Privacy Policy

Updated May 15, 2025

1. Introduction
Greyhaven Group LLC ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This Privacy Policy is designed to comply with data protection laws including the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Payment Card Industry Data Security Standard (PCI DSS).

2. Information We Collect
Personal Information
We may collect personal information that you provide directly to us, such as:

• Contact information (name, email address, phone number, business address)

• Business information (company name, job title, industry)

• Account credentials (username and password)

• Communications you send to us
   

Payment Information
When you make a payment for our services, we do not directly collect, store, or process your complete credit card information. All payment processing is handled by PCI-compliant third-party payment processors, and we implement security measures in accordance with PCI DSS requirements to protect any transaction data we may have access to.
Automatically Collected Information
When you visit our website, we may automatically collect certain information about your device, including:

• IP address

• Browser type and version

• Operating system

• Pages visited and time spent on pages

• Referring website

• Other technical information
   

3. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal information on the following legal bases:

• Consent: Where you have given explicit consent to process your personal data.

• Contract Performance: Processing necessary for the performance of a contract to which you are a party.

• Legitimate Interests: Processing necessary for our legitimate business interests, provided these interests don't override your fundamental rights and freedoms.

• Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject.
   

4. How We Use Your Information
We may use the information we collect for various purposes, including to:

• Provide, maintain, and improve our services

• Process transactions and send related information

• Send administrative information, such as updates, security alerts, and support messages

• Respond to your comments, questions, and requests

• Communicate with you about products, services, offers, and events

• Monitor and analyze trends, usage, and activities

• Detect, investigate, and prevent fraudulent transactions and other illegal activities

• Comply with legal obligations
   

5. PCI Compliance and Payment Security
Greyhaven Group maintains PCI DSS compliance for all payment processing activities. This means:

• We never store complete credit card numbers

• All payment processing occurs on secure, PCI-compliant platforms

• We maintain a secure network with appropriate firewalls

• We encrypt transmission of cardholder data

• We regularly update and patch systems to address vulnerabilities

• We restrict access to cardholder data on a need-to-know basis

• We regularly test security systems and processes

• We maintain a comprehensive information security policy

• We comply with all requirements of the Payment Card Industry Data Security Standard (PCI DSS)

• We undergo regular security assessments and maintain our PCI compliance certification
   

6. Information Sharing and Disclosure
We may share your information in the following circumstances:

• With third-party service providers who perform services on our behalf

• To comply with law, regulation, legal process, or governmental request

• To enforce our agreements, including for billing and collection purposes

• To protect our rights, property, or safety and the rights, property, and safety of others

• In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow our third-party service providers to use your personal data for their own purposes.

7. Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For payment information, we follow PCI DSS requirements regarding data retention and secure disposal of information when it is no longer needed for business, legal, or regulatory purposes.

8. Data Security
We have implemented appropriate technical and organizational measures to protect your personal information from unauthorized access, use, alteration, and disclosure. These include:

• Encryption of sensitive data

• Regular security assessments and penetration testing

• Access controls and authorization procedures

• Employee training on data security practices

• Incident response plans
   

However, please be aware that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. Your Rights Under GDPR
If you are a resident of the European Economic Area (EEA), you have certain data protection rights, including:

• Right to Access: You have the right to request access to your personal data.

• Right to Rectification: You have the right to request correction of inaccurate personal data.

• Right to Erasure: You have the right to request erasure of your personal data in certain circumstances.

• Right to Restrict Processing: You have the right to request restriction of processing of your personal data.

• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.

• Right to Object: You have the right to object to processing of your personal data in certain circumstances.

• Right Not to Be Subject to Automated Decision-making: You have the right not to be subject to a decision based solely on automated processing.
   

To exercise these rights, please contact our Data Protection Officer using the contact information provided below.

10. Your Rights Under CCPA
If you are a California resident, the CCPA provides you with specific rights regarding your personal information:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.

• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.

• Right to Opt-Out of Sale: You have the right to opt out of the sale of your personal information. Note that Greyhaven Group does not sell personal information as defined by the CCPA.

• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights.
   

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

11. Do Not Sell My Personal Information
Under the CCPA, California residents have the right to opt out of the sale of their personal information. Greyhaven Group does not sell your personal information to third parties. However, we may share your information with third-party service providers as described in this Privacy Policy.

If you are a California resident and would like to exercise your rights under the CCPA, please contact us using the information provided in the "Contact Us" section.

12. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your browsing activities and to remember your preferences. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.
For detailed information about the cookies we use and how to manage your cookie settings, please see our Cookie Policy.

13. Third-Party Links
Our website may contain links to third-party websites and services. We have no control over the privacy practices or content of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Children's Privacy
Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If we learn we have collected personal information from a child under 18, we will delete that information promptly.

15. International Data Transfers
Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located in the European Economic Area (EEA), we ensure a similar degree of protection is afforded to your data through the implementation of appropriate safeguards, such as standard contractual clauses approved by the European Commission.

16. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below.

17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on our website with an updated "Last Updated" date. We will notify you of any significant changes by email or through a notice on our website.

18. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Greyhaven Group
Attn: Privacy Team / Data Protection Officer
Email: Marcus@greyhavengroup.com