We do not knowingly collect personal information from anyone under the age of 16. If we learn that we have collected the information from a minor under the age of 16, we will delete that information as soon as possible.
For the purposes of any applicable data protection law ("Data Protection Law"), Gem Software, Inc. (“Gem Software”) is the data controller (i.e., the company who is responsible for, and controls the processing of, your Personal Information) for visitors to our website. Gem commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
We gather various types of Personal Information from our users and others, as explained in more detail below, and we use this Personal Information internally in connection with our Services, for example, to personalize, provide, and monitor and improve our Services, to allow you to set up a user account and profile, to contact you, allow others to contact you, and allow you to contact others through the Services, to respond to customer care and other inquiries, to process and fulfill your requests for certain products and services, and to analyze how you use the Services.
When you create a new account to use the Services we will solicit your consent to connect your email account to your new Gem account (using the OAuth authentication method), thereby providing us with access to your email account, including but not limited to email, contacts, and calendar. Gem accesses and stores a limited subset of data from your account, including name and email address, to provide you with our Services.
For users authenticating via Google accounts; Gem Software’s use of information received, and Gem Software's transfer of information to any other app, from Google APIs will adhere to Google's Limited Use Requirements.
We receive and store any information that you provide to us during your use the Services. For example, through your account settings, sending emails and InMail, creating lists of contacts, inputting contact information, requests for support through customer care, and otherwise using the Services, we may collect Personal Information such as your name, email address, location, phone number, payment information, and third-party account credentials (for example, your log-in credentials for Google Mail or other third party sites). Certain information may be required to register with us or to take advantage of some of our features.
In addition, we collect Personal Information you submit to us, for example by completing a form on our website or participating in a Gem event. In that case, we may communicate with you, for example by calling you at the phone number you provide or emailing you about your use of the Services. If you do not want to receive communications from us but believe we have your Personal Information, please indicate your preference by sending an email to email@example.com.
Whenever you use the Gem website or our Services, we automatically receive and record information in our server logs from your browser, which may include your IP address, information about your web cookies, and the page or feature you were interacting with. Cookies are web identifiers we, and other services, transfer to your browser to allow us to recognize your browser when you visit our site. We also use data from your cookies to track when and how often pages on our site and part of our Services are visited. We use this data to customize your experience with our Services and to generally improve our website and Services. You may be able to change the preferences within your browser to limit your acceptance of cookies, but this will prevent you from using some or all features of our Services. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.
We also automatically receive information about communications sent and received using our Services.
Our customers and other third parties may also provide us with Personal Information about our customers’ contacts and others. For example, we may receive Personal Information and other information from our customers, email senders, databases with information relevant to profile URLs and emails submitted to our Services, and other third parties. This information may include, without limitation, contact and other information.
In connection with your use of the Services, we may also collect information created or provided by you, or that we otherwise receive, in connection therewith. For example, if your contacts send messages to you, we may collect and maintain the message data, which may include Personal Information.
We use third party analytics services in order to better understand how our users are engaging with our Services. When a user browses our website or uses the Services, these services may collect the user’s IP address, browser type, and approximate location (based on the IP address). They may also set and access cookies on your computer or other device. In order to refine our understanding of user engagement, we provide these services with a user’s email address (which we collected as part of the user’s account registration process).
We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, data storage services, marketing services, and payment processing companies to receive and process your financial transactions for us. In addition, by submitting information on our Site or otherwise using our Services, Personal Information that we process and collect may be transferred between companies, business units and employees affiliated with us and you hereby explicitly consent to trans-border transmission of such information.
We may choose to buy or sell assets, and may share and/or transfer customer and other user information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, merged, reorganized, or if we go out of business, enter bankruptcy, or go through some other change of control or similar event, you acknowledge and explicitly consent that Personal Information could be one of the assets transferred to or acquired by a third party.
We care about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through our Service. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
For individuals based in the EU or Switzerland, we store Personal Information for as long as necessary to fulfill the purposes for which we collect the data (see above under "What information do we collect and for what purpose?"), except if required otherwise by law.
We currently use datacenter facilities located exclusively in the United States. Your information will be stored and processed in the United States or other countries where we decide to maintain datacenter facilities in the future. Regardless of what country you reside or supply information from, you authorize us to use, process and store your information in the United States and any other country where we operate, which may have different rules, regulations and protections regarding privacy than those in your jurisdiction.
When transferring data from the European Union, the European Economic Area, and Switzerland, Gem Software relies upon a variety of legal mechanisms, including contracts with our users. Gem Software complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States. You can find Gem Software’s Privacy Shield certification https://www.privacyshield.gov/list. You can also learn more about Privacy Shield at https://www.privacyshield.gov.
Gem Software is subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance — free of charge to you. We ask that you first submit any such complaints directly to us via firstname.lastname@example.org. If you aren't satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
Gem Software is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Gem Software complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions.
Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, Gem Software will provide individuals access to Personal Information about them. Gem Software also will take reasonable steps to enable individuals to correct, amend, or delete Personal Information that is demonstrated to be inaccurate.
Providing your Personal Information may be a requirement necessary to enable your use of the Services, including for the performance of certain services and functionalities offered by our website, such as replying to and managing of request of information, questions, communication or feedback. In the above referenced circumstances, refusal to provide your Personal Information would make it impossible for us to provide the requested services. However, providing your Personal Information for survey, marketing and other profiling purposes is optional; refusal to provide your Personal Information for these purposes will not have any impact on the entering into or performance of the contract. When requested under Data Protection Laws, we will collect your prior consent before proceeding to processing your Personal Information for these purposes.
We retain Personal Information for as long as you have an open account with us and for 3 years after you close your account. In some cases we retain Personal Information for longer, if doing so is necessary to comply with any legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify any individual personally.
In the EU, the purposes for which we process your personal data are:
Please contact us at email@example.com if you need details about the specific legal basis we are relying on to process your personal data where more than one legal basis has been set out.
Our main office address is 1 Post Street, 18th Floor, San Francisco, CA 94104, USA.
Last Modified: November 19, 2020