Privacy and Security Policy

Collection and Use of PII Our primary goals in collecting information are to provide and improve our services, to administer your use of the Services (including your Account, if you are an Account holder), and to enable you to enjoy and easily navigate our services. How we collect and use information:

  • When you register for a basic account we collect your email address, and the date of birth.  (“Personally Identifiable Information” or “PII”).
  • Please note, on Android we require the Get_Accounts permission to associate your email with your ChatGum account. Android SDK combines “GET_ACCOUNTS” into the contacts permission group. However, we do not collect, upload, or store your contacts. For more information regarding this permission please read this page.
  • For additional Services beyond the basic account, we may ask you for additional information.
  • We may use cookies to identify that you’ve logged in to the Services. Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. Please note, however, that if you don’t accept cookies, you will not be able to stay automatically logged in to the Services.

How we use your PII

  • The PII we collect allows us to keep you posted on ChatGum‘s latest Services and updates. ChatGum and its affiliates may share PII with each other and use it consistent with this Privacy Policy. They may also combine it with other information to provide and improve our Services.
  • We also use PII to help us develop, deliver, and improve our Services.
  • Google analytics data is used to improve our app and delivery of our content,
  • Compliance with valid legal process
  • E-mails will be used for correspondence
  • From time to time, we may use your PII to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. We may also use PII for internal purposes such as auditing, data analysis, and research to improve ChatGum’s Services and customer communications.

Collection and Use of Non-PII We also collect non-PII − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-PII for any purpose. We may collect information such as  language, IP address, unique device identifier, location, and the time zone where the Services are used so that we can better understand customer behavior and improve our Services. If we do combine non-PII with PII the combined information will be treated as PII for as long as it remains combined.

Disclosure to Third Parties At times ChatGum may make certain PII available to strategic partners that work with ChatGum to provide products and services, or that help ChatGum market to customers. For example, when you make a purchase through the Apps, you authorize ChatGum and its third party payment processor to exchange the payment information you provide to us to carry out your purchase on the Services. PII will only be shared by ChatGum to provide or improve our Services; it will not be shared with third parties for their marketing purposes.

Service Providers ChatGum shares PII with companies who provide services such as hosting, information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys.. Others It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for ChatGum to disclose your PII. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all PII we collect to the relevant third party.

Protection of PII ChatGum takes precautions — including administrative, technical, and physical measures — to safeguard your PII against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction. When you use ChatGum Apps or post on a chat room, or social networking service, the PII you share is visible to other users and can be read, collected, or used by them. You are responsible for the PII you choose to submit in these instances. For example, if you list your name and email address in a board posting, that information is public. Please take care when using these features.

Integrity and Retention of PII We will retain your PII for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Control/Access to PII For other PII, we make good faith efforts to provide you with access to such PII so you can request that we correct or delete the PII we have about you. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. You may delete your account and associated PII within the app. Go to settings -> Delete Account. Access, or correction requests can be made by contacting ChatGum at PII@chatgum.com. Please include your username, approximate date of account creation, last device used, and email connected to the account. If we cannot authenticate your account then requests may be denied or ignored.

Although our website is a general audience site, we restrict the use of our service to individuals age 17 and above. We do not knowingly collect PII from users under 17.

Location-Based Services In some cases we collect and store information about where you are located, such as by converting your IP address into a rough geolocation. We may use location information to improve and personalize our Services for you.

International Users Information you provide may be transferred or accessed by entities around the world as described in this Privacy Policy. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there. Your use of the Services followed by your submission of any PII represents your agreement to that transfer.

Our Companywide Commitment to Your Privacy We take reasonable measures to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. ChatGum may update its Privacy Policy from time to time.

RIGHTS OF THE DATA SUBJECT Right of Confirmation. Each data subject has the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal information concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact our Data Protection Officer or another employee of the controller. Right of Access. Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal information stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  1. the purposes of the processing;
  2. the categories of personal information concerned;
  3. the recipients or categories of recipients to whom the personal information have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. where possible, the envisaged period for which the personal information will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal information, or restriction of processing of personal information concerning the data subject, or to object to such processing;
  6. the existence of the right to lodge a complaint with a supervisory authority;
  7. where the personal information are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Moreover, the data subject has the right to obtain information as to whether personal information are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to exercise this right of access, he or she may at any time contact our Data Protection Officer or another employee of the controller. Right to Rectify. Each data subject has the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal information concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal information completed, including by means of providing a supplementary statement. If a data subject wishes to exercise this right to rectification, they may, at any time, contact our Data Protection Officer or another employee of the controller. Right to Erasure. Each data subject has the right granted by the European legislator to obtain from the controller the erasure of personal information concerning him or her without undue delay, and the controller shall have the obligation to erase personal information without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  1. The personal information are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  3. The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal information has been unlawfully processed.
  5. The personal information must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  6. The personal information has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal information stored by the Controller, he or she may at any time contact our Data Protection Officer. Refer to the Control/Access to PII section above. Once your data is erased you may no longer access ChatGum or affiliated applications without agreeing to our terms and policies. Right of restriction of processing. Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: The accuracy of the personal information is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal information. The processing is unlawful and the data subject opposes the erasure of the personal information and requests instead the restriction of their use instead. The controller no longer needs the personal information for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims. The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. Right to Portability. Each data subject shall have the right granted by the European legislator, to receive the personal information concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal information has been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal information transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer designated by Company or another employee. Right to Object. Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal information concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. This data controller shall no longer process the personal information in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims. Right to withdraw data protection consent. Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal information at any time. If the data subject wishes to exercise the right to withdraw consent, he or she may at any time directly contact our Data Protection Officer or another employee of the controller. Provision of personal information as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal information; possible consequences of failure to provide such data We clarify that the provision of personal information is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal information, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with some personal information when our company signs a contract with him or her. The non-provision of the personal information would have the consequence that the contract with the data subject could not be concluded. Before personal information is provided by the data subject, in this circumstance the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether the provision of the personal information is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal information and the consequences of non-provision of the personal information. Legal Basis for Data Processing Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal information is necessary for the performance of a contract to which the information subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal information is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal information may be necessary to protect the vital interests of the data subject or of another natural person. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the aforementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal information. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR). When we change the policy in a material way, we’ll notify you of such changes by posting them on the Services or by sending you an email or other notification, and we’ll indicate when such changes will become effective. A notice will be posted on our website along with the updated Privacy Policy.

How do I submit a question to ChatGum’s Data Protection Officer (DPO), and what is their role?

 

ChatGum’s DPO is responsible for guiding our compliance with privacy regulation in the EU. They are the point of contact for European privacy regulators and questions and concerns from our users about data privacy.

For erasure requests please refer to section Control/Access to PII.

If you have other questions pertaining to your personal data you may contact our DPO at DPO@chatgum.com