We may collect and hold personal information related to you that is necessary for the purpose of conducting our business, including (without limitation) to deliver products, services or information, improve our services to offer better experience, and to fulfill our regulatory obligations. We will tell you when we ask for your personal information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.
To undertake above goals, we may collect the following personal information related to our users:
When using the Application, we collect the personal information described below to enable convenient use of the functions. If you use our Application, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure its stability and security (legal basis: Art. 6 (1) lit. b) GDPR - performance of contract and Art. 6 (1) lit. f) GDPR – legitimate interest):
Furthermore, we require your device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address, name of your mobile end device, email address.
User profile: If you are a user of the Application, creating a user profile is optional. If you register for a user account with the Application, we may collect certain information such as your e-mail address, username and password. You can also use your social media login (such as sign in with Apple) to register with us. Note, however, that we do not collect information from your social media account.
User content: We will collect any user content you create, share, or post to the Application, which may include information contained in your user account, as well as photos or other (image) files and associated metadata. Please note that other users of the Application may be able to download and extract any images shared publicly on the Application.
Do not provide financial account numbers, social security numbers, pictures of other individuals, information regarding your health status or of other individuals or any other sensitive or confidential information via the Application.
Location Information: When you use our services, we don’t collect your precise location information using geo-location technology. However, we do collect your IP address from which we can only determine your coarse location and cannot identify your physical location. This allows us to enhance our services and your experience, and ensure that you are receiving relevant content.
We may also collect information that you submit when you contact the customer support, or otherwise submit information to the Company, including email address, and other information submitted during your use of the Application.
Financial Data: We utilize Apple and Google to process all financial transactions and Glority is not provided with any personal information related to your transaction.
Device and Internet Usage: If you download the Application, we may collect information from your device, including identifiers to help us identify your device’s hardware and operating system. Device information may be accessed using industry standard identifiers such as those approved by your device operating system manufacturer.
We may also collect information when you use our App, such as version of the App, device information (brand, model), OS information (name, version), language, provider name, signal strength (UMTS, LTE), Wi-Fi signal strength, SD-card use, and information on type of use (e.g. which functions were used and when).
We also may collect personal data by cookies as outlined below (see Section II).
Some devices may offer a “Do Not Track” feature, however, our Application does not respond to “Do Not Track” signals.
How to manage cookies
You can change your cookie preferences at any time by clicking on the cookie management tool implemented on our Application/Website.
Current versions of web browsers also offer user controls regarding the placement and duration of both first- and third-party cookies. You can find information about this and find more information about cookies at https://www.allaboutcookies.org. If you are interested in more information about behavioural advertising especially how to opt-out of these cookies, please visit https://youronlinechoices.eu/.
Please note that the data processing is essentially carried out by Google LLC and Google may use your data collected by the cookies for own purposes, e.g. profiling and will combine it with other data such as your Google Account.
For more information about how Google processes your data and Google’s approach to privacy as well as implemented safeguards for your data, please see: https://support.google.com/analytics/answer/6004245
For performance/analytics cookies data processing is often essentially carried out by the provider (third party, e.g. Google Analytics) which uses the collected personal data (not anonymous) also for own purposes (e.g. profile creation, and combination with other user data such as search history, personal accounts, usage data from other devices and all other data that provider has already about the user). Please note that the collected personal data is also often transferred and stored in countries where local authorities may have access to the data (like in the U.S., e.g. Google Analytics)
|To provide support and to respond to your requests and enquiries||We have a legitimate interest to respond to your requests and inquiries for ongoing business administration, Art. 6 (1) lit. b) and f) GDPR.|
|To deliver the Application’s services and to assist you while you use the Application||The processing is necessary for the performance of the contract with you, Art. 6 (1) lit. b) GDPR and we have a legitimate interest in providing assistance while using the Application, Art. 6 (1) lit. f) GDPR.|
|To personalize your visits to the Application||You have given consent to the processing, Art. 6 (1) lit. a) GDPR.|
|To improve the Application by helping us understand who uses the Application and how it is being used||You have given consent to the processing, Art. 6 (1) lit. a) GDPR; we have a legitimate interest in improving our Application, Art. 6 (1) lit. f) GDPR.|
|To share data with our service providers, such as those that host data for us, including Amazon Web Services||We have a legitimate interest in using vendors to provide our business services, Art. 6 (1) lit. b) and f) GDPR.|
|To share data with our affiliates||We have a legitimate interest to share data with our affiliates to provide our business services, Art. 6 (1) lit. b) and f) GDPR.|
|To market our products and services as well as enable third parties to provide advertisements to you via the Application||You have given consent to the processing, Art. 6 (1) lit. a) GDPR.|
|To send emails and push notifications to existing customers/users for own similar goods and services provided that customers/users have been properly informed beforehand and can cancel such messages/notifications at any time.||We have a legitimate interest in sending emails and push notifications to existing customers/users for own similar goods and services, Art. 6 (1) lit. f) GDPR.|
|To respond to law enforcement organization, or other government officials where we have a legal obligation, including complying with legal demands and complying with production and court orders. We will notify user of the information request or submission as, and if, allowed.||The processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) lit. c) GDPR.|
|The day to day running and management of the business including to monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use.||We have a legitimate interest to manage our business including to maintain ongoing operations and to improve and strengthen our operations, Art. 6 (1) lit. f) GDPR.|
|Protecting our legal rights and interests.||We have a legitimate interest for protecting our legal rights and interests, Art. 6 (1) lit. f) GDPR.|
|Sharing your personal information with third parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business.||We have a legitimate interest for sharing your information for that purpose, Art. 6 (1) lit. f) GDPR.|
Your Right to Object - Please note that you have a right to object to processing of your personal information where that processing is carried out for our legitimate interest. For more information about your other data subject rights please see below in section VI.
We retain your personal information for as long as it is necessary and relevant for the purposes described in this policy. The criteria used to determine the retention periods include: (i) how long the personal information is needed to provide the services and operate the business; (ii) the type of personal information collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the personal information (e.g., mandatory legal data retention periods, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).
If you are situated in the EU you have the right (subject to certain limitations) to ask us: (i) for access to and a copy of your personal information that we hold (Art. 15 GDPR); (ii) to update or correct your personal information in order to make it accurate (Art. 16 GDPR); (iii) to delete your personal information from our records in certain circumstances (Art. 17 GDPR); (iv) to object to us processing your personal information in certain circumstances (e.g. in case we process your data for direct marketing purposes - Art. 21 GDPR); (v) to restrict the processing of your personal data in certain circumstances (Art. 18 GDPR) and (iii) that some of your personal information is provided to you or sent to another data controller in a commonly used, machine readable format (Art. 20 GDPR).
Where we are relying on your consent to process your personal information, you have the right to withdraw your consent to this use at any time.
Your rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
All requests should be made using the contact details set out below. Please note that if you request that your personal information be deleted, you may no longer be able to access or use certain parts of the Application. We will respond to your request in writing, or orally if requested, as soon as possible and within one month at the latest after receipt of your request. In exceptional cases, we may extend this period by two months, in this case we will tell you why. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details below.
You also have the right to lodge a complaint with a supervisory authority, in particular the data protection authority in the EU Member State of your habitual residence or place of work.
California residents may request certain information about our disclosure of personal data during the prior calendar year to third parties for their direct marketing purposes. We do not share your personal data with third parties or corporate affiliates for their direct marketing purposes.
We do not sell personal information to third parties for their own business/commercial uses.
We maintain security standards and procedures designed to prevent unauthorized access to your data by anyone, including our staff. We use commercially reasonable means such as (but not limited to) data encryption, firewalls and server authentication to protect the security of your personal information. The Company and our staff and any third parties hired to provide support services will be required to observe our privacy standards and to allow us to audit them for compliance. However, no information security defenses are impenetrable, and we cannot guarantee the security of our applications, servers or databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
We may share your personal data with third parties, e.g. Affiliates of Glority (meaning any company, corporation or other entity that directly or indirectly controls, or is controlled by, or is under common control with Glority) for technical or customer service etc.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers, who will process it on behalf of Glority for the purposes described above.
If the business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and may be passed to the new owners of the business.
Personal information that we collect from you may be transferred and stored by us or our service provider(s) outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who works for us or for one of our suppliers.
The Application is hosted in the United States of America (U.S.). Therefore, personal information collected from you, including via the Application, will be transferred to the U.S. Your personal information will also be transferred to Glority Affiliates in Hangzhou.
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, personal information is only transferred in accordance with chapter five of the GDPR. Any data is therefore adequately protected, e.g. by data protection agreements, EU Commission approved standard contractual clauses or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request.
Please do not use the Application if you do not agree to the transfer and processing of your personal information in the countries listed in Section IX if it is illegal to do so in your home country.
Our Application is intended exclusively for persons over 16 years of age. We do not knowingly collect personal information from children under the age of 16, and in the event that we learn that a child under the age of 16 has provided information to us, we will delete that information as soon as possible.
If you have any queries regarding privacy issues or if you wish to exercise your data rights as described above, please contact us (see contact details below). To ensure that we carry out your instructions accurately, to help us continually improve our service and in the interests of security, we may monitor and/or record your telephone calls with us.
Our contact information:
Our DPO can be reached at the following contact details:
Bird & Bird International LLP
12 New Fetter Lane, London, EC4A1JP, United Kingdom