GYANT Privacy Policy

Introduction

About GYANT

GYANT connects you with trusted health information, answers, and tips, and even virtual consultations, all designed to help you feel good and live a happier, healthier life.

Do not use GYANT in the event of an emergency or for emergency care!

What is this document?

GYANT values your privacy. This Privacy Policy describes how we will protect and handle the personal information that you provide to us through our web, mobile and related services. Among other things, the GYANT Privacy Policy explains:

  • How we handle your Personally Identifiable Information
  • How GYANT protects your privacy when using our service
  • How we secure the information we collect by meeting or exceeding generally accepted industry standards

Why should I read it?

When you sign up for or use GYANT, you verify that you’ve read and agree to our Privacy Policy.

How does GYANT treat privacy?

When we say we care about your privacy, we mean it. Privacy policies are important documents, but many people don’t read them because they are long, confusing, and written in “legalese.”

We’ve designed our Privacy Policy with you in mind, creating answers to the most common questions about GYANT and how these services work where privacy issues may be involved. Everything is written in plain, easy to understand language.

This Privacy Policy describes what information you can share with us, how that information is stored, and how we use that information.

Who does this apply to?

This Privacy Policy applies to individuals who use our free service available via the GYANT app, Facebook Messenger, Alexa, and other platforms.

This Privacy Policy does not apply to individuals or entities that use the services we provide as a business associate of a covered entity in accordance with the Health Insurance Portability and Accountability Act and amendments thereto and implementing regulations (collectively “HIPAA”).  Individuals and entities that use the services we provide as a HIPAA business associate should review our HIPAA Privacy Policy.

This Privacy Policy also does not apply to individuals or entities that use the services we provide as a processor pursuant to a contract with a controller in accordance with the EU and Swiss privacy laws and regulations (“EU and Swiss Processor Services”).  Individuals and entities that use our White Label Services should refer to our EU and Swiss Processor Privacy Policy.

Your Data – Your Rights

Personal Data and Personally Identifiable Information

Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy below.

Consent

In order to use GYANT, you will be asked to consent to use of your personal data for the purposes set out in this Privacy Policy.  Minors may not consent to use and disclosure of their personal data unless authorized by applicable law to consent to such use and disclosure on their own behalf. Adults may use GYANT for the benefit of children for whom they are a legal parent, guardian or personal representative in accordance with applicable laws.  If you consent to the use and disclosure of personal data, you represent that you have the legal authority to do so.

After you have agreed to this Privacy Policy, by continuing to use GYANT, you agree to any updates to it. This means that if the Privacy Policy changes, you agree to these changes if you keep using GYANT. When this Privacy Policy is changed (other than for typographical corrections or minor changes that do not alter its meaning), the updated Privacy Policy will be available on our website with an updated “last modified” date at the bottom of the Privacy Policy. We may provide a summary at the bottom of the Privacy Policy, describing the types of changes made.

You may withdraw your consent to use of your personal data for the purposes set out in this Privacy Policy at any time. To do so, submit a request to GYANT support (by email to privacy@gyant.com).  Once your withdrawal of consent is processed, you will no longer be able to use GYANT.  Your withdrawal of consent will be processed without undue delay after receipt of the request.  Your withdrawal does not impact the lawfulness of any processing that occurred prior to the withdrawal.

Choice

GYANT offers you the opportunity to choose whether your personal information is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you – unless the use or disclosure is otherwise permitted or required by applicable law.  GYANT will not use or disclose your personal information for any use or purpose not described herein without your express consent unless otherwise permitted or required by applicable law.

In order to be able to offer you our website and the mobile and web-based services associated with it, we process personal data on the following legal bases:

  • Consent (Art. 6 para. 1 lit. a) GDPR)
  • Data processing for the fulfillment of contracts (Art. 6 para. 1 lit. b) GDPR
  • On the basis of a weighing of interests (Art. 6 para. 1 lit. f) GDPR)
  • For the fulfillment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)

Revoking your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

Data is processed pursuant to Art. 6 para. 1 lit. e) or f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you lodge your objection, we will no longer process the personal data that concerns you, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection on the basis of Art. 21 para. 1 GDPR).

Right to file complaints with regulatory authorities

In the event of infringements of the GDPR, the persons concerned shall have the right to appeal to a supervisory authority, in particular in the EU Member State of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.

The right to data portability

You have the right to have the data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent that is technically feasible.

Information, blocking, deletion and correction

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time regarding this or any other questions using the address given in our legal notice if you have further questions on the topic of personal data.

The right to restrict processing

You have the right to request the restriction of the processing of your personal data. To this end, you can contact us at any time at the address given in the imprint. The right to limit the processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination, you have the right to demand the restriction of the processing of your personal data.
  • If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
  • If you have objected pursuant to Art. 21 para. 1 GDPR, your and our interests must be weighed. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.

Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.

Contact Us

Data controller

The data controller is a natural or legal person who, alone or together with others, decides on the goals and methods of processing personal data (names, email addresses, etc.).

The data controller for data processing on the GYANT.com website and in all GYANT web and mobile services is:

GYANT.com, Inc.
247 Chapman Dr
Corte Madera, CA 94925
USA

Phone: +1.707.385-9933
Email: privacy@gyant.com

Statutory data protection officer

For the European Union and its Member States, we have appointed an external data protection officer for our company:

Mike Peter
Böchinger Weg 6
76829 Landau
Germany

Phone: +49-6341-6731696
Email: privacy@gyant.com

Privacy and Anonymity

Is GYANT anonymous?

Like an in-person patient-doctor interaction, your use of GYANT is confidential, but not anonymous. Your Personally Identifiable Information (like your real name, date of birth, email address and other such information) is securely transmitted and stored by GYANT using strong encryption.

Is GYANT safe and secure?

Yes. We use a variety of technologies and procedures to help protect the security of your personal information stored by GYANT from unauthorized access, use, or disclosure. GYANT also maintains standard physical and electronic procedural safeguards that limit access to your personal information to our employees (or people working on our behalf and under confidentiality agreements) who, through the course of standard business activities, need to access your personal information. Your personal information will be stored in a secure manner.

Does GYANT use encryption?

GYANT’s web and mobile services use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the orders or requests you send to us as a site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Does GYANT protect all of my information all of the time?

No.  While GYANT protects your information that is provided to and stored by GYANT and through the use of the GYANT mobile app or web-services, GYANT does not control and cannot protect your information when it is transmitted over channels used to access GYANT such as Facebook Messenger, Alexa and other platforms.  These channels may not be secure and may not protect your information.  You should review the privacy policy of the channels you use to access GYANT to understand how they may or may not protect your information.

Personal Information

What information can I store in my Profile?

Your Profile contains the information you provide when you initiate a conversation with GYANT or create a GYANT account, including your name, profile picture, location, email address and date of birth. GYANT also keeps a history of your past conversations with the service and may add your answers or preferences to your GYANT Profile.

How is the information in my Profile used?

GYANT uses your Profile information to help you better understand, stay engaged with, and track your health and to present you with personalized, relevant information.

Can I access my personal information stored by GYANT?

Yes, you can request access to your personal information stored by GYANT. To do so, submit a request to GYANT support (by email to privacy@gyant.com).  Access to your information will be provided without undue delay and without charge except as otherwise provided or required by applicable law.

Can I modify my Profile?

Yes, you can request to edit or delete information in your Profile at any time. To do so, submit a request to GYANT support (by email to privacy@gyant.com).  The modifications you request will be made without undue delay and without charge except as otherwise provided or required by applicable law.

Can others see my Profile or the health information maintained by GYANT?

No, others cannot see the information stored in your GYANT Profile.  You may ask GYANT to forward certain parts of your Profile or health information to others such as doctors or pharmacists. GYANT can, with your consent, forward certain parts of your Profile or health information to doctors or pharmacists on your behalf in preparation for a consult.

Is my profile secure?

Your account and Profile information maintained by GYANT are secure and password protected. GYANT does not control and cannot protect your information when it is transmitted over channels used to access GYANT.  These channels may not be secure and may not protect your information.

What is Personally Identifiable Information?

Personally Identifiable Information is information (like your full name and email address) that identifies who you are.

How do you keep my Personally Identifiable Information private, safe, and secure?

We keep your Personally Identifiable Information maintained by GYANT private by not displaying it or sharing it without your consent. We do not display this information on GYANT, except inside of your conversations with GYANT, which is visible only to you. We keep this information secure by using state of the art security measures. GYANT does not control and cannot protect your information when it is transmitted over channels used to access GYANT.  These channels may not be secure and may not protect your information.

How do you use Personally Identifiable Information?

We will retain and use your Personally Identifiable Information to provide you with and notify you about our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.  This may include disclosures of personal information in response to lawful requests by public authorities, including disclosures for national security or law enforcement requirements.

How long do you store Personally Identifiable Information?

Except as otherwise permitted or required by applicable law, we will store your Personally Identifiable Information until one of the following occurrences: (1) You request that the information be deleted; (2) You request that your account be deleted in connection with deactivation of the service.

Emails, Text Messages (SMS), Mobile Notifications

Will I ever receive Spam from GYANT?

No. We have a strict “No-Spam” policy. We do not share email addresses or other contact information with third parties without your permission.

What is my e-mail address or mobile phone number used for?

Your email address or mobile phone number may be used to create, log into, and manage your account on GYANT. We may use your email or phone number to provide you with notices about your account and our services.

Is my e-mail address and phone number maintained by GYANT kept private?

Yes. Your email address and phone number are not displayed by GYANT and are never visible to other GYANT users.

What is a Notification?

A Notification is an electronic message in your GYANT conversation thread, or a reminder or notice within the GYANT Apps.

How do I know if I have a Notification?

You will see Notifications when you log into GYANT. GYANT may send you email, SMS, or mobile push notices, providing you with account-related reminders or updates, or letting you know that you have a message on GYANT.

Managing and Limiting Communications

You can opt out of receiving most emails by selecting the unsubscribe link at the bottom of any email, and opt out of mobile messages by replying “STOP” to any message.

Registration and Deactivation

What basic information is required to sign up?

To receive the full benefits of GYANT simply create an account. During registration, we ask for some basic information, such as your name, email address, and date of birth. No additional data other than mandatory registration information is required to use GYANT.

What Facebook permissions are asked by GYANT?

By initiating a conversation with GYANT on Facebook Messenger, you grant GYANT certain Facebook permissions allowing it to perform actions with your Facebook account or your Facebook Messenger account and to retrieve information about you. This information includes Personally Identifiable Information included in the Basic Information permission, such as your Facebook user id, name, profile picture, gender and locale.

For more information about these permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.

Why do you ask for my gender, location, or date of birth?

Health conditions and appropriate actions often depend on your age group, geography, and gender. These data help us provide you with a personalized online health experience.

How do I deactivate my account?

You can request to delete your account at any time. To do so, submit a request to GYANT support (by email to privacy@gyant.com) and delete your conversation in whatever platform you were using to communicate with GYANT.

Information Use

How does GYANT use my personal information?

We use information collected through your use of GYANT to provide you with information about our current or future services, to enable the services we provide, and otherwise as described in this Privacy Policy. This Privacy Policy describes the ways that we use or disclose your information. In support of these uses, we may use personal information to:

  • provide you with important information about GYANT, including updates and notifications
  • send you email, notifications, SMS or other communications
  • help you determine appropriate services relevant to you, your lifestyle, and your geographic location
  • help you find or connect with doctors or pharmacies

Do you sell Personally Identifiable Information?

No, never! Your identity is safe with us and is not for sale. We do not sell Personally Identifiable Information.

What are aggregated information, statistics, and de-identified data (“Anonymous Data”), and how are they used?

Aggregated information is information from multiple users that is not associated with any individual user account; statistics are summaries of information, not associated with any individual user account; de-identified data does not include Personally Identifiable Information (collectively “Anonymous Data”). Anonymous Data are used to run and improve the services provided on or through GYANT. This information may also be used by us or provided to our partners for purposes of research and analysis.

Social Media and Cookies

Data processing through social networks

We maintain publicly accessible profiles on social networks. You can find details on the social networks we use below.

Social networks such as Facebook, Google+ etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous processes relevant to data protection. In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.

With the help of the data collected in this way, the operators of social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing on social media portals. Depending on the provider, the operators of social media portals may be able to carry out further processing operations. Details can be found in the Terms of Use and Privacy Policy of the respective social media portals.

Legal basis

Our social media sites are designed to ensure the widest possible presence on the Internet. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The analysis processes initiated by social networks may be based on different legal bases, which operators of social networks are obligated to state (e.g. consent within the meaning of Art. 6 para. 1 lit. a) GDPR).

Data controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing triggered during this visit. You can exercise your rights (information, correction, deletion, limitation of processing, data transferability and appeal) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our possibilities depend to a large extent on the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

About Facebook

We have a profile on Facebook. This feature is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified according to the EU-US Privacy Shield.

You can adjust your advertising settings independently in your user account.

Click on the following link and log in:
https://www.facebook.com/settings?tab=ads

Please refer to Facebook’s privacy policy for details:
https://www.facebook.com/about/privacy/

Can I share information from GYANT on social media?

Yes, you can share certain information from GYANT using social media services such as Facebook and Twitter. Please consider any impact on your privacy and anonymity when posting content to public services. Content posted to these services will be governed by the respective privacy policies of those services.

How do you use cookies?

Like most online services, GYANT uses cookies. All browser cookies we use are encrypted. We use session ID cookies and persistent cookies to enable you to sign in and to help personalize GYANT for you. Using cookies simplifies the delivery of relevant content and allows you to retrieve information you previously provided making use of GYANT features easier. We link the information we store in session cookies to personally identifiable information you submit while on GYANT. You have the ability to accept or decline cookies. If you choose to decline all cookies, you may not be able to use interactive features of GYANT or other websites that depend on cookies.

You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Third Parties

IP Anonymization

We have activated the IP anonymization feature on this website. Your IP address will be truncated by Google within the European Union or and the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser within Google Analytics is not merged with other Google data.

You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that, in such case, you may not be able to fully utilize all of the functions of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, as well as the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Instapage:

We use the Instapage service (Instapage Inc., 118 King St. Suite 450, San Francisco, CA 94107, United States) to create landing pages.

More about Instapage’s privacy policy here: https://instapage.com/gdpr

Amplitude

In order to continuously improve our service, we use the services Amplitude (Amplitude, Inc., Attn: Privacy, 501 2nd Street, Suite 100, San Francisco, CA 94107) and Firebase (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
USA)

We have entered into a data processing agreement with Amplitude. More about Ampitude’s data protection here: https://amplitude.com/privacy

Amplitude is also listed in the US Privacy Shield and thus meets European data protection requirements. More information here: https://www.privacyshield.gov/participant?id=a2zt000000001XZAAY&status=Active

Google (Firebase)

We have also entered into a data processing agreement with Google (Firebase).

More about Google’s data protection here: https://firebase.google.com/support/privacy/

Google is also listed in the Privacy Shield. More information here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

Is Personally Identifiable Information Provided to Third Parties?

GYANT may provide you with information about external service providers (“External Service Providers”) that may be of interest or use to you, for example doctors, nurses, pharmacies, hospitals or telemedicine services. GYANT does not provide these External Service Providers with any Personally Identifiable Information about you without your express consent.

Onward Transfers to GYANT’s Agents

Should GYANT contract with another processor (“Agent”) to provide any of the services GYANT provides to you, GYANT will enter into a contract with that Agent that provides that the Agent may have access to your personal information only for purposes of performing these tasks on our behalf. GYANT will obtain assurances from the Agent that the Agent will safeguard your personal information consistently with this Privacy Policy. Appropriate assurances will be obtained under contract obligating the Agent to provide at least the same level of protection as is required by the relevant Privacy Shield Framework Principles and other applicable law.  GYANT remains liable for the acts and omission of its Agents.

Does this Privacy Policy control information I share with Non-GYANT Providers?

No. This Privacy Policy does not apply to other service providers or links to other sites that are not owned or controlled by GYANT, and you should review the individual privacy policies and terms of service of these providers before using their services.

Privacy Shield and GDPR

Complaints and Dispute Resolution

Any questions regarding the use or disclosure of personal information should be directed to GYANT at the email or address provided above. GYANT will respond to complaints within 45 days of receipt of the complaint. GYANT will investigate and attempt to resolve complaints by reference to the principles contained in this Privacy Policy.

Privacy Shield and GDPR Compliance

GYANT complies with the EU-US Privacy Shield Framework and the Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  GYANT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

GYANT is also committed to compliance with the relevant provisions of the EU General Data Protection Regulation (“GDPR”) requirements regarding the collection, use, and retention of personal data from EU member countries.

Independent Recourse Mechanism

In compliance with Privacy Shield Principles, GYANT commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact GYANT at the email or address provided above.  If a privacy complaint involving EU or Swiss individuals cannot be resolved by GYANT, GYANT commits to refer unresolved privacy complaints under the Privacy Shield to an independent dispute resolution mechanism, established by the European Union Data Protection Authority (DPA) or Swiss Data Protection & Information Commissioner (Swiss DPA) as applicable. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by GYANT, please contact the applicable DPA or the approrpfor more information and to file a complaint.

The EU DPA panel may be contacted at ec-dppanel-secr@ec.europa.eu and the EU DPA may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.htm. Fax: (32-2)296 80 10. Telephone: (32-2)295 17 86. Mail: Data protection panel secretariat, Rue de Luxembourg 46 (01/126), B-1000 Brussels, BELGIUM.

The Swiss DPA may be contacted directly via the information provided at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.  By mail at Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1 CH 3003 Berne.  Telephone +41 (0)58 462 43 95 (Monday-Friday 10-12am). Telefax: +41 (0)58 465 99 96.

GYANT commits to cooperate with EU and Swiss DPAs and to comply with the advice given by such authorities with regarding to data transferred from the EU and Switzerland.

The DPA dispute resolution process shall be conducted in English.

The United States Federal Trade Commission (FTC) and/or the Department of Transportation is the statutory body that has jurisdiction to hear any claims against GYANT regarding possible unfair or deceptive practices and violations of U.S. laws or regulations governing entities certified under Privacy Shield.  In connection with its certification under Privacy Shield, GYANT is subject to the investigatory and enforcement powers of the FTC and/or the Department of Transportation.

Arbitration

Arbitration may be invoked for complaints that remain unresolved after: (1) submitting a complaint to GYANT does not resolve the complaint; (2) submitting a complaint to an independent dispute resolution mechanism established by the EU DPA or Swiss DPA does not resolve the complaint; and (3) allowing the U.S. Department of Commerce an opportunity to resolve the issue.  If these prerequisites for arbitration have been met, you can submit the matter to binding arbitration of the Privacy Shield Panel. The remedies from this arbitration are limited to individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual.  No damages, costs, fees, or other remedies are available from this arbitration.  Each party bears its own attorney’s fees for arbitration.


Date last modified: 10 October 2018