EU, United Kingdom, Lichtenstein, Norway or Iceland Residents
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation and the version of the GDPR retained in UK law (together the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Glorify will be the controller of your Personal Data processed in connection with the Services.
If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at support@glorify-app.com.
Personal Data We Collect
The “Categories of Personal Data We Collect” section 2 above details the Personal Data that we collect.
Personal Data Use and Processing Grounds
The “Our Commercial or Business Purposes for Collecting Personal Data” section above explains how we use your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
- Profile or Contact Data
- Private Sensitive Personal Data
- Payment Data
- Other Identifying Information that You Voluntarily Choose to Provide
Legitimate Interest: We process the following categories of personal data under legitimate interest, one of the six lawful bases in the GDPR:
- App Analytics
- Device/IP Data
- Advertising Data
- Contact Information for Organization Account Sales
- Other Identifying Information that You Voluntarily Choose to Provide
- We may also de-identify or anonymize Personal Data to further our legitimate interests.
Examples of these legitimate interests include (as described in more detail above):
- Providing, customizing, and improving the Services.
- Marketing the Services.
- Corresponding with you.
- Meeting legal requirements and enforcing legal terms.
- Completing corporate transactions.
Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
Sharing Personal Data
The “Data Sharing” section above details how we share your Personal Data with third parties.
EU Data Subject Rights
You have certain rights with respect to your Personal Data, including those set forth below. To submit a request related to these rights, please email us at support@glorify-app.com with the subject line “EU Data Subject Rights Request.” Please note that in some circumstances, we may not be able to comply with your request, for instance if the request is deemed to be ‘manifestly unfounded’ or ‘manifestly excessive (repeating the substance of previous requests)’. What we mean by ‘manifestly unfounded’ is if the individual has no clear intention to access the information or is malicious in intent and has no real purposes other than to cause disruption. We will always respond to your requests within the statutory legislative time period and notify you of such a decision. Please note we also have a duty to uphold the confidentiality of other members, and so we may redact certain information relating to other individuals where applicable. Please note where In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
- Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging on to your account.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Right to File Complaint: You have the right to lodge a complaint about Glorify’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Transfers of Personal Data
Glorify is based and the Services are hosted and operated in the United Kingdom. In some instances, your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it.
If it becomes necessary for the purposes of providing our services to you, we will only share your personal data with organisations in countries benefiting from a European Commission adequacy decision or on the basis of Standard Contractual Clauses (SCC’s) approved by the European Commission/UK which contractually oblige the recipient to process and protect your personal data to the standard expected within the UK/EU.