Privacy Policy - Grace Hill

Privacy Policy

Last updated: November 13, 2024

 

This Privacy Policy describes how Grace Hill, LLC (“Grace Hill,”) collects and uses certain personal information as a result of the use of its products, including Vision®, Validate, Visto®, PolicyPartner®, ReputationBuilder, as well as the other services that Grace Hill provides that reference this Privacy Policy (the “Grace Hill Services”). The Grace Hill Services further include Grace Hill’s website, www.gracehill.com (the “Website”).  Additionally, this Privacy Policy describes how Kingsley Associates, Inc. (“Kingsley”), a Grace Hill subsidiary, collects and uses certain personal information through its products, including the Kingsley Portal (www.kingsleyportal.com), Kingsley Surveys (Employee Engagement Assessment, Tenant and Resident Experience), the Kingsley Index® and the other services that Kingsley provides that reference this Privacy Policy (the “Kingsley Services”).  Grace Hill and Kingsley are each referred to herein as “we”, “our” or “us”, and this Privacy Policy applies to the Grace Hill Services and the Kingsley Services.  With regard to your use of the Grace Hill Services, references to we, our or us, refer to the obligations of Grace Hill and not Kingsley.  With regard to your use of the Kingsley Services, references to we, our or us, refer to the obligations of Kingsley and not Grace Hill.  The Grace Hill Services and Kingsley Services are each referred to as the “Services”.

This Privacy Policy describes our privacy practices, including:

  1. the Personal Information we receive or collect from you;
  2. how we use and share your Personal Information with others; and

iii. your choices and obligations regarding your Personal Information.

Except as stated in this Privacy Policy, we will not disclose your Personal Information to any third party without your consent.

By using or accessing the Services, you agree to our use of your Personal Information as described herein and further agree to be legally bound by this Privacy Policy as amended from time to time. If you do not agree with this Privacy Policy without limitation or qualification, you should not access or use the Services. Your continued use of the Services after we change this Privacy Policy will mean that you accept and agree to be bound by the changes. Because we reserve the right to modify the Privacy Policy at any time, please check this Privacy Policy regularly for changes. Upon the posting of any changed Privacy Policy, the changes from the previous version will be summarized at the top of the document.

Our Services, other than access to the Website, are provided under a contract with the recipient of our Services (a “Client”).  Our client may be you, your employer, an agent of your employer, an affiliate of your employer, the owner or manager of the leasehold property where you live or work, or another person or legal entity who enters an agreement with us for the Services that are provided to you. We are not responsible for the data practices of our Clients.

Application of this Privacy Policy

This Privacy Policy governs the Services and not any third-party website, the internet, or any other network. We are not responsible for the privacy practices or the content of any third-party websites or services with which we communicate. By clicking on a link, logo or any item associated with a third-party site or application, please note that you are exiting the Services and the protections afforded by this Privacy Policy.

Contacting Us

If you have any questions or would like to make a verifiable consumer request about this Privacy Policy or our Services, you may contact our Customer Service department at Grace Hill, 4545 Fuller Drive, Suite 406, Irving, TX 75038, or toll-free by phone at (866) 472-2344, or by email to [email protected].

Personal Information

We collect Personal Information about certain persons either because that person has been designated by a Client as an authorized agent of the Client for purposes of our dealings with the Client; or because that person is an employee of a Client receiving our training, educational, or performance-evaluation services; or because that person is a tenant or resident of premises owned or managed by a Client who is being asked to respond to a survey regarding the Client and the premises. If you are one of those people, we collect Personal Information from you to enable us to provide the Services.  We also collect your Personal Information from our Clients when they hire us to perform the Services.   Finally, we collect your Personal Information when you use the Services. The level of Personal Information we collect depends on the type of Services provided and the amount of information you provide to us. “Personal Information” includes:

Access Credentials When you or our Client registers your account (the “Account”) for the Services (if any), access credentials are provided to us for security purposes, such as to authenticate your identity each time you use the Services, including information that identifies one or more of the following: a user name, a password, a personal identification number (PIN) and/or responses to security questions (collectively, your “Access Credentials”). Your Access Credentials may be used when you access your Account for the Services.

Identification Information When you or our Client registers or updates your Account, information that identifies you is provided to us. “Identification Information” includes your name, postal address, email address, demographic information, telephone number, facsimile number and other information you provide to us (collectively, your “Identification Information”). You may also provide us with Identification Information when you use our Website, such as through our chatterbot.

Device Information When you access the Services, we may obtain technical information that identifies your device and other technical parameters associated with your device, including your internet service provider, your browser, your IP Address, access point names (APNs), packet data networks, the make and model of your device; the type or version of your operating system; unique device identifier(s), a media access control (MAC) address, information associated with your service provider or mobile carrier, your internet browser type, specifications regarding your device hardware and/or software, etc. (collectively, your “Device Information”).

Location Information When you access the Services, we may collect and process information about your device’s actual location using global positioning system signals sent by your device, from a third-party location service, or from other sources that identify or describe the location from which your device is communicating with us.

Profile Information When your Account is created, you or our Client may include additional information about you in a profile for your Account. Your profile may also include context information that identifies one or more of the following: your gender, primary or secondary languages, date of birth, profession or trade, employer, permission regarding your device location accuracy, permissions regarding your use of the Services, etc. (collectively, “Profile Information”).

Usage Information When you use the Services, we may record your usage history (e.g., frequency of access, web pages accessed, Services accessed, duration of access, etc.), course history (e.g., classes taken, progress, courses completed, certifications earned, content accessed, etc.), performance history (answers to quizzes, communications with us, email messages, comments, etc.), reviews, messages, download history, etc. (collectively “Usage Information”).

Use of Your Personal Information

By accessing the Services, you are voluntarily and unconditionally accepting the terms and conditions of our Terms of Services and this Privacy Policy and are freely accepting and agreeing to our use of your Personal Information in accordance with this Privacy Policy. You further acknowledge and agree that your access or use of the Services, or providing your Personal Information to us, including any information deemed “sensitive” by applicable law, is entirely voluntary on your part. We may disclose to others and otherwise use your Personal Information for the following reasons.

Our Internal Use. We use your Personal Information for our own internal purposes, including to provide the Services to you, to verify your identity, to create your Account, to maintain the security and integrity and safety of our Website and applications, to improve the Services, for testing, research, analysis, and product development, including to develop and improve our Website and Services, and to record and analyze your use of the Services (i.e. to determine your performance, your use of the Services, your visits to the Website, the content you have viewed, etc.).

To Fulfill Our Obligations to Clients. We use your Personal Information to provide the Services to our Clients. We provide your Personal Information to the Client(s) which has an agreement with us under which the Services (not including the Website) are provided to you. This allows the applicable Client to understand your use of the Services, including how you perform, what training content you have viewed, how you respond to Kingsley’s surveys, etc.

Creating De-Identified Personal Information. We encode or obfuscate your Personal Information to create de-identified Personal Information that removes any information that allows you to be identified. We use the de-identified Personal Information for our own internal purposes, for data aggregation, performance monitoring, statistical compilations and analytics, improving the Services, and when providing the Services to you. Except as stated above, we will not sell or otherwise distribute your Personal Information, except that we expressly reserve the right to sell or otherwise share de-identified information with others or to make it public.

Our Communications to You. We communicate with you through the Services (including through our Website chatterbot) as well as email, text message, other messaging methods to market our Services and to provide notices to you to, for instance, inform you of your performance or how to best use our Services, to recommend certain Services, to notify you of new features or functionality or planned disruptions, or other promotion or advertising content. In addition, we may use and share your information as we describe to you when collecting your personal information or as otherwise permitted by applicable law.

Identifying You to other Users.  We may identify you to other users of the Services using some of your Personal Information (when you get an award for performance, etc.).

Marketing the Services. We may use your Personal Information to market the Services to you and to the Client(s) associated with you.

Enforcing this Privacy Policy, Our Terms of Use, and Client Agreements. We may disclose your Personal Information to enforce or apply this Privacy Policy, our Terms of Use and/or our agreements with Clients.

Third Party Service Providers. We may provide your Personal Information to our contractors, service providers, and other third parties we use to support our business (such as to help provide the Services, to market our Services, etc.) and who are bound by contractual obligations to keep your Personal Information confidential and use it only for the purposes for which we disclose it to them.

Related Parties/Successors. We may disclose your Personal Information to our subsidiaries and affiliates, which will use your Personal Information only as described herein. Further, we may disclose your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which your Personal Information is among the assets transferred.

Harm; Compliance with Law; Other Uses. We may disclose your Personal Information to comply with a court order, law, subpoena, discovery request or legal process, including to respond to any government or regulatory request. Further, we may disclose your Personal Information if we believe that disclosure is necessary or appropriate to protect the rights, property, safety or vital interests of Grace Hill, Kingsley, our Clients, or others. Finally, from time to time, we may use your Personal Information for new, unanticipated uses, such as notification of new services, announcements and general communications. If our information practices materially change at some time in the future, we will post such changes to this Privacy Policy before we use your Personal Information for these new purposes.

 

How We Collect Your Personal Information

Information You Provide to Us. When you visit the Website, you may provide your Personal Information to us when, for instance, you engage in digital communications with our Website.  For example, the Website includes a chatterbot, which may ask you questions and allow you to respond. When you respond, we may use the Personal Information you provide to us. Further, when you access and use the Services, you may provide your Personal Information to us, such as when you populate your Profile, select a course in Vision, respond to Kingsley surveys, view Grace Hill’s content, etc.

Information Provided to Us by Our Clients. If you use the Services subject to an agreement between us and a third party (i.e. your employer, an affiliate or agent of your employer, etc.), your Personal Information may be provided to us by our Client.

Automated Collection of Personal Information. We use automatic data collection methods to collect and store information when you access the Services. This may include sending one or more cookies or anonymous identifiers to your device. We may also use cookies and anonymous identifiers when you interact with the Services.  We use cookies to keep you signed into your Account, to understand how you use our Services, and for potentially other functional uses, not including providing such cookies to third parties for advertising. A cookie is a small text file placed on your device. You may refuse to accept cookies by changing the settings of your device or browser, but this may render you unable to access certain portions of the Services. We may use flash cookies, which we store and which collect and store information about your use of the Services. We may use web beacons (also known as web bugs, clear Graphics Interface Format pixel (or “clear GIFs”), 1 x 1 pixel, etc.) in combination with cookies or other functions to understand how you interact with the Website or the Services or to create analytics or other administrative functions. Beacons do not collect Personal Information.  We do not track you by collecting Personal Information about your online activities over time and across third party websites or online services, and, as a result, do not alter our practices in response to “do not track” signals from your browser. You may customize and limit the automated collection of your Personal Information upon accessing www.gracehill.com.

Data Security

We have implemented reasonable security measures designed to secure your Personal Information from accidental loss and from unauthorized access, use and disclosure in the transmission, processing, and storage of that Personal Information.  The safety and security of your Personal Information also depends on you. For example, if a password is required for you to access the Services, you should not share your password with anyone. Unfortunately, no data transmission over the internet is completely secure, and, despite our efforts to protect your Personal Information, we cannot guarantee the security of your Personal Information. Any transfer of your Personal Information is at your own risk.

International Transfers of Personal Information

Grace Hill, d/b/a Kingsley, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Grace Hill, d/b/a/ Kingsley, has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Grace Hill, d/b/a Kingsley, has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Effectiveness of the UK Extension and of the Swiss-U.S. DPF Principles) are awaiting the approval of a data bridge by the U.K. and the updating of the Swiss adequacy list. Pending those two developments, we have put in place other legal mechanisms designed to ensure adequate protection of your Personal Information from the U.K. or Switzerland to the U.S, which include the standard contractual clauses issued by the European Commission as adapted by the U.K., ICO,. By using the Services, you voluntarily consent to the transfer of your Personal Information to other countries including the U.S. Citizens of the European Union or the United Kingdom or Switzerland may have certain rights with respect to their Personal Information.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Grace Hill, d/b/a Kingsley commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to BBB National Programs or BBB, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint.  The services of BBB are provided at no cost to you.

Please note that if your complaint against Grace Hill, d/b/a Kingsley, is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel. While a participant in the Data Privacy Framework, Grace Hill, d/b/a Kingsley, is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).  Further, if you are unhappy with Grace Hill, d/b/a Kingsley’s response to your complaint, you may have the right to complain to your Data Protection Authority.  Please contact us at [email protected] to obtain details of how to contact them.

In accordance with the Data Privacy Framework Principles, Grace Hill, d/b/a Kingsley, assumes responsibility for the processing of personal information it receives and subsequently transfers to a third party service provider acting as a processor on our behalf. Grace Hill, d/b/a Kingsley, shall remain liable under the Principles if our agent processes such personal information in a manner inconsistent with the Principles unless evidence is provided to support Kingsley is not responsible for any event resulting in damage to a Client.

Data Subject  Rights

The right to access – You have the right to request copies of your Personal Information. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise these rights, please contact us using the address, phone number or email address below:

Grace Hill, LLC
4545 Fuller Drive, Suite 406
Irving, TX 75038

(866) 472-2344

[email protected]

 

 

Your Choices and Obligations Regarding your Personal Information

Rights to Access, Change, or Delete Your Personal Information. When you access the Services, you may review or modify some of your Personal Information, including portions of your Access Credentials, Identification Information, and Profile Information. To ensure that we can continue providing the Services, performing security functions (for example, authenticating your identity), and maintaining your Account, you are not permitted to delete certain Personal Information including portions of your Identification Information, Access Credentials, device information and usage information.

Rights to Delete Your Personal Information. You may terminate your Account or request the deletion of your Personal Information at any time. When you request to terminate your Account, we will retain a copy of your Personal Information as needed to fulfill our obligations to our Clients (including your usage history, survey responses, etc.). Other than this copy, your Account and Personal Information will be deleted. Because of the way we maintain the Services, such deletion may not be immediate, and residual copies of your Personal Information may remain on backup media for up to ninety (90) days. Notwithstanding the foregoing, we reserve the right to retain some or all of your Personal Information if, in our sole discretion, we determine that it is reasonably necessary to comply with applicable law, meet our legal obligations, comply with regulatory requirements, resolve disputes between users or Clients, prevent fraud and abuse, or enforce this Privacy Policy and the Terms of Services. Furthermore, we reserve the right to retain a copy of a de-identified version of your Personal Information for any legal purpose.

Your Obligations. You agree not to upload, copy or otherwise use or disseminate any information that may violate the rights of others. You agree that you are authorized to upload any information that you provide to us. You agree not to provide any information to us that you are not authorized to provide. You further agree to keep your Access Credentials strictly confidential and to not share them with any unauthorized user or third party.

Any violation of this Privacy Policy may lead to the restriction, suspension, or termination of your Account at our sole discretion.

Policy Toward Children

NEITHER THE WEBSITE NOR THE SERVICES ARE DIRECTED TOWARD CHILDREN UNDER SIXTEEN (16) YEARS OF AGE (the “Minimum Age”).

If you become aware that your child has provided us with Personal Information without your consent, please contact us at [email protected]. We do not knowingly collect Personal Information from children below the Minimum Age. If we become aware that a child under the Minimum Age has provided us with Personal Information, we will take steps to promptly remove such Personal Information and terminate the Account associated with the child.

California Privacy Rights

If you reside in the state of California, our Privacy Notice for California Residents is part of this Privacy Policy and applies to you. By providing this Privacy Notice, we are not waiving any business-to-business exception to the California Consumer Privacy Act (should such an exception be re-established) or conceding that we are “data processors” or “service providers” under the Act.

Scroll to Top