Greystone & Co. II LLC
Client Privacy Notice
Last modified: 06/14/2023
1. Introduction
Greystone & Co. II LLC is an organization concentrated on commercial real estate lending, investing, and advisory services. Greystone & Co. II LLC and its parent, subsidiaries, and other affiliate entities (“Greystone,” “we,” “our,” or “us”) respects your privacy and are committed to protecting it through our compliance with this policy.
This Privacy Notice (our “Privacy Notice”) describes the types of information we may collect, use, maintain, protect, disclose, or otherwise process about you when you when you apply for or obtain, or we otherwise service, the commercial real estate lending, investing, loan servicing, or asset management services from Greystone (“Financial Products and Services,” “Financial Products or Services,” or individually, a “Financial Product or Service”), or when you access our websites at www.greystone.com, www.greystonedevelopment.com, www.greystoneeb5.com, www.greystonerents.com, and www.greystonemanagementsolutions.com (each, a “Website”), including when you apply for or access your Financial Product or Service through the use of our online account portal(s) through the website, and our practices for collecting, using, maintaining, protecting, disclosing, or otherwise processing that information.
This policy applies to information we collect:
- on our Websites, when you access your Financial Product or Service account (including to make payments);
- when you apply for a Financial Product or Service or when we service such an account;
- in email, text, phone, and other electronic messages between you and us related to the Financial Products and Services; and
- when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
Except as described in this Privacy Notice, it does not apply to information collected by:
- us through any other means, including on any other website operated by Greystone or any third-party (including our affiliates and subsidiaries);
- us or any of our affiliates or subsidiaries related to your or any other individual’s employment or potential employment with us; or
- any third party (including our affiliates, and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from the Websites or that you otherwise may provide your Personal Information to.
Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use any Financial Product or Service or our Websites. By accessing or using our Financial Products or Services or our Websites, you agree to this Privacy Notice. This Privacy Notice may change from time to time (see Changes to Our Privacy Notice). Your continued use of any Financial Product or Service or our Websites after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates.
2. Children Under the Age of 18
Our Financial Products or Services and Websites are not intended for children under 18 years of age. No one under age 18 may provide any information in relation to any Financial Product or Service or to or on the Websites. We do not knowingly collect Personal Data from children under 18. If you are under 18, do not use any Financial Product or Service or use or provide any information on our Websites or on or through any of its features, including your name, address, telephone number, or email address. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information directly from a child under 18, please contact us through the contact information below.
3. Information We Collect About You and How We Collect It
Throughout this Privacy Notice, the term “Personal Data” means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device. However, Personal Data does not include any deidentified or aggregated information.
Generally
We collect Personal Data from various sources, including:
- directly from you when you provide it to us, including when you fill out forms to obtain a Financial Product or Service;
- automatically as you navigate through the Websites;
- information that we create about you when you apply for, obtain, or otherwise use a Financial Product or Service and as you use our Websites; and
- From third parties, for example, our business partners such as credit reporting agencies and payment processors.
Information You Provide to Us
We collect the following types of Personal Data directly from you when you apply for, obtain, or otherwise use a Financial Product or Service or otherwise access or use our Websites: real name, alias, postal address, unique personal identifier (such as a loan number or other account number), email address, work telephone number, social security number, drivers’ license or other state-issued ID number, insurance information, title, employer name, age, birthdate, records of goods and services purchased, obtained, or considered to be purchased or obtained (like property address, parcel number, property type, type of Financial Product or Service desired or obtained, and other similar information) and any other identifier by which you may be contacted online or offline. In addition, we also collect other types of information that you may provide when you fill out a form or through your correspondence with us.
We collect the Personal Data through:
- information that you provide by filling in forms to obtain a Financial Product or Service that you upload to the Websites or other forms on the Websites. This includes information provided at the time of registering to use our Websites. We may also ask you for information when you report a problem with our Website or your use of our Financial Products and Services;
- if you contact us, records and copies of your correspondence (including email addresses);
- details of transactions you carry when you use a Financial Product or Service, such as when you make a payment. You may be required to provide financial information before obtaining a Financial Product or Service, including making a payment through our Websites.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Websites, we may use automatic data collection technologies to collect certain Personal Data about your interaction with our Websites, including information about your equipment, browsing actions, and patterns. This includes:
- details of your visits to our Websites. This includes browsing history, search history, traffic data, location data, logs, referring/exit pages, date and time of your visit to our Websites, error information, clickstream data, and other communication data and the resources that you access, use, or otherwise interact with on the Websites;
- your preferences regarding your use of our Websites, such as language, contrast, font size, and other similar information;
- your general geographic location based off of IP addresses (i.e., town, city, state); and
- information about your computer and internet connection, i.e., your IP address, operating system, platform type, browser type, browser language. If you use a mobile device to access our Websites, this may also include your mobile device’s brand, model, operating system, resolution, screen size, system version, mobile network information, and mobile device’s advertising ID (some of this information may be subject to your consent and/or the permissions settings on your device).
The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Websites and to deliver a better and more personalized service by enabling us to:
- estimate our audience size and usage patterns;
- store information about your preferences;
- secure our Websites and our customers’ accounts;
- customize our Websites according to your individual interests;
- speed up your searches; and
- recognize you when you return to our Websites.
The technologies we use for this automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. Our Websites may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Websites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites. You may find out more about the specific cookies that we use by clicking on the “Cookies” link at the bottom of our Websites and reviewing the information about each category of cookies. You may also adjust your settings by clicking on the “Cookies” link at the bottom of our Websites and adjusting the setting for each category of cookie. You can also set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select these setting you may be unable to access certain parts of our Websites. You can find more information about cookies at http://www.allaboutcookies.org and http://youronlinechoices.eu.
- Session Cookies. Our use of cookies also includes “session cookies.” Each time you access the Websites, a session cookie containing an encrypted, unique identifier is placed on your browser. These session cookies allow us to uniquely identify you when you use the Websites and track which pages of the Websites you access. Session cookies are required to use the Websites.
- Web Beacons. Pages of our Websites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Greystone, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications on the Websites are served by third-parties, ad networks and servers, content providers, analytics providers, social media companies, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Websites. The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
Information We Create About You
We may also create certain information about you. When we associate this information with other Personal Data about you, we consider this information to be Personal Data. This information includes: unique identifiers (such as loan and account numbers), records of real property or Financial Products or Services purchased, obtained, or considered by you, or other purchasing or consuming histories or tendencies by you, and Financial Product or Service balance and payment history.
Information We Collect from Third Parties
We may collect Personal Data from third parties, such as credit reporting agencies, title companies, and real property recording offices and other government entities. We may also supplement your business contact information with information from other third party sources in order to verify your identity or to enrich what we know about you or your company through business intelligence services. When we associate this information with other Personal Data about you, we consider this information to be Personal Data. This information includes: real name, alias, postal address, unique personal identifier (such as a loan number or other account number), email address, telephone number, social security number, drivers’ license or other state-issued ID number, insurance information, title, employer name, age, birthdate, records of Financial Products and Services purchased, obtained, or considered to be purchased or obtained, credit history, credit score, other credit check information, title history and title recording information, and any other identifier by which you may be contacted online or offline.
When you interact with our Websites or accounts on a social media platform (a “Social Media Platform”), we may collect the Personal Data that you or the Social Media Platform makes available to us on that page or account. This may include your account ID and/or user name associated with that Social Media Platform, your profile picture, email address, friends list, or information about the people and groups you are connected with and how you interact with them, and any other information you have made public in connection with that Social Media Platform. The information we collect from a Social Media Platform depends on your privacy settings on that Social Media Platform; we will comply with the privacy settings of each Social Media Platform and only collet and store such Personal Data that we are permitted to collect by those Social Media Platforms. When you access our Websites through Social Media Platforms or when you connect a Website to a Social Media Platform, you are authorizing us to collect, store, and use such Personal Data and other content in accordance with this Privacy Notice.
4. How We Use Your Information
We use Personal Data that we collect about you or that you provide to us:
- to provide and personalize our Websites and their contents to you;
- to provide you with information about our Financial Products and Services that you request from us;
- to provide you with answers to your questions about our Financial Products and Services;
- to review your application for a Financial Product or Service;
- to fund a commercial loan or lease, or otherwise provide you with the Financial Product or Service you request from us (when applicable);
- to service the Financial Product or Service you obtain from us, including to process your transactions and payments and prevent transactional fraud;
- to support, develop, troubleshoot, and debug our Websites and other Financial Products or Services;
- to create, maintain, customize, and secure your Financial Product or Service account with us;
- to provide you with notices and other information about the Financial Products or Services you use, including invoices, expiration, and renewal notices;
- to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
- to help maintain the safety, security, and integrity of our Websites, Financial Products or Services, databases and other technology assets, and business;
- for internal testing, research, analysis, and product development, including to develop and improve our Websites and a Financial Products or Services;
- detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- debugging to identify and repair errors that impair existing intended functionality of our Websites;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- to notify you about changes to our Websites or any Financial Product or Service we offer or provide;
- to meet our legal obligations, such as to pay our taxes, ensure compliance with “know your customer” requirements, and other similar requirements;
- to manage portfolio risk;
- to allow you to participate in interactive features on our Websites;
- in any other way we may describe when you provide the information;
- to fulfill any other purpose for which you provide it; and
- for any other purpose with your consent.
We may also use your Personal Information to contact you about our own Financial Products and Services that may be of interest to you. If you do not want us to use your information in this way, please check the relevant box located on the form on which we collect your data. For more information, see Choices About How We Use and Disclose Your Information.
5. Disclosure of Your Information
We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Notice. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction excluding text messaging originator opt-in data and consent; this information will not be shared with any third parties.
We may disclose Personal Data that we collect or you provide as described in this Privacy Notice:
- to our subsidiaries and affiliates;
- to contractors, service providers, and other third parties we use to support our business. The services these entities provide include IT and infrastructure support services (including web hosting and email delivery), postal/courier delivery services, analytics. services, marketing and advertising services, titling and government records services, payment processing services, and collection services;
- to a potential or actual buyer or other successor in the event of a planned or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Greystone’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Greystone about our users of our Websites and/or any Financial Product or Service is among the assets transferred;
- to fulfill the purpose for which you provide it. For example, if you give us insurance information, we will use such information to verify your insurance and to notify your insurance company about any loans on your insured items related to your use of our Financial Products or Services.
- for any other purpose disclosed by us when you provide the information; and
- with your consent.
We may also disclose your Personal Data:
- to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- to enforce or apply our terms of use for our Websites and the terms and conditions of your use of a Financial Product or Service and other agreements, including for billing and collection purposes; and
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Greystone, a dealer, our or their customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
6. Choices About How We Use and Disclose Your Information
We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.
In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:
- Tracking Technologies and Advertising. You can opt-out of our use of certain non-essential cookies by clicking the “Cookies” link at the bottom of the Websites and adjusting your cookie preferences. You can also set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse some cookies, please note that some parts of our Websites may then be inaccessible or not function properly.
- Promotional Offers from Greystone. If you do not want us to use your contact information to promote our own products and services, you can opt-out by checking the relevant box located on the form on which we collect your Personal Data or otherwise seek such consent. If you wish to change your choice, you may do so at any time by contacting us through the contact information below and stating your request. If we have sent you a promotional email, you may click the unsubscribe link in the body of that email to be omitted from future email distributions. This opt out does not apply to information provided to Greystone as a result of obtaining a Financial Product or Service, customer service experience or other transactions, including any use to process your application for, provide you with, or service any Financial Product or Service.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can learn more about interest-based advertisements and your opt-out rights and options from members of the Network Advertising Initiative (“NAI”) on its website (www.networkadvertising.org) and from members of the Digital Advertising Alliance on its website (www.aboutads.info).
California residents may have additional personal information rights and choices. Please see Jurisdiction-Specific Privacy Rights for more information.
7. Accessing, Correcting, and Deleting Your Personal Data
You can review and change some of your Personal Data by logging into the Websites and visiting your account profile page to the extent applicable.
You may also contact us at the contact information below or shown on any invoice related to your Financial Products or Services to request access to, correct or delete any Personal Data that you have provided to us. We cannot delete your Personal Data except by also deleting your user account. We may not accommodate a request to change or delete your Personal Data if we believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect.
The jurisdiction in which you are a resident or are located may provide you with additional rights and choices regarding your Personal Data. Please see Jurisdiction-Specific Privacy Rights for more Information.
8. Jurisdiction-Specific Privacy Rights
The law in some jurisdictions may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these jurisdictions, please see the privacy addendum for your state that is attached to this Privacy Notice.
Your California Privacy Rights
If you are a resident of California, you have the additional rights described in the California Privacy Addendum.
9. Do Not Track Signals
We may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.
10. Data Security
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Websites. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures deployed on the Websites.
11. Consent to Processing of Personal Data in the United States
In order to provide our Websites and Financial Products or Services to you, we may send and store your Personal Data outside of the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your Personal Data may be processed and stored in the United States and federal, state, and local governments, courts, or law enforcement or regulatory agencies in the United States may be able to obtain disclosure of your information through the laws of the United States. By using our Websites or a Financial Product or Service, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.
Your Personal Data is transferred by Greystone to another country only if it is required or permitted under applicable data protection law and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with this Privacy Notice when we transfer it to a third party, Greystone uses Data Protection Agreements between Greystone and all other recipients of your Personal Data when required by applicable law.
12. Changes to Our Privacy Notice
We may change this Privacy Notice at any time. It is our policy to post any changes we make to our Privacy Notice on this page with a notice that the Privacy Notice has been updated on the Websites’ home page or in an invoice. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account, through a notice on the Websites’ home page, or as an insert in an invoice. The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Websites and this Privacy Notice to check for any changes.
YOUR CONTINUED USE OF OUR WEBSITE OR OUR FINANCIAL PRODUCTS OR SERVICES FOLLOWING THE POSTING OF CHANGES CONSTITUTES YOUR ACCEPTANCE TO SUCH CHANGES.
13. Contact Information
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Notice or the ways in which we collect and use your Personal Data described in this Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may contact us at the contact information below or through the “Contact” page on our Websites.
Phone: 917-421-4575
Email: privacy@greyco.com
Postal Address: Greystone & Co. II LLC
Attn: Legal
152 East 57th Street, 60th Floor
New York, NY 10019
Greystone
Privacy Notice Addendum for California Residents
Effective Date: 06/14/2023
Last Reviewed on: 06/14/2023
14. Introduction
This Privacy Notice Addendum for California Residents (the “California Privacy Addendum”) supplements the information contained in Greystone & Co. II LLC’s and its parent’s, subsidiaries’, and other affiliate entities’ (“Greystone,” “we,” “our,” or “us”) Privacy Notice and describes our collection and use of Personal Information (as defined below). This California Privacy Addendum applies solely to all visitors, users, and others who reside in the State of California (“Consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, the “CPRA”) and any terms defined in the CPRA have the same meaning when used in this notice.
15. Scope of this California Privacy Addendum
This California Privacy Addendum applies to information that we collect when you apply for or obtain commercial real estate lending, investing, loan servicing, or asset management services from Greystone (“Financial Products and Services,” “Financial Products or Services,” or individually, a “Financial Product or Service”), or when you access our websites at www.greystone.com, www.greystonedevelopment.com, www.greystoneeb5.com, www.greystonerents.com, and www.greystonemanagementsolutions.com (each, a “Website”), that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device (“Personal Information”). However, publicly available information that we collect from government records and deidentified or aggregated information (when deidentified or aggregated as described in the CPRA) are not considered Personal Information and this California Privacy Addendum does not apply to such information.
This California Privacy Addendum does not apply to employment-related Personal Information collected from our California-based employees, job applicants, contractors, or similar individuals (“Personnel”). Please contact your local human resources department if you are part of our California Personnel and would like additional information about how we process your Personal Information.
16. Information We Collect About You and How We Collect It
We collect, and over the prior twelve (12) months have collected, the following categories of Personal Information about Consumers:
Personal Information Category | Applicable Pieces of Personal Information Collected |
A. Identifiers: | A real name; alias; postal address; unique personal identifier; online identifier; Internet Protocol address; email address; account name; Social Security number; driver’s license number; passport number; and other similar identifiers. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): | A name; signature; Social Security number; address; telephone number; passport number; driver’s license or state identification card number; insurance policy number; employment; bank account number; credit card number, debit card number, or any other financial information. Some Personal Information included in this category may overlap with other categories. |
C. Protected classification characteristics under California or federal law: | Age (40 years or older). We need your data of birth for credit check and verification purposes, which may indirectly reveal your age. We do not otherwise process your age as an independent category of personal information. |
D. Commercial information: | Records of real property and Financial Products and Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
E. Internet or other similar network activity: | Browsing history; search history; information on a Consumer’s interaction with a website, application, or advertisement. |
F. Geolocation data: | IP based physical location or movements that may identify your general geographic location to town, city, and state. We do not collect any information that may identify your precise geolocation within a radius of less than 1,850 feet. |
G. Professional or employment-related information: | Current or past job history, including job title. |
H. Inferences drawn from other Personal Information. | Profile reflecting a person’s preferences; characteristics; psychological trends; predispositions; behavior; attitudes; intelligence; abilities; and aptitudes. We use this information purposes of evaluating credit risk and ability to pay. |
I. Sensitive Personal Information (“Sensitive Personal Information”): | Government identifiers (social security; driver’s license; state identification card; or passport number) Complete account access credentials (user names, financial account numbers, or credit/debit card numbers combined with required access/security code or password) |
Greystone will not collect additional categories of Personal Information without providing you notice. As further described in To Whom Do We Sell or Share Your Personal Information, our use of cookies on the Websites may be considered a “sale” of Personal Information for monetary or other valuable consideration or a “sharing” of Personal Information for cross-context behavioral advertising.
17. Sources of Personal Information
We collect Personal Information about you from the sources described in our Privacy Notice.
18. Purposes for Our Collection of Your Personal Information
We may use or disclose the Personal Information we collect, and in the past twelve (12) months have used or disclosed the Personal Information we collect, for the purposes described in our Privacy Notice.
We may also use, “sell” for monetary or other valuable consideration or “share” for the purposes of cross-context behavioral advertising the Personal Information we collect and, over the prior twelve (12) months, have used, “sold” for monetary or other valuable consideration or shared for the purpose of cross-context behavioral advertising the Personal Information we have collected, for the purposes described in our Privacy Notice as well as the following additional purposes:
- Short-term, transient use, provided the Personal Information is not disclosed to another third-party and is not used to build a profile about you or otherwise alter your experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction; and
- Performing services on behalf of Greystone or another service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
Greystone will not use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
19. Third Parties to Whom Do We Disclose Your Personal Information for Business Purposes
Greystone may disclose your Personal Information to third parties for one or more business purposes. When we disclose Personal Information to non-affiliated third parties for a business purpose, we enter a contract that describes the purpose, requires the recipient to both keep that Personal Information confidential and not use it for any purpose except for the specific business purposes for which the Personal Information was disclosed, and requires the recipient to otherwise comply with the requirements of the CPRA.
In the preceding twelve (12) months, Greystone has disclosed the following categories of Personal Information for one or more of the business purposes described below to the following categories of third parties:
Personal Information Category | Categories of Non-Service Provider and Non-Contractor Third-party Recipients |
A. Identifiers. | Service Providers; affiliates, parents, and subsidiary organizations of Greystone; Internet cookie information recipients, such as analytics and behavioral advertising services; government entities (including for title and loan recording purposes); insurance companies. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Service Providers; affiliates, parents, and subsidiary organizations of Greystone; government entities (including for title and loan recording purposes); insurance companies. |
C. Protected classification characteristics under California or federal law. | Service Providers; affiliates, parents, and subsidiary organizations of Greystone; government entities (including for title and loan recording purposes); insurance companies. |
D. Commercial information. | Service Providers; affiliates, parents, and subsidiary organizations of Greystone; government entities (including for title and loan recording purposes); insurance companies. |
E. Internet or other similar network activity. | Service Providers; affiliates, parents, and subsidiary organizations of Greystone; social media companies; Internet cookie information recipients, such as analytics and behavioral advertising services. |
F. Geolocation data. | Service Providers; affiliates, parents, and subsidiary organizations of Greystone. |
G. Professional or employment-related information. | Service Providers; affiliates, parents, and subsidiary organizations of Greystone. |
H. Inferences drawn from other Personal Information. | Service Providers; affiliates, parents, and subsidiary organizations of Greystone. |
Sensitive Personal Information Category | Categories of Third-party Recipients |
Government identifiers (social security, driver’s license, state identification card, or passport number) | Service Providers; affiliates, parents, and subsidiary organizations of Greystone; government entities (including for title and loan recording purposes); insurance companies. |
Complete account access credentials (user names, account numbers, or card numbers combined with required access/security code or password) | Service Providers. |
We disclose your Personal Information to the categories of third parties listed above for the following business purposes:
Helping to ensure security and integrity of our Website and Financial Products or Services to the extent the use of the Personal Information is reasonably necessary and proportionate for these purposes.
Debugging to identify and repair errors that impair existing intended functionality.
Performing services on behalf of us, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of us.
Undertaking internal research for technological development and demonstration.
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us (including our Website and Financial Products or Services), and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
In addition to the above, we may disclose any or all categories of Personal Information to any third-party (including government entities and/or law enforcement entities) as necessary to:
comply with federal, state, or local laws, or to comply with a court order or subpoena to provide information;
comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
cooperate with law enforcement agencies concerning conduct or activities that we (or one of our service providers’) believe may violate federal, state, or local law;
comply with certain government agency requests for emergency access to your Personal Information if you are at risk or danger of death or serious physical injury; or
exercise or defend legal claims.
“Sale” of Your Personal Information for Monetary or Other Valuable Consideration
As noted in our Privacy Notice, we do not sell Personal Information as the term “sell” is commonly understood to require an exchange for money. However, the use of advertising and analytics cookies on our Websites is considered a “sale” of Personal Information as the term “sale” is broadly defined in the CPRA to include both monetary and other valuable consideration. Using this broad definition, our “sale” is limited to our use of third-party advertising and analytics cookies and their use in providing behavioral advertising and their use in understanding how people use and interact with our Websites. Our “sales” of your Personal Information in this matter is subject to your right to opt-out of those sales (see Your Choices Regarding our “Sale” or “Sharing” of your Personal Information). The CPRA prohibits third parties who purchase the Personal Information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
“Sharing” of Your Personal Information for Cross-Context Behavioral Advertising
Greystone may “share” your Personal Information for the purpose of cross-context behavioral advertising, subject to your right to opt-out of that sharing (see Your Choices Regarding our “Sale” or “Sharing” of your Personal Information). Our “sharing” for the purpose of cross-context behavioral advertising would be limited to our use of third-party advertising cookies and their use in providing you cross-context behavioral advertising (i.e., advertising on other websites or in other mediums). When the recipients of your Personal Information disclosed for the purpose of cross-context behavioral advertising are also permitted to use your Personal Information to provide advertising to others, we also consider this disclosure as a “sale” for monetary or other valuable consideration under the CPRA.
In the preceding twelve (12) months, Greystone has “sold” for monetary or other valuable consideration, or “shared” for the purpose of cross-context behavioral advertising, the following categories of Personal Information to the following categories of third parties:
Personal Information Category | Sold or Shared | Business or Commercial Purpose for Sale or Sharing (as appropriate) | Categories of Third Parties To Whom Your Personal Information is Sold or Shared |
A. Identifiers. | Sold and Shared | Advertising and analytics purposes. | Service Providers; advertisers and advertising networks; social media companies; Internet cookie information recipients, such as analytics and behavioral advertising services. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | No | N/A | N/A |
C. Protected classification characteristics under California or federal law. | No | N/A | N/A |
D. Commercial information. | No | N/A | N/A |
E. Internet or other similar network activity. | Sold and Shared | Advertising and analytics purposes. | Service Providers; advertisers and advertising networks; social media companies; Internet cookie information recipients, such as analytics and behavioral advertising services. |
F. Geolocation data. | No | N/A | N/A |
G. Professional or employment-related information. | No | N/A | N/A |
H. Inferences drawn from other Personal Information. | No | N/A | N/A |
Sensitive Personal Information Category | Sold or Shared | Business Purpose for Sale or Sharing (as appropriate) | Categories of Third Parties To Whom Your Personal Information is Sold or Shared |
Government identifiers (social security, driver’s license, state identification card, or passport number) | No | N/A | N/A |
Complete account access credentials (user names, account numbers, or card numbers combined with required access/security code or password) | No | N/A | N/A |
- Sale of Personal Information of Minors Under the Age of 16
- We do not have any actual knowledge that we “sell” the Personal Information of minors under the age of 16 for monetary or other valuable consideration and we do not have any actual knowledge that we “share” such Personal Information for cross-context behavioral advertising without affirmative consent as required by the CPRA. More information on how minors under the age of 16 may change their choice regarding the “sale” or “sharing” of their Personal Information can be found in Your Choices Regarding our “Sale” or “Sharing” of Your Personal Information.
21. Consumer Data Requests
The CPRA provides California residents with specific rights regarding their Personal Information. This section describes your CPRA rights and explains how to exercise those rights. You may exercise these rights yourself or through your Authorized Agent. For more information on how you or your Authorized Agent can exercise your rights, please see Exercising Your CPRA Privacy Rights.
Right to Know. You have the right to request that Greystone disclose certain information to you about our collection and use of your Personal Information over the past 12 months (a “Right to Know” Consumer Request). This includes: (a) the categories of Personal Information we have collected about you; (b) the categories of sources from which that Personal Information came from; (c) our purposes for collecting this Personal Information; (d) the categories of third parties with whom we have shared your Personal Information; and (e) if we have “sold” or “shared” or disclosed your Personal Information, a list of categories of third parties to whom we “sold” or “shared” your Personal Information, and a separate list of the categories of third parties to whom we disclosed your Personal Information to. You must specifically describe if you are making a Right to Know request or a Data Portability Request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. You may make a Right to Know or a Data Portability Consumer Request a total of two (2) times within a 12-month period at no charge.
Access to Specific Pieces of Information (Data Portability). You also have the right to request that Greystone provide you with a copy of the specific pieces of Personal Information that we have collected about you, including any Personal Information that we have created or otherwise received from a third-party about you (a “Data Portability” Consumer Request). If you make a Data Portability Consumer Request electronically, we will provide you with a copy of your Personal Information in a portable and, to the extent technically feasible, readily reusable format that allows you to transmit the Personal Information to another third-party. You must specifically describe if you are making a Right to Know request or a Data Portability request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. In response to a Data Portability Consumer Request, we will not disclose your social security number, driver’s license number or other government-issued identification number, financial account number, or your account password or security question or answers. We will also not provide this information if the disclosure would create a substantial, articulable, and unreasonable risk to your Personal Information, your account with Greystone, or the security of our systems or networks. We will also not disclose any Personal Information that may be subject to another exception under the CPRA. If we are unable to disclose certain pieces of your Personal Information, we will describe generally the types of personal information that we were unable to disclose and provide you a description of the reason we are unable to disclose it. You may make a Right to Know or a Data Portability Consumer Request a total of two (2) times within a 12-month period at no charge.
Correction. You have the right to request that we correct any incorrect Personal Information about you to ensure that it is complete, accurate, and as current as possible. You may review and correct some Personal Information about yourself by logging into the appropriate Website and visiting your “Account” page. You may also request that we correct the Personal Information we have about you as described below under Exercising Your CPRA Privacy Rights. In some cases, we may require you to provide reasonable documentation to show that the Personal Information we have about you is incorrect and what the correct Personal Information may be. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect or if the Personal Information is subject to another exception under the CPRA.
Deletion. You have the right to request that Greystone delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your Consumer Request (see Exercising Your CPRA Privacy Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies pursuant to the CPRA. Some exceptions to your right to delete include, but are not limited to, if we are required to retain your Personal Information to complete the transaction or provide you the Financial Products and Services for which we collected the Personal Information or otherwise perform under our contract with you, to detect security incidents or protect against other malicious activities, and to comply with legal obligations. We may also retain your Personal Information for other internal and lawful uses that are compatible with the context in which we collected it.
Non-Discrimination. We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not do any of the following as a result of you exercising your CPRA rights: (a) deny you goods or services; (b) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (c) provide you a different level or quality of goods or services; or (d) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your CPRA Privacy Rights
To exercise the rights described above, please submit a request (a “Consumer Request”) to us by either:
- Calling us at 855.527.4381.
- Submitting an online form available at: Do Not Sell or Share My Personal Information.
If you fail to make your Consumer Request in accordance with the ways described above, we may either treat your request as if it had been submitted with our methods described above or provide you with information on how to submit the request or remedy any deficiencies with your request.
Only you, or your Authorized Agent that you authorize to act on your behalf, may make a Consumer Request related to your Personal Information. To designate an Authorized Agent, see Authorized Agents below.
All Consumer Requests must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an Authorized Agent of such a person as described below.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Verifying Your Identity
Before completing your request to exercise your rights, we will verify that the request came from you by comparing the identifying information provided by you in your request with any Personal Information we maintain about you at that time. For all requests, we will need the Consumer’s (i) name; (ii) postal address, and (iii) telephone number.
To protect the privacy and security of your Personal Information, we may also request additional information from you to help us verify your identity and process your request. This information may include all or a portion of your driver’s license or other government-issued identification number. We may also contact you to ask you for further information in relation to your request to speed up our response. You may also be asked to complete and provide a signed declaration under penalty of perjury that you are the Consumer who is the subject of the request or their Authorized Agent in certain circumstances. We will only use Personal Information provided in a Consumer Request to verify the requestor’s identity or authority to make the request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm which Personal Information relates to you or the individual for whom you are making the request as their Authorized Agent. Making a Consumer Request does not require you to create an account with us. However, we do consider requests made through your password protected online account sufficiently verified when the request relates to Personal Information associated with that specific account.
We will only use Personal Information provided in a Consumer Request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Your Choices Regarding our “Sale” or “Sharing” of Your Personal Information.
Authorized Agents
You may authorize your agent to exercise your rights under the CPRA on your behalf by registering your agent with the California Secretary of State or by providing them with power of attorney to exercise your rights in accordance with applicable laws (an “Authorized Agent”). We may request that your Authorized Agent submit proof of identity and that they have been authorized exercise your rights on your behalf. We may deny a request from your Authorized Agent to exercise your rights on your behalf if they fail to submit adequate proof of identity or adequate proof that they have the authority to exercise your rights.
Response Timing and Format
We will confirm our receipt of your Consumer Request within ten (10) business days of its receipt. We will generally process these requests within forty-five (45) calendar days of its receipt. If we require more time (up to an additional forty-five (45) calendar days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
In response to a Right to Know or Data Portability Consumer Request, we will provide you with all relevant information we have collected or maintained about you on or after January 1, 2022, unless an exception applies. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability Consumer Request, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your Consumer Request unless it is excessive, repetitive, or manifestly unfounded. We reserve the right to consider more than two (2) total Right to Know or Data Portability Consumer Requests (or combination of the two) in a twelve (12) month period to be repetitive and/or excessive and require a fee. If we determine that your Consumer Request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
22. Your Choices Regarding our “Sale” or “Sharing” of Your Personal Information
“Sale” of Your Personal Information
If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information for monetary or other valuable consideration at any time (the “right to opt-out”). We do not sell the Personal Information of Consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.
“Sharing” of Your Personal Information
If you are 16 years of age or older, you have the right to direct us to not share your Personal Information for the purposes of cross-context behavioral advertising, which is showing advertising on other websites or other media based on your browsing history with our Website (the “right to opt-out”). We do not share the Personal Information of Consumers we actually know are less than 16 years of age for this purpose, unless we receive affirmative authorization from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to our sharing of Personal Information for these purposes may opt-out of future such sharing at any time.
How You May Opt-Out of Our Sale or Sharing of Your Personal Information
To exercise the right to opt-out of the “sale” of your Personal Information for monetary or other valuable consideration and of “sharing” your Personal Information for the purposes of cross-context behavioral advertising, you (or your authorized representative) may adjust your cookie preferences by visiting the “Cookies Preferences” links on the website, or by configuring your browser to send us a privacy signal as described in more detail below.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back into the sale of Personal Information at any time by adjusting the settings through the same links.
You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Information provided in an opt-out request to review and comply with the request.
If you (or your Authorized Agent) submit a request to opt-in to our “sale” or “sharing” of your Personal Information, we will use a two-step process in order to confirm that you want to opt-in for such “sale” or “sharing” of your Personal Information. This process may require confirmation of your choices.
Browser Privacy Control Signals
You may also exercise your right to opt-out of the “sale” of your Personal Information for monetary or other valuable consideration and “sharing” your Personal Information for the purposes of cross-context behavioral advertising by setting the privacy control signal on your browser, if your browser supports it. We currently recognize and support the following privacy signals sent by browsers:
- Global privacy control (for more information on how to configure your browser to send this signal, please see https://globalprivacycontrol.org/).
When we receive one of these privacy control signals, we will opt you out of any further “sale” or “sharing” of your Personal Information when you interact with our Websites through that browser and on that device. We will only be able to propagate your choice to opt-out to your account if you are currently logged in when we receive the privacy control signal from your browser. When we are able to propagate your choice to your account, you will be opted out of “sale” or “sharing” of your Personal Information on all browsers and devices on which you are logged in, and for both online and offline “sales” and “sharing.”
23. Your Choices Regarding our Use and Disclosure of Your Sensitive Personal Information
As further described below, we do not use or disclose your Sensitive Personal Information for any purpose other than the following:
to perform the services or provide the goods reasonably expected by an average Consumer who requests such goods or services;
to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted Personal Information, provided that our use of your Personal Information is reasonably necessary and proportionate for such purposes;
to resist malicious, deceptive, fraudulent, or illegal actions directed at Greystone and to prosecute those responsible for those actions, provided that our use of your Personal Information is reasonably necessary and proportionate for this purpose;
to ensure the safety of natural persons, provided that our use of your Personal Information is reasonably necessary and proportionate for this purpose;
for short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of your current interaction with us, provided that the Personal Information is not disclosed to another third-party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with us;
to perform services on behalf of us, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of us; and
to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
Because we only use your Sensitive Personal Information for the above purposes, we do not provide you with an ability to limit our use of your Sensitive Personal Information to such uses.
24. Personal Information Retention Periods
We retain all categories of your Personal Information for a period of seven (7) years or, if you have an account with us, for seven (7) years after your account is closed. However, we may also retain any or all categories of Personal Information when your information is subject to one of the following exceptions:
- When stored in our backup and disaster recovery systems. Your Personal Information will be deleted when the backup media your Personal Information is stored on expires or when our disaster recovery systems are updated.
- When necessary for us to exercise or defend legal claims.
- When necessary to comply with a legal or contractual obligation.
- When necessary to help ensure the security and integrity of our Website and IT systems.
Your Personal Information will be deleted when we no longer require your Personal Information for any of the above purposes.
25. Changes to This CPRA Privacy Addendum
Greystone reserves the right to change this California Privacy Addendum at any time. It is our policy to post any changes we make to our California Privacy Addendum on this page with a notice that the California Privacy Addendum has been updated on the Websites’ home page or in an invoice. If we make material changes to how we treat our users’ Personal Information, we will notify you by email to the email address specified in your account, through a notice on the Websites’ home page, or as an insert in an invoice. The dates this California Privacy Addendum was last revised and reviewed is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Websites and this California Privacy Addendum to check for any changes.
YOUR CONTINUED USE OF OUR WEBSITE OR OUR FINANCIAL PRODUCTS OR SERVICES FOLLOWING THE POSTING OF CHANGES CONSTITUTES YOUR ACCEPTANCE TO SUCH CHANGES.
26. Contact Information
If you have any questions or comments about this California Privacy Addendum, the ways in which Greystone collects and uses your information described above and in the Privacy Notice, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 1-855-527-4381
Email: privacy@greyco.com
Postal Address: Greystone & Co. II LLC
Attn: Legal
152 East 57th Street, 60th Floor
New York, NY 10019