Privacy Policy
This page gives important information about:
How Gray collects and uses the personal information of the people who work for our clients.
Our processing of personal information on behalf of clients.
Where we store and process personal information and our commitment to privacy rights.
Collection and use of personal information of the people who work for our clients
What we use your personal information for
Promoting the services of Gray
We may obtain your personal business contact details (such as email, telephone number, address, position) from you, or from publicly available sources (like LinkedIn). If you have attended an event (including an event we may host through a third-party provider), we may also receive these details from the event organizer or third-party provider.
Where we are allowed, we will use your personal information to contact you about, or send you information on, Gray’s services. This may be because:
you have requested them, or
we feel our services may be of interest to you, given your position in the business you work for.
Where we are allowed, we will also use your personal information to assess and report on efficiency gains resulting from the use of our products and services by our clients. When we do so, we process your personal data jointly with our clients.
Also, we will promote our products and services through your testimonials and the results of efficiency gains reports. We always follow applicable direct marketing rules. If you want us to stop promoting our services to you, please let us know. You can also opt-out of receiving our direct marketing emails at any time.
Enquiries
You may make an enquiry about our services (for example, through our contact page). If you do, we use the information you give us to:
provide you with information about our services;
respond to and manage your enquiries and requests; and/or
manage any pre-contract discussions between Gray and the business you work for.
Using our services
When we provide our services, we will collect and use your personal information. Any personal information you give us, or which we obtain, when providing our services will be used for:
providing our services in accordance with our contract with our client (the business you work for); and
managing our relationship with our client.
Other uses of your personal information
Enforcing legal rights
We will use your personal information for the enforcement or protection of our legal rights.
Administration, quality, and training
We will use your personal information to:
help administer our business (including in accordance with legal or other obligations we must meet);
manage our relationship with you;
maintain quality standards; and
design and deliver internal training.
System and product development
Your personal information is used to support the development and improvement of our systems and products. This can include using your information for:
the purposes of surveys; and
providing your personal information to third parties so they can provide services to us in respect of system
and product development or improvement in accordance with our instructions.
Who else gets your personal information?
Gray does not disclose your personal information for a business purpose except as set out in this Privacy
Statement. Your personal information is never otherwise sold or shared to third parties.
To help us provide our solutions and services, the personal information described above is disclosed to third parties who provide services to us, including:
information technology and information services providers;
other third-party service providers; and
professional and other third-party advisers.
These third parties can only use the personal information to provide their services to us or to support our delivery of our services to you. They must follow our instructions and they are not permitted to sell or share your personal information.
Your personal information is not disclosed to anyone else. In certain circumstances, we may be obliged to disclose your personal information to a public authority in response to a lawful request or to respond to legal process. We will only make such disclosure to extent such request is lawful.
If you do not wish us to disclose your information to a third party or use it for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorised by you, you can inform us by using the mechanisms detailed in “Your rights” below.
How long do we keep your personal information?
We will only keep your personal data for as long as we are legally required, or if longer, for the period the personal information is needed for the purposes we have collected it.
Lawful use of your personal information
We only use your personal information if lawfully we can do so.
European Union
As our client will be the business you work for, our use of your personal information is in all cases necessary in Gray’s legitimate interest in conducting and managing our business (for the purposes we have described above) and enforcing our legal rights.
You do have the right to object to this processing and can do so by writing to us at our address or emailing us. If you do object, this may affect our ability to provide our services and solutions to the business you work for.
In some cases, we may ask for your consent to send you information and materials about Gray’s services.
In this case, our lawful use of your personal information for this purpose remains Gray’s legitimate interest (as described above), but your consent is provided for the purposes of meeting the requirements of direct marketing laws.
Transfers of personal data
Gray is a company established in Canada. Your personal information may be transferred outside Canada, but only for use by Gray for the purposes described in this privacy statement. In each case, these transfers are subject to adequate safeguards as prescribed by law.
For further details, see “where we store and process personal data”. If you wish to receive further information on these transfers and the safeguards in place, please contact us at privacy@gray-os.com.
Your rights
Gray Oncology Solutions
You can at any time contact Gray Oncology Solutions in respect of the use of your personal information:
Gray Oncology Solutions, 5748 Rue de Verdun, Montréal, QC H4H 1L8, Canada.
You can also contact us by email: privacy@gray-os.com.
If you are a California resident, you can additionally make a request to exercise your rights by emailing:
European Union– Data Controller
The data controller, and the addresses at which it can be contacted, is:
Gray Oncology Solutions, 5748 Rue de Verdun, Montréal, QC H4H 1L8, Canada.
You can also contact us by email: privacy@gray-os.com.
Data Protection Representative Limited (DataRep) is the representative of Gray Oncology Solutions in the European Union. If you want to raise a question to Gray Oncology Solutions, or otherwise exercise your rights in respect of your personal data in the European Union, you can also do so by:
sending an email to DataRep at datarequest@datarep.com quoting “Gray Oncology Solutions
Inc” , orcontacting DataRep using its online webform at www.datarep.com/data-request
Our Privacy Officer
Gray has designated a Privacy Officer. The Privacy Officer can be contacted by emailing:
Our Data Protection Officer
Gray has appointed a Data Protection Officer in France: The Data Protection Officer can be contacted
by emailing: privacy@gray-os.com.
Accessing, deleting, rectifying and moving your personal information
In addition to the right to object to the processing of your personal information, depending on the country or state laws that apply, you may also have the right to:
access your personal information and have disclosed to you what personal information we have
collected, used or shared about you, and for what purposes;
require us to delete your personal information;
opt-out of the sale of your personal information;
rectify any personal information we hold that is incorrect; and/or have your personal information transmitted to another data controller.
Where applicable, if you want to exercise these rights please let us know using the contact mechanisms identified above. We may ask you to provide sufficient information to verify and complete your request. Subject to the rights you have, and to any legal or other requirements, we will complete your request within thirty days.
Lodging a complaint – European Union
You can at any time complain about our processing of your personal information with the following data protection authorities:
France
The French Data Protection Authority (CNIL)
You can obtain contact details at: www.cnil.fr.
Our processing of personal information on behalf of clients
The services provided by Gray to its clients can include the processing of personal information on their behalf. When we do this, we only use the personal information under their instruction and never for our own purposes. We are not the controller of this personal information, and our client always remains responsible for it.
If you have questions about our processing of your personal information on behalf of one of our clients or wish to exercise your rights to access that personal information, please contact that client or review their privacy notice. However, the information in the next section:
“Where we store and process
Overview
Personal information collected or processed by Gray may be stored and processed in Canada, and in any other country where Gray or its service providers process personal data. Gray processes personal information in accordance with this privacy statement and the requirements of applicable law.
Transfers of personal data to other countries
We transfer personal data from Canada to other countries. If, as part of the processing activities described above, Gray needs to transfer personal data to recipients located outside Canada, Gray ensures that adequate safeguards are in place for those transfers, as required by relevant data protection and privacy laws.
This statement was published on September 5th, 2025. If you wish to see prior versions of this statement, please contact us.