Last Updated: September 27, 2023

This Privacy Policy relates to the information collection, use, disclosure and security practices of Granite Point Mortgage Trust Inc. (“GPMT,” “we,” “us,” or “our”) in connection with our website (www.gpmtreit.com) (the “Website”).

Respecting and protecting privacy has always been vital to our business. This Privacy Policy describes our collection, use and sharing of “personal information,” meaning any information that identifies or reasonably could identify a natural individual, household or device. Unless you are provided with another privacy notice or provide consent, GPMT will only process your personal information in accordance with this Privacy Policy. Please note that personal information does not include aggregated, anonymized or deidentified information. GPMT reserves the right to use aggregated, anonymized or deidentified information for any purposes.

Description of Users and Acceptance of Terms

This Privacy Policy applies to visitors to the Website (“Visitors,” “you,” or “your”).

By accessing the Website, Visitors are agreeing to the terms of this Privacy Policy.

The Information We Collect and How We Use It

In the course of operating the Website, we may collect or otherwise receive the following types of information:

Contact Information

The contact information collected on the Website varies depending on the webpage but typically includes some combination of your name, email address, contact type, company information (including address), and any information you provide in messages to us. We use such contact information for purposes such as responding to, and following up regarding, your inquiries, providing you with requested information, sending you email alerts (including marketing emails), or reviewing your job application materials. Depending on the nature of your message, we may route your information to an appropriate third party to better address such message.

In some cases, such as when you sign up for a webcast, presentation or other event/service, we may receive your contact information from a third-party website. When we collect such contact information, our use of such contact information shall be pursuant to this Privacy Policy. In addition, please see Links to External Websites below for more information on submission of information to third-party websites.

Server Logs

Like most websites today, we use web servers that keep log files that record data each time a device accesses those servers. These log files are maintained by our website hosting service and contain data about the nature of such access, including the device’s IP address, user agent string (e.g., operating system and browser type/version), and referral URL (i.e., the external source by which you arrived at the Website, or the pages you’ve clicked on while on the Website). We may wish to use these log files for purposes such as monitoring and troubleshooting errors and incidents, analyzing web traffic or optimizing the user experience.

Cookies

We collect information using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive (or other storage medium) so that your computer will “remember” information about your visit. We use both first- and third-party session cookies and persistent cookies. Below is a general primer on session and persistent cookies; information collected by cookies depends on its particular purpose. For more information, please see the information regarding analytics providers discussed further below.

  • Session Cookies: We use session cookies to make it easier for you to navigate the Website. A session ID cookie expires when you close your browser.
  • Persistent Cookies: A persistent cookie remains on your hard drive (or other storage medium) for an extended period of time or until you delete it. To the extent we provide a log-in portal or related feature on the Website, persistent cookies can be used to store your password so that you don’t have to enter it more than once. Persistent cookies also enable us to track analytics and target the interests of our Visitors to personalize the experience on the Website.

In some cases, we may associate information that you have provided to us (e.g., email address) with the cookies that we use. In addition to facilitating the purposes described above, this is useful in understanding your engagement with other content related to the Website (e.g., email open rates, URL clickthroughs).

The following table lists the different types of cookies that we and our service providers may use on the Website, examples of who serves those cookies, and links to the privacy notices and opt-out information of those cookie servers. Please note that cookie practices may differ over time and across specific pages on the Website. The below list provides illustrative examples, but it should not be considered an exhaustive list of each cookie used on each webpage.

We do not use analytical tools in a manner that discloses to third parties that a specific person viewed specific video materials.

If you do not want us to place any cookies on your device (or any third-party cookies, if you’d like), you may be able to turn that feature off on your computer or mobile device. Please consult your browser’s documentation for information on how to do this. However, if you decide not to accept cookies from us, certain aspects of the Website may not function properly or as intended. You can find out more about cookies and how to manage them by visiting: https://www.aboutcookies.org.

Business Transfers

In the event of a merger, dissolution, bankruptcy, insolvency, reorganization or similar corporate event, or the sale of all or substantially all of our assets, we reserve the right to transfer your personal information to potential investors or purchasers as part of diligence, to the surviving entity in a merger, or to the acquiring entity. We further reserve the right to collect personal information from other entities as part of diligence, investments or acquisitions.

Disclosure in Connection with Legal Proceedings

We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We expressly reserve the right to disclose personal information to any government agency or regulatory body, regardless of whether under a binding legal order or subpoena.

We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas, or when we believe that the third party would likely have the right to demand or request such information through formal processes.

Other Purposes

We may process your personal information for other purposes as otherwise disclosed to you (or pursuant to your consent) during your experience on, or in relation to, the Website.

Sharing with Third Parties

We engage other companies and individuals to perform certain business-related functions on our behalf in connection with the Website. Examples may include cloud storage and web hosting providers, distributors, technical assistance and security vendors, database management/back-up services, analytics services, email clients, digital marketing services (e.g., marketing automation), customer relationship management/CRM platforms  and customer service vendors. These other companies will have access to your information only as necessary to perform their functions and to the extent permitted by law. We may also share your information with any of our parent companies, subsidiaries, affiliates or other companies under common control with us in order to support the purposes described in this Privacy Policy.

Opt-Out for Email Marketing and Certain Other Communications

We reserve the right to use your personal information for marketing purposes, including to provide you with information about opportunities that we think may be of interest to you. You may manage your receipt of marketing communications by clicking on the “Unsubscribe” (or similar) link located on the bottom of an applicable marketing email and following the instructions found on any page to which the link may take you. You may also manage your receipt of press releases and other communications (e.g., SEC filings) that you’ve signed up to receive via email by clicking on the link on the bottom of such applicable email communication and following the instructions found on any page to which the link may take you. In all such cases, please allow us a reasonable time to process your request.

You cannot opt out of receiving administrative or transactional e-mails.

How We Protect Your Information

We take commercially reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet.

Retention of Personal Information

We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy; as subsequently authorized; as allowed or required under applicable law to protect you, other people and us from fraud, abuse and unauthorized access; as necessary to protect our legal rights; or for certain business requirements.

Children

We do not knowingly collect personal information from children under the age of 13 through the Website. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal information to us. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us at legal@gpmtreit.com and we will endeavor to delete that information from our databases.

Important Notice to All Non-U.S. Residents

Our servers are located in the U.S. If you are located outside of the U.S, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the U.S. To the extent permitted under applicable law, your decision to provide such data to us, or allow us to collect such data through the Website, constitutes your consent to this data transfer.

Do Not Track

We do not respond to “Do Not Track” settings or other related mechanisms at this time.

Links to External Websites

The Website may contain links to third-party websites (“External Sites”). We have no control over the privacy practices or the content of any such External Sites. As such, we are not responsible for the content or the privacy policies of such External Sites. You should check the applicable privacy policy and terms of use when visiting or submitting any information through such External Sites.

Changes to This Privacy Policy

This Privacy Policy is effective as of the “Last Updated” date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time with or without notice to you. By visiting the Website after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your information is governed by the Privacy Policy in current effect. Please refer back to this Privacy Policy on a regular basis.

How to Contact Us

If you have questions about this Privacy Policy, please contact us by e-mail at legal@gpmtreit.com with “Privacy Policy” in the subject line, or at Granite Point Mortgage Trust Inc., 3 Bryant Park 24th Floor New York, NY 10036, Attention: Chief Compliance Officer.