Privacy Policy - Grace Hill

Privacy Policy

Last updated: January 5, 2022

This Privacy Policy describes how Grace Hill®, LLC (“Grace Hill”) collects and uses certain personal information as a result of the use of its products, including Vision®, Validate, Visto®, PolicyPartner®, ReputationBuilder, as well as the other services that Grace Hill provides that reference this Privacy Policy (the “Grace Hill Services”). The Grace Hill Services further include Grace Hill’s website, (the “Website”).  Additionally, this Privacy Policy describes how Kingsley Associates®, Inc. (“Kingsley”), a Grace Hill subsidiary, collects and uses certain personal information through its products, including the Kingsley Portal (, Kingsley Surveys (CORE, KEEP, Tenant Experience, Employee Engagement Assessment, Tenant and Resident Experience), the Kingsley Index® and the other services that Kingsley provides that reference this Privacy Policy (the “Kingsley Services”).  Grace Hill and Kingsley are each referred to herein as “we”, “our” or “us”, and this Privacy Policy applies to the Grace Hill Services and the Kingsley Services.  With regard to your use of the Grace Hill Services, references to we, our or us, refer to the obligations of Grace Hill and not Kingsley.  With regard to your use of the Kingsley Services, references to we, our or us, refer to the obligations of Kingsley and not Grace Hill.  The Grace Hill Services and Kingsley Services are each referred to as the “Services”. 

In administering the Services, we are committed to protecting your Personal Information (described below). Except as stated in this Privacy Policy, we will not disclose your Personal Information to any third party without your consent. This Privacy Policy describes our privacy practices, including:

           i. the Personal Information we receive or collect from you;

          ii. how we use and share your Personal Information with others; and

         iii. your choices and obligations regarding your Personal Information.

By using or accessing the Services, you agree to our use of your Personal Information as described herein and further agree to be legally bound by this Privacy Policy as amended from time to time. If you do not agree with this Privacy Policy without limitation or qualification, you should not access or use the Services. Your continued use of the Services after we change this Privacy Policy will mean that you accept and agree to be bound by the changes. Because we reserve the right to modify the Agreement at any time, please check this Privacy Policy regularly for changes. 

Our Services are provided under a contract with our clients.  Our client may be you, your employer, an agent of your employer, an affiliate of your employer, or another person or legal entity who enters an agreement with us for the Services that are provided to you (a “Client”). We are not responsible for the data practices of our Clients.

Kingsley Associates, a Grace Hill company complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Kingsley Associates has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit

Application of this Privacy Policy

This Privacy Policy governs the Services and not any third party website, the internet, or any other network. We are not responsible for the privacy practices or the content of any third party websites or services with which we communicate. By clicking on a link, logo or any item associated with a third party site or application, please note that you are exiting the Services and the protections afforded by this Privacy Policy. 

Contacting Us 

If you have any questions or would like to make a verifiable consumer request about this Privacy Policy or our Services, you may contact our Customer Service department at Grace Hill, 300 Executive Center Drive, Suite 201, Greenville, SC 29615, or toll-free by phone at (866) 472-2344, or by email to

Personal Information

We collect Personal Information from you to enable us to provide the Services.  We also collect your Personal Information from our Clients when they hire us to perform the Services.   Finally, we collect your Personal Information when you use the Services. The level of Personal Information we collect depends on type of the Services provided and the amount of information you provide to us. “Personal Information” includes: 

Access Credentials When you or our Client registers your account (the “Account”) for the Services (if any), access credentials are provided to us for security purposes, such as to authenticate your identity each time you use the Services, including information that identifies one or more of the following: a user name, a password, a personal identification number (PIN) and/or responses to security questions (collectively, your “Access Credentials”). Your Access Credentials may be used when you access your Account for the Services.

Identification Information When you or our Client registers or updates your Account, information that identifies you is provided to us. “Identification Information” includes your name, postal address, email address, demographic information, telephone number, and facsimile number and other information you provide to us (collectively, your “Identification Information”). You may also provide us with Identification Information when you use our Website, such as through our chatterbot. 

Device Information When you access the Services, we may obtain technical information that identifies your device and other technical parameters associated with your device, including your internet service provider, your browser, your IP Address, access point names (APNs), packet data networks, the make and model of your device; the type or version of your operating system; unique device identifier(s), a media access control (MAC) address, information associated with your service provider or mobile carrier, your internet browser type, specifications regarding your device hardware and/or software, etc. (collectively, your “Device Information”).

Location Information When you access the Services, we may collect and process information about your device’s actual location using global positioning system signals sent by your device, from a third-party location service, or from other sources that identify or describe the location from which your device is communicating with us. 

Profile Information When your Account is created, you or our Client may include additional information about you in a profile for your Account. Your profile may also include context information that identifies one or more of the following: your gender, primary or secondary languages, date of birth, profession or trade, employer, permission regarding your device location accuracy, permissions regarding your use of the Services, etc. (collectively, “Profile Information”).

Usage Information When you use the Services, we may record your usage history (e.g., frequency of access, web pages accessed, Services accessed, duration of access, etc.), course history (e.g., classes taken, progress, courses completed, certifications earned, content accessed, etc.), performance history (answers to quizzes, communications with us, email messages, comments, etc.), reviews, messages, download history, etc. (collectively “Usage Information”). 

Use of Your Personal Information

By accessing the Services, you are voluntarily and unconditionally accepting the terms and conditions of our Terms of Services and this Privacy Policy and are freely accepting and agreeing to our use of your Personal Information in accordance with this Privacy Policy. You further acknowledge and agree that your access or use of the Services, or providing your Personal Information to us, including any information deemed “sensitive” by applicable law, is entirely voluntary on your part. We may disclose and otherwise use your Personal Information for the following reasons: 

Our Internal Use. We use your Personal Information for our own internal purposes, including to provide the Services to you, to verify your identity, to create your Account, to improve the Services, and to record and analyze your use of the Services (i.e. to determine your performance, your use of the Services, your visits to the Website, the content you have viewed, etc.).

To Fulfill Our Obligations to Clients. We use your Personal Information to provide the Services to our Clients. We provide your Personal Information to the Client(s) which has an agreement with us under which the Services (not including the Website) are provided to you. This allows the applicable Client to understand your use of the Services, including how you perform, what training content you have viewed, how you respond to Kingsley’s surveys, etc. 

Creating De-Identified Personal Information. We encode or obfuscate your Personal Information to create de-identified Personal Information that removes any information that allows you to be identified. We use the de-identified Personal Information for our own internal purposes, for data aggregation, performance monitoring, statistical compilations and analytics, improving the Services and when providing the Services to you.

Our Communications to You. We communicate with you through the Services (including through our Website chatterbot) as well as email, text message, other messaging methods to market our Services and to provide notices to you to, for instance, inform you of your performance or how to best use our Services, to recommend certain Services, to notify you of new features or functionality, planned disruptions, or other promotion or advertising content. 

Identifying You to other Users.  We may identify you to other users of the Services using some of your Personal Information (when you get an award for performance, etc.). 

Marketing the Services. We may use your Personal Information to market the Services to you and to the Client(s) associated with you.  

Enforcing this Privacy Policy, Our Terms of Use, and Client Agreements. We may disclose your Personal Information to enforce or apply this Privacy Policy, our Terms of Use and/or our agreements with Clients. 

Third Party Service Providers. We may provide your Personal Information our contractors, service providers, and other third parties we use to support our business (such as to help provide the Services, to market our Services, etc.) and who are bound by contractual obligations to keep your Personal Information confidential and use it only for the purposes for which we disclose it to them. 

In accordance with the Privacy Shield Principles, Kingsley assumes responsibility for the processing of personal information it receives and subsequently transfers to a Third Party Service Provider acting as a processor on our behalf. Kingsley shall remain liable under the Principles if our agent processes such personal information in a manner inconsistent with the Principles unless evidence is provided to support Kingsley is not responsible for any event resulting in damage to a Client.

Related Parties/Successors. We may disclose your Personal Information to our subsidiaries and affiliates, which will use your Personal Information only as described herein. Further, we may disclose your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which your Personal Information is among the assets transferred.

Harm; Compliance with Law; Other Uses. We may disclose your Personal Information to comply with a court order, law, subpoena, discovery request or legal process, including to respond to any government or regulatory request. Further, we may disclose your Personal Information if we believe that disclosure is necessary or appropriate to protect the rights, property, safety or vital interests of Grace Hill, Kingsley, our Clients, or others. Finally, from time to time, we may use your Personal Information for new, unanticipated uses, such as notification of new services, announcements and general communications. If our information practices materially change at some time in the future, we will post such changes to this Privacy Policy before we use your Personal Information for these new purposes.


Except as stated above, we will not sell or otherwise distribute your Personal Information, except that we expressly reserve the right to sell or otherwise share de-identified information with others or to make it public. 

How We Collect Your Personal Information

Information You Provide to Us. When you visit the Website, you may provide your Personal Information to us when, for instance, you engage in digital communications with our Website.  For example, the Website includes a chatterbot, which may ask you questions and allow you to respond. When you respond, we may use the Personal Information you provide to us. Further, when you access and use the Services, you may provide your Personal Information to us, such as when you populate your Profile, select a course in Vision, respond to Kingsley surveys, view Grace Hill’s content, etc.

Information Provided to Us by Our Clients. If you use the Services subject to an agreement between us and a third party (i.e. your employer, an affiliate or agent of your employer, etc.), your Personal Information may be provided to us by our Client. 

Automated Collection of Personal Information. We use automatic data collection methods to collect and store information when you access the Services. This may include sending one or more cookies or anonymous identifiers to your device. We may also use cookies and anonymous identifiers when you interact with the Services.  We use cookies to keep you signed in to your Account, to understand how you use our Services, and for potentially other functional uses, not including providing such cookies to third parties for advertising. A cookie is a small text file placed on your device. You may refuse to accept cookies by changing the settings of your device or browser, but this may render you unable to access certain portions of the Services. We may use flash cookies, which we store and which collect and store information about your use of the Services. We may use web beacons (also known as web bugs, clear Graphics Interface Format pixel (or “clear GIFs”), 1 x 1 pixel, etc.) in combination with cookies or other functions to understand how you interact with the Website or the Services or to create analytics or other administrative functions. Beacons do not collect Personal Information.  We do not track you by collecting Personal Information about your online activities over time and across third party websites or online services, and, as a result, do not alter our practices in response to “do not track” signals from your browser.  New approaches that offer alternatives to cookies and beacons to better protect your privacy and to improve the security of your Personal Information may be explored by us or our third party service providers. In the event that any of these approaches are used in addition, or as an alternative, to cookies or beacons, we will update this Privacy Policy accordingly.

Data Security 

We exercise great care in providing secure transmission of your Personal Information to us. We also take great care to protect your Personal Information that we store for our use as described herein. We have implemented reasonable security measures designed to secure your Personal Information from accidental loss and from unauthorized access, use and disclosure.  The safety and security of your Personal Information also depends on you. For example, if a password is required for you to access the Services, you should not share your password with anyone. Unfortunately, no data transmission over the internet is completely secure, and, despite our efforts to protect your Personal Information, we cannot guarantee the security of your Personal Information. Any transfer of your Personal Information is at your own risk.

International Transfers of Personal Information 

Where required by law, we have put in place legal mechanisms designed to ensure adequate protection of your Personal Information, including the transfer of your Personal Information to countries other than where you reside.  By using the Services, you voluntarily consent to the transfer of your Personal Information to other countries.  Kingsley participates in the EU-US and Swiss-US Privacy Shield Frameworks (“Privacy Shield”), which is administered by the U.S. Department of Commerce and implemented to protect your rights with regard to your Personal Information.   For citizens of the European Union, our agreements with certain European Clients include the standard contractual clauses issued by the European Commission.  The Privacy Shield and the standard contractual clauses impose certain responsibilities on us for the security of your Personal Information when we share it with third party service providers.  Additionally, citizens of the European Union or the United Kingdom may have certain rights with respect to their Personal Information, such as: 

The right to access – You have the right to request copies of your Personal Information. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

We have one month to respond to you. To exercise these rights, please contact us using the address, phone number or email address below: 

Grace Hill, LLC
300 Executive Center, Suite 201
Greenville, SC 29615

(866) 472-2344

Kingsley has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you. Please note that if your complaint against Kingsley is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. While a participant in the Privacy Shield, Kingsley is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).  Further, if you are unhappy with Kingsley’s response to your complaint, you may have the right to complain to your Data Protection Authority.  Please contact us at to obtain details of how to contact them. 

Your Choices and Obligations Regarding your Personal Information

Rights to Access, Change, or Delete Your Personal Information. When you access the Services, you may review or modify some of your Personal Information, including portions of your Access Credentials, Identification Information, and Profile Information. To ensure that we can continue providing the Services, performing security functions (for example, authenticating your identity), and maintaining your Account, you are not permitted to delete certain Personal Information including portions of your Identification Information, Access Credentials, device information and usage information.

Rights to Delete Your Personal Information. You may terminate your Account or request the deletion of your Personal Information at any time. When you request to terminate your Account, we will retain a copy of your Personal Information as needed to fulfill our obligations to our Clients (i.e. to including your usage history, survey responses, etc.). Other than this copy, your Account and Personal Information will be deleted. Because of the way we maintain the Services, such deletion may not be immediate, and residual copies of your Personal Information may remain on backup media for up to ninety (90) days. Notwithstanding the foregoing, we reserve the right to retain some or all of your Personal Information if, in our sole discretion, we determine that it is reasonably necessary to comply with applicable law, meet our legal obligations, comply with regulatory requirements, resolve disputes between users or Clients, prevent fraud and abuse, or enforce this Privacy Policy and the Terms of Services. Furthermore, we reserve the right to retain a copy of a de-identified version of your Personal Information for any legal purpose.

Your Obligations. You agree not to upload, copy or otherwise use or disseminate any information that may violate the rights of others. You agree that you are authorized to upload any information that you provide to us. You agree not to provide any information to us that you are not authorized to provide. You further agree to keep your Access Credentials strictly confidential and to not share them with any unauthorized user or third party.

Any violation of this Privacy Policy may lead to the restriction, suspension, or termination of your Account at our sole discretion.

Policy Toward Children


If you become aware that your child has provided us with Personal Information without your consent, please contact us at We do not knowingly collect Personal Information from children below the Minimum Age. If we become aware that a child under the Minimum Age has provided us with Personal Information, we will take steps to promptly remove such Personal Information and terminate the Account associated with the child.

California Privacy Rights

If you reside in the state of California, our Privacy Notice for California Residents is part of this Privacy Policy and applies to you. By providing this Privacy Notice, we are not waiving the business-to-business exception to the California Consumer Privacy Act or conceding that we are not “data processors” or “service providers” under the Act.

Scroll to Top