GISMART PRIVACY POLICY

Gismart Limited
(“Gismart”, “we”, “us
or “our”) is a company registered in England and Wales
with company number 10152488 and a registered address at 22 Great
Marlborough Street, London W1F 7HU, United Kingdom.

We are a data controller and are responsible for the collection, use,
disclosure, retention and protection of your “ personal data” (which has the meaning as set out in the
General Data Protection Regulation (the “Data Protection Laws”).

When you use Gismart’s “Karaoke” app, “Cool Goal!” app, “Domino Smash” app, “Music Zen” app, the “Beat Maker Go” app or other apps (each being, our “ Platform”), we will collect, store and process certain
personal data. This privacy policy (“Privacy Policy”) sets
out the basis on which the personal data collected from you, or that you
provide to us, will be processed by us. Please read the following carefully
to understand how we will use your personal data. For Data Protection Laws
in the UK, we are the controller of your personal data.

California residents may have different or additional rights. Please see
the section titled Privacy Notice for California Residents
.

I. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?

When you visit our Platform, you may provide us with the following types of
personal data, and we may collect and process such personal data in
accordance with his Privacy Policy, as follows:

Contact Data

This may include your name and your email address. This
information will be collected by us if you communicate with
us, for example if you use the links on our Platform to
communicate with us via email.

Account Data

If you create an account on our Platform (including the
creation of a Gismart ID) to benefit from our services, you
may need to provide your name, email address, phone number
and your photograph. If you use Facebook or Google to login
to our Platform, Facebook [or Google] will share data with
us including but not limited to your profile data,
language, location and publicly available information about
you and your friends.

Correspondence Data

This includes the information you provide when you request
support through our Platform, contact us via the email
address provided in this Privacy Policy and elsewhere on
our website and your views, opinions and feedback which you
choose to provide in relation to the Platform and our
services, including any comment facilities and message
boards.

User Content

When you use our Karaoke app, this includes the videos you
create (e.g. of you performing songs) and upload to our
Platform. When you use our Beat Maker Go app, this includes
audio recordings you upload to the Platform. By providing
such User Content you acknowledge that we may make it
available to other users of the Platform until you delete
your account on our Platform.

Session Data

This includes your IP address, your device’s unique
identifier details, browser details including version,
device operating system, geo-location, time zone setting
and time/date of access requests, the amount of data
transmitted and the requesting provider. We may also
capture other information about visits to our Platform such
as pages viewed and traffic patterns.

Cookie Data

Cookies are small files which are downloaded to your device
when accessing our platform. Most web browsers
automatically accept cookies. Please refer to paragraph 5
below for further details about our use of cookies.

Preference data

This includes any information you choose to provide us,
such as your musical preferences relating to genres and
artists.

Payment data

When you purchase a subscription or any in-app content, you
provide our payment processor with your payment
information. We do not store such information on our
servers.

II. HOW DO WE USE YOUR PERSONAL DATA?

We use your personal data in the following ways:

Data we use:

Purpose:

Lawful Basis:

Contact Data

To respond to communications that you send to us

Necessary for the performance of a contract where such
communication relates specifically to our Services,
otherwise legitimate interests so that we can respond to
your query

To market products and services to you only where you
have requested that we do so, or otherwise provided your
explicit consent (either via our website, by emailing us or
by accepting push notifications on your device)

Consent

Customer relationship management (“CRM”) purposes

Necessary for the performance of a contract

To enable social functionality, such as giving you the
option to follow your contacts on the Platform.

Consent

Account Data

To enable you to personalize your use of our services;

To enable you to save and maintain your profile and
administer your account with us; and

To enable us to identify you.

Necessary for the performance of a contract

Correspondence Data

To help address issues you raise with us and to improve
the Platform and our services.

Legitimate interests

User Content

To enable you to use our Platform and services

Necessary for the performance of a contract

To share the User Content with other users of the
Platform by making it available on the Platform.

Legitimate interests

Session Data

To administer, maintain and improve the Platform and our
services, including identifying you or your device across
our Platform and apps.

To identify and respond to potential risks to the
security of our Platform (for example spammers, phishing
attempts, screen scraping and other actions which may
violate our Terms of Use).

Legitimate interests

Preference Data

To infer your interests, including serving and suggesting
content that you might like, and tailoring advertising to
you based on such preferences.

Legitimate interests

III. PERSONAL DATA RETENTION

1. By using our Platform, you consent for us to store your personal data in
line with legal, regulatory, financial and good-practice requirements.

2. The period for which we may retain your personal data will depend on the
type of personal data collected, the purposes for which it was collected,
applicable limitation periods for the exercise of legal rights and whether
any legal or regulatory obligations require the retention of the personal
data.

IV. COOKIES AND TRACKERS

1. We use cookies and other software development kits (“SDKs”) and
third-party libraries. Our Platform uses the following categories of
cookies:

Strictly necessary cookies

These are cookies that are required for the operation of
our Platform. They include, for example, cookies that
enable you to load webpages.

Analytical/performance cookies

These cookies allow us to recognize and count the number of
visitors to our Platform and to see how visitors move
around our Platform. This helps us to improve the way our
Platform works, for example, by ensuring that visitors are
finding what they are looking for easily.

Functionality cookies

These are used to recognize you when you return to our
Platform. This enables us to personalize our content for
you, greet you by name and remember your preferences (for
example, your choice of language or region).

Tracking ID

Every iOS and Google Android device has a unique Tracking
ID, for iOS devices, called an Identifier for Advertising
(IDFA) and for Android devices, called a Google Advertising
ID (AAID). These Tracking IDs enable app providers and
advertisers to track user activity and target ads at those
users.

2. Please note that third parties (including, for example, advertising
networks and providers of external services like web traffic analysis
services) may also use cookies, over which we have no control.

3. You may block cookies by updating the relevant settings on your device
or browser to allow you to refuse the setting of some or all types of
cookies. However, if you use your browser settings to block all cookies
(including strictly necessary cookies) you may not be able to access all or
parts of our site.

V. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We may need to share your personal data with selected third parties in the
following circumstances:

Group companies

We are an international organisation, with businesses both
inside and outside of the European Union (“EU”). When you
create User Content you will be asked if you’d like to
share such User Content with other users of our Platform
who could be based both inside and outside of the EU.

Third party service providers

This may include providers of certain systems and services
that we use to host, administer and maintain our Platform,
including for example the servers used to host our
Platform.


Third party service providers for marketing purposes

If you explicitly consent to any marketing from us, certain
personal data may be shared with third party service
providers we use to help us carry out marketing including,
for example, third party marketing automation platforms.


To comply with legal or regulatory requests

If we are under a duty to disclose or share your personal
data to comply with any legal or regulatory obligation, we
may share your personal data with a regulator or law
enforcement agency.

Prospective buyers or sellers

If Gismart Limited, or its owners, buys or sells any
business or assets, we may disclose your personal data to
the prospective buyer or seller of such business or assets.
If Gismart Limited (or substantially all of its assets) is
acquired by a third party, your personal data held by
Gismart Limited, or within such assets, may be transferred
to such third party.

VI. PRACTICES REGARDING EXTRA-EEA TRANSFERS OF PERSONAL DATA

1. We will not transfer your personal data outside of the EU, except as set
out in paragraph 6 above, for example if we utilise cloud-based platforms
to store personal data, which may involve use of geographically distributed
data centres.

2. In the case of these extra-EU transfers, where the transfers are not to
countries that provide an adequate level of protection, we will put in
place appropriate safeguards to cover transfers of personal data including,
for example, signing standard contractual clauses, relying on a Privacy
Shield certification and/or data protection clauses adopted by the European
Commission.

3. If there are any other circumstances which would require us to transfer
personal data outside of the UK, we will seek your consent to transfer your
personal data outside of the UK.

VII. THIRD PARTY WEBSITES

Our Platform may contain links to third party websites. If you follow a
link to a third-party website, please note that this Privacy Policy does
not apply to those websites. We are not responsible or liable for the
privacy policies or practices of those websites, so please check their
policies before you submit any personal data to those websites.

VIII. SECURITY

1. We take data security seriously. We implement and maintain appropriate
technical and organisational measures including resilient security systems
and protocols to protect the personal data we store.

2. We have put procedures in place to deal with any suspected data security
breach and will notify you and applicable regulator of a suspected breach
where the breach may cause a risk to you.

3. Our security procedures mean that we may occasionally request proof of
identity before we are able to disclose personal data to you.

IX. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS

As a result of us collecting and processing your personal data, you have
the following legal rights:

a.

To access personal data we hold on you;

b.

To request us to make any changes to your personal data if
it is inaccurate or incomplete;

c.

To request your personal data is erased where we do not
have a compelling reason to continue to process such
personal data in certain circumstances;

d.

To receive your personal data provided to us as a data
controller in a structured, commonly used and
machine-readable format where our processing of the
personal data is based on:

(i) your consent;

(ii) our necessity for performance of a contract to which
you are a party to; or

(iii) steps taken at your request prior to entering into a
contract with us and the processing is carried out by
automated means;

e.

To object to, or restrict, our processing of your personal
data in certain circumstances;

f.

If we use your personal data for direct marketing, you can
ask us to stop and we will comply with your request;

g.

If we use your personal data on the basis of having a
legitimate interest, you can object to our use of it for
those purposes, giving an explanation of your particular
situation, and we will consider your objection;

h.

To object to, and not be subject to a decision which is
based solely on, automated processing (including
profiling), which produces legal effects or could
significantly affect you;

i.


If we are processing your personal data with your
consent

, you can withdraw your consent at any
time. Withdrawing your consent will not affect the
lawfulness of any processing we conducted prior to your
withdrawal, nor will it affect the processing of your
personal data conducted pursuant to lawful processing
grounds other than consent. You may do so by contacting us;

j.

To lodge a complaint with a data protection supervisory
body, which at present, is

the Information Commissioner’s Office
.

X. OUR POLICIES CONCERNING CHILDREN

Our Platform is not intended for children (under the age of 13 or such
higher age as required by applicable law). We do not knowingly collect or
solicit any personal data or target interest based advertising to children
and we do not knowingly allow children to register for or use the Platform.
Children should not use our Platform or send us any personal data about
themselves at any time. In the event that we learn that we have
inadvertently gathered personal data from children, we will take reasonable
measures to promptly erase such information from our records. If you
believe that we might have information from or about a child, please
contact us DPO@gismart.com.

XI. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

Please review our Privacy Notice for California Residents at
https://gismart.com/ccpa/

XII. CONTACTING US AND CHANGES TO YOUR PERSONAL DATA

If you have any questions or comments about this Privacy Policy or your
personal data, or if you want to exercise any of your rights, including as
set out in paragraph 9 above, or you wish to withdraw your consent where we
have stated we are processing your personal data based on your consent,
then please contact our Data Protection Officer:

a.
via e-mail at: DPO@gismart.com;

b.
via post to: Gismart Limited, 22 Great Marlborough Street, Soho, London W1F
7HU.

XIII. CHANGES TO THIS PRIVACY POLICY

1. Any changes we may make to this Privacy Policy in the future will be
posted on this page and, where appropriate, notified to you by email.
Please check back regularly to keep informed of updates or changes to this
Privacy Policy.

2. This Privacy Policy was last updated in December 2019.