Privacy Notice effective March 21, 2024
We at Gryphon Investigations, LLC d/b/a Gryphon Strategies (“Gryphon Strategies,” “we,” “us,” or “our”) have created this Privacy Policy because we know you care about how information you provide to us is used and shared. This Privacy Policy applies to information collected when you visit our website located at www.gryphon-strategies.com (the “Site”), or purchase and/or use our services (“Services”).
Description of Users and Acceptance of Terms
This Privacy Policy applies to visitors to our Site, who view only publicly-available content (“Visitors”), and customers who purchase our Services (“Customers”).
By visiting our Site, Visitors are agreeing to the terms of this Privacy Policy and the accompanying Terms of Use.
By purchasing and/or using our Services, each Customer agrees to the terms of this Privacy Policy and that certain customer agreements between each Customer and Gryphon Strategies (the “Customer Agreements”). In the event of any conflict between the terms of this Privacy Policy and your Customer Agreements, the terms of the Customer Agreements shall govern.
Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use (when such term concerns Visitors), or the Customer Agreements (when such term concerns Customers).
What Information We Collect/Receive; the Purpose of Collection and Use
We collect and/or receive the following categories of information.
When you are hired as an employee, we collect information required for us to manage your employment and comply with applicable laws. This information may include your photograph, signature, social security number, fingerprints, telephone number, driver’s license or state identification card number, bank account number, or any other financial information, health insurance information. Where applicable, we may collect student information related to eligibility for benefits.
This information may also include ‘special categories’ of Personal Information under the GDPR where this is necessary, including racial and ethnic origin and medical information including medical conditions.
When you are retained as an independent contractor, we collect your name, business name, business address, email, and telephone number and any other information required for tax and billing purposes.
Below is a list of analytics providers that we use; however, such list may be subject to change based on how we wish to understand the user experience and we will endeavor to update it diligently. You may use the accompanying links to learn more about such providers and, if available, how to opt-out from their analytics collection.
For Google Analytics, please visit: https://www.google.com/analytics
Aggregated Information
In an ongoing effort to better understand our Visitors, Customers, and our products and services, we may analyze your information in anonymized and aggregate form in order to operate, maintain, manage, and improve the Site, and the Services. This aggregate information does not identify you personally. We may share and/or license this aggregate data to our affiliates, agents, business partners, and other third parties. We may also disclose aggregated user statistics in order to describe the Site and the Services to current and prospective business partners and investors and to other third parties for other lawful purposes.
Additional Uses
We also use information collected pursuant to this Privacy Policy to provide and improve the Site and the Services; to solicit your feedback; and to inform you about our products and services and those of our promotional partners.
Onward Transfer to Third Parties
Like many businesses, we contract with other companies to perform certain business-related services. We may disclose your information, including personal information in some cases, to certain third-party companies, but only to the extent needed to enable them to provide such services, including, without limitation, cloud hosting providers, analytics providers, customer relationship database providers, document repository and management providers, and background check and investigation services providers. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by Gryphon Strategies. We may also disclose your information, including any personal information, to any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us in order to support delivery of our products and services.
Opt-Out for Direct Marketing
You may opt out at any time from the use of your personal information for direct marketing purposes by e-mailing the instructions to this email address: [email protected]. Please allow us a reasonable time to process your request.
How We Protect Your Information
Gryphon Strategies is committed to taking appropriate measures to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, taking into account the risks involved in processing and the nature of such data, and compliance with applicable laws and regulations. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Site and/or the Services may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
Retention of Personal Information
We will retain your personal information in a form that identifies you only for as long as it serves the purposes for which it was initially collected as stated in this Privacy Policy or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis and subject to the protection of this Privacy Policy. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.
Accessing and Modifying Information and Communication Preferences
Upon request to [email protected], we will provide you with confirmation as to whether we are processing your personal information, and have the information communicated to you within a reasonable time. You have the right to correct, amend, or delete your personal information where it is inaccurate or has been processed in violation of this Privacy Policy. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.
In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “Unsubscribe” link located on the bottom of any Gryphon Strategies marketing e-mail. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our subscription databases. Customers cannot opt out of receiving transactional e-mails related to their account with Gryphon Strategies.
Business Transfers
In the event of a merger, dissolution, or similar corporate event or the sale of all or substantially all of our assets, we expect that the information that we have collected and/or received, including personal information, would be transferred to the surviving entity in a merger or to the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy.
Disclosures to Public Authorities
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Important Notice to Non-U.S. Residents
The Site, and its servers are operated in the United States. Please be aware that your information, including your personal information, may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. Except in the case of data transfers under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), your decision to provide such data to us, or allow us to collect such data through our Site or Services constitutes your consent to this data transfer.
Important Notice For Individuals of the UK, European Economic Area and Switzerland
Gryphon Strategies complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Gryphon Strategies has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Gryphon Strategies has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
For EU Individuals: Your Rights under the General Data Protection Regulation
In this Section, we have summarized the rights that you have under General Data Protection Law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
Right to access
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
Right to Rectification
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
Right to erasure
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure.
The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
Right to restrict processing
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Right to object to processing
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
Right to data portability
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
Right to complain to a supervisory authority
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Right to withdraw consent
Effective from October 15, 2018, we have appointed ePrivacy GmbH to act as our EU Representative pursuant to Article 27 of the GDPR. If you are a citizen of the EEA and wish to exercise your rights under the GDPR, or otherwise have any queries in relation to your rights or privacy matters generally, please either e-mail our EU Representative at [email protected] or alternatively mail your request or query to:
ePrivacy GmbH (“ePrivacy”)
Große Bleichen 21
20354 Hamburg
Germany
Gryphon Strategies is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Upon request to [email protected] we will provide you with confirmation as to whether we are processing your personal information, and have the information communicated to you within a reasonable time. You have the right to access, correct, amend or delete your personal information where it is inaccurate or has been processed in violation of this Privacy Policy. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.
We will provide an individual opt-out choice before we share your personal information with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected], with the subject line, “Data Privacy Framework”.
We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent. You may grant such consent by contacting us at [email protected], with the subject line, “Data Privacy Framework”. In each instance, please allow us a reasonable time to process your response.
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Gryphon Strategies’ accountability for personal information that it receives in the United States under the Data Privacy Framework and subsequently transfers to a third party is described in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) . In particular, Gryphon Strategies remains responsible and liable under the Data Privacy Framework if third-party agents that it engages to process the personal information on its behalf do so in a manner inconsistent with the Principles, unless Gryphon Strategies proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Gryphon Strategies commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Gryphon Strategies at [email protected], with the subject line, “Data Privacy Framework”.
Gryphon Strategies has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
If your complaint involves human resources data transferred to the United States from the European Union, [the United Kingdom, or Switzerland] in the context of the employment relationship, and Gryphon Strategies does not address it satisfactorily, Gryphon Strategies commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), [the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, or FDPIC, as applicable] with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB NATIONAL PROGRAMS.
Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.
UK individuals can also file a complaint with the ICO at https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/
External Websites
The Site may contain links to third-party websites (“External Sites”). Gryphon Strategies has no control over the privacy practices or the content of these External Sites. As such, we are not responsible for the content or the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any such External Sites.
Children
We do not knowingly collect personal information from children under the age of 13. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide us personal information without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.
California Residents
Under California Civil Code Section 1798.83, California residents who have an established business relationship with Gryphon Strategies may choose to opt out of our sharing their personal information with third parties for direct marketing purposes. If you are a California resident and (1) you wish to opt out; or (2) you wish to request certain information regarding our disclosure of your personal information to third parties for the direct marketing purposes, please send an e-mail to [email protected] or write to us at:
Gryphon Strategies
Attn: J. Tiburzi, Data Privacy Officer
1 N Broadway, Suite 602
White Plains, NY 10601
In addition, Gryphon Strategies does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
Changes to This Privacy Policy
This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time. Any such changes will be posted on the Site. By accessing the Site and/or using the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of your information is governed by the Privacy Policy in effect at the time we collect the Information. Please refer back to this Privacy Policy on a regular basis.
How to Contact Us
If you have questions about this Privacy Policy, please contact Gryphon Strategies via e-mail at [email protected] with “Privacy Policy” in the subject line.