We take privacy very seriously at Gimi. That’s why we put together this list of rules and information, “a policy”, so you know what information we collect and how we use it.
Gimi is constantly working to improve the services and their security, which means we have to update our privacy policy from time to time. The last time we updated this policy was the 10th of March 2020. We will update it again, so please visit often to see if we have made any changes. In case of substantial changes, Gimi will let you know with an in-app message or writing it on the Gimi website.
Gimi AB, (“Gimi”, “We”, “our”, “us”). org nr 556985-8029, is the data controller regarding the processing of personal data that is described in this privacy policy unless specifically said otherwise.
Gimi might collect the following information when you use Gimi’s services. Either because you give the information to us directly, or because you are using on of our partners that work on behalf of Gimi.
Gimi gathers, analyzes and aggregates User data to make the services better. Gathered data is stored and protected in Our servers.
Gimi uses the following legal bases for processing of personal data.
When you create a user profile in the Gimi app using SMS and/or email verification, you confirm that the phone-number and email-address belong to you. The information that you upload to the profile section of the Gimi app is received and stored by Gimi until you change or delete your data or shut down your account. The information that you have to add when creating a profile is your phone number or email-address, choice of user type (child or adult) and date of birth. The phone number is needed to verify your identity through two-factor authentication (two different steps). Choice of user type and date of birth is collected so that parents and children can connect their accounts and to provide features according to age. Gimi may add to the information with more information from third parties which you have chosen to use in the app, as well as information collected by Gimi through the Gimi:s usage of third party services and add it to information you give.
Remember that anything that you upload to and display in your user profile is not moderated by Gimi and is not protected under the Swedish Fundamental Law on Freedom of Expression. You are the only one who is responsible for the content you upload.
Remember to always ask for permission before you share someone’s personal data with Gimi. Gimi will process their data according to our Privacy Policy.
When you use the Gimi Name Search, note that no Contact Information will be stored from your address book. Gimi will only process personal information about the people you want invite to connect with your account. Other numbers or information that are saved in your device’s phone book will be filtered away and they will not be stored or used by Gimi. Addresses, passwords and credit card numbers and any other similar information will automatically be prevented from being added into the Gimi database by our safety algorithms that filter any number and other information saved in the phone book.
When a child’s bank account is added in the Gimi app, Gimi will perform account information services to fetch the balance and transaction history and show it in the app.
When you use payment initiation to transfer money to a childs’ bank account, Gimi will process your account information. This processing is done by trusted and well established third parties that GImi cooperates with to provide payment options.
The third parties will process your personal information for their own purposes. Before you use the payment solution from Tink that is in the app, please read Tink Privacy Policy.
If someone pays for Gimi or transfers money to your prepaid card, Gimi will process the payment information. This includes card information, account information, transaction information and location. This processing is done by trusted and well established third parties on behalf of Gimi.
The third parties will process your personal information for their own purposes. Before you use the payment solution from Stripe that is in the app, please read https://stripe.com/privacy.
The purpose of the research is to increase knowledge about children’s understanding of “financial literacy” (knowledge about money) and increase the educational value of the Gimi app. The processing of data for any research projects will be processed in pseudonymised or anonymised form, and all results of these projects will be presented in an anonymised and/or aggregated form. The processing can be an analysis of how people use the app, combining different analyses and results of the educational features of the app.
To be give you a good service, Gimi needs to cooperate with third parties. This is for example regarding database services, tools for analysis and tools for customer support. These companies work on behalf of Gimi and Gimi decides how these parties shall treat the data.
Gimi also wants to give you the chance to use and share your customer information with other companies services. If you use a service or feature that are provided by a partner company and is accessed through Gimi (including the service that we offer together with the partner), Gimi terms and the partner will have their own terms. Gimis terms will be between you and Gimi, the partner’s terms will be between you and the partner. Gimi is not responsible for other companies terms or actions that are taken in accordance with their terms. Gimi has considered all partner’s terms to ensure they are appropriate and good.
Gimi might share your personal information with third party service providers and partners that we trust. Gimi will always make these parties do everything they can, both organizational and technical, to protect your personal information and traffic data and to follow the law.
This is a description of how Gimi might share information about you with trusted third party partners:
When you send your contact information to Gimi and when Gimi processes it is protected under the GDPR and other locally applicable law. Gimi might, however, share information from the app and about you if we decide that for national security, law enforcement, or other issues of public importance that sharing this information is necessary, always provided, of course, it is also following the law.
Gimi shares personal data with Klarna Bank AB when you use their customer-authentication platform. This is only for starting the customer-authentication through BankID and connect it to you. Klarna’s own terms apply for the service. Read through Klarna’s terms https://www.klarna.com/se/dataskydd/ before you use the service.
When you install the Gimi app you give permission to the app to access a few different parts of your device. Here is a list of which permissions apply and how the function is used.
Gimi’s webpages use cookies. The use of cookies is standard for websites. For more information, please read our Cookie Policy.
Gimi might use information collected from cookies for system administration, to give more relevant material for our visitors and to keep our Service running.
In order to provide the Gimi Service, Gimi might transfer, process and store personal data in different countries. Gimi might also hire third parties in countries other than your home country for the processing of your information. Information collected within the European Economic Area (“EEA”) might, for example, be sent to and processed in a country outside of the EEA, mainly USA, given that sufficient security is in place that provide the same level of protection for personal data as within the EEA. You are aware of and agree that Gimi may transfer your personal data as described above for so we follow the rules in this Privacy Policy. We do everything that we reasonably can to protect your information, Contact Information and other Content from misuse, loss and unauthorized access. Although we cannot guarantee this information will not get into the hands of the wrong people, Gimi has physical, electronic, and procedural safeguards to protect it. The Information is stored on secured servers and protected by secured networks to which access is limited to a few authorized employees and personnel. Any consultant working for Gimi has to follow a Data Processing Agreement which guarantees that they will only process personal data according to Gimi’s rules. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
Gimi uses profiling to assess certain personal characteristics about you as a customer with the purpose of preventing money laundering and fraud. This profiling may later be used as part of a decision regarding your usage of Gimi Master, especially regarding top-ups and spending with the Gimi card. This profiling can be used for automated decision making regarding risk level of transaction to and from the Gimi-card.
Gimi uses profiling for product development and statistics with the purpose of finding correlations in user behaviour to understand our users better, improve the service and give you recommendations for additional services that you might be interested in.
Gimi do not use profiling with legal or similar consequences, including automated decision making regarding children.
Gimi uses automated decision making in assessing whether you are a risk for money laundering or fraud, eg. if your purchase behaviour corresponds with previous behaviour or is deviant in any way. The automated decision to assess you or a transaction as high risk is always audited by an employee.
Gimi’s partner company Onfido ltd uses automated decision making at biometric scanning of ID-copy. Onfido uses an algorithm that analyses the validity of an ID and its link to a specific person.
You have the right to object to an automated decision with legal consequences or a decision that affects you in a similar way. You send your objection to dpo@gimitheapp.com. An employee will then manage your objection.
Gimi do not use automated decision making with legal or similar consequences regarding children.
Gimi performs customer authentication of your identity (KYC) on behalf of Prepaid Financial Services ltd who is the card issuer of the Gimi card. Gimi have subcontracted this task to Onfido ltd and Klarna Bank AB.
The accuracy and safety of information about our users and their contacts is Gimis highest priority and you always have the possibility to opt-in and opt-out of different parts of the service that require processing of personal information. You can always delete your user account.
You always have the right to:
If you want to use your rights, send an email to hello@gimitheapp.com. Your request will be answered within 14 days.
You have the right to contact GImi’s data protection officer at dpo@gimitheapp.com
You also have the right to file a complaint to Integritetsskyddsmyndigheten which is the supervisory authority for processing of personal data. Contact details to Integritetsskyddsmyndigheten are available on Datainspektionens website https://www.imy.se/om-oss/kontakta-oss/.
Since our services are constantly improving, we encourage you to review this Policy from time to time on the website www.gimitheapp.com. In case of really big changes, Gimi will inform you by an in-app message or writing it on the Gimi website.
Gimi AB is a registered payment service provider for account information services with the Swedish Financial Supervisory Authority, and is under its supervision.