Last updated: November 12, 2019
GAN Integrity (“us”, “we”, or “our”) operates the www.ganintegrity.com website (the “website”) as well as the GAN Integrity Compliance Platform (the “B2B platform”); collectively “the Services”. We operate in offices in Copenhagen, Denmark, and in New York, United States. This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our website and the GAN Integrity Compliance Platform. Personal Information is information, or a combination of pieces of information, that could reasonably allow you to be identified. GAN Integrity is the controller of the Personal Information collected through the website and B2B platform. Our contact information is provided at the end of this notice. In particular, our Privacy Notice informs you about:
- The Collection and Use of Personal Information
- Log Data
- Use of Service Providers and other Third Parties
- Legal Compliance
- Business Transaction
- Lawful Basis for Processing Personal Information
- Security and Retention
- Choices regarding Collection and Use of Personal Information
- International Data Transfer
- EU-U.S. Privacy Shield Framework
- Swiss-U.S. Privacy Shield Framework
- Data Subject Requests & Complaints
- Links to Other Sites
- Children’s Privacy
- Changes to this Privacy Notice
- Contact Us
We will not use or share your Personal Information with anyone except as described in this Privacy Notice. We also comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and approved by the European Commission and Swiss Administration, respectively. GAN Integrity has certified that it complies in particular with the following Privacy Shield Principles (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access; and (7) Recourse, Enforcement and Liability in respect of any personal data received from the European Union, the United Kingdom or Switzerland. We use your Personal Information for providing and improving our Services. When you use the Services, we collect and use Personal Information in accordance with this notice. The legal basis for processing such data will depend on the context in which it is used and collected, as described in the sections below. To exercise your data subject rights or file a data protection complaint, please see the sectioned titled “Data Subject Requests and Complaints”. Unless otherwise defined in this Privacy Notice, terms used in this Privacy Notice have the same meanings as in our Terms and Conditions, accessible at www.ganintegrity.com.
Collection and Use of Personal Information
While using our Services, we may ask you directly to provide us with certain Personal Information that we use to provide you with the best services as possible. We may also collect your Personal Information by observing your interaction with the Services or by reaching out to a third party in the context of due diligence. Personal Information may also be submitted by your employer in the course of the use of the B2B Platform. The following section describes the Personal Information that we collect and use in the course of operating our website and the B2B Platform: The website The Personal Information that we collect may include but is not limited to:
- First and last name
- Job title, employer and location
- Contact information such as phone number, e-mail address, postal address
The Personal Information will be only used in order to respond to your requests about our services offered, to better understand your interests and to customize our services for your specific needs. The B2B Platform The Personal Information that we collect during your interaction with the B2B Platform may include but is not limited to:
- First and last name
- Job titles, employer and location
- Contact information such as phone number, e-mail address, postal address, fax number
- Login-details to the B2B Platform
- IP addresses while employees are using the system
Personal Information will be only used in order to provide our effective compliance services. Therefore, the purposes include, but are not limited to: verifying you as the authorized user, keeping the data safe, and providing product and Customer Success Services. Personal Information collected by GAN on the B2B platform is done on behalf and under the direction of the relevant GAN customers. In these cases, there is no direct relationship with the individuals whose information we collect and process. If we are processing your Personal Information on behalf of one of our customers, and you would like to access, correct or delete the Personal Information, you should directly contact our customer as the responsible data controller. Customers of our customers should directly contact our customers for any requests.
We may also collect information that your browser sends whenever you visit our services (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services that collect, monitor and analyze this type of information in order to increase our Service’s functionality. These third-party service providers have their own privacy policies addressing how they use such information.
Cookies are files with small amount of data, which may include a unique online identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. We use “cookies” to collect information in the context of analyzing trends and tracking the user’s movements around the website by collecting information about the time/date of the visit, the time/date of last visit and the page viewed. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Your consent can be withdrawn at all times. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Use of Service Providers or other Third Parties
We may employ third party companies and individuals to facilitate our Service to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We also make sure that third parties are bound to the same data protection requirements as we are. We retain the responsibility and liability for transfers to third parties. Where you provide us with your name, employer and/or contact details, we may share that information with relevant, carefully selected business partners for business-to-business marketing purposes.
Unless prohibited by applicable law, we may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send. Where required by applicable law, we will obtain your consent prior to sending you direct marketing communications.
We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
If GAN Integrity is involved in a merger, acquisition or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Notice.
Lawful Basis for Processing Personal Information
We must have a legal basis to process your Personal Information. In most cases the legal basis will be one of the following:
- To fulfill our contractual obligations to you, for example to provide the services you request and to ensure that invoices are paid correctly. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations.
- To comply with our legal obligations, for example to obtain proof of your identity to enable us to meet our fraud prevention and anti-money laundering obligations.
- To meet our legitimate interests, for example to understand how you use our services and to enable us to derive knowledge that enables us to develop new services. For example, we may contact you in your capacity as an employee or representative of your organization in order to conduct direct business-to-business marketing on the basis of our legitimate interests. When we process Personal Information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. For more information about the balancing test that we carry out to process your Personal Information to meet our legitimate interests, please contact us at the details below.
- When required by applicable law, we obtain and rely on your consent to send you direct marketing communications. Where we obtain your information in the context of a transaction, we may later contact you to conduct direct marketing.
Security and Retention
The security of your Personal Information and customer data is important to us. GAN has a dedicated team responsible for information security. GAN only engages service providers that conform to widely accepted information security standards. The B2B platform is hosted in state-of-the-art datacenters that are independently certified as compliant with multiple information security standards, including ISO 27001 and SOC 2. No company other than GAN Integrity and its service providers are allowed to access the Personal Information on the servers it is hosted on unless you authorize otherwise. GAN Integrity has taken reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. However, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. When we collect Personal Information on our own behalf, we will keep it for as long as we have a relationship with you, and for a period of 30 days thereafter, unless agreed otherwise. We will only retain your Personal Information after this time if we are required to do so to comply with the law, or if there are outstanding claims or complaints that will reasonably require your Personal Information to be retained. When we collect Personal Information on behalf of our customers and under their direction, we retain it as long as needed to perform the service to the customer.
Choices regarding Collection and Use of Personal Information
Depending on the law of your jurisdiction, you may have certain rights regarding your Personal Information. These may include the following rights to:
- access your Personal Information;
- rectify the Personal Information we hold about you;
- erase your Personal Information;
- restrict our use of your Personal Information;
- object to our use of your Personal Information;
- withdraw any consent that you have provided for the processing of your Personal Information at any time;
- receive your Personal Information in a usable electronic format and transmit it to a third party (right to data portability); and
- lodge a complaint with your local data protection authority.
In accordance with the above rights, GAN Integrity offers two choices to limit the collection and use of Personal Information. Those include your ability to:
- correct, update and delete your account information; and
- change your subscription to newsletters, marketing or promotional materials and other information.
If you would like to discuss or exercise your rights over your Personal Information, please contact us at the information provided below.
International Data Transfer
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. We have offices in New York, United States, and in Copenhagen, Denmark, and we access Personal Information from both of our offices when required in order to provide you with the Service. If you are located outside Denmark or the United States and choose to provide information to us, please note that we transfer the information, including Personal Information, to Denmark and the United States and process it there. We have put in place appropriate safeguards (such as the Privacy Shield framework or contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
EU-U.S. Privacy Shield
GAN Integrity participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. GAN Integrity is committed to subjecting all Personal Information received from European Economic Area (EEA) member states, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. GAN Integrity is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. GAN Integrity complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EEA, including the onward transfer liability provisions. With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, GAN Integrity Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, GAN Integrity may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. GAN Integrity commits to cooperate with the EU Data Protection Authorities (DPAs) with regard to human resources data transferred from the EU in the context of the employment relationship. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. For Privacy Shield complaints, please see the sectioned titled “Data Subject Requests and Complaints”.
Swiss – U.S. Privacy Shield Framework
GAN Integrity participates in and has certified its compliance with the Swiss-U.S. Privacy Shield Framework. GAN Integrity is committed to subjecting all Personal Information received from Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. GAN Integrity is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. GAN Integrity complies with the Privacy Shield Principles for all onward transfers of Personal Information from Switzerland, including the onward transfer liability provisions. With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, GAN Integrity is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, GAN Integrity may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. GAN Integrity commits to cooperate with the Swiss Federal Data Protection and Information Commissioner in relation to processing of human resources data transferred from Switzerland in the context of a data subject’s employment with GAN Integrity. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. For Privacy Shield complaints, please see the sectioned titled “Data Subject Requests and Complaints”.
Data Subject Requests and Complaints
In compliance with EEA and Swiss data protection laws and the Privacy Shield Principles, GAN Integrity commits to resolve complaints about our collection or use of your personal information. EEA and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact GAN Integrity at:
- Email: [email protected]
- Phone: +45 25 100 131 (only during business hours)
We strongly encourage email-only correspondence with GAN Integrity for documentation purposes. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Notice of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Our Service does not address anyone under the age of 13 (a “Child” or “Children”). We do not knowingly collect Personal Information from Children under 13. If you are a parent or guardian and you are aware that your Child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a Child under age 13 without verification of parental consent, we take steps to remove that information from our servers.
Changes to This Privacy Notice
We may update our Privacy Notice from time to time. Where possible and appropriate, we will notify you directly by email. We will also notify you of any changes by posting the new Privacy Notice on this page. You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when they are posted on this page.
If you have any questions about this Privacy Notice, please contact our Data Protection Officer at [email protected].