PRIVACY POLICY
PRIVACY POLICY
PRIVACY POLICY
PRIVACY POLICY
PRIVACY POLICY
PRIVACY POLICY
PRIVACY POLICY
PRIVACY POLICY
PRIVACY POLICY
Welcome to Gradient. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.gradientexperience.com or use our services. By using the Site or our services, you consent to the practices described in this Privacy Policy. Please take a moment to review this Privacy Policy and make sure you understand and agree with it.
INFORMATION
WE COLLECT
1. Personal Information We Obtain
At Gradient, we strive to collect only the personal information about you that we need to provide the products and services that you choose. We may obtain personal information about you from various sources. The types of personal information we may obtain include:
contact details (such as name, email and postal address and telephone number);
business contact information (such as employer’s name and address, job title and business email address and telephone number), as well as employment and professional license information;
physical characteristics (such as gender and height);
digital images and videos (such as images from your mobile device camera);
biometric data (such as digital images of fingerprints, irises and face);
information about the devices you use to access the GRADIENT service and GRADIENT websites (such as IP address);
information about your use of the GRADIENT service and GRADIENT websites, including personal information typed into forms on our website, whether or not you submit the form;
payment information (such as billing address and payment card details, including card number, expiration date and security code);
location information (such as GPS data from your mobile device to enable a location-based service);
contact information for friends or others you would like us to contact;
information you submit in connection with a career opportunity at GRADIENT (such as contact details, information in your resume and details about your current employment);
survey information; and
other information you may provide to us or authorize others to provide to us (such as shopping and language preferences).
Additionally, when users visit our website, we may collect certain information by using tracking tools, such as cookies and web beacons. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon”, also known as an Internet tag, pixel tag or GRADIENT GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. This allows us to collect information such as your device’s IP address, device type, browser type, operating system, referring URLs, actions taken on our site, and dates and times of website visits. Through these automated collection methods, we may obtain “clickstream” data, which is a log of the content that a visitor clicks on while browsing a website. As the visitor clicks through the website, we may record and store those actions. Clickstream data also tells us the type of computer and browsing software you use, the address of the website from which you linked to our site, and the pages you visit on our site.
2. How We May Use The Personal Information We Obtain
As described further below, GRADIENT uses your personal information to provide you services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal information for other purposes with your consent.
A. BIOMETRIC DATA AND OTHER PERSONAL INFORMATION
We may use biometric information and other personal information we obtain about you to:
facilitate and manage GRADIENT’s application and enrollment processes;
operate and administer the GRADIENT programs and services;
verify applicants’ and users’ identities, including authenticating users of the GRADIENT services; or
comply with and enforce applicable legal requirements and policies, including this Privacy Policy, our Terms of Use.
With your express consent, we also may use information in other ways, such as when you choose to use a service or participate in a program we may offer jointly with another entity.
B. NON-BIOMETRIC INFORMATION
In addition to the uses described in Section 2.A. above, we also may use non-biometric personal information to:
provide services to our consumers (such as travel or airport-related amenities);
authenticate GRADIENT users, and conduct background checks and security threat assessments concerning GRADIENT applicants and users;
communicate with consumers and respond to their questions;
create and manage online accounts that users establish on our website;
send news and updates about GRADIENT and other communications (such as communications about products and services offered by our marketing partners);
offer our consumers products or services we believe may be of interest to them;
communicate with our consumers about, and administer participation in, special events, programs, surveys, and other offers and promotions;
operate, evaluate and improve our business (including developing new products and services; analyzing our products and services; managing our communications; and performing accounting, auditing and other internal functions); or
perform data analyses (including market and consumer research).
We learn how to best tailor our website to our visitors by collecting information through cookies, web beacons and other analytics tools on our website. We may use website analytics to determine how much time visitors spend on each web page of our website, how visitors navigate through the site, and how we may change our site to better meet the needs of our visitors. We may also use cookies to customize visits to our site and deliver content. See our Cookie Usage page for more information. We may use IP addresses to help diagnose problems with our server and to administer our website. We also may use IP addresses to help identify and gather demographic information about visitors to our site.
We do not collect personally identifiable information about a consumer’s online activities over time or across third-party Web sites or online services.
We also may use the information we obtain about you in other ways when we provide specific notice at the time of collection.
C. INTEREST-BASED ADVERTISING
We collect data about your visit to our website to provide advertising about products and services tailored to your individual interests. Therefore, you may see certain ads on other websites because we participate in advertising networks run by third-party vendors. Those networks track your online activities through automated means, including the use of cookies, pixels and web beacons. The networks use this information to show advertisements tailored to your interests. Our ad network vendors receive information about your visit to our website, such as the pages you have viewed. This information also helps us track the effectiveness of our marketing efforts.
Where applicable, we limit how our third-party advertising partners use data collected via cookies and other tracking. You can also choose whether to have this information collected through the use of the cookie preferences center (by clicking on the green cookie in the bottom, left-hand corner of your browser screen), browser settings and other third-party tools, and by implementing Global Privacy Control on your browser. To learn more, visit our Cookie Usage page.
3. Personal Information We Share
We never sell or rent personal information about you.
We do not share or disclose personal information except as described in this Privacy Policy.
A. BIOMETRIC DATA AND OTHER PERSONAL INFORMATION
We may share biometric data, and other personal information we obtain about applicants to and users of GRADIENT with:
Service providers (such as order fulfillment and data analytics providers, liveness analysis providers such as Amazon Web Services). As described in Section 3.D of this Privacy Policy, whenever GRADIENT discloses personal information to its service providers, we contractually prohibit them from using or disclosing that information other than to perform services for us or to comply with legal requirements. We also require our service providers to appropriately safeguard the privacy and security of the personal information we disclose to them, and we impose limits on how long they can retain such information.
The U.S. Transportation Security Administration and airport authorities, pursuant to the purposes described in Section 2.A of this Privacy Policy
Other government agencies, if required by law
Other third parties with your express consent (such as when you choose to use a service or participate in a program that we may offer jointly with another entity)
B. NON-BIOMETRIC INFORMATION
In addition to the disclosures described in Section 3.A above, we also may share non-biometric personal information (except for government-issued identification numbers and payment card and financial account numbers) we obtain about you with our affiliates for the purposes described in Section 2.B of this Privacy Policy.
C. SERVICE PROVIDERS
We contractually prohibit our service providers from using or disclosing our consumers’ personal information, other than to perform services for us or comply with legal requirements. We require these service providers to appropriately safeguard the privacy and security of the consumer personal information they collect, use, disclose or otherwise process for us. We permit service providers to retain such personal
information only for as long as is necessary to provide the services to GRADIENT, and we always limit service providers’ data retention terms to comply with applicable law and this Privacy Policy.
D. DISCLOSURES FOR OTHER PURPOSES
We may disclose information we obtain about you:
if law or legal process requires us to do so (such as a court order or subpoena);
in response to requests by government agencies (such as law enforcement authorities);
to establish, exercise or defend our legal rights;
when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss;
in connection with an investigation of suspected or actual illegal activity; or
otherwise with your consent or at your direction.
We reserve the right to transfer information we have about you if we sell or transfer all or part of our business or assets, as permitted or required by law. Should such a transfer occur, we will use reasonable efforts to direct the transferee to use the personal information in a manner that is consistent with this Privacy Policy.
We also may share the information we obtain about you in other ways when we provide specific notice at the time of collection.
4. Your Privacy Rights With GRADIENT
At GRADIENT, we respect your ability to know, access, correct, restrict the processing of, and delete your personal information. We’ve honored these rights since GRADIENT launched in 2010 for all our members, regardless of where they live. To exercise your privacy rights, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
submit a request here (for access and deletion requests only); or
write to us at:
GRADIENT
Attention: Chief Privacy Officer
85 10th Avenue, 9th Floor
New York, New York 10011
To help protect the security of your personal information, your identity will be verified when we receive your request.
We may share non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes only with your opt-in consent by accepting targeting cookies on our cookie banner, which can be accessed by clicking on the green cookie in the bottom, left-hand corner of your browser screen. GRADIENT also honors Global Privacy Control. Please review our Cookie Usage page for more details.
You can also direct us at any time not to send you marketing emails by:
clicking on an unsubscribe link in marketing emails you receive from us;
replying to marketing emails you receive from us with the word “unsubscribe” in the subject line; or
emailing us at privacy@gradientexperience.com with the word “unsubscribe” in the subject line and your name in the body of the email.
There may be situations where we cannot grant certain types of these requests — for example, if you ask us to delete your personal information, but GRADIENT is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns.
5. How We Protect Personal Information
We maintain administrative, technical and physical safeguards. These are designed to protect personal information against accidental, unlawful or unauthorized: destruction, alteration, access, disclosure or use.
To safeguard certain sensitive information (such as biometric data and government-issued identification information), we implement security measures such as encryption, firewalls, and intrusion detection and prevention systems. Our customer service call centers do not have access to biometric data.
In addition, some examples of security measures we use to safeguard personal information include:
procedures for identifying and classifying personal information;
implementing safeguards appropriate to the sensitivity of the information;
access control procedures to verify business need before access to personal information is granted;
procedures for the periodic review of access permissions;
procedures for terminating access to personal information when there is no longer a business need for access;
personnel security controls designed to reduce the risk of human error, theft, fraud or misuse of facilities; and
physical and environmental security procedures designed to prevent unauthorized access, damage or interference to business premises and information.
In the event of a breach of GRADIENT’s systems resulting in unauthorized access to your personal information, GRADIENT will provide notice as required by law.
6. Other Online Services And Third-Party Features
Our website and other services may provide links to other online services for your convenience and information. This may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect, are subject to the privacy statements of these parties. We strongly suggest you review them. To the extent any linked online services or third-party features are not owned or controlled by us, GRADIENT is not responsible for their information practices.
7. Retention Of Personal Information
To request removal of your personal information as described above, you may contact us as indicated in Section 10 of this Privacy Policy.
We will honor your requests, except that we may retain limited information to comply with your request not to be contacted in the future.
8. Children's Personal Information
We recognize the importance of protecting children's online privacy. The GRADIENT website is intended for a general audience and is not directed to children. We do not knowingly collect personal information online from children under the age of 13. If we learn that we have collected personal information online from a child under the age of 13, we will delete it.
9. Updates To Our Privacy Policy
We may update this Privacy Policy periodically to reflect new GRADIENT program features or changes in our personal information practices. We will post a notice at the top of this Privacy Policy of any significant changes to this Privacy Policy. We will also state there when this Privacy Policy was most recently updated. We will provide other notice to you as required by law.
10. How To Contact Us
If you have any questions or comments about this Privacy Policy, any privacy-related complaints, or would like exercise your rights under this Privacy Policy, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
write to us at:
GRADIENT
Attention: Chief Privacy Officer
150 W 28th St 2nd fl
New York, NY 10001
11. Biometric Data Retention For Illinois Enrolees
For Illinois enrollees, in accordance with Illinois state law, GRADIENT will retain biometric data only until the occurrence of the first of the following:
(a) the initial purpose for collecting or obtaining such biometric data has been satisfied or
(b) three years following your last interaction with GRADIENT.
12. Notice To California Users
The information provided in this section applies only to California residents.
A. PERSONAL INFORMATION WE COLLECT, USE AND SHARE
The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”), requires companies to disclose their collection and use of specific categories of personal information. Below is a table of those categories that GRADIENT collects, or has collected in the past 12 months. Please note that, while each category may cover many types of personal information, GRADIENT collects, uses and shares only the personal information described in Section 1 of this Privacy Policy (Personal Information We Obtain). We also describe the sources through which we collect Personal Information in Section 1. We describe the purposes for which we use and share this information and the categories of third parties to whom we disclose personal information above in Section 2 (How We May Use the Personal Information We Obtain), and Section 3 (Personal Information We Share).
Categories of personal information GRADIENT collects (definitions are available here)
How long GRADIENT retains this information
Identifiers (such as real name, IP address, email address)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Protected classification characteristics under California or federal law (such as age and other information from your government-issued identification)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Biometric information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Internet or other similar network activity
Life of the GRADIENT account when such data is associated with a GRADIENT account in GRADIENT systems, unless deleted at the member’s request or otherwise as provided by law
Precise geolocation data
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Professional or employment-related information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Inferences drawn from other personal information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
GRADIENT will never sell or rent your personal information.
Under California law, the definition of “sharing” is narrower than the term’s common use, and how we use the term “share” in Section 3 of this Privacy Policy. Under California law, “sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged. California law defines “cross-context behavioral advertising” as the “targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts.”
As described above in this Privacy Policy, GRADIENT uses cookies and other tracking tools on our website to facilitate advertising. With your opt-in consent via our cookie consent banner, we may “share” (as the term is defined under California law) non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes.
B. YOUR RIGHTS UNDER CALIFORNIA LAW
California consumers have the following rights:
Knowledge. You can request information about how we have collected, shared and used your personal information during the past 12 months. This information is contained in this Privacy Policy.
Access. You can request a copy of the personal information we maintain about you.
Correction. You can ask us to correct inaccurate personal information we maintain about you.
Deletion. You can ask us to delete the personal information we maintain about you.
Opting out of the sale/sharing of personal information for advertising purposes. GRADIENT does not sell the personal information of California consumers. We may share non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes only with your opt-in consent by accepting targeting cookies on our cookie banner, which can be accessed by clicking on the green cookie in the bottom, left-hand corner of your browser screen. GRADIENT also honors Global Privacy Control. Please review our Cookie Usage page for more details.
Limiting the use of sensitive personal information. You can ask us to limit our use of your sensitive personal information that GRADIENT collects as described above, such as your biometrics information, to such uses necessary to perform services for you. GRADIENT has always been opt in, and GRADIENT uses our users’ sensitive personal information only to provide services to our users, as described in greater detail in this Privacy Policy.
No discrimination for exercising your privacy rights. You have the right not to be discriminated against for exercising your privacy rights under California law.
C. HOW TO SUBMIT A REQUEST
GRADIENT does not sell the personal information of California consumers and does not discriminate in response to privacy rights requests. GRADIENT uses sensitive personal information only to provide services to our users, as described in greater detail in this Privacy Policy. To exercise your other rights under California law, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
submit a request here (for access and deletion requests only); or
write to us at:
GRADIENT
Attention: Chief Privacy Officer
150 W 28th St 2nd fl
New York, NY 10001
D. OTHER NOTES REGARDING CALIFORNIA PRIVACY LAW
Identity verification. California requires us to verify your identity before providing a substantive response to your request for your personal information. We take the privacy and security of your personal information seriously. Therefore, we will verify your identity by asking you to provide certain information about yourself. Once your identity is verified, we will provide your requested information in a timely manner.
Sensitive personal information. Please note, California law limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. To protect your privacy we will require the authorized agent to have a written authorization confirming that authority.
Response to requests. We will make every effort to fulfill or respond to your request within forty-five (45) days. If we are unable to do so, we will notify you. We will also inform you when we have fulfilled your request or provide an explanation for why we are unable or not required to do so.
13. EU-U.S. Data Privacy Framework Compliance
An Affirmative Commitment and Access to Privacy Policy
Gradient doing business as Impulse complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Gradient doing business as Impulse has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov
B. Designated Alternative Dispute Resolution Provider and Recourse Information
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Gradient Experience dba Impulse commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
C. Federal Trade Commission (FTC) Oversight Disclosure
The Federal Trade Commission has jurisdiction over Gradient doing business as Impulse compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.
D. Binding Arbitration Option Disclosure
In accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Gradient doing business as Impulse acknowledges that individuals have the option, under certain conditions, to invoke binding arbitration as described in Annex I of the DPF Principles. If any complaints regarding DPF compliance are not resolved through other mechanisms provided by the DPF Principles, individuals may choose to invoke binding arbitration. For more information on the conditions and procedures for invoking binding arbitration, please refer to Annex I of the DPF Principles.
E. Onward Transfer Liability Disclosure
As part of our commitment to transparency and compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Gradient doing business as Impulse ensures that individuals are informed about our liability in cases of onward transfers to third parties. While Gradient doing business as Impulse currently does not plan to transfer personal information to third parties, it is important to note that, should such transfers become necessary in the future, Gradient doing business as Impulse remains responsible for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Gradient doing business as Impulse shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Gradient doing business asImpulse can demonstrate that it is not responsible for the event giving rise to the damage. We are committed to upholding the principles of data protection and ensuring accountability in all aspects of our data processing practices.
INFORMATION
WE COLLECT
1. Personal Information We Obtain
At Gradient, we strive to collect only the personal information about you that we need to provide the products and services that you choose. We may obtain personal information about you from various sources. The types of personal information we may obtain include:
contact details (such as name, email and postal address and telephone number);
business contact information (such as employer’s name and address, job title and business email address and telephone number), as well as employment and professional license information;
physical characteristics (such as gender and height);
digital images and videos (such as images from your mobile device camera);
biometric data (such as digital images of fingerprints, irises and face);
information about the devices you use to access the GRADIENT service and GRADIENT websites (such as IP address);
information about your use of the GRADIENT service and GRADIENT websites, including personal information typed into forms on our website, whether or not you submit the form;
payment information (such as billing address and payment card details, including card number, expiration date and security code);
location information (such as GPS data from your mobile device to enable a location-based service);
contact information for friends or others you would like us to contact;
information you submit in connection with a career opportunity at GRADIENT (such as contact details, information in your resume and details about your current employment);
survey information; and
other information you may provide to us or authorize others to provide to us (such as shopping and language preferences).
Additionally, when users visit our website, we may collect certain information by using tracking tools, such as cookies and web beacons. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon”, also known as an Internet tag, pixel tag or GRADIENT GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. This allows us to collect information such as your device’s IP address, device type, browser type, operating system, referring URLs, actions taken on our site, and dates and times of website visits. Through these automated collection methods, we may obtain “clickstream” data, which is a log of the content that a visitor clicks on while browsing a website. As the visitor clicks through the website, we may record and store those actions. Clickstream data also tells us the type of computer and browsing software you use, the address of the website from which you linked to our site, and the pages you visit on our site.
2. How We May Use The Personal Information We Obtain
As described further below, GRADIENT uses your personal information to provide you services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal information for other purposes with your consent.
A. BIOMETRIC DATA AND OTHER PERSONAL INFORMATION
We may use biometric information and other personal information we obtain about you to:
facilitate and manage GRADIENT’s application and enrollment processes;
operate and administer the GRADIENT programs and services;
verify applicants’ and users’ identities, including authenticating users of the GRADIENT services; or
comply with and enforce applicable legal requirements and policies, including this Privacy Policy, our Terms of Use.
With your express consent, we also may use information in other ways, such as when you choose to use a service or participate in a program we may offer jointly with another entity.
B. NON-BIOMETRIC INFORMATION
In addition to the uses described in Section 2.A. above, we also may use non-biometric personal information to:
provide services to our consumers (such as travel or airport-related amenities);
authenticate GRADIENT users, and conduct background checks and security threat assessments concerning GRADIENT applicants and users;
communicate with consumers and respond to their questions;
create and manage online accounts that users establish on our website;
send news and updates about GRADIENT and other communications (such as communications about products and services offered by our marketing partners);
offer our consumers products or services we believe may be of interest to them;
communicate with our consumers about, and administer participation in, special events, programs, surveys, and other offers and promotions;
operate, evaluate and improve our business (including developing new products and services; analyzing our products and services; managing our communications; and performing accounting, auditing and other internal functions); or
perform data analyses (including market and consumer research).
We learn how to best tailor our website to our visitors by collecting information through cookies, web beacons and other analytics tools on our website. We may use website analytics to determine how much time visitors spend on each web page of our website, how visitors navigate through the site, and how we may change our site to better meet the needs of our visitors. We may also use cookies to customize visits to our site and deliver content. See our Cookie Usage page for more information. We may use IP addresses to help diagnose problems with our server and to administer our website. We also may use IP addresses to help identify and gather demographic information about visitors to our site.
We do not collect personally identifiable information about a consumer’s online activities over time or across third-party Web sites or online services.
We also may use the information we obtain about you in other ways when we provide specific notice at the time of collection.
C. INTEREST-BASED ADVERTISING
We collect data about your visit to our website to provide advertising about products and services tailored to your individual interests. Therefore, you may see certain ads on other websites because we participate in advertising networks run by third-party vendors. Those networks track your online activities through automated means, including the use of cookies, pixels and web beacons. The networks use this information to show advertisements tailored to your interests. Our ad network vendors receive information about your visit to our website, such as the pages you have viewed. This information also helps us track the effectiveness of our marketing efforts.
Where applicable, we limit how our third-party advertising partners use data collected via cookies and other tracking. You can also choose whether to have this information collected through the use of the cookie preferences center (by clicking on the green cookie in the bottom, left-hand corner of your browser screen), browser settings and other third-party tools, and by implementing Global Privacy Control on your browser. To learn more, visit our Cookie Usage page.
3. Personal Information We Share
We never sell or rent personal information about you.
We do not share or disclose personal information except as described in this Privacy Policy.
A. BIOMETRIC DATA AND OTHER PERSONAL INFORMATION
We may share biometric data, and other personal information we obtain about applicants to and users of GRADIENT with:
Service providers (such as order fulfillment and data analytics providers, liveness analysis providers such as Amazon Web Services). As described in Section 3.D of this Privacy Policy, whenever GRADIENT discloses personal information to its service providers, we contractually prohibit them from using or disclosing that information other than to perform services for us or to comply with legal requirements. We also require our service providers to appropriately safeguard the privacy and security of the personal information we disclose to them, and we impose limits on how long they can retain such information.
The U.S. Transportation Security Administration and airport authorities, pursuant to the purposes described in Section 2.A of this Privacy Policy
Other government agencies, if required by law
Other third parties with your express consent (such as when you choose to use a service or participate in a program that we may offer jointly with another entity)
B. NON-BIOMETRIC INFORMATION
In addition to the disclosures described in Section 3.A above, we also may share non-biometric personal information (except for government-issued identification numbers and payment card and financial account numbers) we obtain about you with our affiliates for the purposes described in Section 2.B of this Privacy Policy.
C. SERVICE PROVIDERS
We contractually prohibit our service providers from using or disclosing our consumers’ personal information, other than to perform services for us or comply with legal requirements. We require these service providers to appropriately safeguard the privacy and security of the consumer personal information they collect, use, disclose or otherwise process for us. We permit service providers to retain such personal
information only for as long as is necessary to provide the services to GRADIENT, and we always limit service providers’ data retention terms to comply with applicable law and this Privacy Policy.
D. DISCLOSURES FOR OTHER PURPOSES
We may disclose information we obtain about you:
if law or legal process requires us to do so (such as a court order or subpoena);
in response to requests by government agencies (such as law enforcement authorities);
to establish, exercise or defend our legal rights;
when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss;
in connection with an investigation of suspected or actual illegal activity; or
otherwise with your consent or at your direction.
We reserve the right to transfer information we have about you if we sell or transfer all or part of our business or assets, as permitted or required by law. Should such a transfer occur, we will use reasonable efforts to direct the transferee to use the personal information in a manner that is consistent with this Privacy Policy.
We also may share the information we obtain about you in other ways when we provide specific notice at the time of collection.
4. Your Privacy Rights With GRADIENT
At GRADIENT, we respect your ability to know, access, correct, restrict the processing of, and delete your personal information. We’ve honored these rights since GRADIENT launched in 2010 for all our members, regardless of where they live. To exercise your privacy rights, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
submit a request here (for access and deletion requests only); or
write to us at:
GRADIENT
Attention: Chief Privacy Officer
85 10th Avenue, 9th Floor
New York, New York 10011
To help protect the security of your personal information, your identity will be verified when we receive your request.
We may share non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes only with your opt-in consent by accepting targeting cookies on our cookie banner, which can be accessed by clicking on the green cookie in the bottom, left-hand corner of your browser screen. GRADIENT also honors Global Privacy Control. Please review our Cookie Usage page for more details.
You can also direct us at any time not to send you marketing emails by:
clicking on an unsubscribe link in marketing emails you receive from us;
replying to marketing emails you receive from us with the word “unsubscribe” in the subject line; or
emailing us at privacy@gradientexperience.com with the word “unsubscribe” in the subject line and your name in the body of the email.
There may be situations where we cannot grant certain types of these requests — for example, if you ask us to delete your personal information, but GRADIENT is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns.
5. How We Protect Personal Information
We maintain administrative, technical and physical safeguards. These are designed to protect personal information against accidental, unlawful or unauthorized: destruction, alteration, access, disclosure or use.
To safeguard certain sensitive information (such as biometric data and government-issued identification information), we implement security measures such as encryption, firewalls, and intrusion detection and prevention systems. Our customer service call centers do not have access to biometric data.
In addition, some examples of security measures we use to safeguard personal information include:
procedures for identifying and classifying personal information;
implementing safeguards appropriate to the sensitivity of the information;
access control procedures to verify business need before access to personal information is granted;
procedures for the periodic review of access permissions;
procedures for terminating access to personal information when there is no longer a business need for access;
personnel security controls designed to reduce the risk of human error, theft, fraud or misuse of facilities; and
physical and environmental security procedures designed to prevent unauthorized access, damage or interference to business premises and information.
In the event of a breach of GRADIENT’s systems resulting in unauthorized access to your personal information, GRADIENT will provide notice as required by law.
6. Other Online Services And Third-Party Features
Our website and other services may provide links to other online services for your convenience and information. This may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect, are subject to the privacy statements of these parties. We strongly suggest you review them. To the extent any linked online services or third-party features are not owned or controlled by us, GRADIENT is not responsible for their information practices.
7. Retention Of Personal Information
To request removal of your personal information as described above, you may contact us as indicated in Section 10 of this Privacy Policy.
We will honor your requests, except that we may retain limited information to comply with your request not to be contacted in the future.
8. Children's Personal Information
We recognize the importance of protecting children's online privacy. The GRADIENT website is intended for a general audience and is not directed to children. We do not knowingly collect personal information online from children under the age of 13. If we learn that we have collected personal information online from a child under the age of 13, we will delete it.
9. Updates To Our Privacy Policy
We may update this Privacy Policy periodically to reflect new GRADIENT program features or changes in our personal information practices. We will post a notice at the top of this Privacy Policy of any significant changes to this Privacy Policy. We will also state there when this Privacy Policy was most recently updated. We will provide other notice to you as required by law.
10. How To Contact Us
If you have any questions or comments about this Privacy Policy, any privacy-related complaints, or would like exercise your rights under this Privacy Policy, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
write to us at:
GRADIENT
Attention: Chief Privacy Officer
150 W 28th St 2nd fl
New York, NY 10001
11. Biometric Data Retention For Illinois Enrolees
For Illinois enrollees, in accordance with Illinois state law, GRADIENT will retain biometric data only until the occurrence of the first of the following:
(a) the initial purpose for collecting or obtaining such biometric data has been satisfied or
(b) three years following your last interaction with GRADIENT.
12. Notice To California Users
The information provided in this section applies only to California residents.
A. PERSONAL INFORMATION WE COLLECT, USE AND SHARE
The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”), requires companies to disclose their collection and use of specific categories of personal information. Below is a table of those categories that GRADIENT collects, or has collected in the past 12 months. Please note that, while each category may cover many types of personal information, GRADIENT collects, uses and shares only the personal information described in Section 1 of this Privacy Policy (Personal Information We Obtain). We also describe the sources through which we collect Personal Information in Section 1. We describe the purposes for which we use and share this information and the categories of third parties to whom we disclose personal information above in Section 2 (How We May Use the Personal Information We Obtain), and Section 3 (Personal Information We Share).
Categories of personal information GRADIENT collects (definitions are available here)
How long GRADIENT retains this information
Identifiers (such as real name, IP address, email address)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Protected classification characteristics under California or federal law (such as age and other information from your government-issued identification)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Biometric information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Internet or other similar network activity
Life of the GRADIENT account when such data is associated with a GRADIENT account in GRADIENT systems, unless deleted at the member’s request or otherwise as provided by law
Precise geolocation data
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Professional or employment-related information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Inferences drawn from other personal information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
GRADIENT will never sell or rent your personal information.
Under California law, the definition of “sharing” is narrower than the term’s common use, and how we use the term “share” in Section 3 of this Privacy Policy. Under California law, “sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged. California law defines “cross-context behavioral advertising” as the “targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts.”
As described above in this Privacy Policy, GRADIENT uses cookies and other tracking tools on our website to facilitate advertising. With your opt-in consent via our cookie consent banner, we may “share” (as the term is defined under California law) non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes.
B. YOUR RIGHTS UNDER CALIFORNIA LAW
California consumers have the following rights:
Knowledge. You can request information about how we have collected, shared and used your personal information during the past 12 months. This information is contained in this Privacy Policy.
Access. You can request a copy of the personal information we maintain about you.
Correction. You can ask us to correct inaccurate personal information we maintain about you.
Deletion. You can ask us to delete the personal information we maintain about you.
Opting out of the sale/sharing of personal information for advertising purposes. GRADIENT does not sell the personal information of California consumers. We may share non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes only with your opt-in consent by accepting targeting cookies on our cookie banner, which can be accessed by clicking on the green cookie in the bottom, left-hand corner of your browser screen. GRADIENT also honors Global Privacy Control. Please review our Cookie Usage page for more details.
Limiting the use of sensitive personal information. You can ask us to limit our use of your sensitive personal information that GRADIENT collects as described above, such as your biometrics information, to such uses necessary to perform services for you. GRADIENT has always been opt in, and GRADIENT uses our users’ sensitive personal information only to provide services to our users, as described in greater detail in this Privacy Policy.
No discrimination for exercising your privacy rights. You have the right not to be discriminated against for exercising your privacy rights under California law.
C. HOW TO SUBMIT A REQUEST
GRADIENT does not sell the personal information of California consumers and does not discriminate in response to privacy rights requests. GRADIENT uses sensitive personal information only to provide services to our users, as described in greater detail in this Privacy Policy. To exercise your other rights under California law, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
submit a request here (for access and deletion requests only); or
write to us at:
GRADIENT
Attention: Chief Privacy Officer
150 W 28th St 2nd fl
New York, NY 10001
D. OTHER NOTES REGARDING CALIFORNIA PRIVACY LAW
Identity verification. California requires us to verify your identity before providing a substantive response to your request for your personal information. We take the privacy and security of your personal information seriously. Therefore, we will verify your identity by asking you to provide certain information about yourself. Once your identity is verified, we will provide your requested information in a timely manner.
Sensitive personal information. Please note, California law limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. To protect your privacy we will require the authorized agent to have a written authorization confirming that authority.
Response to requests. We will make every effort to fulfill or respond to your request within forty-five (45) days. If we are unable to do so, we will notify you. We will also inform you when we have fulfilled your request or provide an explanation for why we are unable or not required to do so.
13. EU-U.S. Data Privacy Framework Compliance
An Affirmative Commitment and Access to Privacy Policy
Gradient doing business as Impulse complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Gradient doing business as Impulse has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov
B. Designated Alternative Dispute Resolution Provider and Recourse Information
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Gradient Experience dba Impulse commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
C. Federal Trade Commission (FTC) Oversight Disclosure
The Federal Trade Commission has jurisdiction over Gradient doing business as Impulse compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.
D. Binding Arbitration Option Disclosure
In accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Gradient doing business as Impulse acknowledges that individuals have the option, under certain conditions, to invoke binding arbitration as described in Annex I of the DPF Principles. If any complaints regarding DPF compliance are not resolved through other mechanisms provided by the DPF Principles, individuals may choose to invoke binding arbitration. For more information on the conditions and procedures for invoking binding arbitration, please refer to Annex I of the DPF Principles.
E. Onward Transfer Liability Disclosure
As part of our commitment to transparency and compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Gradient doing business as Impulse ensures that individuals are informed about our liability in cases of onward transfers to third parties. While Gradient doing business as Impulse currently does not plan to transfer personal information to third parties, it is important to note that, should such transfers become necessary in the future, Gradient doing business as Impulse remains responsible for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Gradient doing business as Impulse shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Gradient doing business asImpulse can demonstrate that it is not responsible for the event giving rise to the damage. We are committed to upholding the principles of data protection and ensuring accountability in all aspects of our data processing practices.
INFORMATION
WE COLLECT
1. Personal Information We Obtain
At Gradient, we strive to collect only the personal information about you that we need to provide the products and services that you choose. We may obtain personal information about you from various sources. The types of personal information we may obtain include:
contact details (such as name, email and postal address and telephone number);
business contact information (such as employer’s name and address, job title and business email address and telephone number), as well as employment and professional license information;
physical characteristics (such as gender and height);
digital images and videos (such as images from your mobile device camera);
biometric data (such as digital images of fingerprints, irises and face);
information about the devices you use to access the GRADIENT service and GRADIENT websites (such as IP address);
information about your use of the GRADIENT service and GRADIENT websites, including personal information typed into forms on our website, whether or not you submit the form;
payment information (such as billing address and payment card details, including card number, expiration date and security code);
location information (such as GPS data from your mobile device to enable a location-based service);
contact information for friends or others you would like us to contact;
information you submit in connection with a career opportunity at GRADIENT (such as contact details, information in your resume and details about your current employment);
survey information; and
other information you may provide to us or authorize others to provide to us (such as shopping and language preferences).
Additionally, when users visit our website, we may collect certain information by using tracking tools, such as cookies and web beacons. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon”, also known as an Internet tag, pixel tag or GRADIENT GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. This allows us to collect information such as your device’s IP address, device type, browser type, operating system, referring URLs, actions taken on our site, and dates and times of website visits. Through these automated collection methods, we may obtain “clickstream” data, which is a log of the content that a visitor clicks on while browsing a website. As the visitor clicks through the website, we may record and store those actions. Clickstream data also tells us the type of computer and browsing software you use, the address of the website from which you linked to our site, and the pages you visit on our site.
2. How We May Use The Personal Information We Obtain
As described further below, GRADIENT uses your personal information to provide you services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal information for other purposes with your consent.
A. BIOMETRIC DATA AND OTHER PERSONAL INFORMATION
We may use biometric information and other personal information we obtain about you to:
facilitate and manage GRADIENT’s application and enrollment processes;
operate and administer the GRADIENT programs and services;
verify applicants’ and users’ identities, including authenticating users of the GRADIENT services; or
comply with and enforce applicable legal requirements and policies, including this Privacy Policy, our Terms of Use.
With your express consent, we also may use information in other ways, such as when you choose to use a service or participate in a program we may offer jointly with another entity.
B. NON-BIOMETRIC INFORMATION
In addition to the uses described in Section 2.A. above, we also may use non-biometric personal information to:
provide services to our consumers (such as travel or airport-related amenities);
authenticate GRADIENT users, and conduct background checks and security threat assessments concerning GRADIENT applicants and users;
communicate with consumers and respond to their questions;
create and manage online accounts that users establish on our website;
send news and updates about GRADIENT and other communications (such as communications about products and services offered by our marketing partners);
offer our consumers products or services we believe may be of interest to them;
communicate with our consumers about, and administer participation in, special events, programs, surveys, and other offers and promotions;
operate, evaluate and improve our business (including developing new products and services; analyzing our products and services; managing our communications; and performing accounting, auditing and other internal functions); or
perform data analyses (including market and consumer research).
We learn how to best tailor our website to our visitors by collecting information through cookies, web beacons and other analytics tools on our website. We may use website analytics to determine how much time visitors spend on each web page of our website, how visitors navigate through the site, and how we may change our site to better meet the needs of our visitors. We may also use cookies to customize visits to our site and deliver content. See our Cookie Usage page for more information. We may use IP addresses to help diagnose problems with our server and to administer our website. We also may use IP addresses to help identify and gather demographic information about visitors to our site.
We do not collect personally identifiable information about a consumer’s online activities over time or across third-party Web sites or online services.
We also may use the information we obtain about you in other ways when we provide specific notice at the time of collection.
C. INTEREST-BASED ADVERTISING
We collect data about your visit to our website to provide advertising about products and services tailored to your individual interests. Therefore, you may see certain ads on other websites because we participate in advertising networks run by third-party vendors. Those networks track your online activities through automated means, including the use of cookies, pixels and web beacons. The networks use this information to show advertisements tailored to your interests. Our ad network vendors receive information about your visit to our website, such as the pages you have viewed. This information also helps us track the effectiveness of our marketing efforts.
Where applicable, we limit how our third-party advertising partners use data collected via cookies and other tracking. You can also choose whether to have this information collected through the use of the cookie preferences center (by clicking on the green cookie in the bottom, left-hand corner of your browser screen), browser settings and other third-party tools, and by implementing Global Privacy Control on your browser. To learn more, visit our Cookie Usage page.
3. Personal Information We Share
We never sell or rent personal information about you.
We do not share or disclose personal information except as described in this Privacy Policy.
A. BIOMETRIC DATA AND OTHER PERSONAL INFORMATION
We may share biometric data, and other personal information we obtain about applicants to and users of GRADIENT with:
Service providers (such as order fulfillment and data analytics providers, liveness analysis providers such as Amazon Web Services). As described in Section 3.D of this Privacy Policy, whenever GRADIENT discloses personal information to its service providers, we contractually prohibit them from using or disclosing that information other than to perform services for us or to comply with legal requirements. We also require our service providers to appropriately safeguard the privacy and security of the personal information we disclose to them, and we impose limits on how long they can retain such information.
The U.S. Transportation Security Administration and airport authorities, pursuant to the purposes described in Section 2.A of this Privacy Policy
Other government agencies, if required by law
Other third parties with your express consent (such as when you choose to use a service or participate in a program that we may offer jointly with another entity)
B. NON-BIOMETRIC INFORMATION
In addition to the disclosures described in Section 3.A above, we also may share non-biometric personal information (except for government-issued identification numbers and payment card and financial account numbers) we obtain about you with our affiliates for the purposes described in Section 2.B of this Privacy Policy.
C. SERVICE PROVIDERS
We contractually prohibit our service providers from using or disclosing our consumers’ personal information, other than to perform services for us or comply with legal requirements. We require these service providers to appropriately safeguard the privacy and security of the consumer personal information they collect, use, disclose or otherwise process for us. We permit service providers to retain such personal
information only for as long as is necessary to provide the services to GRADIENT, and we always limit service providers’ data retention terms to comply with applicable law and this Privacy Policy.
D. DISCLOSURES FOR OTHER PURPOSES
We may disclose information we obtain about you:
if law or legal process requires us to do so (such as a court order or subpoena);
in response to requests by government agencies (such as law enforcement authorities);
to establish, exercise or defend our legal rights;
when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss;
in connection with an investigation of suspected or actual illegal activity; or
otherwise with your consent or at your direction.
We reserve the right to transfer information we have about you if we sell or transfer all or part of our business or assets, as permitted or required by law. Should such a transfer occur, we will use reasonable efforts to direct the transferee to use the personal information in a manner that is consistent with this Privacy Policy.
We also may share the information we obtain about you in other ways when we provide specific notice at the time of collection.
4. Your Privacy Rights With GRADIENT
At GRADIENT, we respect your ability to know, access, correct, restrict the processing of, and delete your personal information. We’ve honored these rights since GRADIENT launched in 2010 for all our members, regardless of where they live. To exercise your privacy rights, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
submit a request here (for access and deletion requests only); or
write to us at:
GRADIENT
Attention: Chief Privacy Officer
85 10th Avenue, 9th Floor
New York, New York 10011
To help protect the security of your personal information, your identity will be verified when we receive your request.
We may share non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes only with your opt-in consent by accepting targeting cookies on our cookie banner, which can be accessed by clicking on the green cookie in the bottom, left-hand corner of your browser screen. GRADIENT also honors Global Privacy Control. Please review our Cookie Usage page for more details.
You can also direct us at any time not to send you marketing emails by:
clicking on an unsubscribe link in marketing emails you receive from us;
replying to marketing emails you receive from us with the word “unsubscribe” in the subject line; or
emailing us at privacy@gradientexperience.com with the word “unsubscribe” in the subject line and your name in the body of the email.
There may be situations where we cannot grant certain types of these requests — for example, if you ask us to delete your personal information, but GRADIENT is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns.
5. How We Protect Personal Information
We maintain administrative, technical and physical safeguards. These are designed to protect personal information against accidental, unlawful or unauthorized: destruction, alteration, access, disclosure or use.
To safeguard certain sensitive information (such as biometric data and government-issued identification information), we implement security measures such as encryption, firewalls, and intrusion detection and prevention systems. Our customer service call centers do not have access to biometric data.
In addition, some examples of security measures we use to safeguard personal information include:
procedures for identifying and classifying personal information;
implementing safeguards appropriate to the sensitivity of the information;
access control procedures to verify business need before access to personal information is granted;
procedures for the periodic review of access permissions;
procedures for terminating access to personal information when there is no longer a business need for access;
personnel security controls designed to reduce the risk of human error, theft, fraud or misuse of facilities; and
physical and environmental security procedures designed to prevent unauthorized access, damage or interference to business premises and information.
In the event of a breach of GRADIENT’s systems resulting in unauthorized access to your personal information, GRADIENT will provide notice as required by law.
6. Other Online Services And Third-Party Features
Our website and other services may provide links to other online services for your convenience and information. This may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect, are subject to the privacy statements of these parties. We strongly suggest you review them. To the extent any linked online services or third-party features are not owned or controlled by us, GRADIENT is not responsible for their information practices.
7. Retention Of Personal Information
To request removal of your personal information as described above, you may contact us as indicated in Section 10 of this Privacy Policy.
We will honor your requests, except that we may retain limited information to comply with your request not to be contacted in the future.
8. Children's Personal Information
We recognize the importance of protecting children's online privacy. The GRADIENT website is intended for a general audience and is not directed to children. We do not knowingly collect personal information online from children under the age of 13. If we learn that we have collected personal information online from a child under the age of 13, we will delete it.
9. Updates To Our Privacy Policy
We may update this Privacy Policy periodically to reflect new GRADIENT program features or changes in our personal information practices. We will post a notice at the top of this Privacy Policy of any significant changes to this Privacy Policy. We will also state there when this Privacy Policy was most recently updated. We will provide other notice to you as required by law.
10. How To Contact Us
If you have any questions or comments about this Privacy Policy, any privacy-related complaints, or would like exercise your rights under this Privacy Policy, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
write to us at:
GRADIENT
Attention: Chief Privacy Officer
150 W 28th St 2nd fl
New York, NY 10001
11. Biometric Data Retention For Illinois Enrolees
For Illinois enrollees, in accordance with Illinois state law, GRADIENT will retain biometric data only until the occurrence of the first of the following:
(a) the initial purpose for collecting or obtaining such biometric data has been satisfied or
(b) three years following your last interaction with GRADIENT.
12. Notice To California Users
The information provided in this section applies only to California residents.
A. PERSONAL INFORMATION WE COLLECT, USE AND SHARE
The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”), requires companies to disclose their collection and use of specific categories of personal information. Below is a table of those categories that GRADIENT collects, or has collected in the past 12 months. Please note that, while each category may cover many types of personal information, GRADIENT collects, uses and shares only the personal information described in Section 1 of this Privacy Policy (Personal Information We Obtain). We also describe the sources through which we collect Personal Information in Section 1. We describe the purposes for which we use and share this information and the categories of third parties to whom we disclose personal information above in Section 2 (How We May Use the Personal Information We Obtain), and Section 3 (Personal Information We Share).
Categories of personal information GRADIENT collects (definitions are available here)
How long GRADIENT retains this information
Identifiers (such as real name, IP address, email address)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Protected classification characteristics under California or federal law (such as age and other information from your government-issued identification)
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Biometric information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Internet or other similar network activity
Life of the GRADIENT account when such data is associated with a GRADIENT account in GRADIENT systems, unless deleted at the member’s request or otherwise as provided by law
Precise geolocation data
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Professional or employment-related information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
Inferences drawn from other personal information
Life of the GRADIENT account, unless deleted at the member’s request or otherwise as provided by law
GRADIENT will never sell or rent your personal information.
Under California law, the definition of “sharing” is narrower than the term’s common use, and how we use the term “share” in Section 3 of this Privacy Policy. Under California law, “sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged. California law defines “cross-context behavioral advertising” as the “targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts.”
As described above in this Privacy Policy, GRADIENT uses cookies and other tracking tools on our website to facilitate advertising. With your opt-in consent via our cookie consent banner, we may “share” (as the term is defined under California law) non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes.
B. YOUR RIGHTS UNDER CALIFORNIA LAW
California consumers have the following rights:
Knowledge. You can request information about how we have collected, shared and used your personal information during the past 12 months. This information is contained in this Privacy Policy.
Access. You can request a copy of the personal information we maintain about you.
Correction. You can ask us to correct inaccurate personal information we maintain about you.
Deletion. You can ask us to delete the personal information we maintain about you.
Opting out of the sale/sharing of personal information for advertising purposes. GRADIENT does not sell the personal information of California consumers. We may share non-sensitive identifiers and personal information pertaining to internet or other similar network activity with third parties for advertising purposes only with your opt-in consent by accepting targeting cookies on our cookie banner, which can be accessed by clicking on the green cookie in the bottom, left-hand corner of your browser screen. GRADIENT also honors Global Privacy Control. Please review our Cookie Usage page for more details.
Limiting the use of sensitive personal information. You can ask us to limit our use of your sensitive personal information that GRADIENT collects as described above, such as your biometrics information, to such uses necessary to perform services for you. GRADIENT has always been opt in, and GRADIENT uses our users’ sensitive personal information only to provide services to our users, as described in greater detail in this Privacy Policy.
No discrimination for exercising your privacy rights. You have the right not to be discriminated against for exercising your privacy rights under California law.
C. HOW TO SUBMIT A REQUEST
GRADIENT does not sell the personal information of California consumers and does not discriminate in response to privacy rights requests. GRADIENT uses sensitive personal information only to provide services to our users, as described in greater detail in this Privacy Policy. To exercise your other rights under California law, you may:
contact us at: privacy@gradientexperience.com
call 1-212-997-9742
submit a request here (for access and deletion requests only); or
write to us at:
GRADIENT
Attention: Chief Privacy Officer
150 W 28th St 2nd fl
New York, NY 10001
D. OTHER NOTES REGARDING CALIFORNIA PRIVACY LAW
Identity verification. California requires us to verify your identity before providing a substantive response to your request for your personal information. We take the privacy and security of your personal information seriously. Therefore, we will verify your identity by asking you to provide certain information about yourself. Once your identity is verified, we will provide your requested information in a timely manner.
Sensitive personal information. Please note, California law limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. To protect your privacy we will require the authorized agent to have a written authorization confirming that authority.
Response to requests. We will make every effort to fulfill or respond to your request within forty-five (45) days. If we are unable to do so, we will notify you. We will also inform you when we have fulfilled your request or provide an explanation for why we are unable or not required to do so.