GISMART PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

Effective Date: December 31, 2019

This Privacy Notice for California Residents supplements the information
contained in Gismart Privacy Policy
and applies solely to all visitors, users, and others who reside in the
State of California (“consumers” or “you”). We adopt this notice to comply
with the California Consumer Privacy Act of 2018 (CCPA) and any terms
defined in the CCPA have the same meaning when used in this notice. This
Privacy Notice for California Residents describes the types of information
we may collect from you or that you may provide when you use Gismart app(s)
(the “Platform(s)”).

I.
INFORMATION WE COLLECT


(1) This Privacy Notice for California Residents applies to information
we collect:

· In this Platform;

· In email, text, and other electronic messages between you and this
Platform;

Where such collected Information that identifies, relates to, describes,
references, is capable of being associated with, or could reasonably be
linked, directly or indirectly, with a particular consumer or device (” Personal Information“).

In particular, the Platform has collected the following categories of
Personal Information from its consumers within the last twelve (12) months:

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal
identifier, online identifier, Internet Protocol address,
email address, account name, Social Security number,
driver’s license number, passport number, or other similar
identifiers.

YES

B. Personal information categories listed in the California
Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical
characteristics or description, address, telephone number,
passport number, driver’s license or state identification
card number, insurance policy number, education,
employment, employment history, bank account number, credit
card number, debit card number, or any other financial
information, medical information, or health insurance
information.

Some personal information included in this category may
overlap with other categories.

NO

C. Protected classification characteristics under
California or federal law.

Age (40 years or older), race, color, ancestry, national
origin, citizenship, religion or creed, marital status,
medical condition, physical or mental disability, sex
(including gender, gender identity, gender expression,
pregnancy or childbirth and related medical conditions),
sexual orientation, veteran or military status, genetic
information (including familial genetic information).

NO

D. Commercial information.

Records of personal property, products or services
purchased, obtained, or considered, or other purchasing or
consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological
characteristics, or activity patterns used to extract a
template or other identifier or identifying information,
such as, fingerprints, faceprints, and voiceprints, iris or
retina scans, keystroke, gait, or other physical patterns,
and sleep, health, or exercise data.

YES

F. Internet or other similar network activity.

Browsing history, search history, information on a
consumer’s interaction with a website, application, or
advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar
information.

NO

I.Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section
1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained
by an educational institution or party acting on its
behalf, such as grades, transcripts, class lists, student
schedules, student identification codes, student financial
information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics,
psychological trends, predispositions, behavior, attitudes,
intelligence, abilities, and aptitudes.

NO


(2) GISMART obtains the categories of Personal Information listed above
from the following categories of sources:

· Directly from you. For example, from forms you complete or products and
services you purchase.

· Indirectly from you. For example, from observing your actions in the
Platform.

· Records and copies of your correspondence (including email addresses), if
you contact us.

· Your responses to surveys that we might ask you to complete for research
purposes.

· Details of transactions you carry out through the Platform and of the
fulfillment of your orders.


(3) This Privacy Notice for California Residents does not apply to
information collected by:

· Us offline or through any other means, including on any other website
operated by Gismart or any third Party (including our affiliates and
subsidiaries); or

· Any third party (including our affiliates and subsidiaries), including
through any application or content (including advertising) that may link to
or be accessible from or in the Platform.


(4) Information We Collect Through Automatic Data Collection
Technologies:

As you navigate through and interact with our Platform, we may use
automatic data collection technologies to collect certain information about
your equipment, browsing actions, and patterns, including:

· Details of your visits to our Platform, including traffic data, location
data, logs, and other communication data and the resources that you access.

· Information about your computer and internet connection, including your
IP address, operating system, and browser type.

The information we collect automatically may include Personal Information
or we may maintain it or associate it with Personal Information we collect
in other ways or receive from third parties. It helps us to improve our
Platform and to deliver a better and more personalized service.


(5) The technologies we use for this automatic data collection may
include:

Cookies (or browser cookies). A cookie is a small file placed on the hard
drive of your computer. You may refuse to accept browser cookies by
activating the appropriate setting on your browser. However, if you select
this setting you may be unable to access certain parts of our Platform.
Unless you have adjusted your browser setting so that it will refuse
cookies, our system will issue cookies when you direct your browser to our
Platform.

II.
USE OF PERSONAL INFORMATION

(1) How We Use Your Personal Information

We use information to provide the Platform functionality, fulfill your
requests, improve the Platform quality, engage in research and analysis
relating to the Platform, personalize your experience, track usage of the
Platform, market the Platform, provide customer support, message you, back
up our systems, allow for disaster recovery, enhance the security of the
Platform, and comply with legal obligations. Even when we do not retain
such information, it still must be transmitted to our servers initially and
stored long enough to process.

We also use information that we collect about you or that you provide to
us, including any Personal Information:

· To present our Platform and its contents to you.

· To provide you with information, products, or services that you request
from us.

· To fulfill any other purpose for which you provide it.

· To provide you with notices about your account, including expiration and
renewal notices.

· To carry out our obligations and enforce our rights arising from any
contracts entered into between you and us, including for billing and
collection.

· To notify you about changes to our Platform or any products or services
we offer or provide though it.

· In any other way we may describe when you provide the information.

· For any other purpose with your consent.

We may use or disclose the Personal Information we collect for one or more
of the following business purposes:

· To fulfill or meet the reason you provided the information, including
integrated third party products.

· To provide, support, personalize, and develop our Platform, products, and
services.

· To create, maintain, customize, and secure your account with us.

· To process your requests, purchases, transactions, and payments and
prevent transactional fraud.

· To provide you with support and to respond to your inquiries, including
to investigate and address your concerns and monitor and improve our
responses.

· To help maintain the safety, security, and integrity of our Platform,
products and services, databases and other technology assets, and business.

· For testing, research, analysis, and product development, including to
develop and improve our Platform, products, and services.

· To respond to law enforcement requests and as required by applicable law,
court order, or governmental regulations.

· As described to you when collecting your personal information or as
otherwise set forth in the CCPA.

Gismart will not collect additional categories of Personal Information or
use the Personal Information we collected for materially different,
unrelated, or incompatible purposes without providing you notice.

(2) Sales of Personal Information

In the preceding twelve (12) months, Gismart has not sold Personal
Information.

(3) Sharing Personal Information

Gismart may disclose your personal information to a third party for a
business purpose. When we disclose personal information for a business
purpose, we enter a contract that describes the purpose and requires the
recipient to both keep that personal information confidential and not use
it for any purpose except performing the contract.

We share your personal information with the following categories of third
parties:

· Subsidiaries and affiliates.

· Contractors and service providers.

· Data aggregators.

· Third parties with whom we partner to offer products and services to you.

(4) We may also disclose your Personal Information:

· To comply with any court order, law, or legal process, including to
respond to any government or regulatory request.

· To enforce or apply any agreements, including for billing and collection
purposes.

· If we believe disclosure is necessary or appropriate to protect the
rights, property, or safety of Gismart, our customers, or others. This
includes exchanging information with other companies and organizations for
the purposes of fraud protection and credit risk reduction.

III.
DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE

In the preceding 12 months, GISMART has disclosed the following categories
of personal information for a business purpose:

Identifiers, Commercial information, Usage, Geolocation data.

We disclose your personal information for a business purpose to the
following categories of third parties:

· Subsidiaries and affiliates.

· Contractors and service providers.

· Data aggregators.

· Third parties with whom we partner to offer products and services to you.

IV.
YOUR RIGHTS AND CHOICES

The CCPA provides consumers (California residents) with specific rights
regarding their personal information. This section describes your CCPA
rights and explains how to exercise those rights.


(1) Access to Specific Information and Data Portability Rights

You have the right to request that Gismart disclose certain information to
you about our collection and use of your Personal Information over the past
12 months. Once we receive and confirm your verifiable consumer request we
will disclose to you:

· The categories of Personal Information we collected about you.

· The categories of sources for the Personal Information we collected about
you.

· Our business or commercial purpose for collecting that Personal
Information.

· The categories of third parties with whom we share that Personal
Information.

· The specific pieces of Personal Information we collected about you (also
called a data portability request).

· If we sold or disclosed your personal information for a business purpose,
two separate lists disclosing:

· sales, identifying the personal information categories that each category
of recipient purchased; and

· disclosures for a business purpose, identifying the personal information
categories that each category of recipient obtained.

(2) Deletion Request Rights

You have the right to request that Gismart delete any of your Personal
Information that we collected from you and retained, subject to certain
exceptions including regulatory data retention requirements. Once we
receive and confirm your verifiable consumer request, we will delete (and
direct our service providers to delete) your Personal Information from our
records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary
for us or our service provider(s) to:

A. Complete the transaction for which we collected the Personal
Information, provide a good or service that you requested, take actions
reasonably anticipated within the context of our ongoing business
relationship with you, or otherwise perform our contract with you.

B. Detect security incidents, protect against malicious, deceptive,
fraudulent, or illegal activity, or prosecute those responsible for such
activities.

C. Debug products to identify and repair errors that impair existing
intended functionality.

D. Enable solely internal uses that are reasonably aligned with consumer
expectations based on your relationship with us.

E. Comply with a legal obligation.

F. Make other internal and lawful uses of that information that are
compatible with the context in which you provided it.


(3) Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described
above, please submit a verifiable consumer request to us by contacting us
at:

+1 833 868 5187

GISMART LIMITED or DPO@gismart.com

Attn: Data Protection Officer

22 Great Marlborough Street

London W1F 7HU, United Kingdom

Only you, or a person registered with the California Secretary of State
that you authorize to act on your behalf, may make a verifiable consumer
request related to your personal information. You may also make a
verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data
portability twice within a 12-month period. The verifiable consumer request
must:

· Provide sufficient information that allows us to reasonably verify you
are the person about whom we collected personal information or an
authorized representative.

· Describe your request with sufficient detail that allows us to properly
understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information
if we cannot verify your identity or authority to make the request and
confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an
account with us. We will only use personal information provided in a
verifiable consumer request to verify the requestor’s identity or authority
to make the request.

(4) Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five
(45) days of its receipt. If we require more time (up to 90 days), we will
inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to
that account. If you do not have an account with us, we will deliver our
written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding
the verifiable consumer request’s receipt. The response we provide will
also explain the reasons we cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your
Personal Information that is readily useable and should allow you to
transmit the information from one entity to another entity without
hindrance.

We do not charge a fee to process or respond to your verifiable consumer
request unless it is excessive, repetitive, or manifestly unfounded. If we
determine that the request warrants a fee, we will tell you why we made
that decision and provide you with a cost estimate before completing your
request.

V.
NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA
rights. Unless permitted by the CCPA, we will not:

· Deny you goods or services.

· Charge you different prices or rates for goods or services, including
through granting discounts or other benefits, or imposing penalties.

· Provide you a different level or quality of goods or services.

· Suggest that you may receive a different price or rate for goods or
services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the
CCPA that can result in different prices, rates, or
quality levels. Any CCPA-permitted financial incentive we offer will
reasonably relate to your personal information’s value and contain written
terms that describe the program’s material aspects. Participation in a
financial incentive program requires your prior opt in consent, which you
may revoke at any time.

VI.
OTHER CALIFORNIA PRIVACY RIGHTS

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits
users of our Platform that are California residents to request certain
information regarding our disclosure of personal information to third
parties for their direct marketing purposes. To make such a request, please
send an email to DPO@gismart.com or write us at:

GISMART LIMITED

Attn: Data Protection Officer

22 Great Marlborough Street

London W1F 7HU, United Kingdom

VII.
CHANGES TO OUR PRIVACY NOTICE

Gismart reserves the right to amend this privacy notice at our discretion
and at any time. When we make changes to this privacy notice, we will post
the updated notice in the Platform and update the notice’s effective date.

Your continued use of our Platform following the posting of changes
constitutes your acceptance of such changes

.

VIII.
CONTACT INFORMATION

If you have any questions or comments about this notice, the ways in which
Gismart collects and uses your information described below and in the

Privacy Policy

, your choices and rights regarding such use, or wish to exercise your
rights under California law, please do not hesitate to contact us at:

+1 833 868 5187

GISMART LIMITED or DPO@gismart.com

Attn: Data Protection Officer

22 Great Marlborough Street

London W1F 7HU, United Kingdom