PRIVACY POLICY

Welcome to GemPalm’s Privacy Policy.

Your privacy and the security of your personal data is, and will always be, taken very seriously and steps are taken to ensure your privacy is protected at all times.

We also believe it is important to let you know what information is collected from www.gempalm.com and why, and what we do with this information. This Privacy Policy (“Policy”) will explain exactly what we mean in further detail below.

This Privacy Policy (the “Policy”) forms part of GemPalm’s Terms of Use (the “Terms”). Throughout the Policy, the terms “we”, “us” and “our” refer to GemPalm. We use the term “GemPalm” to refer to our site at www.gempalm.com and our other mobile and online digital application (“App”) and services.

1. About this Policy

This Policy applies to your use of this Site and the App, regardless of how you access via mobile devices and the App.

This Policy sets out the essential details relating to your personal data relationship with GemPalm. The terms governing your use of GemPalm services are defined in our Terms. It is important that you read this Policy so that you are fully aware of how and why we are using your personal data.

The aim of this Policy is to:

Ensure that you understand what personal data we collect about you, the reasons why we collect and use it, and who we share it with.
Explain your rights and choices in relation to the personal data we collect and process about you and how we will protect your privacy.
Your rights and your preferences: Giving you choice and control

The General Data Protection Regulation (“GDPR”) gives certain rights to individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are:

The right to access the personal data that we process about you – This enables you to receive a copy of your personal data we hold about you and to check that we are lawfully processing it.
The right to request the rectification of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You can manage some of this information in your account.
The right to request the deletion of your personal data – This enables you to delete or remove personal data where there is no good reason for us continuing to process it and also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), withdrawn your consent, and there is no other lawful basis where we may have processed your information unlawfully. However, please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data – This enables you to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposed. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. The right to object to direct and marketing purposes is absolute.
Request restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to delete it; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether use of your data but we need to verify whether we have overriding legitimate ground to use it.
Request transfer of your personal data – We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to withdraw consent – Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you.

If you wish to exercise any of the rights set out above, please contact GemPalm at social@gempalm.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

3. What personal data is collected

We may collect and store information which includes, but is not limited to, the following information about you:

Personal data you provide when you use our Services, create a GemPalm account and subscribe to GemPalm account
Personal data we collect automatically when you use our Services, create a GemPalm account and subscribe to GemPalm account
Personal data we collect in connection with the use of cookies or similar technologies
Personal data from other sources
Social network data you share with us

3.1 Personal data you provide when you use our Services, create a GemPalm account and subscribe to GemPalm account

Data that identifies you, such as your name, address, telephone numbers, email addresses, your user name that you provide when setting up your GemPalm account
Financial information (e.g. credit card and account numbers, transaction details, and form of payment)
Billing information you provide
You may provide us with additional information by updating or adding information to your GemPalm account, by inquiries, or if you contact us for any other reason regarding our Services
Other data that we are required or entitled by applicable law to collect and process and that we need for authentication or identification or for the verification of the data we collect

3.2 Personal data we collect automatically when you use our Services, create a GemPalm account and subscribe to GemPalm account

Data that is generated as part of one of your transactions (e.g. purchases, subscriptions) or that is linked to your GemPalm account as a result of a transaction in which you are involved, such as transaction amount, time and location of transactions and form of payment and payout method
Data regarding all other interactions with our Services, and your communications with us
Location data, including your general location (e.g. IP address), and the precise location data of your mobile device. Please note that for most mobile devices, you can manage or disable the use of your location services for all applications in the settings menu of your mobile device

3.3 Personal data we collect in connection with the use of cookies or similar technologies:

We use cookies and similar technologies to collect data while you use our services. We collect this data from the devices (including mobile devices) that you use our services with.

Data about the pages you visit, the access time, frequency and duration of visits, the links on which you click and other actions you take as part of your use of our services and in advertising and email content
Data about user preference and behaviour to be used for marketing and remarking purposes on Google and others
Data about your activities and interactions with our advertising partners including data about the advertisements you were shown, when and where they were shown, and whether you took any action, such as clicking on an advertisement etc
Model or device type, operating system and version, browser type and settings, device ID or individual device identifier, individual device token, and cookie-related data (e.g. cookie ID)
The IP address from which your device accesses the Services
Location data, including your general location data (e.g. IP address) and the precise location data of your mobile device. Please note that most mobile devices allow you to manage or disable the use of location services for all applications in the settings menu.

3.4 Personal data from other sources

We also collect personal data about you from other sources and from third parties to the extent permitted by applicable law. In particular, this includes the following data:

Data from credit agencies or bureaus (e.g. credit reports/checks, identity confirmation)
Data from data providers (e.g. identity verification, online advertising related data)

We combine or connect the personal data we collect from you with data from these other sources. Where personal data is disclosed to us third parties, we take steps to confirm that these third parties are otherwise legally permitted to disclose your personal data to us.

3.5 Social network data you share with us

We allow you to use social networks (such as Facebook) or other providers of single sign-on services (such as Google) with whom you already have an account to create a GemPalm account or link your GemPalm account to such single sign-on services. You can determine the personal data that we can access when authorizing the connection with the single sign-on service.
We may also use plug-ins or other technologies from various social networks. If you click on a link displayed through a social network plug-in, you voluntarily connect to that social network.

4. Explaining the legal bases for using personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you. For example, when you purchase our services, that is a contract between you and us for us to execute it.
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. For example, fraud screening as part of the check-out process or keeping our website secure.
Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.

Generally, we do not rely on consent as a legal basis for processing your personal data other than where the law requires it, for example in relation to sending certain direct marketing communications. Where our legal basis is consent, you have the right to withdraw consent at any time.

Below you will find a summary of the purposes for which we process your personal data, sorted out by our legal basis for this processing and sharing:

4.1 We process your personal data in order to fulfil our contracts with you and to provide you with our Services. This includes the following purposes:

Processing of data relating to you or your company for the purpose of entering into a contract with you and executing it.
Provision of our Services, including but not limited to enabling and performing transactions and ensuring the functionality of our Services. In connection with the provision of our Services, we will send you notifications relating to the execution of transactions and the use of our Services in accordance with the communication preferences in your GemPalm account.
Provision of our payment services
Providing general customer service support including the solution of problems with your GemPalm. For this purpose, we may contact you via email.
Enforcement of our Terms of Use, Privacy Policy and other policies.

4.2 We process your personal data in order to comply with legal obligations to which we are subject. This includes the following purposes:

Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or government agencies, in particular, for the purpose of detecting, investigating and prosecuting illegal acts
Prevention, detection and mitigation of illegal activities (e.g. fraud and money laundering)
Complying with information requests from third parties based on any statutory information rights they have against us (e.g. in the event of an intellectual property infringement or other unlawful activity)
Ensuring the information security of our services
Retention and storage of your personal data to comply with specific legal requirements

4.3 We process your personal data where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. In order to reconcile our legitimate interests with your rights, we have introduced control mechanisms. We process your data for the following purposes:

Participation in proceedings conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation to this effect and we may legitimately assume that the disclosure of the data is necessary to avert imminent disadvantages or to report a suspicion of an illegal act. In such cases, we will only disclose what we believe is necessary such as your name, address, telephone number, email address, user name, IP address.
Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, unless there is statutory obligation to this effect.
Monitoring and improvement of the information security of our Services, unless there is a statutory obligation to this effect.
Performance of identity checks and comparison of information for accuracy and verification purposes.
Administer and protect our business and the site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
Analysis and improvement of the Services to identify and solve problems and to provide you with an improved user experience.
To the extent permitted by applicable law without your consent, communications with you via email to inform you about our Services (according to your communication preferences in your GemPalm account). If you do not wish to receive marketing communications from us, you can also unsubscribe by clicking on the link in the email you received. For technical reasons, this may take a few days.
Evaluation of the quality and success of our email marketing campaigns (e.g. through analysis of opening and click rates)
Assertion of or defence against legal claims

4.4 With your consent, we process your personal data for the following purposes:

Marketing communications by email. We may engage third parties to send marketing communications on our behalf
Processing of your precise location data
Provision of a single sign-on service allowing you to log-in to third party services using your GemPalm log-in credentials
Processing of your personal data on the basis of your consent, which you have given so that we or third parties can enable you to use certain services or make them available to you

You can find information about your right to withdraw your consent above under section 2 - Your rights and your preferences: Giving you choice and control and information with regard to the use of cookies and similar technologies below under section 6 - Cookies.

5. Retention of your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We take appropriate measures to ensure that any personal data is kept secure and is kept for only so long as is necessary for the purpose for which it is used.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If your personal details change or if you have any queries about how we use your personal data, please notify us by contacting us at social@gempalm.com.

6. Cookies

When you use our Services, we may use cookies and similar technologies to provide you with a better and safer user experience. We may use technology to track the patterns of behaviour of visitors to our site. This can include using a cookie internet file, a small file that is sent by our web server to your computer, which we can access when you make return visits to our site.

Storing cookies is usual practice for any site that needs to remember what its users’ preferences are and we use cookies to keep track of your selections on the site. You can usually modify your browser to prevent this happening.

We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies).

6.1 Your choice regarding cookies

You can decide to what extent we may use cookies and similar technologies within the provision of our services. If you wish to deactivate the use of cookies that are operationally necessary, performance-related or functionality-related that we use within the provision of our services, you may do so by using the settings in your browser or device, if this is supported by your browser or device.

If you choose not to receive cookies, you may still use most of the features on your site, including the ability to purchase Services.

If you decide not to have your personal data processed by us for advertising purposes via cookies (and similar technologies), this does not mean that we will not show you advertisements. It simply means that these advertisements will not be personalised for you using first-party or third-party cookies, web beacons or similar technologies.

7. Data security

We protect your personal data through technical security measures to minimize risks associated with data loss, misuse, unauthorized disclosure and unauthorized disclosure and alteration. To this end we use firewalls and data encryption, for example.

8. Other important information regarding data protection

Children’s Privacy

Our services are not intended for use by children. We do not knowingly collect personal data from users who are considered children under applicable national laws. Under our Terms of Use, children are not permitted to use our services.