Privacy Policy

Table of Contents

Last updated: 03/2024

Introduction

This Privacy Policy outlines how Gramercy Consultants, LLC ("Gramercy Tech" or "we") collects, uses, and protects information about you when you interact with us, or when you use our products or services, including but not limited to the Eventfinity platform. By using our platform, services, or website (collectively, "Services"), you consent to the practices described in this policy.
In this Privacy Policy “You” refers to any individual who accesses and uses the Sites and/or Services, including:

  • Customers: You may be the employee or authorized agent of a Customer, who is authorized to access a Gramercy Tech product or service, including Eventfinity, as an administrator or to interact with Gramercy Tech on behalf of a Customer with whom Gramercy Tech has entered into a Master Services Agreement or other agreement containing separate terms and conditions that govern delivery, access and use of the Sites and Services (“Customer Agreement”).
  • Event Attendees: If You are invited to, register for, check into, or receive data regarding a customer event (“Customer Event”) through the Eventfinity platform, You will be considered an “Event Attendee” and we will provide any Personal Data You submit through the Sites or Service to the Customer organizing that Event.
  • Website Visitors: If You visit our Sites and request a free demo, register for an event, ask for Service information, or otherwise contact us.

2. Personal Data We Collect

Personal Data We Collect from Customers

You may be the employee or agent of a Customer, who is authorized to access the Platform as an administrator or to interact with Gramercy Tech on behalf of a Customer with whom Gramercy Tech has entered into a Master Services Agreement or other agreement containing separate terms and conditions that govern delivery, access and use of the Sites and Services (“Customer Agreement”).
We collect personal information from our customers during account creation, payment processing, and interaction with our platform. This may include names, email addresses, billing information, and account preferences.

Personal Data We Collect from Event Attendees

We collect personal information from Customers on behalf of their Event Attendees or collected from Event Attendees during event registration. Gramercy Tech does not control its Customer’s Event registration or management process, or the Personal Data that a customer requests from Event Attendees. We are not responsible for any decisions or actions taken by the Customer with respect to Your data (or by any third party with whom the Customer may share Your data). Please read the applicable privacy policies of the Customer who is organizing the Event before submitting Personal Data in connection with their Event.
The categories of data we collect are determined by the customer based on the event registration information they wish to gather for the event attendees. These categories typically include:

  • Name
  • Business title
  • Employer
  • Email address
  • Phone number
  • Address
  • Self-identifying information (such as gender)

When You install or utilize the App or other smart devices related to a Customer Event, we may gather app usage data. If You have enabled or consented to location services in relation to Your usage of the App or other smart devices, we may receive information concerning Your location and mobile device. This data is utilized to furnish You with location-based Services and tailored content based on Your location, as part of Customers’ management of Event Attendees’ data. Most mobile devices offer the option to disable location-based services; kindly refer to Your mobile device’s “Settings” for further details. Regarding all App data associated with an Event where You are an actual or potential Event Attendee, the Customer assumes the role of controller of Personal Data collected.

You are not obligated to furnish Gramercy Tech with any Personal Data. However, access to certain functionalities of our App may be restricted unless some Personal Data is provided by You, or by a Customer or Customer administrator on Your behalf. If You are submitting Personal Data concerning any other individual (including as a Customer administrator or on behalf of other individuals at Your company), You assert that You possess a legal basis for collecting this data and providing it to Gramercy Tech. Moreover, You grant us permission to utilize this data in accordance with this Privacy Policy.

Personal Data We Collect from Website Visitors

If You visit our Sites and request a free demo, register for an event, ask for Service information, or otherwise contact us, You will be asked to provide certain Personal Data, including Your contact details. We may also collect non-personal information from website visitors, including IP addresses, browser type, language preference, referring site, and other technical information.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.

Personal Data We Collect from Cookies

Like many businesses, we also collect information through cookies and similar technologies.
Cookies, beacons, tags, and scripts may also be utilized by Gramercy Tech, as well as our analytics and service providers. These technologies are employed to analyze trends, administer the Sites, track users’ movements around event venues, and gather demographic information about our user base collectively. Reports may be generated based on the usage of these technologies by our Customers, partners or providers, both on an individual and aggregated basis.
Gramercy Tech may gather additional information through the use of "cookies," which are files that websites and online services create and access on your computer or other Internet- connected device. A cookie file allows a more seamless and personalized user experience by remembering login details, preferences, and other customized settings configured by a user. Furthermore, cookies can enhance security by supporting mechanisms like session timeouts and re-authentication prompts or additional security checks.

3. How We Use Your Personal Data

Personal Data We Collect from Customers
Gramercy Tech may use Your Personal Data:

  • To provide our Services, respond to Your inquiries and fulfill Your requests, and to provide You with customer support when You ask for it.
  • To provide You with technical and administrative information relating to our Sites and Services, such as security notices, Service-related status reports, and changes to our policies or terms of use. These communications are considered part of our Services and You may not opt out of them.
  • For our internal business purposes that include administering Your access and use of any Gramercy Tech Services, data analysis, securely identifying You when You log onto a Service, fraud monitoring and prevention, enhancing or modifying our Sites and Services, determining the effectiveness of our promotional campaigns, billing You for Services, and operating our business.
  • To fulfill our contractual obligations.

Personal Data We Collect from Event Attendees

When we collect data from You on behalf of a customer utilizing the Services to organize an Event and manage related activities, the Customer assumes the role of the "Controller" while Gramercy Tech operates as the "Processor" of Your data. The Customer is the Controller of Your Personal Data as collected and processed by us, determining what Personal Data to request from You, how it is used, with whom it may be shared, and for how long it is retained. Consequently, certain provisions of this Privacy Policy may not be relevant to You. We strongly encourage You to review Your Controller's privacy policy and reach out to them directly for any inquiries or concerns.

Personal Data We Collect from Website Visitors

This information helps us efficiently schedule demos, manage Gramercy Tech event registrations, provide requested service details, and address your inquiries promptly. This information may also be used to maintain the security and operation of our Services and for our internal analytics and reporting purposes.

Personal Data We Collect from Cookies

Cookies may be used by Gramercy Tech to identify a registered user logging into the Eventfinity platform, enable certain customized features, and store Your user preferences, enhance security, among other reasons. Moreover, cookies may collect aggregated user information that Gramercy Tech uses to enhance the overall operation of the Sites and Services. You have the option to adjust Your computer’s browser preferences to remove and disable cookies, however, this may impact usability and functionality of the Sites and Services.

4. Sharing Your Personal Data

Gramercy Tech shares Your Personal Data with third parties that perform services for us, with us, or on our behalf, including without limitation providers of technical infrastructure and technical and customer support, hosting providers, billing support, and payment providers.
If You access any Site or Service as an administrator or authorized user of a Customer, or as an Event Attendee, Gramercy Tech is authorized to provide the Customer with Your information, which may include, but is not limited to, Your Personal Data, access information, and usage data.
Except as provided in this Privacy Policy, Gramercy Tech will not disclose, transfer, sell, trade, rent, or otherwise provide Your Personal Data to any third party, without Your consent.

5. Children

Our Services are not intended for children sixteen (16) years of age or younger. Gramercy Tech does not market any products or services to children sixteen (16) years of age or younger, or knowingly collect, sell or share, as a Controller any Personal Data from children sixteen (16) years of age or younger.

6. Sensitive Information

Where we are collecting, storing, and processing information on our own behalf, as a Controller, we will not request any sensitive Personal Data such as Your health history, race, religion, or sexual orientation. Please refrain from sending us such sensitive Personal Data to us via the Sites, email, or any other communication channel.

Sensitive Information related to Event Attendees

If you are an Event Attendee, we may collect sensitive data attributes, as requested by the Customer who is organizing the event, through the Eventfinity platform. For more information, please contact the Customer organizing your event.

7. Security

Gramercy Tech places utmost importance on safeguarding the security and privacy of Your Personal Data. To achieve this, we have implemented appropriate organizational, technical, and administrative measures designed to protect Your Personal Data from unauthorized access, disclosure, misuse, alteration, or loss.
These measures include robust authentication procedures, stringent password protection protocols, and encryption software utilized for all financial and sensitive Personal Data transmitted through our Sites. Additionally, we conduct regular penetration tests to identify and mitigate potential vulnerabilities. We adhere to widely accepted standards to safeguard Personal Data submitted to us, ensuring security both during transmission and upon receipt.
While we take reasonable measures to safeguard Your Personal Data, it is important to acknowledge that no method of Internet transmission or electronic storage can guarantee absolute protection, and there is always some level of risk when sharing Your Personal Data online. Gramercy Tech, therefore, cannot assure the complete security of Your Personal Data.
Should You have any queries regarding the security of our Sites and Services, please feel free to contact us at security@gramercytech.com.

8. Information for European Territory Residents: Our Legal Basis and Your Rights

Legal Basis

Gramercy Tech’s legal basis for collecting and using the types of Personal Data described above will depend on the nature of the Personal Data collected, and the context in which we are collecting it. When we collect, use, process or disclose Your Personal Data, we rely on one or more of the following legal grounds:

  • Performance of a contract (including any Customer Agreement) – Where we need to process the Personal Data to perform our obligations under a Customer Agreement or other contracts, or in anticipation of such a contract.
  • Consent – Where we have received Your consent to do so. You can withdraw Your consent at any time.

European Residents' Privacy Rights

As an individual from the EU, when Gramercy Tech is a controller of Your personal data, You may have the right – subject to certain conditions and limitations in applicable law – to:

  • request access and copies of all of Your Personal Data that we possess, in an electronically portable format (e.g., electronic copies of information attached to an email).
  • request that we modify or update any of Your Personal Data.
  • request that we delete any of Your Personal Data or restrict access to Your Personal Data.
  • fully or partially withdraw Your consent to the collection, processing, and/or transfer of Your Personal Data.
  • ask to transfer Your Personal Data in accordance with Your right to data portability.
  • object to the processing of Your Personal Data for direct marketing purposes.
  • lodge a complaint with a data protection supervisory authority of Your habitual residence, place of work or of an alleged infringement of the EU data protection laws.

9. U.S. State Privacy Laws

For more details about the Personal Data, we have collected over the last 12 months, please see section 2 (Personal Data We Collect). For disclosure purposes under applicable privacy laws, the Personal Data we collect includes the following categories:

  • Identifiers: name, address, unique personal identifiers, online identifiers, IP address, email address;
  • Commercial information, including services purchased;
  • Internet activity information, including, but not limited to, browsing history,
    information regarding a consumer’s interaction with an internet website
    application;
  • Professional and employment-related information;
  • Geolocation data;
  • When acting as a service provider, any information a Customer asks us to collect
    on their behalf for the purpose of running their Event(s).

We collect this information from the sources described in section 2 (Personal Data We Collect).
We collect this information for the business and commercial purposes described in section 3 (How We Use Personal Data).
We share this information with the categories of third parties and for the purposes described in section 4 (Sharing Your Personal Data).

We do not sell or share (as such term is defined in the State laws) the Personal Data we collect and will not sell it without providing a right to opt out. We do not process personal data for the purposes of targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.

However, we use analytics tools which may be construed as a sale, share or use for the purposes of targeted advertising and profiling under State Laws. We do use third-party cookies for our advertising purposes as further described in our Cookie Page. In particular we use Google Analytics to analyze how You use our Website so we can make our Website more useful for You and improve its design and functionality. For this purpose we process such categories of Personal Data as identifiers (unique personal identifier, online identifier, Internet Protocol address), internet activity information, including, but not limited to, browsing history, information regarding a consumer’s interaction with an internet website application, geolocation data.

U.S. State Privacy Rights

Applicable state law (such as the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, and the Connecticut Data Privacy Act) may give you certain rights. The law of your jurisdiction may provide you with the following rights when Gramercy Tech is a controller of Your personal data:

  • Right to know what Personal Data is collected and the right to access Personal Data.
  • Right to delete Personal Data;
  • Right to correct inaccurate Personal Data;
  • Right to obtain a copy of the Personal Data that the consumer previously provided to
    the controller in a portable and, to the extent technically feasible, readily usable format; and
  • Right to opt out of the processing of Personal Data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling.

Certain data may be exempt from such requests under applicable law. We need certain types of data so that we can provide our Services. If you ask us to delete it, you may no longer be able to access or use the Services.

If you would like to exercise any of these rights, please submit a request at privacy@gramercytech.com.

10. Do Not Track Signals

Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. We do not currently recognize or respond to browser initiated Do Not Track signals. To find out more about Do Not Track, please visit http://www.allaboutdnt.com. Please note that Do Not Track is a different privacy mechanism than the Global Privacy Control browser choice.

11. Data Retention

We will only retain Your Personal Data for as long as necessary to fulfill the purposes for which it was collected and processed, which is a different period for different data sets, or until You request deletion as described in this Privacy Policy.

We may retain and use Personal Data for a period of time required to comply with our legal, tax, audit or regulatory obligations, to manage potential liability, to resolve disputes, and to enforce our agreements.

We will collect and process Customers' or Event Attendees' Personal Data on behalf of the Customer, for the duration necessary to provide our Services. We will maintain such information controlled by a Customer in accordance with the Customer’s instructions, including any applicable Customer Agreement terms, and as required by applicable law.

12. International Data Transfers

Our Services are currently hosted in the United States.

If you access the Service or visit the Website from a European Territory, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, you understand that through your continued use of the Services may be transferring your personal data to the United States and if so, you consent to that transfer. Additionally, you understand that your personal data and the information you provide may be processed in countries (including the United States) where laws regarding processing Personal Data may be less stringent than in your country.

Please do not provide information to us unless you have the proper consents required in the country in which the information was collected.

13. Changes to the Privacy Policy

Changes to the Privacy PolicyThis Privacy Policy may be modified from time to time as our business practices and legal requirements evolve. If this Privacy Policy is modified, we will provide notice of the change by posting the updated Privacy Policy on this website (or its successor), and we will include the effective date of the update.

14. Contact Us

If you have any questions or concerns regarding our Privacy Policy or data practices, you can contact us by emailing us at privacy@gramercytech.com or by contacting us at the address below:

Gramercy Consultants, LLC
Attn: Legal Dept
1411 Broadway, 16th floor,
New York, NY 10018

If You are an Event Attendee, please direct any questions You may have regarding Your Personal Data to the Customer organizing the event, not to Gramercy Tech. As noted previously in this Privacy Policy, if You are an Event Attendee for an event organized by an Eventfinity Customer, Gramercy Tech processes Your Personal Data on behalf of that Customer. The Customer is the Controller for Your Personal Data as collected and processed by us, and determines what Personal Data to request from You, how it is used, with whom it may be shared, and for how long it is retained.