If you are an employee, please contact your local, regional, or corporate Human Resources representative for the proper procedure for obtaining access to your personal information. Upon request, and after providing satisfactory proof of identity and any additional requirements established by applicable local law, you will be given access to your personal information that you have a right to review and, if appropriate, the option to copy, modify, delete, or contest that personal information in Gripp’s systems.

If you are a supplier, you may contact the individual at your organization who is responsible for the Gripp relationship.

For more specific information regarding rights under the General Data Protection Regulations(“GDPR”); please see Appendix 1 as applicable.  For more specific information regarding rights under the California Consumer Privacy Act (CCPA); please see Appendix 1 of this document.

SECTIONS 10-11. WHERE CAN YOU OBTAIN FURTHER INFORMATION? WHAT HAPPENS IF THIS PRIVACY STATEMENT CHANGES?

Section 10. Where can you obtain further information?

If you have any questions about this Privacy Statement, you may contact us by email at privacy@gripp.ag; by telephone at +1 414-786-1908; or by mail to the address listed below. If you believe your personal information has been handled in a manner inconsistent with this Privacy Statement, you should not hesitate to reach out to privacy@gripp.ag or by calling the number listed above.

Attn: Data Privacy Team
Gripp Inc.
830 Massachusetts Ave Suite 1500
Indianapolis, IN 46204

Additionally, contact information for your local Data Controller may also be provided in your purchase order or any other agreement you have with Gripp.

If you are an employee, you can receive more information through your local, regional or corporate Human Resources representative at:

Gripp Inc.
830 Massachusetts Ave Suite 1500
Indianapolis, IN 46204

In some cases, contact information for your local Human Resources representative is included in your Employee Handbook or Agreement.

Section 11. What happens if this Privacy Statement changes?

We reserve the right to amend this Privacy Statement as needed. When we do, the changes will be communicated to affected persons at that time, and we will note near the top of this Privacy Statement the date that any such changes are made and/or when they become effective. In some instances, if the changes we make are material, we may also send you an e-mail message or other communication telling you about such changes and any choices you may have or actions you can take before they go into effect. Depending on the nature of the changes and subject to local law, your continued relationship with Gripp will demonstrate your acceptance of those changes.

APPENDIX 1. CALIFORNIA

Effective: October 15, 2023 (Last updated: October 15, 2023)

Pursuant to the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA") (collectively, "California Privacy Law") this Appendix to the Gripp Global Data Privacy Statement provides additional information about how Gripp collects, stores, uses, transfers and otherwise processes personal information about California consumers (as defined by the CCPA). This Appendix applies only to California consumers. For the purpose of this Appendix, a “California consumer” is a natural person who resides in California. Please refer to Article 1 –Human Resources Consumers of this Appendix 1 for more information in the Human Resources context. Please refer to Article 2 – Non-Human Resource Consumers of this Appendix 1 for more information about other consumers. For more information about Gripp’s practices about personal information more generally, please see the main body of Gripp’s Global Data Privacy Statement.

Article 1 – Human Resources Consumers

Section 1. What is the Purpose of this Article to Appendix 1?

The purpose of this Article to Appendix 1 is to inform job applicants, employees of, owners of, directors of, officers of, medical staff of, and contractors of Gripp (collectively referred to as "employees" for the purposes of this Article), of the categories of Personal Information (as defined below) that we collect and the purposes for which we use such Personal Information.

Section 2. Collection and Use of Personal Information for Business Purposes

For purposes of this Appendix, “Personal Information” is information that relates to an identified or identifiable person. Personal Information does not include deidentified, aggregated, or combined information, which includes data that is not reasonably capable of identifying you or being linked to you. Personal Information also does not include publicly available information (information that is lawfully made available from federal, state, or local government records).

We collect, use, and disclose employee Personal Information for business purposes only (as described further below) and in a manner consistent with applicable laws. Where we disclose Personal Information to third parties, we do so for the same purposes described below and, where appropriate, we require that such third parties maintain the confidentiality of the Personal Information and maintain appropriate systems and processes to secure and protect the Personal Information.

We collect and use the following categories of Personal Information about you to manage your employment relationship with us:  

Category of Personal Information

  • Identifiers (e.g., name, personal and work address, personal and work telephone number, personal and work e-mail address, emergency contact(s) information)
  • Professional or employment related information (e.g., work experience, education, references, certifications, professional memberships, languages capabilities, work history, performance appraisals, disciplinary, conduct records, goals, attendance, workplace injury, fitness for duty, and any other similar information provided through the application process or during employment)
  • Education information (e.g., educational background, internal and external training, professional certifications, experience, and other background information used for screenings)
  • Audio, electronic, visual or similar information (e.g., images in connection with use of company systems, such as voicemail or CCTV footage or access control systems)
  • Internet and other electronic network activity information (e.g., communication information and computer usage information related to company equipment or devices, and information captured using Gripp systems, including any information that you create or upload into those systems)
  • Characteristics of protected classes (if provided voluntarily) (e.g., racial or ethnic origin, gender, citizenship/residency status, religious beliefs, and veteran or military status)
  • Inferences drawn from the information collected (e.g., those related to abilities and performance)

Sources of Information

  • Directly from individuals (e.g., from employees, on behalf of dependents, from supervisors, about employees)
  • Third Parties (e.g., references from former employers, companies with which employees have interacted to facilitate their employment with Gripp or procure benefits associated with their employment).

Business or Commercial Purpose for which the Personal Information was Collected/Used

  • To identify and communicate and to manage and maintain benefits and company records 
  • To facilitate access to Gripp facilities (e.g., parking), or systems 
  • To evaluate and select individuals for role(s) within Gripp and facilitate development 
  • To meet compliance obligations, determine eligibility for work, and to enable physical or remote access to Gripp facilities or systems 
  • To meet compliance obligations and manage health and safety 
  • To manage payroll, benefits, and expenses
  • To manage business travel, including without limitation logistics, reimbursement/payment, and safety 
  • To manage the employment relationship and manage compliance obligations 
  • To facilitate access to Gripp facilities
  • To facilitate the use of the applicable systems and security of those systems 
  • To monitor and ensure compliance with applicable laws, regulatory requirements, and applicable corporate procedures by monitoring the use of company technology resource systems, databases, and property and conducting investigations
  • To manage corporate information technology tools, devices and networks, including helpdesk, corporate directory, IT support, and IT security.
  • To identify and communicate and to manage and maintain benefits and company records
  • To ensure compliance with applicable laws, regulatory requirements, and applicable Gripp procedures
  • To administer the workforce and employment related activities (e.g., talent and team management, workforce analysis)

Categories of Third Parties to Whom the Personal Information is Disclosed

  • Vendors, service providers, and other partners who support our business, such as providing technical infrastructure services
  • Subsidiaries, affiliates, and other entities controlled by Gripp
  • Other third-party service providers that process Personal Information on behalf of Gripp

Sensitive Personal Information, as defined under the CPRA, requires a higher level of protection. The categories of Sensitive Personal Information we may collect, and use include the following:

  • Social Security, Driver’s License, State Identification Card, or Passport Number
  • Account and Password Data (where such log-in information is in combination with any required security or access code, password, or credentials allowing access to an account)
  • Health Information (e.g., prescription records, benefit claims, and the Explanation of Benefits sent in connection with claims);
  • Background Information (e.g., marital status, dependent information, ethnicity and/or racial origin, credit and criminal background checks, and drug and alcohol testing);
  • Communications Data (e.g., the content of electronic messages)  
  • Biometric Information (e.g., thumbprints); and

The business purposes for which we may collect and use Sensitive Personal Information include the following:  

  • Administering and providing compensation and benefits, including administering and providing payroll, bonus, incentives, equity compensation, and reporting of the same, where applicable or required
  • Managing the workforce, including managing work activities, attendance, and workforce analysis
  • Managing and enabling workforce registrations and access to IT systems including applications and websites used for the performance of work operations and performance evaluations.
  • Employee and visitor safety and health/wellbeing and facilitating access to our premises.
  • Communications with you, other Company employees, and/or third parties (such as existing or potential business partners, suppliers, customers, end-customers, future employers, quasi-governmental officials or government officials) and facilitating the use of the applicable systems to enable such communications.

We may also use and disclose the categories of Personal Information identified above to:

  • To audit interactions, transactions, and records
  • To monitor compliance with company policies and procedures, including investigations of non-compliance
  • To detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • To comply with legal obligations and to disclose to law enforcement or other government agencies (when required by law; to protect Gripp, a person or property; to support our business, such as in applications for government grants; and when authorized by you); and
  • Otherwise disclose in accordance with directions, or consent, from you.

We have not sold your Personal Information in the preceding twelve (12) months and will not sell your Personal Information to third parties. We do not engage in providing financial incentives in exchange for Personal Information.

Section 3. What Rights Are Available to You

California Privacy law grants you certain rights with regard to your Personal Information; however, these rights are not absolute and in certain circumstances do not apply.

The rights include:

  • Right to Request Know / Access to Your Personal Information – The right to request information about the collection of your Personal Information by Gripp or access your Personal Information.
  • Right to Deletion – The right to request the deletion of Personal Information about you.
  • Right to Opt-Out of Sale or Sharing of Personal Information – The right to direct the business to not sell or share (or stop selling or sharing) your Personal Information.
  • Right to Correct Inaccurate Personal Information – The right to direct the business to correct inaccurate Personal Information held about you.  
  • Right to Limit the Use and Disclosure of Sensitive Personal Information – The right to limit the business’ use and disclosure of Sensitive Personal Information (as defined in the CPRA), to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services, or for the performance of certain enumerated business purposes.
  • Right to Opt-Out of Automated Decision-Making Technology – The right to object to automated decision making using your Personal Information.
  • Right of No Retaliation – The right to not be retaliated against for exercising your rights under California Privacy Law.

We will not discriminate or retaliate against you for exercising any of your rights under California Privacy Law, and unless permitted by California Privacy Law, we will not:

  • deny you goods or services.
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • provide you a different level or quality of goods or services; or
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

for exercising one of your rights under the California Privacy Law.

Section 4. How to invoke your California Privacy Rights?

You may exercise your right(s) under the CCPA and by using one of the following methods:  

  • Email: privacy@gripp.ag; or
  • Telephone:  +1 (414) 786-1908.

If submitting by email; please be sure to include what right(s) you are seeking to invoke and provide what data or information your request is concerning so that your request can be properly and timely addressed.  

Since we can only respond to a verified request, we may request information from you in order to confirm that you, or an authorized agent designated by you, are the one exercising your right as a consumer. We may request that you send your request through your account (if you have an account) or we may ask certain security questions to verify your identity before we respond to your request. You do not need to create an account with Gripp to exercise any of your individual rights (access, deletion, or opt-out of sale).

You have the right to designate an Authorized Agent. To the extent that you elect to designate an authorized agent to make a request on your behalf, they must provide appropriate documentation including written signed permission from you, proof of your identity, and verification of their identity; or a valid, designated power of attorney as defined under the California Probate Code.

Section 5. Who can I Contact for Additional Information?

You can email Gripp’s Data Privacy team at: privacy@gripp.ag or through postal service at:

Attn: Data Privacy
Gripp Inc.
830 Massachusetts Ave Suite 1500
Indianapolis, IN 46204

 

Article 2 – Non-Human Resource Consumers

Section 1. What is the Purpose of this Article to Appendix 1?

California Privacy Law provides California consumers with certain rights regarding Personal Information about them. This Article describes how we collect, process, and disclose Personal Information about you during and after your relationship with us and explains your rights. If you are a California consumer and would like to exercise any of those rights under California Privacy Law, please see Section 5 below for more information on how to submit a request.

Section 2. What Categories of Personal Information Could Gripp Collect, Process, and Disclose and for what Purposes?

Categories of Personal Information

  • Identifiers (e.g., name, postal address, unique personal identifiers, online identifiers, IP address, email address)
  • Personal information categories listed in the California Customer Records statute (e.g., name, signature, address, telephone number)
  • Commercial Information (e.g., purchasing history)
  • Internet or other electronic network activity information (e.g., system and network identification and credentials and usage)

Sources of Information

  • Directly from individuals
  • Third parties (e.g., companies with which you interacted to purchase the Gripp product, technology platforms)

Business or Commercial Purpose for which Personal Information was Collected/Used

  • Identify you and manage our relationship with you, including communicate. with you, enable access to Gripp facilities and systems, deliver products/services and related information to you, meet compliance obligations, and manage safety.
  • Auditing related to a current interaction with the consumer and concurrent transactions.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders or transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or similar services
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufacturer for, or controlled by the business, and to improve, upgrade, or enhance the service of device that is owned, manufactured, manufactured for, or controlled by the business.
  • Debugging to identify and repair errors that impair existing intended functionality

Categories of Third Parties to Whom the Personal Information is Disclosed

  • Vendors, service providers, and other partners who support our business, such as providing technical infrastructure services.
  • Subsidiaries, affiliates, and other entities controlled by Gripp.
  • Other third-party service providers that process Personal Information on behalf of Gripp

In the previous 12 months, we have not sold (as defined in California law) the following categories of Personal Information to third parties, subject to your settings and preferences and your Right to Opt-Out: Identifiers.

To opt out of the selling or sharing of your Personal Information, please contact us at privacy@gripp.ag.

The categories of third parties to whom we sell or disclose your Personal Information, and the corresponding business purpose for the selling or disclosure include: Service providers.

Sensitive Personal Information, as defined under the CPRA, requires a higher level of protection. The categories of Sensitive Personal Information we may collect and use for non-HR consumers include the following:

  • Social Security, Driver’s License, State Identification Card, or Passport Number
  • Account and Password Data (where such log-in information is in combination with any required security or access code, password, or credentials allowing access to an account)
  • Background Information (e.g., credit and criminal background checks, and drug and alcohol testing).
  • Communications Data (e.g., the content of electronic messages);
  • Biometric Information (e.g., thumbprints); and

In addition to the purposes identified above, the business purposes for which we may collect and use Sensitive Personal Information include the following:

  • Information related to biometric data, to identify or authenticate users and for access control purposes.
  • To enable access to IT systems
  • To provide you with the requested goods or services and facilitate transactions with you.
  • Background check information, to evaluate and select individuals with whom Gripp is working.

We may also use and disclose the categories of Personal Information identified above to:

  • Disclose to law enforcement or other government agencies (when required by law; to protect Gripp, a person or property; to support our business, such as in applications for government grants; and when authorized by you)
  • Otherwise disclose in accordance with directions from you

Section 4. What Rights Are Available to California Consumers?

You may have rights under the CCPA and CPRA. The CCPA and CPRA grant consumers certain rights with regard to Personal Information that relates to them; however, these rights are not absolute and in certain circumstances do not apply. The rights include:

  • Right to Request Know / Access to Your Personal Information – The right to request information about the collection of your personal information by Gripp or access your Personal Information.
  • Right to Deletion – The right to request the deletion of Personal Information about you.
  • Right to Opt-Out of Sale or Sharing of Personal Information – The right to direct the business to not sell or share (or stop selling or sharing) your Personal Information.
  • Right to Correct Inaccurate Personal Information – The right to direct the business to correct inaccurate Personal Information held about you.  
  • Right to Limit the Use and Disclosure of Sensitive Personal Information - The right to limit the business’ use and disclosure of Sensitive Personal Information (as defined in the CPRA), to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services, or for the performance of certain enumerated business purposes.
  • Right to Opt-Out of Automated Decision-Making Technology
  • Right of No Retaliation – The right to not be retaliated against for exercising your rights under the CCPA and CPRA.

    We will not discriminate or retaliate against you for exercising any of your rights under California Privacy Law, and unless permitted by California Privacy Law, we will not:
  • deny you goods or services.
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • provide you a different level or quality of goods or services; or
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

for exercising one of your rights under California Privacy Law.

Section 5. How Can California Consumers Invoke Their Privacy Rights?

You may exercise your right(s) under the CCPA by using one of the following methods:  

  • Email:  privacy@gripp.ag; or
  • Telephone:  +1 (414) 786-1908 

If submitting by email; please be sure to include what right(s) you are seeking to invoke and provide what data or information your request is concerning so that your request can be properly and timely addressed.  

Since we can only respond to a verified request, we may request information from you in order to confirm that you, or an authorized agent designated by you, are the one exercising your right as a consumer. We may request that you send your request through your account (if you have an account) or we may ask certain security questions to verify your identity before we respond to your request. You do not need to create an account with Gripp to exercise any of your individual rights (access, deletion, or opt-out of sale).

You have the right to designate an Authorized Agent. To the extent that you elect to designate an authorized agent to make a request on your behalf, they must provide appropriate documentation including written signed permission from you, proof of your identity, and verification of their identity; or a valid, designated power of attorney as defined under the California Probate Code.

Section 6. Who can I Contact for Additional Information?

You can email Gripp’s Data Privacy team at: privacy@gripp.ag or through postal service at:

Attn: Data Privacy
Gripp Inc.
830 Massachusetts Ave Suite 1500
Indianapolis, IN 46204

[END Appendix 1]

SCHEDULE A – LIST OF GRIPP DATACONTROLLERS / LEGAL ENTITIES

(LEGAL ENTITY NAME, COUNTRY NAME, CONTACT / WEBSITE)

  1. Microsoft Azure, United States, www.microsoft.com
  2. Hubspot, United States, www.hubspot.com 
  3. Justworks, United States, www.justworks.com 
  4. Carta, United States, www.carta.com 
  5. Google, United States, www.google.com 

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept