Last Updated: July 19, 2020
Your use of the Site following the posting of such changes or revised statement shall constitute your acceptance of any changes in our privacy practices, and you expressly waive any right to receiving notice of such changes except where your affirmative consent is required. We encourage you to periodically review this Policy whenever you visit our Site to make sure that you understand how any personal information you provide will be used.
A. What Information does this Policy Apply to?
This Policy applies to personal data we process in connection with the Site and the GMSTEK Service. Personal data means information that can be directly or indirectly associated with you by reference to an identifier, such as a name, an email address, an identification number, or other information by which you can be identified using reasonable means.
Personal data includes information we receive:
From you when you create a user account for the GMSTEK Service;
Through your use of the GMSTEK Service and through contributions by the community of users;
In email, text, and other electronic messages between you and GMSTEK or the Site.
When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy; and
Through any other site or application operated by GMSTEK or one of its affiliates that contains a link to this Policy.
B. Data Privacy Rights
General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area, you have the following rights with respect to your personal data:
Right of Access – a right to understand the nature and extent of how your data is processed;
Right to be Rectification – a right to request correction of inaccurate data;
Right to Erasure – a right to request erasure of personal data in some circumstances, commonly referred to as the “Right to be Forgotten”;
Right to Restriction of Processing – a right to limit how your personal data is processed;
Right to Data Portability – a right to receive personal data and transfer information to another controller;
Right to Object – a right to object to processing of your personal data based on your circumstances and a right to object to direct marketing; and
Right to Freedom from Automated Decision-making – a right not to be subject to decision-making based solely on automated processing, including profiling, that produces legal or similarly significant effects.
California Consumer Privacy Act of 2018
If you are a California resident, you may have additional privacy rights regarding your personal data. These rights include the right to request disclosure of the categories of information collected, the purposes for which that information is collected, and the types of third parties receiving access to your information.
You may also request deletion of your data and obtain information relating to any sharing of information with third parties.
To the extent possible, users will receive equal service and price regardless of whether they exercise their privacy rights under the California Consumer Privacy Act of 2018. GMSTEK does not sell the personal data of its users.
You may contact us regarding these rights by contacting us here.
C. How Do We Use the Information That You Provide to Us?
Broadly speaking, we use personal information for purposes of administering and expanding our business activities, providing customer service, making available other products and services to our users and prospective customers, to allow you to participate in interactive features on our Site, and to fulfill any other purpose for which you provide the personal information.
Specifically, we process your personal data for the following purposes:
User Accounts. We use your information to provide a specific user account that allows you to access the resources available on the GMSTEK Service. Your user account also allows you to customize your experience and manage your personal data. If you download the GMSTEK application onto a smartphone, we will generate a unique identifier for your application and will pre-register you on our system, which allows us to customize your experience before you create a user account.
Email Subscriptions. We use your email address and any stated subscription preferences to provide you with email content that we believe will be of interest to you. If you choose to sign up for an email newsletter, we will send the newsletter to the email address you register with us. If you wish to unsubscribe from the newsletter, you may do so by using the unsubscribe link in the newsletter.
Customer Support. We use your information to provide support in the event you request assistance. This information includes emails, SMS messages, and other methods of communication you use to provide us with details about any issues you may be experiencing with the respect to the GMSTEK Service. We may also use information relating to your support request to improve the GMSTEK Service.
Service Content. Users may post reviews, comments, and other content; send messages and other communications; and submit suggestions, ideas, comments, questions, or other information. All of these materials are referred to as Content. We may process your personal data in connection with your posting or sharing of Content. For example, comments or messages you send may include your name, photograph, or other personal data. We may also further process any Content to anonymize the Content to protect the privacy of our users and promote our business interests and services using the anonymized Content. We may edit Content to eliminate identifying information.
Direct Marketing. Occasionally, we may use the information we collect to notify you about new services and special offers we think you will find valuable. You may notify us at any time if you do not wish to receive these offers by emailing us at firstname.lastname@example.org. Our goal is to only provide you with materials that are of interest to you.
Profiling for Relevant Content. We may use the information we have collected from you to enable us to present content that we believe will be of interest to you. We profile customer interests based on information you provide to us directly and information developed based on your use of the GMSTEK Service. For example, we may use your searches on the GMSTEK Service to improve the quality of the results we provide to you.
Detecting and Preventing Fraud. We use your information to monitor for potentially fraudulent activities committed using the GMSTEK Service.
Legal Claims. We may disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims on behalf of GMSTEK, whether in court proceedings or in an administrative or out-of-court procedure.
Third-Party Advertising. Occasionally we may place ads that we believe will be of interest to you through 3rd party services. Users are identified solely using those services such as Google Analytics, Facebook Pixel and other similar services and no other personal data is available to GMSTEK through those services. If you do not wish for the advertisements you receive to be tailored to fit your interests, please email us at here.
Legal Obligations. In addition to the specific bases for disclosure of personal data set forth in this section, we may process or disclose your personal data where such processing or disclosure is necessary for compliance with a legal obligation to which we are subject. To the extent we are legally required to disclose information to law enforcement, we will comply with such requests. We will not otherwise voluntarily disclose your information.
D. Lawful Bases for Processing
Legitimate Interests. For purposes 1 – 12, processing of your personal data is necessary for the legitimate interests pursued by GMSTEK. GMSTEK values your fundamental rights and freedoms and carefully evaluates protection of your personal data with respect to such processing. GMSTEK will not engage in processing pursuant to this lawful basis to the extent GMSTEK’s legitimate interest is overridden by your interests or fundamental rights and freedoms which require protection of your personal data.
Specifically, purposes 1 – 12 are necessary to enable GMSTEK to provide high quality services, tailor content to specific users, provide customer support, provide common online services such as messaging, and otherwise improve the products and services offered. Purpose 1 allows GMSTEK to provide customized experiences for each user. Purposes 2,6, 7, and 10 are necessary to support GMSTEK’s legitimate interest in providing relevant content and promotions to users. Purposes 3 and 4 are used to provide, maintain, improve, and support users’ use of the GMSTEK Service. Purpose 4 also provides for promotion of GMSTEK’s business interests and services while protecting the privacy of our users. Purpose 8 is based on GMSTEK’s legitimate interest in protecting itself and its users from fraudulent activities. Purpose 9 reflects GMSTEK’s legitimate interest in putting forth valid legal defenses and claims.
With respect to profiling and third-party advertising, we have concluded the processing of user information is not likely to result in a high risk because i) each user profile includes a limited level of detail; ii) the profiles only extend to business areas that may be of interest to the user; iii) the targeting of marketing materials is unlikely to have a significant effect on the user; and iv) our internal processes are intended to promote accuracy, fairness, and non-discrimination. We value your fundamental rights and freedoms and therefore do not engage in uses of your information where our legitimate interests are outweighed by your fundamental rights and freedoms.
Legal Obligation; Vital Interests. In addition to the specific bases for disclosure of personal data set forth in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, as in the case of purpose 13, or in order to protect your vital interests or the vital interests of another natural person.
E. How Do We Protect Your Information?
We take appropriate security measures to protect against unauthorized access to all of our data. This includes internal reviews of our data collection, storage and processing practices, as well as an assessment of our encryption and physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal information to a limited number of our employees, partners and agents. These individuals and entities are bound by confidentiality agreements and may be subject to discipline, including termination and criminal prosecution, if they fail to meet any obligations required under their agreement with us.
The safety and security of your information also depends on you. You must maintain the security of your email accounts used to access the Site, and any other credentials you may use to access the site. Any information you share in public areas of the Site may be viewed by any other user of the Site. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
F. How Can You Access and Correct Your Information?
When you use our Site, we make every effort to provide you with access to your personal data and will correct this data if it is inaccurate or delete it at your request when you contact us at email@example.com, if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems. If we are unable to comply with your request, you have the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
G. Data Retention
We retain the personal information you provide while your account is in existence or as needed to provide you services. We may retain your personal data even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between members, prevent fraud and abuse, or enforce this Policy and the Site’s Terms and Conditions. We may retain personal data, for a limited period of time, if requested by law enforcement. Our customer service department may retain information for as long as is necessary to provide support-related reporting and trend analysis only.
H. Children Under the Age of 18
Our Site is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Site. We do not knowingly collect information from or relating to children under 18. If you are under 18, do not use or provide any information on this Site or on or through any of its features. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please email us at firstname.lastname@example.org.
I. Data Controller
GMSTEK, LLC is the controller of the personal data processed in connection with the Site and the GMSTEK Service. GMSTEK, LLC is located in the United States of America, with a mailing address of 18001 Old Cutler Road; Suite 472; Palmetto Bay, FL 33157.
J. Disclosure of Personal Data
We may disclose personal information that we collect or you provide as described in this Policy:
To our subsidiaries and affiliates who are also subject to the terms of this Policy;
To contractors, service providers, and other third parties we use to support our business and develop further the Site and GMSTEK Services, subject to sufficient guarantees of appropriate technical and organizational measures to protect your rights and privacy;
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some of all of GMSTEK's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by GMSTEK about our Site users is among the assets transferred;
To fulfill the purpose for which you provide it. For example, if you give us your email address and the email address of a colleague to subscribe the colleague to the Site’s features, we may transmit your email address to the colleague;
For any other purpose disclosed by us and supported by a lawful basis for processing when you provide the information; and
With your consent.
K. Transfers of Data
We process personal data on leased dedicated servers located in the United States of America. Our processor that provides these leased servers is Microsoft Azure. This transfer is subject to appropriate contractual safeguards and Microsoft Azure is certified under the EU-US Privacy Shield. Transfers to other processors are either subject to appropriate safeguards or on the basis of an adequacy decision.
In some cases, we may process personal information outside your own country. If you use the GMSTEK Service from outside the United States and provide personal data to us, your personal data may be transferred to the United States. If you use the GMSTEK Service from within the United States and provide personal data to us, your personal data may be transferred out of the United States.
L. California's Shine The Light Law
California Civil Code Section 1798.83, known as the 'Shine The Light' law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any personal information with third parties for their direct marketing purposes.
M. California Online Privacy Protection Act Notice
A Do Not Track (DNT) standard has not been adopted to this day, and therefore GMSTEK does not use DNT signals. GMSTEK does not authorize the collection of Personal Identifiable Information (PII) from our members on GMSTEK for third party use through advertising technologies without separate member consent.
What is DNT? - DNT is the concept that has been promoted by regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites.
What is a DNT signal - Currently, various browsers (including Internet Explorer, Firefox, and Safari) offer a DNT option that relies on a technology known as a DNT header that sends a signal to websites visited by the browser user about the user's DNT preference. You can usually access your browser's DNT option in your browser's preferences.
Is there a DNT technology standard? - The World Wide Web Consortium (W3C) has been working with industry groups, Internet browsers, technology companies, and regulators to develop a DNT technology standard. While some progress has been made on this issue, it has been slow; and to date, no standard has been adopted. Without an industry standard for DNT, users cannot know how any given company abides by a DNT signal they receive from browser headers. GMSTEK is committed to remaining apprised of the W3C efforts to develop a DNT standard.
How does GMSTEK respond to the signal? - GMSTEK takes privacy and security very seriously and strives to put our members first in all aspects of our business. With regard to DNT, while some of the analytics tools used by GMSTEK do respond to DNT signals, GMSTEK currently does not respond to DNT signals in browsers; because no DNT standard has been adopted, as noted above.
N. What About Other Websites Linked to Our Site?
O. Third-Party Marketing Consent
If at any time, you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can revoke your consent by sending us an email stating your request to here. For this revocation to function, you must have your browser set to accept browser cookies.
We do not control third parties' collection or use of your information to serve interest-based advertising.
However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website (http://optout.networkadvertising.org) or the Digital Advertising Alliance (DAA) on the DAA's website (http://optout.aboutads.info).
P. What Are Cookies?
Q. How Do We Use Information We Collect from Cookies?