GEM SOFT Privacy Policy

(Last Updated: August 2024)

This Privacy Policy (“Policy”) applies to users of GEM SOFT platform (“Platform”) operated by AST LLC ("us", "we", or "our") and describes terms and conditions of data processing. This Policy provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

Please read this Policy carefully.

By registering with the Platform, you confirm that You have read, understood and accept the terms and conditions of data processing stipulated in this Policy. Without accepting it in full users cannot use the Platform.

This Policy is based on the principles set forth in the Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation or the GDPR) and other applicable data protection laws.

In this Policy:

  • “You” or “user” refer to users of the Platform,
  • “Data” refers to data you provide during registration and use of the Platform.

Data or combination thereof can constitute your personal data in accordance with the laws of certain territories and countries. When we talk about personal data, we imply any information relating to an identified or identifiable natural person, excluding any anonymized and depersonalized data where any identity is absent or has been removed and cannot be recovered.

  • “Processing” refers to any action we do with your data, including collection, storage among other actions which refer to processing under applicable law.

Who we are

AST LLC, QFC NUMBER 01926, Licensed, Office No. 226-02, Floor No. 2, Regus Business Centre, No. 65, Doha, Qatar.

If you have any questions about this Policy or if you want to exercise any of your rights, please contact us at support@gemspace.com.

In respect to your personal data, we are a data controller. As a data controller we determine the purposes and means of processing personal data. We shoulder responsibility for it under applicable law.

As a data controller, we are ready to give you information on data we store about you and respond to your questions related to the Policy, among other actions set forth in this Policy.

What data do we process?

We obtain the data about you ourselves or through third parties when:

  • You register with the Platform and provide some data to create your Platform account, namely phone number and geo position. Such data is necessary for the use of the Platform. You can provide other data to us voluntarily and at your choice only.
  • You synchronize your phone book, including phone numbers and names, with the Platform. You provide such data voluntarily and at your choice only. If you permit the Platform to synchronize with your phone book you can see who also uses the Platform.
  • You use the Platform. We process the data on your activity via the Platform which covers:
    • Your connection status,
    • Whether you receive and read messages,
    • Data on calls you made or received and if you are currently on call,
    • Content you accessed to and accounts you interacted with,
    • Websites you linked to via the Platform,
    • Services you use via the Platform.
  • You access the Platform from a device. We process data on the device through which you access to the Platform:
    • Device ID,
    • Operating system,
    • Your browser,
    • Browser or operating system language,
    • Wireless network,
    • Your mobile carrier,
    • IP address.
  • You address the Platform customer service with your queries. In your queries you can share data, including your messages and other users’ data.
  • Third parties provide information about you. We process the following data:
    • Data about you which other users provide to us after registration through synchronization of a phone book, etc.
    • Data related to you from service providers. Such data cover payment information on transactions you made, for example, for non-activated functionality of the Platform or data on technical errors related to your use of the Platform
  • You provide data otherwise. We collect other data from you which is not specifically listed above.

We need the data so that you are able to use the Platform. Without the data the use of the Platform or its certain function can be limited or impossible.

Ordinarily we do not keep your messages, calls and content shared via the Platform. Such data is automatically deleted after their delivery. If the data is not delivered within up to 2 weeks, it is also deleted automatically.

You keep this data on the device through which you use the Platform. The only information we keep about the messages is its status and time of delivery.

We do not collect sensitive data on your ethnic origin, biometric data, health data, political, religious or philosophical beliefs, union memberships, genetic, health or sex life or other sensitive personal data or data of special categories.

Billing information

We do not collect and otherwise process your billing information, e.g. credit card, name, address, expiration date and security code. You send such data to a responsible third-party service provider through the Platform interface.

We only process information about your transactions to provide you with functionality of the Platform which activates when we receive payment confirmation from the payment provider.

Cookies

Cookies are text files placed on your computer. Cookies are sent to your browser from a website and stored on your device. We use cookies to enhance your experience in using the Platform, e.g. by remembering your log-in status and viewing preferences from earlier use of the Platform for later use.

Some cookies are essential for the proper operation of the Platform, while other cookies are optional. By registering with the Platform, you accept that we can obtain data by using the essential cookies.

The cookies we use cover:

  • Session Cookies which remember your activity on the Platform during the session.
  • Preference Cookies which remember your preferences in the Platform and various settings.
  • Security Cookies which we use for security purposes.

You can adjust your browser settings to prevent receiving cookies or to provide notification whenever a cookie is sent to you.

If you do this, certain functionality of the Platform can be limited.

You can also adjust your cookies preferences for Google remarketing services through https://tools.google.com/dlpage/gaoptout.

Why do we use your data?

The data we collect from you lets you use the Platform and helps our mission in creating best experiences for you from using the Platform.

We use your data to:

  • Make the Platform available for you, including, to:
    • Register you with the Platform, create your account and manage your registered account,
    • Communicate with you and respond to your queries,
    • Give you information about your account and respond to your requests on personal data,
    • Notify you on your contacts who are already the Platform user.
  • Improve the Platform, including, to:
    • Better understand users’ behavior and trends,
    • Detecting potential outages and technical issues.
  • Enhance security and safety of the Platform and your data, including to:
    • Prevent, detect, and investigate fraud, security breaches, potentially prohibited or illegal activities, protect our trademarks,
    • Send the Platform related notifications.

We can notify you via your phone number or email, including, to:

  • Restore access to your Platform account,
  • Respond to your queries,
  • Communicate on the Platform-support-related matters.

You can disable this at any time via your account settings. In this case you will be unable to use such features.

  • Remarketing services.

Google (Google LLC) serves advertising services based on your interaction with the Platform by using cookies and data related to your use of the Platform. You can opt-out the services through https://tools.google.com/dlpage/gaoptout.

  • Host and run the Platform.

Google (Google LLC) hosts the data and provides infrastructure which enable the Platform to run. Google provides services using outside the EU in compliance with the GDPR: http://cloud.google.com/security/gdpr/.

  • Comply with our obligations set by law.

Retention of personal data

We keep your data as long as it is necessary for the relevant purposes of their processing.

We can process your personal data after processing purpose is achieved if:

  • Required by law, e.g. accounting and tax records,
  • Any violation or abuse has occurred to you or to other users at your fault for as long as necessary to defend rights and legitimate interests,
  • A dispute between us and a user takes place,
  • We were summoned not to erase the data at the state body’s request or a court order.

If you delete your Platform account, we will delete your personal data quickly and permanently. Personal data and payment data cannot be deleted if it is necessary to comply with law.

We will keep your certain non-personal data on your use of the Platform, including your communication with customer service, for statistics purposes so that we can understand how the Platform is used and can be improved.

For more information about data retention terms in relation to specific personal data, please contact us at support@gemspace.com.

Who can access your data?

We do not share your data with third parties unless set forth hereof and under law.

To perform our obligations set hereof and in other Platform-related documents the following parties can access your data:

  • We, persons involved in or in charge of the Platform operation and our subsidiaries have access to your data in scope necessary for providing you with access to the Platform. New owners can access your data if we merge with or are acquired by business, or are involved in a transaction with similar financial effect.
  • Service providers that process payment, provide customer support, mailing services, hosting and storage and other services can access your data in connection to the Platform, Internet connection and other network providers for delivery of the data you share via the Platform.
  • Other users can see your:
    • Platform account data, e.g. nickname, profile picture. You can control access to other data through your account settings. Additional data can become available if you use certain functionality of the Platform.
    • Data which you share voluntarily, including by sending messages and content.
    • State bodies who are authorized to access your data under law.

If we share your personal data with our subsidiaries and third parties we guarantee an adequate level of protection, including by entering into a data protection agreement.

We share your non-personal data which cannot identify you with third parties for statistics purposes, e.g. for third-party providers who provide us data on our targeted audience, our users’ behavior.

What legal bases do we use to process your personal data?

We use different legal bases to process personal data depending on the type of data, the purposes, and circumstances of processing:

  • Consent. We process your personal data if you have provided us with your consent to use it for certain purposes. For example, to send you marketing messages. You can withdraw your consent any time without any detriment to your use of the Platform.
  • Performance of a contract. We process your personal data when it is necessary to fulfill our contractual obligations to you, including providing the functionality of the Platform or at your request prior to entering into a contract with you.
  • Legal obligations. We process your personal data where it is necessary for compliance with our legal obligations, such as to exercise or defend our legal rights, or for taxation purposes.
  • Legitimate interest. We process your personal data when we pursue our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects.

What rights do you have in respect to your personal data?

Under the General Data Protection Regulation (GDPR) you can exercise certain rights in respect to your data. You can exercise them by contacting us via support@gemspace.com. We may ask you to further confirm your identity. If the request affects the rights and freedoms of other users or is manifestly unfounded or excessive we can charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request.

  • Right of access. You can receive:
    • Information whether your personal data is retained,
    • Duplicates of such personal data.
  • Right to rectification. You must provide to us your correct, accurate and up-to-date personal data. If it is inaccurate or incomplete, you must change such data via the Platform account. Otherwise, we can ban your Platform account.
  • Right to erasure (right to be forgotten). You can delete your personal data by sending us your request and by withdrawing your consent in respect to the requested scope. Removal of certain data can result in impossibility to use the Platform in full or in part.
  • Right to object. When our processing of your personal data is based on legitimate interests according to Article 6(1)(f) of the GDPR you can object to this processing. If you object, we will no longer process your personal data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular, if the data is necessary for the establishment, exercise or defense of legal claims.
  • Right to restriction of processing of your Personal Data. You can obtain restrictions for processing of your personal data under article 18 of the GDPR.
  • Right to personal data portability. You can receive your personal data in a structured, commonly used and machine-readable format and transmit it to another controller as set forth in article 20 of the GDPR.
  • Right to lodge a complaint at a supervisory authority. You can find contact details of local data protection authorities of the EU Member States at https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are in the UK, please visit https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/. If you are in Switzerland, the contact details for the data protection authority are available here: https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html.

What happens to your data on third-party websites or apps?

The Platform contains links to third-party websites or services. The Policy does not apply to such websites and services, and we are not responsible for their privacy practices.

To learn how your data is processed though such websites and services please read their privacy policies.

Namely, the Platform provides you with access to Market Space. Processing of your personal data is governed with its own Privacy Policy. You can accept it by registering with Market Space.

How do we protect your data?

We use technical and organizational measures to protect your personal and non-personal data against accidental or unlawful destruction, alteration or loss, unauthorized disclosure or access.

We take reasonable measures possible, including application of encryption, and required by law to keep confidentiality and secrecy of your data, to keep it safe and prevent unauthorized access and maintain data security.

Do we transfer your data abroad?

Your data can be transferred abroad as it is necessary to provide you with access to the Platform and Platform-related services.

In this case your data is treated securely and in accordance with this Policy using an adequate level of protection as set forth in the GDPR. For data transfers to other countries, we always implement appropriate safeguards to ensure that your data always remains safe and that your rights are respected:

  • The country or the third party is recognized as providing adequate protection.
  • A valid transfer mechanism is applied such as the Standard Contractual Clauses and the supplementary measures are implemented, where necessary.
  • The transfer has your explicit consent.
  • The transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract.

Namely, you can access Market Space via the Platform. To let you use Market Space we transfer some of your personal data, e.g. registration data, technical data, to Marketspace Solutions OÜ which operates Market Space.

As we operate internationally and provide access to the Platform users worldwide your account data, e.g. nickname among other data which you make available to other users, can become available to users outside your state.

If you wish to obtain a copy of the Standard Contractual Clauses used, please contact us at support@gemspace.com.

To determine if a non-EU country has an adequate level of data protection, please visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

Who must consent to personal data processing?

The minimum age to create the Platform account is 13. The Platform will not knowingly collect personal data from children under this age.

If certain countries apply a higher age of consent for the collection of personal data, we require parental consent before registration of the Platform account and collection of their personal data.

If you are a parent or guardian and you are aware that your child provided us with personal data, please contact us at support@gemspace.com. If we become aware that we have collected personal data from children without verification of parental or guardian consent, we will take steps to remove that information from the Platform.

How do you know amendments to the Policy?

We can amend or update our Policy. We will notify you on such amendments by posting the “Last Modified” date in the document. We will post the changes to this Privacy Policy and encourage you to review it to stay informed. Your continued use of the Platform confirms your acceptance of the new Policy as amended. If we make changes that materially alter your privacy rights, we will provide additional notice via email.

Contact us

If you have questions about our Privacy Policy or if you want to exercise any of your rights, please feel free to send us an email to support@gemspace.com or a request to the requisites in the “contact us” section.