Gismart Limited (“Gismart”, “we”, “us” or “our”) is a company registered in England and Wales with company number 10152488 and a registered address at Huckletree Soho, Ingestre Court, Ingestre Place, London, W1F 0JL, United Kingdom.
We are a data controller and are responsible for the collection, use, disclosure, retention and protection of your “personal data” (which has the meaning as set out in the General Data Protection Regulation (the “Data Protection Laws”).
California residents may have different or additional rights. Please see the section titled Privacy Notice for California Residents.
I. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?
|Contact Data||This may include your name and your email address. This information will be collected by us if you communicate with us, for example if you use the links on our Platforms to communicate with us via email.|
|Account Data||If you create an account on our Platforms (including the creation of a Gismart ID) to benefit from our Platforms, you may need to provide your name, email address, phone number and your photograph. If you use Facebook or Google to login to our Platforms, Facebook [or Google] will share data with us including but not limited to your profile data, language, location and publicly available information about you and your friends.|
|User Content||When you use our Karaoke app, this includes the videos you create (e.g. of you performing songs) and upload to our Platform. When you use our Beat Maker Go app, this includes audio recordings you upload to the Platform. By providing such User Content you acknowledge that we may make it available to other users of the Platform until you delete your account on our Platform.|
|Session Data||This includes your IP address, your device’s unique identifier details, browser details including version, device operating system, geo-location, time zone setting and time/date of access requests, the amount of data transmitted and the requesting provider. We may also capture other information about visits to our Platforms such as pages viewed and traffic patterns.|
|Preference data||This includes any information you choose to provide us, such as your musical preferences relating to genres and artists.|
|Payment data||When you purchase a subscription or any in-app content, you provide our payment processor with your payment information. We do not store such information on our servers.|
II. HOW DO WE USE YOUR PERSONAL DATA?
We use your personal data in the following ways:
|Data we use:||Purpose:||Lawful Basis:|
|Contact Data||To respond to communications that you send to us||Necessary for the performance of a contract where such communication relates specifically to our Services, otherwise legitimate interests so that we can respond to your query|
|To market products and services to you only where you have requested that we do so, or otherwise provided your explicit consent (either via our website, by emailing us or by accepting push notifications on your device)||Consent|
|Customer relationship management (“CRM”) purposes||Necessary for the performance of a contract|
|To enable social functionality, such as giving you the option to follow your contacts on the Platforms.||Consent|
|Account Data||To enable you to personalize your use of our services;
To enable you to save and maintain your profile and administer your account with us; and
To enable us to identify you.
|Necessary for the performance of a contract|
|Correspondence Data||To help address issues you raise with us and to improve the Platforms and our services.||Legitimate interests|
|User Content||To enable you to use our Platforms and services||Necessary for the performance of a contract|
|To share the User Content with other users of the Platform by making it available on the Platform.||Legitimate interests|
|Preference Data||To infer your interests, including serving and suggesting content that you might like, and tailoring advertising to you based on such preferences.||Legitimate interests|
III. PERSONAL DATA RETENTION
1. By using our Platforms, you consent for us to store your personal data in line with legal, regulatory, financial and good-practice requirements.
2. The period for which we may retain your personal data will depend on the type of personal data collected, the purposes for which it was collected, applicable limitation periods for the exercise of legal rights and whether any legal or regulatory obligations require the retention of the personal data.
IV. COOKIES AND TRACKERS
|Strictly necessary cookies||These are cookies that are required for the operation of our Platforms. They include, for example, cookies that enable you to load webpages.|
|Analytical/performance cookies||These cookies allow us to recognize and count the number of visitors to our Platforms and to see how visitors move around our Platforms. This helps us to improve the way our Platforms works, for example, by ensuring that visitors are finding what they are looking for easily.|
|Functionality cookies||These are used to recognize you when you return to our Platforms. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).|
|Tracking ID||Every iOS and Google Android device has a unique Tracking ID, for iOS devices, called an Identifier for Advertising (IDFA) and for Android devices, called a Google Advertising ID (AAID). These Tracking IDs enable app providers and advertisers to track user activity and target ads at those users.|
3. You may block cookies by updating the relevant settings on your device or browser to allow you to refuse the setting of some or all types of cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our Platforms.
V. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may need to share your personal data with selected third parties in the following circumstances:
|Group companies||We are an international organisation, with businesses both inside and outside of the European Union (“EU”). When you create User Content you will be asked if you’d like to share such User Content with other users of our Platforms who could be based both inside and outside of the EU.|
|Third party service providers||This may include providers of certain systems and services that we use to host, administer and maintain our Platforms, including for example the servers used to host our Platforms.|
|Third party service providers for marketing purposes||If you explicitly consent to any marketing from us, certain personal data may be shared with third party service providers we use to help us carry out marketing including, for example, third party marketing automation platforms.|
|To comply with legal or regulatory requests||If we are under a duty to disclose or share your personal data to comply with any legal or regulatory obligation, we may share your personal data with a regulator or law enforcement agency.|
|Prospective buyers or sellers||If Gismart Limited, or its owners, buys or sells any business or assets, we may disclose your personal data to the prospective buyer or seller of such business or assets. If Gismart Limited (or substantially all of its assets) is acquired by a third party, your personal data held by Gismart Limited, or within such assets, may be transferred to such third party.|
A list of these third-party service providers and business partnersand their privacy policies is availableat gismart.com/partners. The privacy policies of our partners may include additional terms anddisclosures regarding their data collection and use practices. We encourage you to check those privacypolicies to learn more about their data collection and use practices.
VI. PRACTICES REGARDING EXTRA-EEA TRANSFERS OF PERSONAL DATA
1. We will not transfer your personal data outside of the EU, except as set out in paragraph 6 above, for example if we utilise cloud-based platforms to store personal data, which may involve use of geographically distributed data centres.
2. In the case of these extra-EU transfers, where the transfers are not to countries that provide an adequate level of protection, we will put in place appropriate safeguards to cover transfers of personal data including, for example, signing standard contractual clauses, relying on a Privacy Shield certification and/or data protection clauses adopted by the European Commission.
3. If there are any other circumstances which would require us to transfer personal data outside of the UK, we will seek your consent to transfer your personal data outside of the UK.
VII. THIRD PARTY WEBSITES
1. We take data security seriously. We implement and maintain appropriate technical and organisational measures including resilient security systems and protocols to protect the personal data we store.
2. We have put procedures in place to deal with any suspected data security breach and will notify you and applicable regulator of a suspected breach where the breach may cause a risk to you.
3. Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal data to you.
IX. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS
As a result of us collecting and processing your personal data, you have the following legal rights:
|a.||To access personal data we hold on you;|
|b.||To request us to make any changes to your personal data if it is inaccurate or incomplete;|
|c.||To request your personal data is erased where we do not have a compelling reason to continue to process such personal data in certain circumstances;|
|d.||To receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the personal data is based on:(i) your consent;
(ii) our necessity for performance of a contract to which you are a party to; or
(iii) steps taken at your request prior to entering into a contract with us and the processing is carried out by automated means;
|e.||To object to, or restrict, our processing of your personal data in certain circumstances;|
|f.||If we use your personal data for direct marketing, you can ask us to stop and we will comply with your request;|
|g.||If we use your personal data on the basis of having a legitimate interest, you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;|
|h.||To object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you;|
|i.||If we are processing your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted pursuant to lawful processing grounds other than consent. You may do so by contacting us;|
|j.||To lodge a complaint with a data protection supervisory body, which at present, is the Information Commissioner’s Office .|
X. OUR POLICIES CONCERNING CHILDREN
Our Platforms are not intended for children (under the age of 13 or such higher age as required by applicable law). We do not knowingly collect or solicit any personal data or target interest based advertising to children and we do not knowingly allow children to register for or use the Platforms. Children should not use our Platforms or send us any personal data about themselves at any time. In the event that we learn that we have inadvertently gathered personal data from children, we will take reasonable measures to promptly erase such information from our records. If you believe that we might have information from or about a child, please contact us [email protected]
XI. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
Please review our Privacy Notice for California Residents at gismart.com/ccpa
XII. CONTACTING US AND CHANGES TO YOUR PERSONAL DATA
a. via e-mail at: [email protected];
b. via post to: Gismart Limited, Huckletree Soho, Ingestre Court, Ingestre Place,London, W1F 0JL, United Kingdom.