For the purposes of EU data protection laws ("Data Protection Law"), Gem is data controller (i.e., the company who is responsible for, and controls the processing of, your personal data).
What information do we collect and for what purpose?
We gather various types of Personal Information from our users and others, as explained in more detail below, and we use this Personal Information internally in connection with our Services, for example, to personalize, provide, and monitor and improve our Services, to allow you to set up a user account and profile, to contact you, allow others to contact you, and allow you to contact others through the Services, to respond to customer care and other inquiries, to process and fulfill your requests for certain products and services, and to analyze how you use the Services. In certain cases, we may also share some Personal Information with third parties.
You may do the following at any time by contacting us at email@example.com: Opt out of any future contacts from us. See what information we have about you, if any. Change, correct, or have us delete any information we have about you. Express any concern you have about our use of your information.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: firstname.lastname@example.org.
Legal basis for processing in the EU
In the EU, the purposes for which we process your personal data are:
- where we need to perform the contract we are about to enter into or have entered into with you for the Service;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation in the EU.
Please contact us at email@example.com if you need details about the specific legal basis we are relying on to process your personal data where more than one legal basis has been set out.
Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies or you may uninstall our browser extension, but this may prevent you from taking advantage of some of our features.
We may use the data described above to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible.
We also automatically receive information about communications sent and received using our Services.
Our customers and other third parties may also provide us with Personal Information about our customers’ contacts and others. For example, we may receive Personal Information and other information from our customers, email senders, databases with information relevant to profile URLs and emails submitted to our Services, and other third parties. This information may include, without limitation, contact and other information.
We receive and store any information that you provide to us. For example, through the registration process and/or through your account settings, sending emails and InMail, creating lists of contacts, inputting contact information, requests for support through customer care, and otherwise using the Services, we may collect Personal Information such as your name, email address, location, phone number, payment information, and third-party account credentials (for example, your log-in credentials for Google Mail or other third party sites). Certain information may be required to register with us or to take advantage of some of our features.
In connection with your use of the Services, we may also collect information created or provided by you, or that we otherwise receive, in connection therewith. For example, if your contacts send messages to you, we may collect and maintain the message data, which may include Personal Information.
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may email you about your use of the Services.
We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, data storage services, marketing services, and payment processing companies to receive and process your financial transactions for us. In addition, by submitting information on our Site or otherwise using our Services, Personal Information that we process and collect may be transferred between companies, business units and employees affiliated with us and you hereby explicitly consent to trans-border transmission of such information. Regardless of what country you reside or supply information from, you authorize us to use, process and store your information in the United States and any other country where we operate, which may have different rules, regulations and protections regarding privacy than those in your jurisdiction.
We may choose to buy or sell assets, and may share and/or transfer customer and other user information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, merged, reorganized, or if we go out of business, enter bankruptcy, or go through some other change of control or similar event, you acknowledge and explicitly consent that Personal Information could be one of the assets transferred to or acquired by a third party.
How we store and protect your information
Data storage and transfer:
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring data from the European Union, the European Economic Area, and Switzerland, Gem relies upon a variety of legal mechanisms, including contracts with our users. Gem complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States. You can find Gem’s Privacy Shield certification https://www.privacyshield.gov/list. You can also learn more about Privacy Shield at https://www.privacyshield.gov.
Gem is subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance — free of charge to you. We ask that you first submit any such complaints directly to us via firstname.lastname@example.org.If you aren't satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, Gem will provide individuals access to personal data about them. Gem also will take reasonable steps to enable individuals to correct, amend, or delete personal data that is demonstrated to be inaccurate.
Gem is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Gem complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
Keeping your information safe:
We care about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through our Service. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
For individuals based in the EU or Switzerland, we store personal data for as long as necessary to fulfil the purposes for which we collect the data (see above under "What information do we collect and for what purpose?"), except if required otherwise by law.
- Customer Data
- Other information
- Your rights in respect of your personal information if you are located in the EU or Switzerland
If you are located in the EU or Switzerland, you have the following rights in respect of your personal data that we hold:
- Right of access. The right to obtain access to your personal data.
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
- Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
In addition, the browser you use may provide you with the ability to control cookies or other types of local data storage. Gem does not control these choices, or default settings, which are offered by makers of your browser.
Last Modified: May 30, 2018