Privacy Policy

Last updated: 10/28/20

GreySignal, Inc. (collectively with its subsidiaries, “GreySignal,” “Company,” “we,” “us,” and “our,”) respects your privacy and is committed to protecting your privacy through our compliance with this GreyMAR Privacy Policy (the “Policy”). This Policy should be read in conjunction with our GreyMAR Terms of Service and Master Services Agreement, into which this Policy is incorporated by reference.

This Policy describes:

• The types of information we collect from you or that you may provide when you use the GreyMAR software application or website available at https:// www.greymar.io (collectively, our “Service”).

• Our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Policy applies to information we collect on the Service or in emails and other electronic messages between you and the Service. This Policy does not apply to information collected by us offline or through any other means, including on any other website, application, or service operated by GreySignal or any third party, or information collected by any third party through any application or content that may link to or be accessible from the Service (for further information, see below, “Third-party Services”).

Please read this Policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our policies and practices, then please do not use our Service. By using our Service, you agree to the terms of this Policy. This Policy may change from time to time (see below, “Changes to this Policy”). Your continued use of our Service after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

What We Collect and How We Collect It

To ensure that we provide you with the best possible experience, we will store, use, and share information about you in accordance with this Policy.

Information You Provide to Us

Personal Information is any information that can be used to individually identify you from a larger group, such as data including, but not limited to, your:

• first and last name;

• email address;

• telephone number;

• Social Security number

• health diagnosis, condition, and record;

• medications;

• your image and likeness;

• voice recordings;

• allergies;

• age;

• mailing address; and

• comments or messages provided in free text boxes.

Please understand that the above is not intended to be a comprehensive list. Depending upon your activities through the Service and the medium by which Personal Information is submitted, you may provide far greater variety of Personal Information than identified above.

You may provide us Personal Information when you:

• request information from the Service;

• upload Personal Information of third parties;

• submit an employment application;

• upload a video or voice recording;

• generate invoices;

• subscribe to our email, text, and internal messaging communications; and

• register yourself with the Service.

We may also collect Personal Information through any of our trusted third-party partners, such as PointClickCare Corp. (“PointClickCare”).

Additionally, we may ask you to create a username and password that should only be known to you.

The Service will provide you with opportunities to submit Personal Information belonging to yourself and others. Before providing the Service with Personal Information relating to third parties, please be sure that you have obtained all requisite consents and authorization from the person whose Personal Information you are providing.

GreySignal shall not be liable for your failure to obtain all necessary legal consent or authorization, in the proper format, prior to submission of Personal Information to the Service.

Important Information Relating to Health Information:

You acknowledge that the Service may involve the use and disclosure of “Protected Health Information” (as defined in 45 C.F.R. § 160.103) that is subject to the federal privacy regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended from time to time (“HIPAA”). With respect to the Service any Personal Information that constitutes Protected Health Information shall be governed by the terms of any applicable business associate agreement (“BAA”) between GreySignal the contracting company responsible for providing your Personal Information. In the event that we receive Personal Information that is not subject to a BAA, then such Personal Information shall be governed by the terms of this Policy and may not be afforded the same protections and restrictions as provided for Protected Health Information.

Automated Information Collection

In addition to the information that you provide to us, we may also collect information about you during your visit to our Service. We collect this information using automated tools that are detailed below. These tools may collect information about your behavior and your computer system, such as your internet address (IP Address), the pages you have viewed, and the actions you have taken while using the Service. Some of the tools we use to automatically collect information about you may include:

(a) Cookies. A “cookie” is a small data file transmitted from a website to your device’s hard drive. Cookies are usually defined in one of two ways, and we may use either (or both) of them:

(1) session cookies, which do not stay on your device after you close your browser, and

(2) persistent cookies, which remain on your device until you delete them or they expire.

The web application version of the Service may use the following categories of cookies.

i. Strictly Necessary Cookies. These cookies are essential in order to enable you to move around the Service and use its features. Without these cookies, services you have requested, such as maintaining a record of your preferences cannot be provided.

ii. Performance Cookies. These cookies collect anonymous information on how you use our Service to help us understand how you arrive at our Service, browse or use our Service and highlight areas where we can improve, such as navigation. The data stored by these cookies never shows personal details from which your individual identity can be established.

iii. Functionality Cookies. These cookies remember choices you make such as the country from which you use our Service, your preferred language, and your search parameters. This information can then be used to provide you with an experience more appropriate to your selections and to make your visits to our Service more tailored to your preferences. The information in these cookies may be anonymized. These cookies cannot track your browsing activity on other websites.

Of course, if you do not wish to have cookies on your devices, you may turn them off at any time by modifying your internet browser’s settings. However, by disabling cookies on your device, you may be prohibited from full use of the Service’s features or lose access to some functionality.

(b) Web Beacons. A Web Beacon is an electronic image. Web Beacons can track certain things from your computer and can report activity back to a web server allowing us to understand some of your behavior. If you choose to receive emails from us, we may use Web Beacons to track your reaction to our emails. We may also use them to track if you click on the links and at what time and date you do so. This information is only collected in aggregate form and will not be linked to your Personal Information. Please note that any image file on a webpage can act as a Web Beacon.

(c) Embedded Web Links. Links provided in our emails and, in some cases, on third-party services may include tracking technology embedded in the link. The tracking is accomplished through a redirection system. The redirection system allows us to understand how the link is being used by email recipients. Some of these links will enable us to identify that you have personally clicked on the link and this may be attached to the Personal Information that we hold about you.

(d) Trusted Third-party Partners. We work with a number of service providers to help provide the Services. These service providers may use various data collection methods to improve the performance of the operations we are contracting them to provide. As such, companies such as PointClickCare and Intercom, Inc. (“Intercom”) may collect non-Personal Information and use it to assess the strength of their operational services.

Your Choices and Selecting Your Privacy Preferences

We want to provide you with relevant information that you have requested. If we provide subscription-based services, such as email and text message communications, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to the Services. However, if you ever wish to stop receiving communications from GreySignal in a particular medium, we will provide opportunities to adjust your settings.

We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.

Text Messaging. You may have the opportunity to receive SMS or "text" messages, prerecorded voice messages or auto-dialed phone calls from GreySignal, its affiliates and related entities as well as third parties. Such messaging may be used to authenticate your identity or mobile device, as well as provide you informational updates about services or products you may have requested. In providing your mobile device number or cell phone number to GreySignal, you knowingly consent to such communications from GreySignal or for GreySignal to use your cell phone number or mobile device number in accordance with GreySignal’s Terms of Service. In providing a number, you represent that you have the authority to agree to receive text messages at the telephone number that you provide to GreySignal, or from which you sent the text message request to us. You further acknowledge that no purchase is required to opt into this service, and you may opt out at any time by following the instructions below. To discontinue receiving SMS messages from GreySignal at any time, reply STOP or text STOP to the number sending you SMS messages.

Any such communications you receive from us will be administered in accordance with your preferences and this Policy.

Accuracy and Access to Your Personal Information

We strive to maintain and process your information accurately. We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements. We employ technologies designed to help us maintain information accuracy on input and processing.

Where we can provide you access to your Personal Information in our possession, we will always ask you for a username and password to help protect your privacy and security. We recommend that you keep your password safe, that you change it periodically, and that you do not disclose it to any other person or allow any other person to use it.

To view and change the Personal Information that you have provided to us, you can log in to your account and follow the instructions on that webpage, or contact us directly for assistance.

Information of Minors

We do not intentionally seek to gather information from individuals under the age of eighteen (18). We do not target the Service to minors, and would not expect them to be engaging with our Service. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet. If we are aware of any Personal Information that we have collected about minors, we will take steps to securely remove it from our systems.

How We Use Your Information

The information we gather and that you provide is collected to provide you information and the services you request, in addition to various other purposes, including, but not limited to:

• Assisting you with items such as personalized experiences, facilitation of product usage, and enforcement of the Terms of Use.

• Preventing malicious activity and providing you with a secure experience.

• Providing service and support for services you request.

• Keeping you up-to-date with the latest benefits available from us.

• Preventing unwanted messages or content.

• Contacting you about services and offers that are relevant to you.

How We Share Your Information

We do not sell or lease your Personal Information to any third party. We may disclose your Personal Information to our trusted third-party business partners in accordance with this Policy. We work with a number of partners that help us process your requests, deliver customer service and support, send email marketing communications, and provide experiences that you have come to expect from us. We will share your Personal Information with these third parties in order to fulfill the service that they provide to us. These third-party partners are under contract to keep your Personal Information secure and not to use it for any reason other than to fulfill the service we have requested from them. Some of the third-party partners to whom we share Personal Information include:

Intercom: Intercom allows Service users to communicate through direct and group messaging as well as chat and chat bot communications. Intercom allows you to communicate with other users of the Service and create customized bots capable of answering questions or directing users to applicable aspects of the Service. To learn more about Intercom and some of the services we utilize, please visit their privacy policy available at https://www.intercom.com/legal/privacy.

PointClickCare: PointClickCare is a cloud-based electronic health record (“EHR”) service. PointClickCare’s services are designed to enhance the Services by facilitating the transmission and security of EHRs containing your Personal Information. To learn more about PointClickCare and some of the services we utilize, visit their privacy policy available at https://pointclickcare.com/privacy-policy/.

Please understand that Personal Information shared with these trusted third-party partners will be governed by that partner’s privacy policy and not necessarily the terms of this Policy once shared. In the event that Personal Information contains Protected Health Information, such Protected Health Information will be stored, processed, and transmitted in accordance with any applicable BAA.

Except as described in this Policy, we will not share your information with third parties without your notice and consent, unless it is under one of the following circumstances:

• Responding to duly authorized information requests from law enforcement or other governmental authorities.

• Complying with any law, regulations, subpoena, or court order.

• Investigating and helping prevent security threats, fraud, or other malicious activity.

• Enforcing or protecting the rights and properties of GreySignal or its subsidiaries.

• Protecting the rights or personal safety of GreySignal’s employees.

There are circumstances where GreySignal may decide to buy, sell, or reorganize its business in selected countries. Under these circumstances, it may be necessary to share or receive Personal Information with prospective or actual partners or affiliates. In such circumstances, GreySignal will ensure your information is used in accordance with this Policy.

Third-party Services

This Policy does not apply to websites or other domains that are maintained or operated by third parties or our affiliates. Our Service may link to third-party websites and services such as Facebook, Twitter, Google+, and LinkedIn, but these links are not endorsements of these sites, and this Policy does not extend to them. Because this Policy is not enforced on these third-party websites, we encourage you to read any posted privacy policy of the third-party website before using the service or website and providing any information.

Your California Rights

Pursuant to California Civil Code Section 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.

Other than as disclosed in this Policy, the Service does not track users over time and across third-party websites to provide targeted advertising. Therefore, the Service does not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser.

For Service Users Outside of the United States and Canada

Our Service is designed for use by individuals in the United States and Canada only.

We do not warrant or represent this Policy or the Service’s use of your Personal Information complies with the laws of any other jurisdiction. Furthermore, to provide you with our services, we may store, process, and transmit information in the United States, Canada, and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.

Changes to this Policy

If we make any changes to this Policy, a revised Policy will be posted on this webpage and the date of the change will be reported in the “Last Revised” block above. You can get to this page from any of our webpages by clicking on the “Privacy Policy” link (usually at the bottom of the screen).

Safeguarding the Information We Collect

We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure. In addition, for any Protected Health Information provided to the Service, we utilize all appropriate safeguards agreed to in any applicable BAA. However, we can never promise 100% security. You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please also notify us of any unauthorized use.

How to Contact Us

We value your opinions and welcome your feedback. To contact us about this Policy or your Personal Information, please contact us at:

GreySignal, Inc.

238 S. Pennsylvania Ave. #261

Greensburg, PA 15601