Privacy Policy

Last updated: 12 May 2026

1. Introduction

This Privacy Policy explains how GreenM ("GreenM," "we," "us," or "our") collects, uses, shares, and protects personal data in connection with our website greenm.io and our business communications (collectively, the "Site").

GreenM is operated by [INSERT LEGAL ENTITY NAME], a company registered in [JURISDICTION] under company number [REG NO], with its registered office at [REGISTERED ADDRESS].

For the purposes of UK GDPR and EU GDPR, GreenM is the controller of personal data collected through this Site.

If you have questions about this policy, contact us at privacy@greenm.io.

2. Scope of this policy

This policy covers personal data we collect when you:

  • Visit greenm.io or interact with our marketing communications
  • Submit a contact form, demo request, or other enquiry
  • Subscribe to GreenM Brief or other newsletters
  • Book a meeting with our team
  • Apply for a job or engage with our recruitment communications
  • Engage with us as a client, prospect, partner, or supplier representative

3. Important notice for healthcare clients (PHI / patient data)

GreenM provides AI, data, and engineering services to healthcare organizations. When we process protected health information (PHI), patient records, or other clinical data on behalf of a healthcare client, we do so as a data processor (under UK/EU GDPR) and/or as a Business Associate (under HIPAA, where applicable).

The processing of such data is governed by the separate Data Processing Agreement (DPA) and/or Business Associate Agreement (BAA) we sign with the relevant client — not by this Privacy Policy. This Privacy Policy applies only to personal data we collect as a controller through our Site and direct business interactions.

If you are a patient and have questions about how your data has been used in a system built or operated by GreenM, please contact the healthcare provider that holds the relationship with you. They are the controller of that data; we cannot identify you or respond to data subject requests without their involvement.

4. Information we collect

4.1 Information you provide

  • Contact details: name, work email, job title, company name, phone number, country.
  • Enquiry content: the information you include in messages, demo requests, or RFPs you send us.
  • Newsletter subscription: email address and any preferences you set.
  • Meeting bookings: information collected via our scheduling tool (calendar availability, time zone, optional notes).
  • Recruitment: CV, work history, references, and other information you submit when applying for a role.

4.2 Information collected automatically

  • Device and usage data: IP address, browser type and version, operating system, referring URL, pages viewed, time on page, click events.
  • Cookies and similar technologies: see section 10.
  • Approximate location: country and city, derived from IP address.

4.3 Information from third parties

  • Business contact data from professional networks (e.g. LinkedIn) and B2B data providers, used for prospecting and account research where permitted under our legitimate interests.
  • Marketing platform data: engagement signals (e.g. email opens, clicks) from our email and advertising tools.
  • Referrals and introductions from existing clients or partners, where the referrer has confirmed your interest.

5. How we use your information

We use personal data for the following purposes:

  • Respond to enquiries and demo requests — contact details and enquiry content. Legal basis: performance of pre-contractual steps; legitimate interests in running our business.
  • Send GreenM Brief and other marketing communications — email, name, engagement signals. Legal basis: consent (where required); legitimate interests for existing business contacts (soft opt-in).
  • Improve and secure the Site — usage data, device data, cookies. Legal basis: legitimate interests in analytics, security, and fraud prevention.
  • Account research and B2B prospecting — business contact data from third parties. Legal basis: legitimate interests in B2B marketing to professional contacts in relevant roles.
  • Recruitment — CV, application data, references. Legal basis: pre-contractual steps; legitimate interests in assessing candidates.
  • Comply with legal obligations — as required by law. Legal basis: legal obligation.
  • Establish, exercise, or defend legal claims — as needed. Legal basis: legitimate interests.

We do not use the personal data collected through this Site for automated decision-making that produces legal or similarly significant effects.

6. Who we share your information with

We share personal data only when necessary, and only with parties who provide adequate safeguards. Categories of recipients:

  • Service providers (sub-processors) that help us run the Site and our business — including website hosting, analytics, email marketing, CRM, scheduling, and security tooling. A representative list is in section 10.
  • Professional advisors — lawyers, auditors, accountants, insurers, where required.
  • Regulators, law enforcement, and government bodies where we are legally required to disclose information.
  • Successors in connection with a merger, acquisition, or sale of all or part of our business.

We do not sell personal data, and we do not share it with third parties for their own marketing purposes.

7. International data transfers

GreenM operates internationally, and some of our service providers are located outside the UK and the European Economic Area (EEA), including in the United States.

When personal data is transferred outside the UK or EEA to a country not covered by an adequacy decision, we rely on appropriate safeguards, including:

  • The EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (or the UK IDTA, where applicable)
  • Supplementary technical and organizational measures (encryption in transit and at rest, access controls)
  • Adequacy decisions of the European Commission or the UK Government, where available

You can request a copy of the relevant safeguards by emailing privacy@greenm.io.

8. How long we keep your information

We retain personal data only for as long as we need it for the purposes described in this policy. Default retention periods:

  • Enquiries and demo requests (no engagement): [24 months] from last interaction.
  • Newsletter subscribers: until you unsubscribe, plus a short suppression record.
  • Active client and supplier contacts: duration of the engagement plus [7 years] for legal and tax purposes.
  • Job applicants (unsuccessful): [12 months], unless you consent to a longer talent-pool retention.
  • Website analytics: as configured in our analytics tools (typically [14–26 months]).
  • Server and security logs: [12 months].

After the retention period expires, we delete or irreversibly anonymize the data, unless we are legally required to keep it longer.

9. Your rights

Depending on where you live, you may have the following rights in relation to your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data, in certain circumstances.
  • Restriction — ask us to limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent — where we rely on your consent, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
  • Lodge a complaint — with the UK Information Commissioner's Office (ico.org.uk) or your local data protection authority.

To exercise any of these rights, email privacy@greenm.io. We may need to verify your identity before responding. We will reply within one month, or notify you if we need a reasonable extension.

For California residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. GreenM does not sell personal information. To exercise CCPA rights, email privacy@greenm.io.

10. Cookies and similar technologies

The Site uses cookies and similar technologies to make it work, to understand how it is used, and (with your consent) to support marketing.

Categories

  • Strictly necessary — required for core site functionality. Always active.
  • Analytics / performance — help us understand how visitors use the Site (e.g. Google Analytics).
  • Functional — remember choices you make (e.g. language).
  • Marketing — used for advertising and attribution (e.g. LinkedIn Insight Tag).

You can accept, reject, or manage non-essential cookies at any time via our cookie preferences. You can also manage cookies through your browser settings.

Representative third-party tools

  • Webflow — website hosting and CMS
  • Google Analytics — usage analytics
  • LinkedIn Insight Tag — advertising and attribution [if used]
  • HubSpot / [CRM] — marketing and contact management
  • Calendly / [scheduling] — meeting bookings
  • Cloudflare / [CDN] — performance and security

11. How we protect your information

GreenM maintains an information security program designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. Our controls include:

  • Encryption of data in transit (TLS) and at rest
  • Role-based access controls and the principle of least privilege
  • Multi-factor authentication for internal systems
  • Continuous security monitoring and vulnerability management
  • Employee training on privacy and security
  • Vendor due diligence before engaging sub-processors

Our information security management system is aligned with ISO 27001, and our healthcare engagements are designed to meet HIPAA, UK GDPR, EU GDPR, and NHS DSPT requirements as applicable to the engagement.

No system can be guaranteed 100% secure. If you believe you have discovered a vulnerability or that your account has been compromised, contact security@greenm.io.

12. Children's privacy

The Site is intended for business users and is not directed at children. We do not knowingly collect personal data from children under [16]. If you believe a child has provided us with personal data, contact privacy@greenm.io and we will delete it.

13. Links to other sites

The Site may contain links to third-party websites (for example, client case studies, partner pages, social media). We are not responsible for the privacy practices of those sites. Review their privacy notices before providing them with personal data.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or a notice on the Site. We encourage you to review this policy periodically.

15. Contact us

For privacy questions or to exercise your rights:

  • Email: privacy@greenm.io
  • Postal address: [REGISTERED OFFICE ADDRESS]
  • Data Protection Officer / Privacy Lead: [NAME / EMAIL — if appointed]

If you are in the UK, you also have the right to complain to the Information Commissioner's Office (ico.org.uk). If you are in the EEA, you can complain to your local data protection authority.

Services:
Clinical Workflow Integration
AI Launchpad
Private AI Foundation
Unified Health Data
Agentic AI Systems
Scaling & Optimization
Success Stories
About Us
hello@greenm.io
Copyright © 2026 GreenM, Inc. All rights reserved.
Privacy-policy