myGaru: Privacy Notice

As your privacy champion, myGaru is here to help you. Please read this privacy notice carefully as it contains important information for you about how we do this, and about how your personal information will be used in connection with the myGaru mobile application (the "App").

1. About us

We are myGaru Technologies Limited (a company registered in England under Company No. 11839392), we are responsible for, and control the processing of, your personal data in relation to the App ("we", "us" or "myGaru").

If you would like to contact us in relation to this privacy notice, if you have any queries regarding your personal data or wish to exercise any of your rights in relation to your personal data (as explained further below) please get in touch using the following contact details:

[Email:] privacy@mygaru.com

2. How do we collect personal information about you?

We may collect information about you in various ways, for example:

  • You may provide us with information directly (e.g. when registering to use the App; where you respond to surveys we provide, where you fill in a form, or make a call to us).

  • We may collect information automatically from your use of your device in order to build your profile (e.g. gathering data from your use of your device or when you browse online).

  • We may collect information from third party applications where authorised by you (e.g. where you link an account or provide myGaru with access to other services or apps, such as Facebook or Twitter via the data management function of our App).

3. What personal information do we collect?

We will collect the following information about you when you initially register on our App: your name; email address; date of birth; mobile number; country; language; gender; and your Identifier for Advertisers (IFA/IDFA).

In addition, the following personal information may be collected (in one of the three ways set out at section 2 above) and processed by us in order to provide our products and services. Please note however that this list is not exhaustive and will depend on which third party apps you link to your myGaru account and what data you want to share (e.g. if you link a third party health & fitness app – the health and wellbeing data from within that app will be shared with us). myGaru gives you control over your data so the nature and volume of data you share with myGaru will be determined and controlled by you.

4. What do we use your personal information for, and on what legal basis?

We use your personal information for the purposes of:

  • exercising your rights as a data subject against third parties who hold your data (where you have signed up for this element of our service)

  • building a profile of you to share with advertisers to enable the serving of targeted, personalised and tailored advertising and marketing to you online;

  • to pass on rewards to you to ensure you receive a portion of the value of your personal data;

  • age verification;

  • to enable privacy functionality on your device;

  • notifying you of any changes to the App or to our products or services that may affect you;

  • administration;

  • personalising our services to you;

  • improving our products and services; and

  • complying with our legal obligations.

On what legal basis do we process your personal information?

  • Your consent: At myGaru we put you back in control of your data, so (save for certain minor exceptions) we request your consent to allow us to use your personal information for one or more of the purposes set out above. You can manage your consents (including withdrawing any consent) and control what data you share at any time via the data management function within our App.

  • For legitimate business purposes: Using your personal information helps us to operate and improve our business and minimise any disruption to the services that we may offer to you. It also allows us to make our communications with you more relevant and personalised to you, and to make your experience of our products and services an efficient and effective one.

  • To comply with our legal obligations and other demands for information: Compliance with laws, regulations, rules, codes and guidance is important to us. They affect the way in which we run our business, and they help us to make our products and services as safe as we can. Where we use your personal information for this purpose, rest assured that where possible we will take measures to protect your personal information.

The relevant legal basis for each element of processing is set out below:

5. Who do we share your personal information with?

Where you have expressly authorised us to do so via the User Authorisation, we will share certain limited amounts of your personal information with third parties in order to be able to exercise your lawful data rights against them (e.g. sufficient information for them to be able to identify you). We may also then need to share certain further personal information (i.e. your Identifier for Advertisers (IFA/IDFA)) in order to evidence the right being exercised against that third party.

To enable third parties to provide you with targeted personalised advertising we will need to share your unique Identifier for Advertisers (IFA/IDFA) with those third parties.

Otherwise, we will only ever share your personal information with trusted third parties and where necessary to provide our services to you. To that end we may share your personal information with any of the following:

  • our sub-contractors providing hosting and other technical infrastructure (e.g. Google, Amazon Web Services or Microsoft Azure);

  • our professional advisors and auditors;

  • other companies within the myGaru group of companies;

  • regulators, governments and law enforcement authorities;

  • courts, tribunals, arbitrators or other judicial committees; and

  • other third parties in connection with our selling, merging, buying, or reorganising all or any part of our business, or carrying out any similar change of our business (including any potential or actual purchaser of that business or that purchaser's advisors).

6. Where may your personal information be sent?

We may transfer your personal information out of the UK. The countries to which your data is transferred will only include countries within the European Economic Area.

Wherever we transfer your data out of the UK in this way, we will implement appropriate measures with the aim of ensuring that your personal information remains protected and secure, in accordance with applicable data protection and privacy laws.

7. How long will we keep your personal information?

We have a strict records retention policy that sets out how long we keep your personal information. As a general rule you are in control, so we will keep your personal information until such point as you withdraw your consent for us holding that information, or otherwise strictly only for as long as required (a) to comply with law; or (b) in connection with legal action or an investigation involving us.

You have the right to withdraw your consent and to request us to delete the information at any time, which we will aim to do within 72 hours. We may however sometimes be legally obliged to retain the information, for example, for tax and accounting purposes.

If you withdraw your consent to us holding your personal information or otherwise request us to delete it, we will still retain after any such withdrawal or request such personal data of yours as is necessary, and for so long as is necessary, in order to:

  • Reconcile and settle any rewards or payments passing between third parties, us and you;

  • Effect an orderly wind-down with third parties of the services we have provided to you; and/or

  • Establish or defend legal rights that we have relating to our relationship with you

8. How do we protect your personal information?

We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure. Our suppliers are carefully selected and required to use appropriate measures to protect the confidentiality and security of your information. Unfortunately, the transmission to us of information via the internet or a mobile phone network connection can never be completely secure; any transmission is at your own risk.

9. Websites or apps that we do not own or control

From time to time we may provide links to websites or mobile applications that we do not own or control. This privacy notice does not apply to those websites. If you choose to use those websites or mobile applications, please make sure that you check the legal and privacy statements posted on each website or mobile application you access to understand their privacy practices.

10. How do you exercise your rights in respect of your personal data?

myGaru champions your privacy and seeks to ensure you have maximum control over your personal data. You can manage your data preferences and settings via the data management function of our App at any time.

In addition, by law you have the right (subject to some exceptions):

  • to withdraw your consent to the processing of your information at any time;

  • to ask us about the processing of your personal information, including to be provided with a copy of your personal information held by us;

  • to request the correction and/or deletion of your personal information, or restrict or object to the processing of your personal information;

  • to have the personal information we hold about you erased; and

  • to request to obtain and reuse your personal information for your own purposes across different services.

If you would like to exercise any of these rights about your personal data that we hold, please get in touch using our contact details set out at the top of this privacy notice.

11. What if you do not want to provide us with your personal information?

Where you are given the option to share your personal information with us, you can always choose not to do so.

If you choose not to provide us with your personal information, you object to our processing of your personal information, or you choose to withdraw any consent that you may have provided to processing, we will respect such requests in accordance with our legal obligations. This may mean, however, that without that data we may not effectively be able to perform the actions necessary to achieve the purposes set out in this privacy notice. It may therefore mean that you may not be able to make use of the services and products offered by us.

We may be required or entitled to retain your information to comply with legal and regulatory obligations and to protect and exercise our legal rights and interests.

12. How to complain

If you have a complaint or query about the way we handle your personal data, please get in contact with us using the details set out at the top of this privacy notice. In addition, should you find it necessary, you have a right to raise a concern with the Information Commissioner's Office. For further details see: https://ico.org.uk/.

13. Changes to this Notice

We may update this notice, from time to time. We will notify you of the changes where required by law to do so.
This privacy notice was last modified on June 4th 2019.