Privacy Policy
Privacy Notice
LAST UPDATED: April 2024
GreyScout.com registered address at Dogpatch Labs, The CHQ Building, Custom House Quay, Dublin 1, D01 Y6H7 Ireland, and its affiliates (collectively, “GreyScout”, “we”, or “us”) want you to be familiar with how we collect, use and disclose personal information when you visit our website GreyScout.com or enter a contractual agreement with us for one of our Services. This privacy notice relates the data processing through our website. If you have any questions or would like to make any requests about your personal information such as opting out of marketing, please email privacy@greyscout.com.
If you are already a valued GreyScout customer, then you are a controller of any information you upload to our platform and GreyScout acts as your data processor. A separate privacy notice governs our processing where we act as your processor and should be read in conjunction with any terms and conditions as may be applicable to you.
Notifications from GreyScout Customers
In some instances, you may receive notifications or communications from our Customers using GreyScouts platform. By way of information, GreyScout offers an online brand protection SaaS platform (“Platform”). One of the features of our Platform is an enforcement process which GreyScout Customers may use to clamp down on unauthorised sellers of their products. Any action taken by GreyScout Customers in issuing notices to, or communicating with, third parties through our Platform are taken by our Customers on their own behalf and not by GreyScout.
Please direct all correspondence relating to these notices to the sender (GreyScout’s Customer).
CONTACT US
Website: GreyScout.com
Contact our Privacy Officer with any privacy related queries on privacy@greyscout.com.
Introduction to GreyScout
GreyScout provides an online brand protection management platform that empowers brand owners to defend against online counterfeits, rogue websites, grey market operators, unauthorized content and more.
Our key strength and major benefit to the brand is our reseller verification & product authentication process – which delivers significant value in terms of delisted content without the need for channel enforcement (existing customer have experienced between 25% and 48% takedowns through this verification/authentication process).
This process has additional benefits in terms of product identification details (batch IDs, serial numbers, invoices etc.) submitted by resellers directly to the GreyScout system, helping to identify the root source of the problem and also providing legal teams with greater justification for enforcement actions.
How GreyScout Uses Personal Information
Information that you provide to us:
| Categories of personal information we collect | Purposes of use (“Processing Purposes” described in more detail below) | Source of Information | Legal basis |
|---|---|---|---|
| Business contact data such as name and business email Analytics and preferences | GreyScout offers a brand protection solution. Our product identifies unauthorised sellers on marketplace platforms such as Amazon. Our product has the ability to take down hundreds of unauthorised listings, bad links and counterfeit products at the same time, automate discovery of new unauthorised listings and ensure our customers brands are protected 24/7. Provide you with our Services, and register your account on the platform. Marketing relevant products and personalising your experience on the platform. | You Prospective customers Publicly available information | Legitimate interests |
| Research and feedback | Provide you with our Services personalise your experience on the platform | You, GreyScout customers | Legitimate interests |
Information that we collect for business-to-business relationships only:
| Categories of personal information we collect | Purposes of use (“Processing Purposes” described in more detail below) | Source of Information | Legal basis |
|---|---|---|---|
| Business contact information | Build and manage business-to-business relationships | You, GreyScout customers, Third party vendors | Performance of contract, Legal obligation, Legitimate interests |
| Transactional information (as permitted by law) | Build and manage business-to-business relationships | You, GreyScout customers, Third party vendors | Performance of contract Legitimate interests |
| Due diligence and AML information (as permitted by law) | Compliance and risk management activities for business-to-business relationships | You or your company’s responses to our due diligence questions GreyScout customers Third party vendor risk compliance screening and data validation tools and databases, | Performance of contract, Legitimate interests, Legal obligation, |
Information that we collect from third parties:
| Categories of personal information we collect | Purposes of use (“Processing Purposes” described in more detail below) | Source of Information | Legal basis |
|---|---|---|---|
| Information from public and commercial sources | Build and manage business-to-business relationships | Analytics providers, Marketers, Third party vendors, Public records databases | Legitimate interests |
| Third Party Partners in Connection with providing our Services For example: contact information such as authentication information, account legitimacy, search requests, payment provision, SDK analytics, log events and device identifiers such as IP addresses, device IDs or other unique identifiers. | Provide our Services Personalise your experience Provide seamless experience across platforms and devices Safety and security Send you relevant marketing and advertising | Analytics providers, Marketers, Partners, Third party vendors, Public records database. | Performance of contract, Legitimate interests, Legal obligation , |
| Due diligence information (where required and permitted by law) | To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals. Compliance and risk management activities for business-to-business relationships Build and manage business-to-business relationships | You or your company’s responses to our due diligence questions Third party risk, compliance screening and data validation tools and databases, | Legal obligation Performance of contract Legitimate interests |
Sensitive Data
We do not collect sensitive data. We ask that you do not provide or disclose any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership). We do not require sensitive data to provide the Services.
Anonymisation of Data
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. By way of example, anonymisation techniques may include removing direct identifiers from a dataset or replacing point coordinates in geo-referenced data with non-disclosing features or variables, or other recognised techniques appropriate to the data in question.
How We Share Your Personal Information
In general, we do not share personal information. In the unlikely event we are obliged to disclose your personal information to third parties, it will be customer information where necessary for the following reasons:
- To third parties where necessary to manage and operate our business, including management of contracts and providing the functionality of our Services.
- To service providers, website hosting service providers, information technology and related infrastructure service providers, analytics providers, email delivery service providers.
- For legal and compliance reasons, including responding to requests and legal demands from regulators or other authorities, pursuing legal rights and remedies and defending claims.
- For fraud prevention and security, including ensuring the security and safety of our premises.
- To comply with applicable law and regulations
- We have a legitimate interest in disclosing or transferring your personal information to a third-party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your personal information in accordance with applicable law and the ‘Updates to This Privacy Notice’ section.
How Long We Keep Your Data
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
The criteria used to determine our retention periods are set out in our retention policy and will vary depending on such factors as (i) the length of time we have an ongoing relationship with you and provide goods or services to you (for example, for as long as you have an account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to enforcement of our contractual terms, applicable statutes of limitations, litigation or regulatory investigations).
Where individuals do not engage with marketing content, potential customers and their personal information are removed from targeting lists. This is generally no longer than 30 days from the last engagement.
Retention Periods Based on Legal Obligations
- Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain personal information, even after your account has been deleted and/or we no longer provide goods or Services to you. Some examples are described below.
- To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your account, we will preserve personal information subject to such order or warrant after you delete your account.
- To comply with legal provisions on tax and accounting: We may retain your personal information, such as financial and relationship history after you delete your account, as required by local tax law and to comply with bookkeeping requirements.
To pursue or defend a legal action: We may retain relevant personal information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your personal information, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for the amount of time appropriate to local limitation periods after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.
How We Keep Your Data Secure
We seek to use reasonable organisational, technical and administrative measures to protect personal information within our organisation, such as encryption and multi factor authentication. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
Third-Party Services
This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third-party operating any website or service to which our products or services link. The inclusion of a link via any of our services does not imply endorsement of the linked site or service by us or by our affiliates.
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Children
Our Services are intended for users over the age of 18. We do not knowingly collect personal information from children for the purposes outlined in this Privacy Notice.
International Transfers
GreyScout is incorporated in Ireland. Whilst most of our data processing is carried out in the EU, we may transfer your information to service providers, and other third parties located outside of your country of residence. Where we do so, this is necessary to provide our Services and for the purposes outlined in this Privacy Notice. Data privacy laws vary from country to country and may not be equivalent to, or as protective as, the laws in your home country. We take steps to ensure that reasonable safeguards are in place with the aim to ensure an appropriate level of protection for your information, in accordance with applicable law. These measures include data transfer agreements. By providing us with your information, you acknowledge any such transfer, storage or use.
Automated Individual Decision-Making, Including Profiling
Your personal data is not subject to any decisional process based solely on automated processing, including profiling.
Your Rights
You may be able to exercise certain privacy rights. The rights available to you depend on our reason for processing your personal information and the requirements of applicable law (i.e., your rights will vary depending on whether you are located In, for example, the European Union, the United Kingdom, or California). Specifically, you may have the following rights:
- The right to confirmation on the existence of processing and to access the data: You may have the right to obtain from us confirmation as to whether personal information processed, and, where that is the case, to request access to the personal information. Depending on where you are located, you may also have the right to information about public and private entities with which the controller has disclosed personal information.
- The right to correct incomplete, inaccurate, or out-of-date data: You may have the right to request that we correct any personal information about you that is inaccurate. Depending on the purpose of the processing, you also have the right to request that we complete the personal information we hold about you where you believe it is incomplete, including by means of providing a supplementary statement.
- The right to the portability of data: You may have the right to request that we transfer the personal information we have collected about you to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
- The right to request anonymization, blocking, or deletion of personal information: You have the right to request the deletion of your personal information we have collected from you, subject to certain conditions and limitations under the law.
- The right to revoke consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time with future effect. Depending on where you are located, you may also have the right to request deletion of personal information that was processed based on your consent, or the right to know the consequences of revoking your consent. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- The right to object to processing: You may have the right to object to our processing of your personal information, under certain conditions, and we can be required to no longer process your personal information. Such right to object may especially apply if we collect and process your personal information through automated decision making, such as profiling, to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your personal information will no longer be processed by us for such purposes. Such a right to object may, in particular, not exist if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- The right to opt-out of the sale or sharing of personal information: We do not sell your personal information in exchange for monetary consideration. In the event that we disclose your personal information to third parties for their marketing purposes, you may have the right to opt out of that disclosure. You may also have the right to request further information about the disclosure of your personal information for those third parties’ marketing purposes, such as the contact information of those parties, once per calendar year.
- The right to limit the use and disclosure of sensitive personal information: We will only use sensitive or special personal information as needed for the purposes for which it was collected or with your consent. We do not currently process sensitive personal information for purposes that may be limited under applicable law. If this changes, we will notify you, and you may have the right to restrict such additional uses.
- The right to non-discrimination for exercising a privacy right: We will not discriminate against you for exercising any rights.
Exercising Your Rights
To exercise any of your rights as set out above, please contact us by submitting a request to privacy@greyscout.com. California, Colorado, Connecticut, Utah, and Virginia residents with rights under local law may also contact us on privacy@greyscout.com for access, correction or deletion requests. Please note that you will need to verify your identity before we can fulfil your request. Your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will respond to your verifiable request within any prescribed timelines. In some regions, there may be limitations on how often a request relating to personal information may be submitted.
Appointing An Authorized Agent
You can designate an authorized agent to submit a request on your behalf. To do so, you will need to provide a written authorization or power of attorney signed by you for the agent to act on your behalf. You will still need to verify your identity with us.
THIRD PARTIES LIST – “SHINE THE LIGHT” (California Residents only)
Where applicable, California residents can also request a list of all the third parties to which we have disclosed certain personal information (as defined by California’s Shine the Light law) during the preceding year for those third parties’ direct marketing purposes. California residents may contact us at privacy@greyscout.com.In the body of your request, you must include: “California Shine the Light Request”, your name, a current California address including, street address, city, state, and zip code, as well as sufficient information for us to determine if the law applies to you. You will need to attest to the fact that you are a California resident. We will not accept requests by telephone, post or facsimile, and we are not responsible for notices that are not labelled or sent properly, or that do not have complete information.
NEVADA RESIDENTS
We don’t engage in the following activity; however, Nevada law requires us to post the following: certain Nevada consumers may opt out of the sale of “covered information” for monetary consideration to a person for that person to license or sell such information. “Covered information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
Whilst GreyScout acts as a data processor for GreyScout customers, if you have any questions, concerns, or complaints about the way we process your personal information, please contact privacy@greyscout.com. Whilst we would like an opportunity to assist you first, you also have a right to lodge a complaint with a regulator / supervisory authority in your country such as the Irish Data Protection Commission or Information Commissioner’s Office if based in the UK.
Marketing-Related Communications
In most cases our processing of your business contact data for marketing purposes is based on our legitimate interests to provide information you might find such as products, services and offers that may be of interest to your business, although in some cases (such as where required by law) it may be based on your consent. You have a right to prevent direct marketing and marketing-related communications. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by clicking on the “unsubscribe” link located on the bottom of our e-mails, or by sending us an email at privacy@greyscout.com. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, but are a GreyScout customer, we may still send you important administrative messages, from which you cannot opt-out.
Updates To This Notice
The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice.
