Gravy Privacy Policy

Date of last revision: September 28, 2021

Introduction

Payment Saver, LLC (dba Gravy Solutions) provides services for failed payment recovery, which is the loss of a customer due to a failed payment to our clients. All of our clients are business entities or other organizations that use our service to better manage the recovery of their customers' failed payments to our clients’ services and communications with their customers around failed payments.

This Privacy Policy describes our policies for personal data that we collect and use to manage our business.

This Privacy Policy covers information on personal data of our clients and our clients' customers that we have access to as part of providing our services to our clients, but note that our clients control personal data about their customers and are responsible for describing their privacy practices in their published privacy policies. We use this client-controlled data only as permitted by our clients in our agreements with them. We have included information below to describe our commitments to you if we have access to your data in our role as a service provider to our clients, but you should review the privacy policy of our clients that controls your personal data to understand its privacy practices if you are a customer of our clients.

How to Contact Us

Please contact us if you have any questions about the information in this Privacy Policy or our handling of your personal data, or would like to access, correct, delete, restrict our use, or take other action with regard to your personal data. We ask, however, that if we are in possession of your data solely as a service provider for our client you first contact our client with your request.


Please first reach out to your Gravy representative. If you do not have a direct contact at Gravy you can reach out to us at the following:

Email: privacy@gravysolutions.io

Mail: 8000 Avalon Blvd, Suite 100, Alpharetta, GA 30009

Changes to Privacy Policy

We may change this Privacy Policy from time to time. We will manage your personal data in accordance with the most recent Privacy Policy version.

Definitions

The types of data we collect and our purpose for collecting it depend on how you interact with us. For example, we collect different data about one-time website visitors than clients of our services. We have used defined terms for the different types of relationships to help us explain our privacy practices: 

These words also have certain meanings in this Privacy Policy:

Data Collection Purposes

We collect personal data for our business purposes:

The Section below captioned, “How We Use Data” explains how we use different categories of data for each of these purposes.

Data Collection Methods

Automated data collection on our website and online services platform

When you visit our site or use the Gravy services, we capture data that may be used to identify you and your device, such as your IP address, device identifier, and information about your device such as the operating system, time zone setting, language setting, browser settings, and browser plug-ins. Depending on your device settings, we may also capture location information. We may also capture information about your visit to our site, such as the website you visited right before you visited our site, the time and duration of your visit on each page on the site, and your navigation path from page to page (i.e., what you click on). We and our third-party analytics providers may use an online tracker (such as a cookie we place on your browser) so that we may identify you as a return visitor if you visit our site more than once. Please see How to Opt Out of Online Data Collection below for information on how to block cookies.

Data provided by advertisers

If you arrive at our site by clicking on a link that is part of an advertisement on another site (including an advertisement on a social media platform), the advertising service will identify the link, enabling us to associate you with the advertising parameters we provided to the advertising service. For example, we may ask an advertising service to target our ad to individuals that the ad service has identified as eCommerce professionals. If you arrive at our site by means of the link in that ad, we will be able to identify you as an eCommerce professional. Advertising services are responsible for the collection, use and disclosure of the data they provide to us in accordance with their published privacy policies.

Data provided by you as part of your communications with us

We collect personal data that you submit to us as part of a communication with us as a visitor or client, such as via chat on our site, email, submission of a web form, telephone, or in person (such as at a meeting, trade show or other event). For example, you may communicate with us as a visitor to obtain more information about our services, or as an account user to request customer support. The communication may include information that can be used to identify you such as your name, job title, job function, the organization you represent, email address, phone number as well as information about your interest in our company or our services. We do not solicit information from you as part of these communications other than information that is useful to us in light of the purposes described above, but if you choose to volunteer more personal information than we ask for we may collect that as part of the communication. We never sell this information, and use it only for the purposes stated within this Privacy Policy.

Data provided by you or your organization to establish and maintain Gravy services

Our clients may be required to name billing, administrative, technical and other types of service and account users who have authority to use our services and manage the client’s account. We collect the name and business contact information of these account representatives. Our clients also authorize individuals as service users. If you use a personal payment card or other financial account to make payment arrangements, then we may collect information relevant to the processing of the payment transaction.

Data provided by you or your organization to enable Gravy access to your third party accounts

To provide our services we require access to our client’s accounts with their payment providers, subscription managers, email service providers, and occasionally other third party services. Therefore the customer is required to provide account credentials used by their representatives on those platforms, or to grant Gravy dedicated (and revocable) access. 

Combinations of data collected using different methods

We use service providers such as Google Analytics, Hubspot, Chili Piper, and Salesloft to help us associate the personal data we capture about you as part of visitor interactions with personal data we collect about you as an account user.

How We Use Data

This section describes more specifically how our use of the data relates to the purposes for which we collected the data.



How do we protect your information?

Data Integrity

We process personal information only for the purposes for which it was collected and in accordance with this Privacy Policy. We regularly review our data collection, storage, and processing practices to ensure that we only collect, store, and process the minimum personal information needed for the purpose collected. We take reasonable steps to ensure that the personal information that we process is accurate, complete, and current, but we depend on our account users to update their personal data as necessary.


Choices and Means to Limit Use and Disclosure or Your Data

You may limit our use and disclosure of your personal data. Please send us a request at privacy@gravysolutions.io if you would like to know what personal data we have about you and how we use and disclose that data. You may also submit requests to privacy@gravysolutions.io, or your account manager if you are a client, if you want to correct, delete or restrict the use of your personal data, or if you object to our processing of your data on the grounds that we do not have a lawful basis for that processing. 

On receipt of your notice that the data we have about you is inaccurate or incomplete, we will promptly correct any inaccurate data and ensure it is complete in light of the purposes for which we process the data. 

If you wish to revoke any consent you have previously given, we will honor the revocation and will no longer rely on that consent to process your personal data. For example, if you no longer consent to our use of your data for marketing purposes, we will stop using the data for that purpose and notify any third party with whom we have shared that data that they must also stop using it for that purpose. We never sell personal data. We never provide personal data to any third parties other than for the purposes of delivering our services or marketing to our client base, or those who have opted in for marketing communication from Gravy.

On your request, we will promptly restrict processing of your personal data or delete your personal data except to the extent the restriction or deletion will prevent us from complying with our legal obligations to our client or interfere with our reasonable record keeping as necessary to demonstrate compliance with our contracts and applicable law.

Additional Information for California Visitors, Account Users for Limiting Use and Disclosure of Your Data

In addition to our commitments stated above, if our collection of personal information about you for our own general business purposes is covered by the California Consumer Privacy Act you have certain rights under that law.

You may request disclosure of the following specific information:

In addition, you have the right to ask Gravy to delete your personal information. We will comply with your deletion request and require our service providers to do the same, unless we plan to retain the personal information on a legally permitted basis and we give you notice of this fact and the legal basis on which we rely. You may make a request by sending an email to the addresses above. 

Before responding to your request we may ask you to provide information needed to verify that you are the individual (or have authorization from the individual or client) whose personal information is covered by the request. 

We may not discriminate against you because you make a request described in this Section by denying you our services or providing a different quality or price for our services, unless the different service or price is reasonably related to the value provided to you by your data.

If you are under 16 years of age, you are not authorized to use our website or our services and we don’t want your personal data.

Payor Data

Our clients provide us with access to personal data about their customers who pay them (their “payors”) to enable us to provide our services. This includes access to our client’s payment processor accounts, and customer information stored within those accounts which could include card expiration dates, card numbers, email addresses, phone numbers, approximate locations, and customer metadata. We use this personal data about our clients payors only as permitted by our client in our agreement with them. We never access or hold any payor banking or credit card information on our systems. All this data resides and remains in our clients systems. Please contact us at the email address above if you have questions or concerns regarding our processing of the data described in this Section. We ask, however, that you first contact our client if you have a request to access, block, erase or take other action with respect to data that we have solely as a data processor for our client.


Some of our clients are subject to special data privacy laws, such as the General Data Protection Regulation adopted by the European Union in May 2018 (the “GDPR”) and the California Consumer Privacy Act of 2018 (the “CCPA”). We make appropriate contractual commitments to our clients in support of their obligations under the GDPR, CCPA or other data privacy and protection laws applicable to them.

Disclosure

We have not sold or leased personal data, and will not sell or lease your personal data. We will not disclose your personal data to third parties except as follows:

Legal Reasons

When we believe release is appropriate to comply with the law, to enforce our terms of use and other rights, or to protect the rights and safety of others. This may include exchanging information with government regulatory or law enforcement agencies, or with other companies and organizations for fraud protection and legal compliance.

Protecting Network and Information Security

As necessary to protect our information and systems from unauthorized actions that compromise their security or availability, such as disclosures as part of industry initiatives to identify and block malicious actors.

Sale of Business

As part of a sale of a sales of business assets where the purchaser needs the personal data to use the assets.

We may in the future sell all or part of our assets or be involved in a merger. We may provide the company that is seeking to acquire our business with access to personal data as part of their evaluation of our business, but will require them to maintain the personal data in confidence and use it only to evaluate our business. If we complete a transaction, it is customary to transfer personal data that is related to the purchased business assets to the purchaser.

Service Providers

We use the services of companies like the ones listed below to collect data on our behalf or to help us analyze, store, manage and otherwise process your personal data. Each of these companies commits in its contract with us to use the personal data only according to our contract with them or our other instructions as necessary to support our business. They are not authorized to use your personal data for any other purpose. They are not authorized to disclose your personal data to others except with our permission, and only if they require the others to comply with the same restrictions that apply to them.

Online Data Collection Techniques

All Web servers may capture certain personal information, such as IP address, in order to serve the Web page visited. Web site operators may also capture personal information using tracking devices such as cookies. A cookie is a unique alphanumeric identifier that is placed by a web server on the browser used to view the content or use the service at the site. Cookies are used to analyze visitors’ use of the website. For example, a website operator can use the cookie to identify the number of unique visitors to the site, whether or not those visitors are repeat visitors, and information about the visitor’s activity on the site, device and device settings.

How To Opt Out Of Online Data Collection

You can manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire. If you disable all cookies on your browser, neither we nor third parties will transfer cookies to your browser. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some features and services may not work.


Communications Policy

If you do not wish to receive our email or other communications, please send your request to privacy@gravysolutions.io. Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.

Children

Children are not permitted to use our site or services. We do not knowingly collect personal information from anyone under 16. If you are under 16, do not use or provide any information on our Sites unless you have involved your parent or guardian. If we discover that we have information about a child we will delete that information. If you are the parent or guardian of a child and you believe we have personal data about the child without your consent, please contact us at the address above and we will delete that information.

Security

Gravy protects personal data from unauthorized use, disclosure, corruption and destruction using appropriate technical and organizational measures. Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you feel that the security of any data that we hold about you has been compromised, please immediately notify us of the problem by contacting privacy@gravysolutions.io.

PCI Compliance

Gravy is PCI Compliant. If you need a certification of PCI compliance, contact privacy@gravysolutions.io for a copy.

Data Retention

We will retain your personal data only for as long as reasonably necessary to fulfill the purpose for which it was collected, and to comply with our legal obligations, and will use secure means to destroy the data after that time. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

International Transfers

We will comply with laws applicable to the transfer of personal data across international borders. We provide appropriate contractual commitments to our customers in the European Union that require protections around transfer of personal data to the United States.