Collection and Use of PII
Our primary goals in collecting information are to provide and improve our services, to administer your use of the Services (including your Account, if you are an Account holder), and to enable you to enjoy and easily navigate our services.
Here are some examples of the types of PII we may collect and how we may use it.
How we collect and use information
- When you register for a basic account we collect your email address (“Personally Identifiable Information” or “PII”).
- For additional Services beyond the basic account, we may ask you for additional information.
How we use your PII
- We also use PII to help us develop, deliver, and improve our Services.
- Google analytics data is used to improve our app and delivery of our content,
- Compliance with valid legal process
- E-mails will be used for correspondence
- From time to time, we may use your PII to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. We may also use PII for internal purposes such as auditing, data analysis, and research to improve ChatGum’s Services and customer communications.
Collection and Use of Non-PII
We also collect non-PII − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-PII for any purpose. We may collect information such as language, IP address, unique device identifier, location, and the time zone where the Services are used so that we can better understand customer behavior and improve our Services.
If we do combine non-PII with PII the combined information will be treated as PII for as long as it remains combined.
Disclosure to Third Parties
At times ChatGum may make certain PII available to strategic partners that work with ChatGum to provide products and services, or that help ChatGum market to customers. For example, when you make a purchase through the Apps, you authorize ChatGum and its third party payment processor to exchange the payment information you provide to us to carry out your purchase on the Services. PII will only be shared by ChatGum to provide or improve our Services; it will not be shared with third parties for their marketing purposes.
ChatGum shares PII with companies who provide services such as hosting, information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys..
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for ChatGum to disclose your PII. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all PII we collect to the relevant third party.
Protection of PII
ChatGum takes precautions — including administrative, technical, and physical measures — to safeguard your PII against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction.
When you use ChatGum Apps or post on a chat room, or social networking service, the PII you share is visible to other users and can be read, collected, or used by them. You are responsible for the PII you choose to submit in these instances. For example, if you list your name and email address in a board posting, that information is public. Please take care when using these features.
Integrity and Retention of PII
Control/Access to PII
For other PII, we make good faith efforts to provide you with access to such PII so you can request that we correct or delete the PII we have about you. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. Access, correction, or deletion requests can be made by contacting ChatGum at PII@chatgum.com.
Although our website is a general audience site, we restrict the use of our service to individuals age 13 and above. We do not knowingly collect PII from children under 13. If we learn that we have collected the PII of a child under 13, we will take steps to delete the information as soon as possible.
In some cases we collect and store information about where you are located, such as by converting your IP address into a rough geolocation. We may use location information to improve and personalize our Services for you.
Our Companywide Commitment to Your Privacy
We take reasonable measures to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
RIGHTS OF THE DATA SUBJECT
Right of Confirmation.
Each data subject has the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal information concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.
Right of Access.
Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal information stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:
- the purposes of the processing;
- the categories of personal information concerned;
- the recipients or categories of recipients to whom the personal information have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal information will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal information, or restriction of processing of personal information concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal information are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Moreover, the data subject has the right to obtain information as to whether personal information are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right of access, he or she may at any time contact our Data Protection Officer or another employee of the controller.
Right to Rectify.
Each data subject has the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal information concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal information completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may, at any time, contact our Data Protection Officer or another employee of the controller.
Right to Erasure.
Each data subject has the right granted by the European legislator to obtain from the controller the erasure of personal information concerning him or her without undue delay, and the controller shall have the obligation to erase personal information without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The personal information are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal information has been unlawfully processed.
- The personal information must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal information has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal information stored by the Controller, he or she may at any time contact our Data Protection Officer or another employee of the controller. The Data Protection Officer of Controller or another employee shall promptly ensure that the erasure request is complied with immediately. Once your data is erased you may no longer access ChatGum or affiliated applications without agreeing to our terms and policies.
Right of restriction of processing.
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: The accuracy of the personal information is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal information. The processing is unlawful and the data subject opposes the erasure of the personal information and requests instead the restriction of their use instead. The controller no longer needs the personal information for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims. The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to Portability.
Each data subject shall have the right granted by the European legislator, to receive the personal information concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal information has been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal information transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer designated by Company or another employee.
Right to Object.
Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal information concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
This data controller shall no longer process the personal information in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
Right to withdraw data protection consent.
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal information at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may at any time directly contact our Data Protection Officer or another employee of the controller.
Provision of personal information as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal information; possible consequences of failure to provide such data
We clarify that the provision of personal information is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal information, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with some personal information when our company signs a contract with him or her. The non-provision of the personal information would have the consequence that the contract with the data subject could not be concluded. Before personal information is provided by the data subject, in this circumstance the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether the provision of the personal information is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal information and the consequences of non-provision of the personal information.
Legal Basis for Data Processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal information is necessary for the performance of a contract to which the information subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal information is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal information may be necessary to protect the vital interests of the data subject or of another natural person. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the aforementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal information. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
How do I submit a question to ChatGum’s Data Protection Officer (DPO), and what is their role?
If you have additional questions pertaining to your personal data you may contact our DPO at DPO@chatgum.com