Our Platforms (“Platforms” means website(s), including but not limited to: https://gismart.com (the “Site”), mobile applications (means applications and games (each an “App”, collectively “Apps”)) and any related documentation, services; any images, logos, music, photographs and video content, software, designs, graphics, photos, images, illustrations, animations, videos, scripts, texts, music, sounds, voiceover, interactive features, wellness plans, and all other materials and content accessible within the Apps or Site that are incorporated into and form part of our Apps and etc. (“App Content”) are owned, managed and operated by the Company).
Company shall mean:
GISMART LIMITED, a private company limited by shares, incorporated and registered in England and Wales with company number 10152488 whose registered office is at 151 Wardour Street, London, England, W1F 8WE.
We can be contacted by writing to:
GISMART LIMITED, 151 Wardour Street, London, England, W1F 8WE, by email at support@gismart.com or dpo@gismart.com
We are a data controller and are responsible for the collection, use, disclosure, retention and protection of your “personal data” (which has the meaning as set out in the General Data Protection Regulation (the “Data Protection Laws”)).
At Gismart we are dedicated to leveraging technology to enhance users’ physical and emotional well-being, foster enjoyment through music and entertainment, and boost productivity and convenience in mobile device usage.
We believe in the remarkable potential of technology to drive positive change and are committed to the highest standards of privacy and security. As trusted keepers of your personal data, we prioritize transparency and accountability in our data practices, ensuring that you have full knowledge of your data while benefiting from our Platforms.
When you use Platforms, we may collect, store and process some data, including personal data. This privacy policy (“Privacy Policy”) sets out the main principles on which the data collected from you, or that you provide to us, will be processed by us. This Privacy Policy also aims to remind you about your rights and to provide you with all the elements you need to exercise them. In accordance with data protection legislation (GDPR, UK GDPR, CCPA and etc.), we act as the controller of your personal data. In some cases, we may act as the processor of personal data, as indicated in this policy below. For data protection legislation in the United Kingdom, we are the controller of your personal data, and, regarding a part of personal data, the processor of your personal data.
We encourage you to review our Privacy Policy in its entirety to gain insight into our data handling practices. We have meticulously crafted this policy to be clear and accessible, but if you have any questions or concerns, please don’t hesitate to contact us via or support@gismart.com the address below for further information.
Please note that some of our Platforms (i.e., Upluv, NutriMate, Luvly, Famio, FitMe, Dancebit, Cardi Mate) may have specific privacy policy or be governed by third party privacy policy which will apply in addition to, or sometimes in replacement of the above-mentioned privacy policy. Where possible, we will notify you of such privacy policy before you sign up to the relevant Platforms to give you an opportunity to review them.
GISMART LIMITED
151 Wardour Street, London, England, W1F 8WE
You may also contact Gismart’s Data Protection Officer at dpo@gismart.com
IF YOU DO NOT ACCEPT THE TERMS OF THE PRIVACY POLICY, PLEASE DO NOT USE OUR PLATFORMS.
As you engage with our Platforms, we gather data concerning a recognized or identifiable living individual (“personal data“) through the following means:
Data Directly Provided by You: this encompasses any information you manually input or furnish to us while utilizing our Platforms. For instance, this might include details like your name, email address, phone number, or any other information you decide to disclose during registration or account setup.
Data Automatically Collected by Us: when you access our Platforms, we automatically procure certain details regarding your engagement and activities within the Platforms. This may entail specifics about your device, such as its model, operating system, unique identifiers, IP address, and data related to your actions within the Platforms.
Data processing is crucial to enable your usage of our Platforms. Whenever you use our Platforms, some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.
Below are several additional purposes for which we process your data:
● provide customer support, we may engage in email communications with you if you have contacted our support team with any queries relating to our Platforms.
● enhance the features of our Platforms, we analyze how you interact with the Platforms to tailor the experience to your needs. This includes refining prediction accuracy, developing new algorithms for enhanced insights, and generating content on topics of interest to you.
● enhance the technical aspects of our Platforms, we continuously work to improve your experience and streamline features for your benefit.● optimize our advertising strategies, we analyze the performance of our advertising campaigns on the Platforms. This helps us identify your engagement and subscription status, as well as gauge interaction with our advertisements..
Depending on which features of the Platforms you use, we will process your personal data based on one or more of the following legal bases (we have provided you with some examples):
TYPES OF LEGAL BASIS WE USE | DESCRIPTION |
Legitimate interest | We process your usage data on this legal basis to technically improve the Platforms based on our legitimate interest as a Company to continuously improve the Platforms and deliver an improved service to you. |
Contract | We process your usage data on this legal basis to fulfill the contractual duty of granting you access to use our Platforms. |
Legal obligation | We process your usage data on this legal basis to comply with pertinent laws and regulations. This implies that we may handle personal data as mandated by law, ensuring adherence to applicable legal mandates. |
Consent | We process your usage data on this legal basis to promote Platforms and optimize our advertising efforts to effectively tell more people about Platforms. This may include the user’s contacts, a list of the user’s contacts, and related data about the user’s contacts. This data will be collected by Us, for example, to display the user’s contact list |
We are committed to being clear and transparent so that you can really understand what we do with your data. Below, we explain the purposes for which we process your personal data and the legal basis supporting this. We also give you some basic examples:
LEGAL BASIS | PURPOSE OF PROCESSING | EXAMPLE |
Legitimate interest | Responding to your requests. | We may process your name and email, e.g., to properly respond to your unsubscribe request. |
Contract | Processing transactions and sending you related information, including confirmations and reminders for account management and other administrative purposes | We may send you a reminder (e.g., via push notifications) if your subscription has expired or is due to expire, or we may email you containing your invoice, if applicable, using your device data. |
Consent | Making offerings to you. | We may offer you a discount for our subscriptions. |
For the processing of physical data and special categories of personal data, including sensitive information like health data, explicit consent from the user serves as the legal basis. This consent is essential for enabling users to utilize the Platforms provided by us.
LEGAL BASIS | PURPOSE OF PROCESSING | EXAMPLE |
Legitimate interest | Responding to your requests. | We may process your name and email, e.g., to properly respond to your unsubscribe request. |
Contract | Processing transactions and sending you related information, including confirmations and reminders for account management and other administrative purposes | We may send you a reminder (e.g., via push notifications) if your subscription has expired or is due to expire, or we may email you containing your invoice, if applicable, using your device data. |
Consent | Making offerings to you. | We may offer you a discount for our subscriptions. |
For the processing of physical data and special categories of personal data, including sensitive information like health data, explicit consent from the user serves as the legal basis. This consent is essential for enabling users to utilize the Platforms provided by us.
Our Platforms offer the option to make purchases directly within the application (including subscriptions).If you choose to make a purchase within the application, you may use third-party payment systems and/or providers. We do not collect or process any information related to your payment instruments, such as your bank card number or its validity term, under any circumstances.We do not collect or process your payment data (such as credit card number, expiration date, etc.) for purchases made through our Platforms. We strongly recommend reviewing the Privacy Policy of the payment system you use for making payments, such as the privacy policy of Stripe: https://stripe.com/en-pl/privacy.
We retain your personal data for as long as your account is active or for as long as it is necessary for the purposes of its collection and processing (e.g., for resolving disputes, for safety and security reasons, or for complying with our legal obligations). However, the period for which we may retain your personal data cannot exceed 2 (two) months from the date of account deactivation and/or deletion.
We may need to share your personal data with certain third parties as follows:
Third-party service providers:
This may include providers of certain systems and services that we use to host, administer, and maintain our Platforms, including the servers used to host our Platforms, email service providers, payment processors, fraud prevention vendors, analytics, customer service providers and other service providers.
Third-party service providers for marketing purposes:
If you consent to any marketing from us, certain personal data may be shared with third-party service providers we use to help us carry out marketing including, e.g., third-party marketing automation platforms.
Compliance with Laws:
We may disclose your personal data to a third party if
a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request; or
b) to protect the security or integrity of the Platforms; or
c) to protect us, our customers or the public from harm or illegal activities; or
d) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Aggregated or Anonymized Data:
We may also share aggregated or anonymized information with third parties that do not directly identify you.
Group companies:
Your personal data may be shared among affiliates and subsidiaries. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction, such as a merger or sale of assets.
THE FOLLOWING ARE A FEW OF THE ESSENTIAL PROCESSORS WE TRUST: | ||
Processor’s name | Processor’s privacy policy | Purpose |
Amplitude | https://amplitude.com/privacy | Track user interactions and engagement within the App. Collect user behavior data, event tracking, and App usage statistics to analyze user behavior, measure app performance, and improve user experience. |
AppsFlyer | https://www.appsflyer.com/legal/privacy-policy/ | Provide mobile attribution and marketing analytics. Collect device information, user interactions, and attribution data to measure the effectiveness of marketing campaigns and improve user acquisition strategies. |
Facebook (Analytics) | https://www.facebook.com/privacy/policy/ | Track user interactions and engagement within the App. Collects user behavior data, event tracking, and App usage statistics to analyze user behavior, measure app performance, and improve user experience. |
Google Sign-In | https://policies.google.com/privacy | Allow users to sign in to our App using their Google account. Collects user’s Google ID, name, email address, and profile picture to authenticate users and provide a seamless login experience. |
Firebase Crashlytics | https://firebase.google.com/support/privacy?hl=en | Track and report App crashes and stability issues. Collect crash reports, device state information, and user interactions leading up to a crash to help us identify and fix bugs, ensuring a stable and reliable App experience. |
Firebase Authentication | https://firebase.google.com/support/privacy?hl=en | Provide secure authentication for users signing in to our App. Collect user identifiers (e.g., email, phone number) and authentication tokens to manage user sessions and secure access to the App. |
Firebase Analytics | https://firebase.google.com/support/privacy?hl=en | Track user interactions and engagement within the App. Collect user behavior data, event tracking, and App usage statistics to analyze user behavior, measure App performance, and improve user experience. |
Firebase Remote Config | https://firebase.google.com/support/privacy?hl=en | Provide a service to remotely configure and customize the App’s behavior and appearance without requiring users to download an App update. Collects user interaction data and App usage statistics to deliver personalized content and experiences based on user behavior and preferences. |
Firebase In-App Messaging | https://firebase.google.com/support/privacy?hl=en | Send targeted messages to users within the App. Collect user interaction data with messages and in-app events to help us deliver relevant messages and promotions to users. |
The personal data we maintain will primarily be stored and processed within the EU. We will do our best to keep this personal data secure. All information we hold is stored on our secure servers (which we own or license from appropriate third parties). We use industry-standard procedures and security standards to prevent unauthorized access to our servers.
However, there may arise situations where we need to collaborate with trusted third parties located outside the EU to deliver services and subscriptions to you (for instance, when utilizing servers in the US). We choose our processors very carefully. We do not work with processors based in countries where we are concerned about the rule of law with respect to privacy.
We have entered into Standard Contractual Clauses with all non-EEA third parties whose data processing tools we use (data processors) if there is no adequacy decision by the EU Commission for their particular country. We adhere to the principles of minimization and anonymization, where feasible, to ensure compliance with the GDPR and other relevant data privacy laws when transferring personal data, if necessary.
By providing your personal data, you explicitly consent to its transfer, storage, or processing outside the EU. We will take all reasonable steps to ensure that this information is handled securely and in accordance with this Privacy Policy.
Ensuring the security of your data is a top priority for us. We employ robust technical and organizational measures to safeguard the personal information entrusted to us.
Your personal data is safeguarded by the password you create when registering on our Platforms. It’s essential to choose a strong password and keep it confidential to prevent unauthorized access. Additionally, refrain from sharing your password and ensure the security of your computer or mobile device.
We have instituted reasonable administrative, technical, and physical security measures to protect your personal data from unauthorized access, alteration, or destruction. For instance:
● We utilize SSL encryption (HTTPS) for all interactions involving personal data.
● Our databases are encrypted, and we store data on physically secure servers protected by firewalls.
In the event of a personal data breach as defined in Article 4.12 of the GDPR, we will promptly notify you. This notification will include relevant details, measures taken, and an assessment of associated risks, as required by applicable law and our Privacy Policy. We are committed to addressing breaches promptly and transparently, taking necessary actions such as logging affected users out, initiating password resets, and other appropriate measures to mitigate the breach.
To report a personal data breach or seek assistance, please contact us at support@gismart.com or dpo@gismart.com. We will address your concerns accordingly.
We aim to ensure that you are fully informed about all your data protection rights and the methods available to exercise them. Please note that these rights may vary depending on your location:
● Access: you can request to receive a copy of the personal data we hold about you.
● Rectification: if you believe that any personal data, we are holding about you is incorrect or incomplete, you can request that we correct or supplement it. You can also correct some of this information directly from your account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
● Objection: you can contact us to inform us that you object to the collection or use of your personal data for certain purposes.
● Erasure: you can request that we erase some or all of your personal data from our systems.
● Restriction of Processing: you can ask us to restrict or limit further processing of your personal data.
● Portability: you have the right to ask for a copy of your personal data in a machine-readable format. you can also request that we transmit the personal data to another entity where technically feasible.
● Withdrawal of Consent: if we are processing your personal data based on your consent (as indicated at the time of such data collection), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have then to provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all Platforms.
● Right to File Complaint: you have the right to lodge a complaint about our practices with respect to your personal data with the supervisory authority of your country.
To exercise your rights, please contact us via support@gismart.com or dpo@gismart.com
If you submit a request, we typically aim to fulfill it within one month. If additional time is needed to assist you in exercising your rights, we will inform you accordingly. We reserve the right to reject manifestly unfounded or excessive requests.
During the process of exercising your data protection rights, we may ask you to confirm your identity. This verification step ensures that you are entitled to access certain information and that the rights of third parties are not infringed upon. If we are unable to verify your request, we will be unable to fulfill it.
If you are in the EU, you must meet the age requirement specified by the laws of your country to use our services, e.g. if you are at least 16 years old in Germany, you are eligible to provide explicit consent for the processing of your data. Alternatively, if you are under the required age, you can still use our services with the consent of your parent or legal guardian. In the event that we learn that we have inadvertently gathered personal data from children, we will take reasonable measures to promptly erase such information from our records.
If you are a parent and learn that your child is using our Platforms without your permission, or if you have a specific question about data privacy, do not hesitate to get in touch with us via support@gismart.com or dpo@gismart.com
If you are in the United States, you must be at least 13 years old to use the Platforms. If we become aware that information has been collected from children under the age of 13 in the United States in violation of the Children’s Online Privacy Protection Act of 1998 and its regulations, we will not disclose this data. We reserve the right to promptly delete the account and erase all associated information, including health and sensitive data, from our servers.
If you wish to access, correct, or update your personal data, you can do so at any time by contacting us via support@gismart.com or dpo@gismart.com.
If you would like us to delete your information, you may:
Please note that if you ask us to delete your account, all your progress in the application and any unused virtual items will be lost and we may not be able to restore them in the future.
We reserve the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of our Platforms, or advances in technology.
Please check this page periodically for changes and refer to the “last updated” date at the top of the page to know if it has been revised since your last visit. If we make any changes to this Privacy Policy that we consider to be material to your consent, we will notify you of them.
We don’t sell your personal info to others for money, and we’re not in the business of trading data. But like many online companies, we team up with other parties to handle our ads on different platforms. Sometimes, we may share some basic personal info with them for targeted ads. This might be seen as “selling” or “sharing” under the CCPA. If you want to opt out of this, check out this Privacy Policy on how to protect your privacy.
Opt-Out Provision: even though we don’t make money by selling your personal info, you still have the right to opt out of sharing it with our analytics and advertising partners, as defined by California or other relevant US state laws. You can do this by adjusting your browser settings by reaching out to us directly.
Limitation on Handling Sensitive Information: we only process sensitive personal information when absolutely necessary to provide you with products or access to use Platforms.
Request for Access: you have the right to ask for access to (i) the personal and sensitive information we have about you and how we use it; and (ii) the categories, sources, and third parties that have received your personal information or to whom it has been “sold” or disclosed in the past 12 months. You can make this request twice a year at no cost.
California Residents’ Rights: residents of California have the right to request, once a year, disclosure regarding any personal information shared with third parties for their separate direct marketing purposes. Even though we do not share information with third parties for marketing, you can reach out to us via support@gismart.com or dpo@gismart.com. Please ensure the subject line reads “California Privacy Rights Request,” and include relevant details such as your name, street address, city, state, and ZIP code.
We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Virginia Consumer Data Privacy Act (“VCDPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Colorado Privacy Act (“CPA”), and the Nevada Privacy Law (“NPL”). This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.
Collection of personal information. We may collect the personal information as described and categorized above. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on how you use our Platform includes mental or physical health information, racial or ethnic origin, and information about sexual orientation or gender identity.
Use of personal information. We may collect, use, or disclose personal information about US state residents for the purposes described above.
Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified and described in this Privacy Policy.
Your privacy rights. We generally provide the privacy rights described above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, please see the contact information here or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law.
Residents of Colorado, Connecticut, Virginia, and Utah have the right to opt out of targeted advertising and sales. Please know that we do not trigger this requirement because we do not sell your personal information for payment.
For users in Colorado, Connecticut, and Virginia, you may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. While you may still make this request, we do not currently use profiling in this manner.
Nevada provides its residents a limited right to opt out of the sale of personal information. Please know that we do not trigger this requirement because we do not sell your personal information for payment.