Gem Software Privacy Policy

This Privacy Policy covers our treatment of personally identifiable information (“Personal Information”) that we gather when you are accessing or using our websites and service offered at www.gem.com ("Services"), but not to the practices of companies we don’t own or control, or people that we don’t manage. We may also share some Personal Information with third parties, but only as described below.  

Our website or Services are not directed to persons under the age of 18. We do not knowingly collect Personal Information from anyone under the age of 18 nor knowingly allow such persons to register for the Website or Services. If we learn that we have collected the information from a minor under the age of 18, we will delete that information as soon as possible. If a parent or guardian becomes aware that their child has provided us with Personal Information without the parent’s consent, they should contact us at support@gem.com.  

For the purposes of any applicable data protection law ("Data Protection Law"), Gem Software, Inc. (“Gem Software”, “we”, “us” or “our”) is the data controller (i.e., the company who is responsible for, and controls the processing of, Personal Information) for Personal Information relating to our business customers and visitors to our website (“you” or “yours”). This Privacy Policy does not apply to other Personal Information that Gem processes on behalf of its customers as their processor/service provider and you will need to consult the relevant controller’s privacy notice. This Privacy Policy also doesn’t cover our treatment of Personal Information about candidates and other individuals that we receive from our partners and other third parties (“Business Data”). For information on how we process Business Data received from third parties, please view our Non-B2B Customer Privacy Notice here.

This Privacy Policy outlines your data subject rights, including the right to object to certain types of processing we carry out, for more information see the “Your data rights” section below.

What information do we collect and for what purpose?

We gather various types of Personal Information from our customers and website visitors, including, but not limited to, the following types of data:

Information Category Description
Information You Provide To Us
When you create an account with us
  • Name
  • Email address
  • Access to your email account
When you use our Services
  • Name
  • Email address
  • Location
  • Phone number
  • Payment information
  • Third-party account credentials (for example, your log-in credentials for Google Mail or other third-party sites)
Additional information you submit to us
  • Information you submit when completing a form on our website
  • Information you submit by attending a Gem event
Information Collected Automatically
Browser information
  • Your IP address and server logs
  • Information about your cookies and web browsing
Communications information
  • Information about communications sent and received using our Services (including messages data)

Information You Provide to Us

When you create a new account to use the Services, we will solicit your consent to connect your email account to your new Gem account (using the OAuth authentication method), thereby providing us with access to your email account, including but not limited to email, contacts, and calendar. Gem accesses and stores a limited subset of data from your account, including name and email address, to provide you with our Services.

For users authenticating via Google accounts; Gem Software’s use of information received, and Gem Software's transfer of information to any other app, from Google APIs will adhere to Google's Limited Use Requirements.  

We receive and store any information that you provide to us during your use the Services. For example, through your account settings, sending emails and InMail, creating lists of contacts, inputting contact information, requests for support through customer care, and otherwise using the Services, we may collect Personal Information such as your name, email address, location, phone number, payment information, and third-party account credentials (for example, your log-in credentials for Google Mail or other third party sites). Certain information may be required to register with us or to take advantage of some of our features.  

In addition, we collect Personal Information you submit to us, for example by completing a form on our website or participating in a Gem event. In that case, we may communicate with you, for example by calling you at the phone number you provide or emailing you about your use of the Services. If you do not want to receive communications from us but believe we have your Personal Information, please indicate your preference by sending an email to support@gem.com.  

Information Collected Automatically

Whenever you use the Gem website or our Services, we automatically receive and record information in our server logs from your browser, which may include your IP address, information about your web cookies, and the page or feature you were interacting with. Cookies are web identifiers we, and other services, transfer to your browser to allow us to recognize your browser when you visit our site. To learn more about how we use cookies and related technologies, please see our separate Cookies Policy.  

In connection with your use of the Services, we may also collect information created or provided by you, or that we otherwise receive, in connection therewith. For example, if your contacts send messages to you, we may collect and maintain the message data, which may include Personal Information.

What is our legal basis for processing in the EU?

When you access or use our Services, we process your Personal Information for the purposes described in this Privacy Policy. We rely on a number of legal bases to collect, use, store, share and otherwise process your Personal Information as described below.

Purpose and Relevant Personal Information Applicable Legal Basis

Using our Services

In order to provide you with our Services, and to allow you to set up a user account and profile, we process the following information:

  • name
  • company name
  • position
  • email address
  • phone number
  • billing details such as credit card information, banking information and/or a billing address
We rely on contractual necessity for this processing

Connecting your email account to your Gem account.

If you connect your email account to your Gem account, we process the following Personal Information:

  • name
  • email address
  • emails
  • contacts
  • calendar
We rely on contractual necessity for this processing
To process and fulfil your requests for certain products and services We rely on contractual necessity for this processing

Customizing your experience with our Services and otherwise improving our website and Services

In order to customise your experience with our Services and to generally improve our website and services, we use cookies to collect information about your online activity both while you are using the Services and after you leave our Services. For example, when and how often pages on our site and part of our Services are visited. We process the following Personal Information for these purposes:

  • IP address
  • Information about your web cookies
  • Your online activity (e.g. the page or feature you were interacting with)
We rely on our legitimate interests and those of our customers for this processing
Monitoring our services/ to analyze how you use the Services We rely on our legitimate interests for this processing
To provide customer support, and to respond to customer care and other inquiries We rely on legitimate interests for this processing
To contact you We rely on legitimate interests for this processing
To allow others to contact you, and allow you to contact others through the Services We rely on legitimate interests for this processing

To comply with a legal or regulatory obligation within the EEA

We may access, read, preserve, and disclose any information that we believe is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental and other legal requests, or court order within the EEA

We rely on our legal obligations for this processing where it is required by law. In cases where the processing is not required by law, but may nonetheless be appropriate, we rely on legitimate interests.

To comply with a legal or regulatory obligation outside of the EEA

We may access, read, preserve, and disclose any information that we believe is reasonably necessary to comply with law, legal obligations, regulations, law enforcement, governmental and other legal requests, or court order outside of the EEA

We rely on our legal obligations for this processing where it is required by law
To enforce or apply our Terms of Use and other agreements We rely on legitimate interests for this processing
To address fraud, security or technical issues We rely on legitimate interests for this processing
To protect the rights, property, or safety of Gem Software, our employees, our users, or others We rely on legitimate interests for this processing

Providing your Personal Information may be a requirement necessary to enable your use of the Services, including for the performance of certain services and functionalities, such as replying to and managing requests for information, questions, communication or feedback. In these circumstances, refusal to provide your Personal Information means that we cannot provide the requested services. However, providing your Personal Information for survey, marketing and other profiling purposes is optional; refusal to provide your Personal Information for these purposes will not have any impact on your use of the Services

Where we process your information on the basis of legitimate interests as described in the table above, you have the right to object to, and seek restriction of, this processing.

Information We Share

In certain circumstances we work with third parties to help us provide our Services and this can require us to share your information with these third parties.

We share your information with the following different categories of third-party service providers:

  • Analytics Service Providers. We use third party analytics services in order to better understand how our users are engaging with our Services. When you browse our website or use the Services, these services may collect your IP address, browser type, and approximate location (based on the IP address). They may also set and access cookies on your computer or other device. In order to refine our understanding of user engagement, we also share your email address (which we collected as part of the user’s account registration process) with these service providers. For example:
    ◦ FullStory. We use FullStory for recording your interactions with our site which helps us deliver a better user experience. For more information on the privacy practices of FullStory, please visit https://www.fullstory.com/legal/privacy/.
    ◦ Google Analytics. We use Google Analytics to track website traffic. Google Analytics is a web analytics service offered by Google. Google uses the data collected to track and monitor the use of our websites. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en. We also encourage you to review Google’s policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.  
  • Affiliated Companies, Business Units and Employees: Personal Information that we process and collect may be transferred between companies, business units and employees that become affiliated with us.  
  • Asset Transfer or Company Acquisition. We may choose to buy or sell assets, and may share and/or transfer customer and other user information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, merged, reorganized, or if we go out of business, enter bankruptcy, or go through some other change of control or similar event, you acknowledge that Personal Information could be one of the assets transferred to or acquired by a third party.  
  • We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example:
    ◦ data storage services,  
    ◦ marketing services, and  
    ◦ payment processing companies to receive and process your financial transactions for us.  

Compliance with our legal obligations and protecting our rights.

As explained in more detail in the Legal basis section above, we may need to share your Personal Information with third parties, including law enforcement authorities, to comply  with law, legal obligations, regulations, law enforcement, governmental and other legal requests, or court order; enforce or apply our Terms of Use and other agreements; address fraud, security or technical issues; or protect the rights, property, or safety of Gem Software, our employees, our users, or others.  

Data storage and transfer

If you are habitually resident in the European Economic Area (“EEA”), Switzerland or the United Kingdom, we will transfer or transmit Personal Information that you submit or otherwise share with us through your use of the Services to the United States and other countries outside of where you live for storage, processing and the other purposes described in this Privacy Policy.

For example, we currently use datacenter facilities located in the United States. Countries which are outside the EEA, Switzerland or United Kingdom may not offer the same level of data protection as in your home country, for example there is currently no adequacy decision in respect of the United States. Where the European Commission has recognized a country as providing an adequate level of data protection, Gem may rely on the Commission’s adequacy decision, as applicable, to transfer data.  

When transferring data to vendors outside the EEA, Switzerland or the UK, Gem Software relies upon a variety of legal mechanisms including.  Standard Contractual Clauses. For a copy of the Standard Contractual Clauses, please contact legal@gem.com.  

In certain limited circumstances, we may use derogations, such as the contractual necessity derogation, where appropriate to process personal data, when there are no other data transfer mechanisms applicable. For example, where the transfer of information is necessary to provide our Services as set out in the Terms of Service.

Your data rights

  1. Customer Account Data - Customers provide us with instructions on what to do with Customer Account Data. A Customer has many choices and control over Customer Account Data. Since these choices and instructions may result in the access, use, disclosure, modification or deletion of certain or all Customer Account Data, please review the Help Center pages for more information about these choices and instructions.
  1. Individual rights –You may have certain rights regarding your Personal Information that we hold. While some of these rights apply generally, certain rights apply only in limited cases based on your location:
    Right of access - You can request more information about the Personal Information we hold about you and request a copy of such Personal Information, which includes the categories of Personal Information, the categories of sources from which the Personal Information was collected, what the business or commercial purpose is for the collecting or selling of the Personal Information, and the categories of third parties that we share your Personal Information with.
    Right to rectification - If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
    Right to erasure – In certain circumstances, you have the right to obtain the erasure of your Personal Information without undue delay.
    Right to restriction - The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the data is contested by you, for a period enabling us to verify the accuracy of that data.
    Right to portability - You can ask for a copy of your Personal Information which you have provided to us in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
    Right to object - You have a right to object to processing of your Personal Information based on legitimate interests or in the public interest, and for direct marketing.
    Right to file a complaint - You have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or state.

You can contact Gem to exercise your rights by emailing support@gem.com.

Retention period

We retain Personal Information for as long as you have an open account with us and for 7 years after you close your account. In some cases we retain Personal Information for longer, if doing so is necessary to comply with any legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify any individual personally.  

An example of the retention period that applies to certain types of data that we collect is set out below:

  • Mailing lists: we retain the information you used to sign up for our blog alerts for as long as you remain subscribed (i.e., if you do not unsubscribe) or if we decide to remove our blog service, whichever occurs first.

Will we change the Privacy Policy?

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well. We post any changes we make to our Privacy Policy on this page and, where appropriate, we will provide you with reasonable notice of any changes before they take effect. The date the Privacy Policy was last updated is identified at the bottom of this page. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.  

How should you contact Gem?

If you have any questions about our privacy policy or wish to exercise your rights as an individual, please do so by emailing us at support@gem.com.

Our main office address is 1 Post Street, 18th Floor, San Francisco, CA 94104, USA.

Last Modified: July 15, 2022