Privacy policy

1. Introduction

We take privacy very seriously at Gimi. That’s why we put together this list of rules and information, “a policy”, so you know what information we collect and how we use it.

Gimi is constantly working to improve the services and their security, which means we have to update our privacy policy from time to time. The last time we updated this policy was the 10th of March 2020. We will update it again, so please visit often to see if we have made any changes. In case of substantial changes, Gimi will let you know with an in-app message or writing it on the Gimi website.

Gimi AB, (“Gimi”, “We”, “our”, “us”). org nr 556985-8029, is the data controller regarding the processing of personal data that is described in this privacy policy unless specifically said otherwise.

2. Information we collect

Gimi might collect the following information when you use Gimi’s services. Either because you give the information to us directly, or because you are using on of our partners that work on behalf of Gimi.

  • Contact and identifying information:
    Email-address, phonenumber, date of birth, age, sex, userID, username.
  • Device information:
    DeviceID, usage data and related information, including but not limited to technical information about your smartphone or tablet, system and application software, and peripherals,  unique identifier, device type, ID for advertising, ad data, unique device token, operating system, connection information, screen resolution, usage statistics, version of the Gimi Apps you use and other information based on how you use our Service.
  • Account information:
    Bank, bank account, balance, transaction history.
  • Card information:
    Card issuer, card number, type of card.
  • Transaction information:
    Merchant ID, amount, date, card number.
  • KYC – information:
    Copy of passport/ID, address, personal number.
  • Free text:
    Text that are written freely in customer support forum and commentary fields.

Gimi gathers, analyzes and aggregates User data to make the services better. Gathered data is stored and protected in Our servers.

3. Legal basis

Gimi uses the following legal bases for processing of personal data.

  • Fulfillment of contract – To fulfill our contract with you, in other words provide the service, we need to process your personal data. Personal data that are stored because of fulfilment of agreement are stored until you delete your account and effectively terminate your agreement with us. Please note that uninstalling the app is not enough. You delete your account through the app settings.
  • Legitimate interest – For some processing where Gimis interest and your right to not have your personal data processed for the specific purpose. Personal data that are stored because of legitimate interest are stored until the legitimate interest has ceased. The storage time is decided separately for each processing but is evaluated at least once yearly. 
  • Legal obligation – Gimi has to obey regulations and laws and are therefore obligated to process your personal data accordingly. Personal data that are stored because of legal obligation are stored as long as the law demands. For prevention of money laundering and fraud the data is stored for up to 10 years.

4. Personal data that we process, purposes and legal basis

Processing to provide Gimi Beginner and Master

Creation and management of user account.

Personal Data Contact and identification information, device information.
Legal Basis Fulfilment of contract.

Processing of personal data of children below 13 years old at sign-up flow

Personal Data Contact and identification information, device information.
Legal Basis Legitimate interest – Gimi ensures that the legitimate interest of providing a smooth sign-up flow outweighs a child’s interest of not having its information processed for this purpose. In the assessment it has been considered that Gimi deletes the information after 7 days if a supporter has not been connected to the child, as well as the limited amount of personal data in this processing. Gimi ensures that this overweighs the fact the the child is below 13.

Send SMS to users for information on errors in the service or verification

Personal Data Contact information.
Legal Basis Fulfilment of contract.

Send push notification to users for information on errors in the service or verification

Personal Data Contact information.
Legal Basis Fulfilment of contract.

“Gimi Friends” Show users other users and give them the chance to socialise in the app

Personal Data Contact and identification information.
Legal Basis Legitimate interest – Gimi ensures that the legitimate interest in offering a profile picture feature overweighs your right not to have your personal data processed for this purpose. It has been considered that the feature is an opt-in feature with limited amount of data processed.

Customer surveys (You can unsubscribe from customer surveys)

Personal Data Contact and identification information.
Legal Basis Legitimate interest – Gimi ensures that the legitimate interest in performing customer surveys overweighs your right not to have your personal data processed for this purpose. It has been considered that participation in customer surveys is voluntary.

Profile picture feature

Personal Data Contact and identification information
Legal Basis Legitimate interest – Gimi ensures that the legitimate interest in offering a profile picture feature overweighs your right not to have your personal data processed for this purpose. It has been considered that the feature is an opt-in feature with limited amount of data processed.

Customer support

Personal Data Contact and identification information, device information, potential personal data in free text.
Legal Basis Fulfilment of contract.

Account information services

Personal Data Contact information, account information, KYC-information.
Legal Basis Fulfilment of contract.

Payment initiation services

Personal Data Contact information, account information, KYC-information.
Legal Basis Fulfilment of contract.

Delivery of Gimi-card

Personal Data Contact information, KYC-information.
Legal Basis Fulfilment of contract.

Top-up of the Gimi-card

Personal Data Contact and identification information, card information, transaction information, KYC-information.
Legal Basis Fulfilment of contract.

Anonymising of personal data for analysis, product development and research on user behaviour

Personal Data Contact and identification information, device information.
Legal Basis Legitimate interest – Gimi ensures that the legitimate interest in anonymising your personal data for analysis, product development and research overweighs your right not to have your personal data processed for this purpose.

Analysis of user behaviour, eg. for the purpose of improving the prestanda of the app and develop the app

Personal Data Contact and identification information, device information.
Legal Basis Legitimate interest – Gimi ensures that the legitimate interest in processing your personal data for analysis and development overweighs your right not to have your personal data processed for this purpose.

Internal and external research through universities and other organisations

Personal Data Contact and identification information, device information, transaction information.
Legal Basis Legitimate interest – Gimi ensures that the legitimate interest and societal value in processing your personal data for research on the subject children and money overweighs your right not to have your personal data processed for this purpose.

Comply with legislation on prevention of money laundering and fraud

Personal Data Contact and identification information, device information, transaction information
Legal Basis Legitimate interest – Gimi has a legitimate interest in defending Gimi against legal claims and secure its legal rights. Gimi ensure that processing is necessary to fulfil this purpose and that our interest overwieghs your right to not have your personal data processed for this purpose.

Direct marketing through email. (You can unsubscribe from this marketing)

Personal Data Contact and identification information
Legal Basis Legitimate interest – Gimi ensures that the interest to perform direct marketing overweighs your right to not have your personal data processed for this purpose. Recital 47 GDPR has been considered as well as the opt-out function.

Direct marketing through push-notification (You can unsubscribe from this marketing)

Personal Data Device information
Legal Basis Legitimate interest – Gimi ensures that the interest to perform direct marketing overweighs your right to not have your personal data processed for this purpose. Recital 47 GDPR has been considered as well as the opt-out function.

Managing accounts on social media for marketing and customer contact. (Gimi does not use information from your profiles on social media)

Personal Data Contact and identification information, potential personal data in free text.
Legal Basis Gimi ensures that the interest to manage accounts on social media overweighs your interest of not having personal information processed for this purpose. It has been considered that registered people has contacted Gimi or made posts by free will and have the opportunity to delete them.

5. Further information on specific processing

User Profile

When you create a user profile in the Gimi app using SMS and/or email verification, you confirm that the phone-number and email-address belong to you. The information that you upload to the profile section of the Gimi app is received and stored by Gimi until you change or delete your data or shut down your account. The information that you have to add when creating a profile is your phone number or email-address, choice of user type (child or adult) and date of birth. The phone number is needed to verify your identity through two-factor authentication (two different steps). Choice of user type and date of birth is collected so that parents and children can connect their accounts and to provide features according to age. Gimi may add to the information with more information from third parties which you have chosen to use in the app, as well as information collected by Gimi through the Gimi:s usage of third party services and add it to information you give.

Remember that anything that you upload to and display in your user profile is not moderated by Gimi and is not protected under the Swedish Fundamental Law on Freedom of Expression. You are the only one who is responsible for the content you upload.

Contact Information when you invite someone to Gimi

Remember to always ask for permission before you share someone’s personal data with Gimi. Gimi will process their data according to our Privacy Policy.

When you use the Gimi Name Search, note that no Contact Information will be stored from your address book. Gimi will only process personal information about the people you want invite to connect with your account. Other numbers or information that are saved in your device’s phone book will be filtered away and they will not be stored or used by Gimi. Addresses, passwords and credit card numbers and any other similar information will automatically be prevented from being added into the Gimi database by our safety algorithms that filter any number and other information saved in the phone book.

Account information

When a child’s bank account is added in the Gimi app, Gimi will perform account information services to fetch the balance and transaction history and show it in the app.

Payment initiation

When you use payment initiation to transfer money to a childs’ bank account, Gimi will process your account information. This processing is done by trusted and well established third parties that GImi cooperates with to provide payment options.

The third parties will process your personal information for their own purposes. Before you use the payment solution from Tink that is in the app, please read Tink Privacy Policy.

Payment information

If someone pays for Gimi or transfers money to your prepaid card, Gimi will process the payment information. This includes card information, account information, transaction information and location. This processing is done by trusted and well established third parties on behalf of Gimi.

The third parties will process your personal information for their own purposes. Before you use the payment solution from Stripe that is in the app, please read https://stripe.com/privacy.

Research

The purpose of the research is to increase knowledge about children’s understanding of “financial literacy” (knowledge about money) and increase the educational value of the Gimi app. The processing of data for any research projects will be processed in pseudonymised or anonymised form, and all results of these projects will be presented in an anonymised and/or aggregated form. The processing can be an analysis of how people use the app, combining different analyses and results of  the educational features of the app.

6. Sharing and Disclosure of your personal data to third party

To be give you a good service, Gimi needs to cooperate with third parties. This is for example regarding database services, tools for analysis and tools for customer support. These companies work on behalf of Gimi and Gimi decides how these parties shall treat the data.

Gimi also wants to give you the chance to use and share your customer information with other companies services. If you use a service or feature that are provided by a partner company and is accessed through Gimi (including the service that we offer together with the partner), Gimi terms and the partner will have their own terms. Gimis terms will be between you and Gimi, the partner’s terms will be between you and the partner. Gimi is not responsible for other companies terms or actions that are taken in accordance with their terms. Gimi has considered all partner’s terms to ensure they are appropriate and good.

Third Party

Gimi might share your personal information with third party service providers and partners that we trust. Gimi will always make these parties do everything they can, both organizational and technical, to protect your personal information and traffic data and to follow the law.

This is a description of how Gimi might share information about you with trusted third party partners:

  1. Gimi uses a third party partner company to send SMS:es when you use Gimi.
  2. Gimi uses a third party partner company so we can send emails when you use Gimi.
  3. Gimi can use a Push Notification Service to send you information about updates and important things you need to know. This message is sent to the push notification service provider, who send it to your device. You can always opt-out or disable push notifications.
  4. Gimi might allow you to use third party services to use certain features related to Gimi, like customer authentication and payments. In these cases you might have to accept the third party’s terms of service and that the third party shares personal data with Gimi, or that Gimi shares information with the company.
  5. To provide a free version of Gimi, Gimi might work with a few third party advertising networks, which might be provided limited information about the User’s device (but no other User or Contact Information). This is only for Gimi’s own advertising. Gimi does not share or sell information to third party advertisers.
  6. Gimi, or a third party working for Gimi, might collect and use your email address, telephone number and/or ID for advertising (including, but not limited to, content you have viewed, content you have commented on and information about the advertisements you have been shown or may have clicked on) through the Gimi apps and website and share this information with third party advertisers and networks. Such third parties may use this information and information collected from other sources so we can provide measurement services and targeted ads for Gimi, only used by Gimi for Gimi’s own marketing purposes. Gimi does not share or sell information to third party advertisers. You can limit or opt-out of the collection and use of your information for ad targeting by third parties in your device settings or web browser settings.
  7. If you are asking for an additional service offered together with or in integration with the app, Gimi might provide third parties with a limited part of personal data. The third party will use this data to offer their services to you. Gimi will always share as little personal data as possible. These types of services are for example customer authentication services or payment services.
  8. If you pay for Gimi or transfer money to a prepaid card, a third party will collect and process your payment information, for Gimis, to make the transaction. These third parties are well established and have a very good reputation.
  9. If you want to transfer money to a connected bank account using payment initiation. A a third party will collect and process your payment information to make the transaction. These third parties are well established and have a very good reputation.
  10. Data about how you use the app might be shared in an anonymised (no name) or pseudonymised (fake name) format with trusted third parties for research purposes. These third parties can, for example, be professors or PhD-students at Swedish or foreign universities with a background in the research field of children and money, pedagogy or other relevant subject. The result of research will always be presented in an anonymised and/or aggregated form.
  11. If you contact us through social media, your personal information will be processed by the companies that run the platform in accordance with their data protection policies.

When you send your contact information to Gimi and when Gimi processes it is protected under the GDPR and other locally applicable law. Gimi might, however, share information from the app and about you if we decide that for national security, law enforcement, or other issues of public importance that sharing this information is necessary, always provided, of course, it is also following the law.

Recipients

Gimi shares personal data with Klarna Bank AB when you use their customer-authentication platform. This is only for starting the customer-authentication through BankID and connect it to you. Klarna’s own terms apply for the service. Read through Klarna’s terms https://www.klarna.com/se/dataskydd/ before you use the service.

8. Permissions to use device functions

When you install the Gimi app you give permission to the app to access a few different parts of your device. Here is a list of which permissions apply and how the function is used.

  1. Camera – Used to add picture proof for chores and to take a profile picture. Only uploaded photos are stored.
  2. Contacts – Used to help you contact with your family. No data is stored.
  3. Photo library – Used to let you add a profile picture and picture proof for chores. Only uploaded photos are stored.
  4. Media library – Used to let you add a profile picture and picture proof for chores. Only uploaded photos are stored.
  5. Wi-FI-network information – Used to connect to Wi-Fi.

9. Cookies

Gimi’s webpages use cookies. The use of cookies is standard for websites. For more information, please read our Cookie Policy.

Gimi might use information collected from cookies for system administration, to give more relevant material for our visitors  and to keep our Service running.

10. Information Security

In order to provide the Gimi Service, Gimi might transfer, process and store personal data in different countries. Gimi might also hire third parties in countries other than your home country for the processing of your information. Information collected within the European Economic Area (“EEA”) might, for example, be sent to and processed in a country outside of the EEA, mainly USA, given that sufficient security is in place that provide the same level of protection for personal data as within the EEA. You are aware of and agree that Gimi may transfer your personal data as described above for so we follow the rules in this Privacy Policy. We do everything that we reasonably can to protect your information, Contact Information and other Content from misuse, loss and unauthorized access. Although we cannot guarantee this information will not get into the hands of the wrong people, Gimi has physical, electronic, and procedural safeguards to protect it. The Information is stored on secured servers and protected by secured networks to which access is limited to a few authorized employees and personnel. Any consultant working for Gimi has to follow a Data Processing Agreement which guarantees that they will only process personal data according to Gimi’s rules. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

11. Profiling

Gimi uses profiling to assess certain personal characteristics about you as a customer with the purpose of preventing money laundering and fraud. This profiling may later be used as part of a decision regarding your usage of Gimi Master, especially regarding top-ups and spending with the Gimi card. This profiling can be used for automated decision making regarding risk level of transaction to and from the Gimi-card.

Gimi uses profiling for product development and statistics with the purpose of finding correlations in user behaviour to understand our users better, improve the service and give you recommendations for additional services that you might be interested in.

Gimi do not use profiling with legal or similar consequences, including automated decision making regarding children.

12. Automated decision making

Gimi uses automated decision making in assessing whether you are a risk for money laundering or fraud, eg. if your purchase behaviour corresponds with previous behaviour or is deviant in any way. The automated decision to assess you or  a transaction as high risk is always audited by an employee.

Gimi’s partner company Onfido ltd uses automated decision making at biometric scanning of ID-copy. Onfido uses an algorithm that analyses the validity of an ID and its link to a specific person.

You have the right to object to an automated decision with legal consequences or a decision that affects you in a similar way. You send your objection to dpo@gimitheapp.com. An employee will then manage your objection.

Gimi do not use automated decision making with legal or similar consequences regarding children.

13. Processing where Gimi is data processor

Gimi performs customer authentication of your identity (KYC) on behalf of Prepaid Financial Services ltd who is the card issuer of the Gimi card. Gimi have subcontracted this task to Onfido ltd and Klarna Bank AB.

14. Your rights

The accuracy and safety of information about our users and their contacts is Gimis highest priority and you always have the possibility to opt-in and opt-out of different parts of the service that require processing of personal information. You can always delete your user account.

You always have the right to:

  • Request a copy of personal data being processed
  • Request rectification of personal data
  • Request erasure of personal data, please note that this may affect your usage of the service.
  • Right to restrict the processing of personal data, please note that this may affect your usage of the service.
  • Right to object the processing of personal data, please note that this may affect your usage of the service.
  • Request data portability for the personal data we have collected from you in accordance with the legal basis fulfilment of contract.

If you want to use your rights, send an email to hello@gimitheapp.com. Your request will be answered within 14 days.

You have the right to contact GImi’s data protection officer at dpo@gimitheapp.com

You also have the right to file a complaint to Integritetsskyddsmyndigheten which is the supervisory authority for processing of personal data. Contact details to Integritetsskyddsmyndigheten are available on Datainspektionens website https://www.imy.se/om-oss/kontakta-oss/.

15. Changes to this Privacy Policy

Since our services are constantly improving, we encourage you to review this Policy from time to time on the website www.gimitheapp.com. In case of really big changes, Gimi will inform you by an in-app message or writing it on the Gimi website.

Gimi AB is a registered payment service provider for account information services with the Swedish Financial Supervisory Authority, and is under its supervision.