GYANT connects you with trusted health information, answers, and tips, and even virtual consultations, all designed to help you feel good and live a happier, healthier life.
Do not use GYANT in the event of an emergency or for emergency care!
What is this document?
- How we handle your Personally Identifiable Information
- How GYANT protects your privacy when using our service
- How we secure the information we collect by meeting or exceeding generally accepted industry standards
Why should I read it?
How does GYANT treat privacy?
When we say we care about your privacy, we mean it. Privacy policies are important documents, but many people don’t read them because they are long, confusing, and written in “legalese.”
Who does this apply to?
Your Data – Your Rights
Personal Data and Personally Identifiable Information
GYANT offers you the opportunity to choose whether your personal information is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you – unless the use or disclosure is otherwise permitted or required by applicable law. GYANT will not use or disclose your personal information for any use or purpose not described herein without your express consent unless otherwise permitted or required by applicable law.
In order to be able to offer you our website and the mobile and web-based services associated with it, we process personal data on the following legal bases:
- Consent (Art. 6 para. 1 lit. a) GDPR)
- Data processing for the fulfillment of contracts (Art. 6 para. 1 lit. b) GDPR
- On the basis of a weighing of interests (Art. 6 para. 1 lit. f) GDPR)
- For the fulfillment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)
Revoking your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
Data is processed pursuant to Art. 6 para. 1 lit. e) or f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you lodge your objection, we will no longer process the personal data that concerns you, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection on the basis of Art. 21 para. 1 GDPR).
Right to file complaints with regulatory authorities
In the event of infringements of the GDPR, the persons concerned shall have the right to appeal to a supervisory authority, in particular in the EU Member State of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
The right to data portability
You have the right to have the data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent that is technically feasible.
Information, blocking, deletion and correction
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time regarding this or any other questions using the address given in our legal notice if you have further questions on the topic of personal data.
The right to restrict processing
You have the right to request the restriction of the processing of your personal data. To this end, you can contact us at any time at the address given in the imprint. The right to limit the processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination, you have the right to demand the restriction of the processing of your personal data.
- If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
- If you have objected pursuant to Art. 21 para. 1 GDPR, your and our interests must be weighed. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.
Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.
The data controller is a natural or legal person who, alone or together with others, decides on the goals and methods of processing personal data (names, email addresses, etc.).
The data controller for data processing on the GYANT.com website and in all GYANT web and mobile services is:
247 Chapman Dr
Corte Madera, CA 94925
Statutory data protection officer
For the European Union and its Member States, we have appointed an external data protection officer for our company:
Böchinger Weg 6
Privacy and Anonymity
Is GYANT anonymous?
Like an in-person patient-doctor interaction, your use of GYANT is confidential, but not anonymous. Your Personally Identifiable Information (like your real name, date of birth, email address and other such information) is securely transmitted and stored by GYANT using strong encryption.
Is GYANT safe and secure?
Yes. We use a variety of technologies and procedures to help protect the security of your personal information stored by GYANT from unauthorized access, use, or disclosure. GYANT also maintains standard physical and electronic procedural safeguards that limit access to your personal information to our employees (or people working on our behalf and under confidentiality agreements) who, through the course of standard business activities, need to access your personal information. Your personal information will be stored in a secure manner.
Does GYANT use encryption?
GYANT’s web and mobile services use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the orders or requests you send to us as a site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Does GYANT protect all of my information all of the time?
What information can I store in my Profile?
Your Profile contains the information you provide when you initiate a conversation with GYANT or create a GYANT account, including your name, profile picture, location, email address and date of birth. GYANT also keeps a history of your past conversations with the service and may add your answers or preferences to your GYANT Profile.
How is the information in my Profile used?
GYANT uses your Profile information to help you better understand, stay engaged with, and track your health and to present you with personalized, relevant information.
Can I access my personal information stored by GYANT?
Yes, you can request access to your personal information stored by GYANT. To do so, submit a request to GYANT support (by email to email@example.com). Access to your information will be provided without undue delay and without charge except as otherwise provided or required by applicable law.
Can I modify my Profile?
Yes, you can request to edit or delete information in your Profile at any time. To do so, submit a request to GYANT support (by email to firstname.lastname@example.org). The modifications you request will be made without undue delay and without charge except as otherwise provided or required by applicable law.
Can others see my Profile or the health information maintained by GYANT?
No, others cannot see the information stored in your GYANT Profile. You may ask GYANT to forward certain parts of your Profile or health information to others such as doctors or pharmacists. GYANT can, with your consent, forward certain parts of your Profile or health information to doctors or pharmacists on your behalf in preparation for a consult.
Is my profile secure?
Your account and Profile information maintained by GYANT are secure and password protected. GYANT does not control and cannot protect your information when it is transmitted over channels used to access GYANT. These channels may not be secure and may not protect your information.
What is Personally Identifiable Information?
Personally Identifiable Information is information (like your full name and email address) that identifies who you are.
How do you keep my Personally Identifiable Information private, safe, and secure?
We keep your Personally Identifiable Information maintained by GYANT private by not displaying it or sharing it without your consent. We do not display this information on GYANT, except inside of your conversations with GYANT, which is visible only to you. We keep this information secure by using state of the art security measures. GYANT does not control and cannot protect your information when it is transmitted over channels used to access GYANT. These channels may not be secure and may not protect your information.
How do you use Personally Identifiable Information?
We will retain and use your Personally Identifiable Information to provide you with and notify you about our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. This may include disclosures of personal information in response to lawful requests by public authorities, including disclosures for national security or law enforcement requirements.
How long do you store Personally Identifiable Information?
Except as otherwise permitted or required by applicable law, we will store your Personally Identifiable Information until one of the following occurrences: (1) You request that the information be deleted; (2) You request that your account be deleted in connection with deactivation of the service.
Emails, Text Messages (SMS), Mobile Notifications
Will I ever receive Spam from GYANT?
No. We have a strict “No-Spam” policy. We do not share email addresses or other contact information with third parties without your permission.
What is my e-mail address or mobile phone number used for?
Your email address or mobile phone number may be used to create, log into, and manage your account on GYANT. We may use your email or phone number to provide you with notices about your account and our services.
Is my e-mail address and phone number maintained by GYANT kept private?
Yes. Your email address and phone number are not displayed by GYANT and are never visible to other GYANT users.
What is a Notification?
A Notification is an electronic message in your GYANT conversation thread, or a reminder or notice within the GYANT Apps.
How do I know if I have a Notification?
You will see Notifications when you log into GYANT. GYANT may send you email, SMS, or mobile push notices, providing you with account-related reminders or updates, or letting you know that you have a message on GYANT.
Managing and Limiting Communications
You can opt out of receiving most emails by selecting the unsubscribe link at the bottom of any email, and opt out of mobile messages by replying “STOP” to any message.
Registration and Deactivation
What basic information is required to sign up?
To receive the full benefits of GYANT simply create an account. During registration, we ask for some basic information, such as your name, email address, and date of birth. No additional data other than mandatory registration information is required to use GYANT.
What Facebook permissions are asked by GYANT?
By initiating a conversation with GYANT on Facebook Messenger, you grant GYANT certain Facebook permissions allowing it to perform actions with your Facebook account or your Facebook Messenger account and to retrieve information about you. This information includes Personally Identifiable Information included in the Basic Information permission, such as your Facebook user id, name, profile picture, gender and locale.
Why do you ask for my gender, location, or date of birth?
Health conditions and appropriate actions often depend on your age group, geography, and gender. These data help us provide you with a personalized online health experience.
How do I deactivate my account?
You can request to delete your account at any time. To do so, submit a request to GYANT support (by email to email@example.com) and delete your conversation in whatever platform you were using to communicate with GYANT.
How does GYANT use my personal information?
- provide you with important information about GYANT, including updates and notifications
- send you email, notifications, SMS or other communications
- help you determine appropriate services relevant to you, your lifestyle, and your geographic location
- help you find or connect with doctors or pharmacies
Do you sell Personally Identifiable Information?
No, never! Your identity is safe with us and is not for sale. We do not sell Personally Identifiable Information.
What are aggregated information, statistics, and de-identified data (“Anonymous Data”), and how are they used?
Aggregated information is information from multiple users that is not associated with any individual user account; statistics are summaries of information, not associated with any individual user account; de-identified data does not include Personally Identifiable Information (collectively “Anonymous Data”). Anonymous Data are used to run and improve the services provided on or through GYANT. This information may also be used by us or provided to our partners for purposes of research and analysis.
Social Media and Cookies
Data processing through social networks
We maintain publicly accessible profiles on social networks. You can find details on the social networks we use below.
Social networks such as Facebook, Google+ etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous processes relevant to data protection. In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Our social media sites are designed to ensure the widest possible presence on the Internet. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The analysis processes initiated by social networks may be based on different legal bases, which operators of social networks are obligated to state (e.g. consent within the meaning of Art. 6 para. 1 lit. a) GDPR).
Data controller and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing triggered during this visit. You can exercise your rights (information, correction, deletion, limitation of processing, data transferability and appeal) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our possibilities depend to a large extent on the corporate policy of the respective provider.
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.
We have a profile on Facebook. This feature is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified according to the EU-US Privacy Shield.
You can adjust your advertising settings independently in your user account.
Click on the following link and log in:
Can I share information from GYANT on social media?
Yes, you can share certain information from GYANT using social media services such as Facebook and Twitter. Please consider any impact on your privacy and anonymity when posting content to public services. Content posted to these services will be governed by the respective privacy policies of those services.
You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
We have activated the IP anonymization feature on this website. Your IP address will be truncated by Google within the European Union or and the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser within Google Analytics is not merged with other Google data.
You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that, in such case, you may not be able to fully utilize all of the functions of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, as well as the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
We use the Instapage service (Instapage Inc., 118 King St. Suite 450, San Francisco, CA 94107, United States) to create landing pages.
In order to continuously improve our service, we use the services Amplitude (Amplitude, Inc., Attn: Privacy, 501 2nd Street, Suite 100, San Francisco, CA 94107) and Firebase (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
We have entered into a data processing agreement with Amplitude. More about Ampitude’s data protection here: https://amplitude.com/privacy
Amplitude is also listed in the US Privacy Shield and thus meets European data protection requirements. More information here: https://www.privacyshield.gov/participant?id=a2zt000000001XZAAY&status=Active
We have also entered into a data processing agreement with Google (Firebase).
More about Google’s data protection here: https://firebase.google.com/support/privacy/
Google is also listed in the Privacy Shield. More information here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
Is Personally Identifiable Information Provided to Third Parties?
GYANT may provide you with information about external service providers (“External Service Providers”) that may be of interest or use to you, for example doctors, nurses, pharmacies, hospitals or telemedicine services. GYANT does not provide these External Service Providers with any Personally Identifiable Information about you without your express consent.
Onward Transfers to GYANT’s Agents
Privacy Shield and GDPR
Complaints and Dispute Resolution
Privacy Shield and GDPR Compliance
GYANT is also committed to compliance with the relevant provisions of the EU General Data Protection Regulation (“GDPR”) requirements regarding the collection, use, and retention of personal data from EU member countries.
Independent Recourse Mechanism
The EU DPA panel may be contacted at firstname.lastname@example.org and the EU DPA may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.htm. Fax: (32-2)296 80 10. Telephone: (32-2)295 17 86. Mail: Data protection panel secretariat, Rue de Luxembourg 46 (01/126), B-1000 Brussels, BELGIUM.
The Swiss DPA may be contacted directly via the information provided at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html. By mail at Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1 CH 3003 Berne. Telephone +41 (0)58 462 43 95 (Monday-Friday 10-12am). Telefax: +41 (0)58 465 99 96.
GYANT commits to cooperate with EU and Swiss DPAs and to comply with the advice given by such authorities with regarding to data transferred from the EU and Switzerland.
The DPA dispute resolution process shall be conducted in English.
The United States Federal Trade Commission (FTC) and/or the Department of Transportation is the statutory body that has jurisdiction to hear any claims against GYANT regarding possible unfair or deceptive practices and violations of U.S. laws or regulations governing entities certified under Privacy Shield. In connection with its certification under Privacy Shield, GYANT is subject to the investigatory and enforcement powers of the FTC and/or the Department of Transportation.
Arbitration may be invoked for complaints that remain unresolved after: (1) submitting a complaint to GYANT does not resolve the complaint; (2) submitting a complaint to an independent dispute resolution mechanism established by the EU DPA or Swiss DPA does not resolve the complaint; and (3) allowing the U.S. Department of Commerce an opportunity to resolve the issue. If these prerequisites for arbitration have been met, you can submit the matter to binding arbitration of the Privacy Shield Panel. The remedies from this arbitration are limited to individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual. No damages, costs, fees, or other remedies are available from this arbitration. Each party bears its own attorney’s fees for arbitration.
Date last modified: 10 October 2018