We respect your privacy and are committed to protecting your personal data. This policy, alongside our Terms of Service, explains how we process your data when you use our services.
WHO WE ARE
MKT-NORGE AS incorporated and registered in Norway with company number 999260993 whose registered office is at Universitetsgata 22/24, 0162, OSLO, Norway, is offering its Services which may be branded as GAD-Specialists and/or The GAD Workshop (''GAD-Specialists', “GAD-Specialists.com”, ''The Workshop'', ''we'', ''us'').
GAD-Specialists.com is a website with the primary purpose of educating the visitor about anxiety-related topics, and to share personal experiences from individual therapists in treating associated mental disorders. The secondary purpose of the website is to promote The GAD Workshop which is a course intended for people that are interested in learning about techniques and methods that may help reduce anxiety. The services (cumulatively referred to as our ''Services'' or individually as a ''Service'') include our Blog, our Digital newsletter, Email, our Digital media in the form of illustrations, text, video, audio, and content and communication related to our Workshop.
This Privacy Policy and our Terms of Service (collectively, the ''Terms'') govern your use of Services and your relationship with us. It is important that you read and understand in full the Terms before you start using our Services. If there is anything that you do not understand, please contact us at support@gad-specialists.com
HOW WE USE YOUR DATA
We use your data to personalize your experience when you use our Services. We also use your data to improve the safety and security of the Services we provide, and for the purpose of analytics, marketing and communications.
LEGAL BASIS
Contract performance. This covers data that is processed by us in order to provide you with Services that you have requested.
Consent. Where you have consented to our use of your personal data.
Legitimate interests. This covers data processed by us for the purposes that can be reasonably expected within the context of your use of our Services to pursue our legitimate interests, in order to improve our Services and your experience, for general social benefits to enable free access to health information, for marketing our Services, exploring business opportunities, for scientific research and to enable us to offer a safe and secure service.
PROVIDING OUR SERVICES AND PERSONALIZING YOUR EXPERIENCE
We use the data you provide us during the Workshop to better understand how we can provide relevant information personalized to your needs. You can personalize your experience by adding data, completing assessments, or using other services we offer. We can use this data to personalize Services and display information that may be of interest to you.
Your personal details. We do not create third-party profiles. You can decide to create an account for yourself or use our Services without one by using our Web App. We use your account data to allow you to use our Services and personalize your experience. You cannot create an account for an additional user.
Self-assessments. Health data provided while completing self-assessments and your subjective scores will be used to personalize your experience and optimize the relevance of information we provide you through our Services. During participation in the Workshop a periodical submission of the self-assessment form (including the “GAD-S form”) is encouraged but remains to be an optional exercise and is not required for admittance or continued participation in the Workshop.
Account. By signing in with your email/Google/Facebook account you give us permission to access and use your name and email address as outlined in this Policy. We use this data to enable you to access your account from other devices. We recommend you sign out each time you leave the Web App so that your personal data will be accessible only upon signing in.
Advertising. To protect your privacy we don’t share information about your symptoms or information about the outcome with advertisers or advertising platforms. We are not in any way responsible for the actions of advertisers, the content of their sites, their products or services, the use of the information you provide to them, or any of the products or services they may offer and no agency relationship exists between us and these third parties. Our links to any advertiser’s services does not constitute our sponsorship or endorsement of, or affiliation with, or responsibility for these companies. Nor is such linking an endorsement of such third parties’ privacy or information security policies or practices, or their compliance with laws.
If you decide to click on an ad within our Services you will leave GAD-Specialists’ Services and be redirected to Advertiser services. In doing so, the way in which your data is processed will be determined by that Advertiser privacy policy. We use the data we collect from you to present you with health and wellbeing information and promote our Services, and for analytics and billing purposes.
Surveys. We process data collected from surveys via our Web App and Typeform. We use this data only for the purpose of offering surveys to you and we limit Typeform to do the same. Please see section “Who has access to your data” of this privacy policy. Legal basis: contract performance or consent or legitimate interests, namely, to improve our Services. Data collected: as stated in ‘The data we collect’ section of this privacy policy.
SITE
You can access our site here.
Legal basis: legitimate interests, to improve our Site and your experience. Data collected: as stated in ‘The data we collect’ section of this policy, without directly identifiable personal data - namely, country, region, time zone, service preference, identifiers (IP address, analytics IDs) and applicable technical and analytical information.
Reviews
If you decide to provide us with a written journal of your experience using our services (e.g. review, testimonial) we will process your information provided. By submitting testimonials you agree that we may use the information provided for marketing purposes. We might use third-party provider service, such as Typeform, a third-party service provider we use for online surveys, and Webflow, a third-party service provider we use for creating and hosting relevant webpages, to obtain the data. Legal basis: contract performance, consent for processing personal data for research purposes and/or for publishing within GAD-Specialists platforms and/or social media. Data collected: as stated in ‘The data we collect’ section of this privacy policy.
FOR INTERNAL ANALYTICS
We collect data on how you use our Services so we can make improvements to the service we offer you. We use identifiers but do not link these to your name or email address, and we carry out troubleshooting, testing, research, and surveys. We also analyze your activities to understand how you use and interact with our Services. Legal basis: consent and/or legitimate interests, to help us improve our Services (Site) and for general social benefits to enable free access to health information for users who do not create a profile. Data collected: Analytical information, Technical Information, as stated in ‘The data we collect’ section of this policy.
For example, we look at whether you click on an Advertisement, conduct an assessment, view articles, use the health tracker, engage with notifications, and we will analyze the screens you use and if you added data into your profile. We check how you use our Services with the help of analytics providers and by processing Analytical Information (please see section “The data we collect” of this Policy). We do not process any information which could directly identify you in our analytical databases unless you use a service that requires us to do so. For example, we check how many users have finished an assessment or have visited our Site.
Feedback surveys. We use surveys to ask for information/feedback which helps us improve our Services or to conduct commercial research. You might be asked to participate in a survey via our Services or through our third-party providers. We might use your email address and/or telephone number for a survey, research, or testing if you choose to participate. If you confirm that you would like to receive notifications when we develop a specific feature, we will inform you when this feature is available. Or if we carry out a risk assessment survey, we will send you the results of the assessment via email. Your data will be transferred to Typeform, a third-party service provider we use for online surveys. We will not collect any information that could directly identify you when you participate in a survey. Legal basis: legitimate interests and/or consent, to help us improve our Services. Data collected: your responses, your email and/or telephone number and IP address.
FOR SAFETY AND SECURITY
We usually process your data based on the identifiable information you provide. To safeguard your privacy, we store personal data and data which could personally identify you in separate databases. We store technical logs of your activities in the Web App. In line with best practice, only authorized staff members can access personal data, and only when required for user safety or critical systems issues. Legal basis: legitimate interests, to enable us to offer a safe and secure service. Data collected: As stated in Technical Information of this Policy; in ‘The data we collect’ section.
FOR MARKETING OR COMMUNICATION PURPOSES
We use your data to send you newsletters, respond to your requests, offer surveys, and for research and testing purposes. Legal basis: legitimate interests for exploring business opportunities and consent for marketing our Services and to show you relevant care options form third party providers. Data collected: email, full name (if provided), IP address or other identifier assigned by a third-party service provider.
Newsletters. We will use your email address to send you newsletters, to update you about our Services, health tips, and more. If you're a business customer, we will send you emails to explore potential opportunities for collaboration. We use ConvertKit to send out transactional emails.
Email requests. We will use your email to respond to any queries you send to support@gad-specialists.com and/or privacy@gad-specialists.com. Your data will be transferred to Zendesk, a third-party service provider that we use for a support ticketing system. Please do not share any health data when sending emails to us as we do not respond to any case-specific health issues.
Facebook Lead Ads. We will use the information that you send us through a Lead Advert, which may consist of your email address and any additional information, to send you the selected content. The email address will be transferred to ConvertKit, a third-party service provider that we use for sending out newsletters.
THE DATA WE COLLECT
DIRECTLY IDENTIFIABLE PERSONAL DATA (only for users who decide to create a profile): name, email address, Facebook/Google account name and email address.
INDIRECTLY IDENTIFIABLE PERSONAL DATA: First name or nickname, age, gender, location (country, region - not specific enough to identify the street), time zone, service preferences, acquisition channel), identifiers (profile ID attached to your profile data, IP address, analytics IDs, conversation/consultation ID, device ID).
HEALTH DATA. Any type of health data you share when using our Services, such as health data collected through the chatbot, Health history, and Health data provided through specific services such as assessments, the racker, quizzes and tools (BMI calculator).
TECHNICAL INFORMATION. User agent (web browser type and version), device model, screen information, mobile service provider, installed app version, OS version, location (country and city), time zone, IP address at the time of usage, Healthily unique identifiers (profile ID, conversation ID/consultation ID), records of events with Technical Information and your interaction with our App/Services. For example, logs on your usage of the Services, which include chat information, quizzes, self-assessments and tools, the BMI calculator, and the articles you have viewed in the Health Library.
ANALYTICAL INFORMATION. Hashed IP address, hashed profile ID or guest profile ID, hashed conversation/consultation ID, analytics provider's unique user ID (Amplitude ID), user's device ID (Amplitude analytics) or client ID (Google Analytics ID), third-party cookies. Information on how you use our Services:
General Activity (e.g. the screens you view, time spent, if you added data to your profile, whether you are in test groups, items on your home feed and interaction)
Sessions (e.g. when you started the session, duration)
App info (e.g. if you deleted/upgraded the App, version)
Authentication (e.g. whether you authenticated and which type of authentication)
Acquisition channel (e.g. which ad you clicked on to get to our Services)
Notification activity (e.g. whether you opted in or out of notifications)
Activity within our Services and features (e.g. your data and activities, assessment outcomes and feedback, whether you sent an input that failed to be understood by our chatbot, clicks on articles, whether you opened an assessment report, viewed assessment history, articles you view, share, whether you view/click on the partner, whether you are logging your feelings, tracking symptoms, receiving follow ups, syncing data with third-parties, whether you sign up for Health plans and your interactions, logs on your usage of our Services).
WHO HAS ACCESS TO YOUR DATA
We cannot provide all services necessary for the successful operation of our Services by ourselves. We therefore share collected information with third-party providers for the purpose of offering and improving the Services. The information we share will not identify you personally, and the providers will only use the data to offer services to us. However, we will use your email to send you newsletters and surveys. For privacy-related requests, see section “Your rights” of this Policy or send an email to privacy@gad-specialists.com
THIRD-PARTY TECHNOLOGY AND PROVIDERS
Third party providers are data processors. This means they process your information on our behalf, in accordance with our instructions. We only allow your information to be used by them to offer services to us. How third party providers' use of information is controlled by the terms of their contract with us and any settings enabled by us through the user interface of their product.
Make.com. We use Celonis Inc. (Make.com, formerly Integromat) for business logic and internal digital automation processes. The services from Make.com use webhooks to retrieve information from third-parties protected by Secure Socket Layer technology (SSL). The data center location of Make.com is in US and EU territory. Please refer to Celonis Master Service Agreement for more information.
Zendesk. We use Zendesk® (Zendesk, Inc.) as a support ticketing system which enables Healthily employees who respond to your emails to streamline communications in a single ticket, all within an organised workflow. This allows individual requests to be dealt with more quickly. Any information you share with us via email will be received by a Healthily support employee who will have access to information you share. This includes statistics such as when you last requested support, the nature of the issue, how it was resolved, and how long you had to wait for a resolution. The information you provide us through Zendesk may be transferred to Make.com for business logic and automation purposes (see section ‘make.com’). Please refer to the Zendesk Privacy Policy, Zendesk Ticketing System, Zendesk EU Data Protection and How Zendesk Protects Personal Data for more information.
Webflow. We use Webflow to obtain data that you submit through webforms on our Website. Webflow uses your data to route the information to our internal systems. To achieve this Webflow stores the information on their servers. Webflow uses a Content Distribution Network (CDN) supplied by Amazon Web Services and Fastly, which each host data on servers in locations world wide. The information you provide us through Webflow is secured in-transit using Secure Socket Layer technology (SSL). The information you provide us through Webflow may be transferred to Make.com for business logic and automation purposes (see section ‘make.com’). Please refer to the Privacy Policy of Webflow for more information.
ConvertKit. We use ConvertKit to send out transactional emails for our mobile app. ConvertKit uses your data to host an email marketing service for us, and may share your data with third-parties for the same purpose. Your data is stored on a secure ConvertKit server. ConvertKit is not allowed to sell your data. ConvertKit will give access to/delete any personal information they hold about you within 30 days of a request. The information you provide us through Webflow may be transferred to Make.com for business logic and automation purposes (see section ‘make.com’). Please refer to the ConvertKit Privacy Policy for more information.You can unsubscribe from these emails by clicking the 'unsubscribe from the list' link in the footer of every email you receive from us.
Typeform. If you decide to participate in one of our Surveys, we use Typeform, an online software service for form building and surveys. Typeform will collect the following information: your responses (these are managed by us and we take responsibility for this data, which may include personal data), usage data (data about your interaction with Typeform services), device and application data (IP address, browser type, operating system, geolocation), referral data (the source that referred you to us – link on site, email etc.), and email address (to send you Typeform notification emails). All data is hosted by Amazon Web Services (AWS). Typeform's main servers are located in Virginia, USA, and its backup servers are in Frankfurt, Germany. Typeform uses Transport Layer Security to secure data in transit. The information you provide us through Typeform may be transferred to Make.com for business logic and automation purposes (see section ‘make.com’). Please refer to the Typeform Privacy Policy for more information.
Facebook and Google Authentication. Facebook and Google Accounts. You can create your profile by signing in with your Google or Facebook account. By doing so you allow us to process this information. We use your email for authentication purposes in the Profile tables. We enable Google or Facebook authentication when you use the Apps. Some services allow you to use them as a guest without creating a profile, but this means you will not be able to retrieve your information later. Please refer to the Google Privacy Policy and Facebook Data Policy for more information.
Firebase Authentication feature enables you to sign in or create a profile with your email/Google/Facebook account. Firebase Authentication stores the following data: password (only relevant for users who created a profile with the 'email' authentication method), email address, phone number (only relevant for users authenticated with Facebook, for which the email address is not available). User Agent String and IP addresses are used for added security and to prevent misuse during sign up and authentication. For more information, please refer to the Firebase Data Processing and Security Terms.
ADVERTISING PROVIDERS
We use third-party providers to advertise our Services on other platforms and acquire new users.
Google Ads. We use Google Ads, Google's online advertising program, to reach new customers and grow our business. We use features such as Search Ads, Display Ads and App Ads. You can find more information about these features here. With the aid of advertising cookies we can make advertising more effective. Without cookies, it is more difficult for us to reach our audience, or to know how many ads were shown and how many clicks we received. When you visit our Site or see an ad that uses Google Ads, either on Google services or on other sites and apps, various cookies may be sent to your browser. These may be set from a few different domains, including google.com, doubleclick.net, googlesyndication.com, https://ads.google.com/home/, or the domain of Google's partners' sites.
Microsoft Ads. We use Microsoft Ads, Microsoft’s online advertising program, to build and manage advertising in the same way we do with Google Ads, so we use the platform to target relevant search traffic on Microsoft Bing's search engine and other Microsoft’s products and networks. This is also done by using advertising cookies. For more information about Microsoft Ads, visit their website.
LinkedIn Ads. We use LinkedIn Ads, Microsoft’s online advertising program, to build and manage advertising in the same way we do with Google Ads, so we use the platform to target relevant search traffic on Linkedin and other Linkedin products and networks. This is also done by using advertising cookies. For more information please read the Linkedin Privacy Policy.
Facebook.
Facebook Ads. With the use of Facebook Ads we can redirect you from our Facebook profile to download the Apps from App Store or Google play, or directly to our Web App to enable you to use our Services. For more information on Facebook Ads, please refer to the Facebook Ads Basic and Facebook Data Policy.
Facebook Lead Ads. When you click on Facebook Lead Ad and submit the form with information such as your name and email address, we will use this information to send you the content you have requested from us directly to your email address. This information is stored in Mailchimp. All the information you share with us via Facebook Lead is stored on Facebook’ servers as well and Facebook will use it as described in its Data Policy.
Ads are shown to you based on your activity across Facebook Companies and Product, your activity with other business, websites and apps and your location. For more information please read About Facebook Ads.
COMMUNICATION PROVIDERS
We use third-party services for our internal communications and communication with external partners, namely:
Slack https://slack.com/,https://slack.com/privacy-policy,
Google Workspace https://workspace.google.com/, https://policies.google.com/privacy?gl=SI&hl=en-GB,
MANAGING PROJECTS, HOSTING, SOFTWARE DEVELOPMENT AND CLOUD STORAGE
Github https://github.com/, https://help.github.com/articles/github-privacy-statement/,
Google drive www.google.com/drive/, https://policies.google.com/privacy?hl=en&gl=US
Dropbox https://www.dropbox.com/privacy2016,
ANALYTICS PROVIDERS
With the help of analytics providers, we collect Analytical Information to help us improve our Services for you. We chose our providers carefully and set the most restrictive controls available to ensure they do not use your data for any purpose other than providing services to us. We use Google Tag Manager to facilitate tracking of users on our behalf by installing code on your device that allows selected third parties to log, analyze and report your behavior, interactions and measure engagement. Please read the Google Tag Manager use policy for more information.
Google Analytics (GA) is used on our Site and Web App. When you visit the Web App or our Site, your web browser automatically sends your IP address and information on how you use the Service to GA. Processing is based on a GA-created browser ID by using cookies. GA uses IP addresses to provide and protect the security of the service, and for us to know the country you use our Services in. GA anonymises the IP address before any storage or processing takes place by obfuscating the last few digits. Please refer to the IP Anonymisation in Analytics. GA processes the data based on a GA identifier called Client ID, which is stored in a cookie. Identifiers such as cookies and GA user IDs measure and report statistics about your interactions on our Site and/or Web App. GA stores cookies on your device to keep track of how you use our Site/Web App statistics without personally identifying you. We use the data collected by GA to improve the quality of our Site and Web App and to analyse Site/Web App usage. For more information, please read How Google uses cookies. Google uses Standard ISO 27001 security measures. For more information on operational security and disaster recovery, please visit: How Google analytics secures your web traffic and Safeguarding your data. For general information, please read the following: How Google uses information from sites or apps that use their services, and the Google Privacy Policy.
Facebook Pixel is an analytics tool that allows us to measure the effectiveness of our advertising by understanding the actions you take on our Site. We have placed a pixel code on the header of our Site so that when you visit our Site and take an action (such as clicking on the Web App), the Facebook pixel is triggered and reports this action. We then know when you take an action and will be able to reach you again in future through targeted Facebook ads. With Facebook Pixel we relay conversions back to Facebook which enables retargeting. For more information, please read the Facebook Data Policy and visit The Facebook pixel.
LinkedIn Pixel is an analytics tool that allows us to measure the effectiveness of our advertising by understanding the actions you take on our Site. We use Linkedin Pixel in the same way that we use Facebook Pixel. For more information, please read the Linkedin Privacy Policy.
Hotjar is a tool that allows us to study and optimize the usability of our Services by reviewing the user behavior on our website. We use Hotjar's services to identify problems with our website and to identify opportunities for improvement of the user experience (UX) and general design of our website. Hotjar does not store personally identifiable information. For more information please read Hotjar's Privacy Policy and Hotjar's Terms of Service.
SOCIAL MEDIA (Facebook, Twitter, Instagram, Snapchat, Pinterest, TikTok)
When using our Services through social media note that the information you share including health data will be processed by social media provider and might be used to build a profile of you and could result in receiving adverts including relating to health issues. This processing is not controlled by us and we do not have access to the data stored within social media about you. For more information read social media privacy notices, Facebook, Twitter, Instagram, Snapchat, Pinterest, TikTok.
LAWFUL PURPOSES
Your data will be disclosed only when necessary for lawful purposes, our legal obligations and rights as stated herein, and will be limited to such purposes:
a) if required by law, for example to comply with a court order, subpoena, regulation, legal process or other governmental request
b) to exercise or protect the rights, property or personal safety of our company, our users or others
c) to enforce this privacy statement, including investigation of potential violations d) upon fulfilling legal requirements of local legislation to supply certain services a third-party might legally request from us
e) to detect, prevent, or otherwise address fraud, security, or technical issues
f) if we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your data
g) to respond to claims that any content published within our Services or our Services violate any right of a third-party.
HOW LONG WE KEEP YOUR DATA
We follow generally accepted industry standards and internal procedures to protect the data submitted to us during transmission, storing, and processing. We store your data for as long as is needed to provide our Services.We may store it for longer, but only in a way that it cannot be tracked back to you. We delete all personally identifiable data we have about you within 30 days of receiving your data deletion request. Please make sure you request a copy of your data before you ask to delete your data, as your data will not be retrievable afterwards.
We delete the logs we keep of the IP addresses you have used after approximately six months. When the data is no longer needed, we delete it using reasonable measures to protect the information from unauthorised access or use. Any information you send to privacy@gad-specialists.com will be deleted as soon as we respond to your enquiry and/or the information is no longer needed.
YOUR RIGHTS
We are committed to keeping your data up-to-date. You can exercise your rights within our Web App or ask us to do so for other services by sending an email to privacy@gad-specialists.com. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are impractical, or if we are required to retain such information by law or for legitimate business purposes. In the event of a suspicious request made in bad faith or accompanying unlawful behavior, we reserve the right to deny any request you make. We will not respond to any enquiry emails which we do not understand, where the request is not clearly specified, or pertains to health questions as we do not offer case-specific advice.
RIGHT TO WITHDRAW YOUR CONSENT
To unsubscribe from our newsletters you can click the 'unsubscribe' link which is present in every email you receive.
Furthermore you can withdraw your consent for the use of your personal data by sending an email to privacy@gad-specialists.com subject: 'request for deletion of personal data.' Your personal data shall be removed within 30 days. If we need to acquire your data from a third party, this might take longer.
RIGHT TO OBJECT AND TO RESTRICTION OF PROCESSING
We process your data on a legitimate interest basis if you use our service without creating a profile, when using our Site, or receiving newsletters or business emails. We limit the amount of data we collect, and this data cannot directly identify you. To exercise your right to object or restrict processing, please send us an email to privacy@gad-specialists.com.
RIGHT TO ACCESS, COPY, RECTIFICATION
You can submit a request a copy of your data stored with us by sending an email to privacy@gad-specialists.com subject: Request for copy of my data. We will send your data within 30 days of receipt of your request. If we need to acquire your data from a third party, this might take longer.
You have the right to request rectification of inaccurate personal data that cannot be rectified within our Services by sending an email to privacy@gad-specialists.com subject: rectification of incorrect data.
RIGHT TO ERASURE
You can request the erasure of personal data that are stored in our systems by sending us an email with such a request. We will delete the personally identifiable data within 30 days of receiving your request. You can send the email with the request for erasure to privacy@gad-specialists.com subject: deletion request. We reserve the right to delete your profile after a long period of inactivity.
USER DATA THAT CANNOT BE ERASED
If you do not use our Web Apps, Contact forms or send us an email you should be aware that we are not able to accommodate your request for the deletion/access/copy of your data because we do not store any data that could directly personally identify you. Similarly, we cannot carry out such a request if you are a Site visitor as we do not store any data that could personally identify you. If you stop using our Services, we will delete all collected data within six months. We do not create a third-party profile when you do an assessment for someone else. For this reason, we are not able to personally identify such a person, nor enable the exercise of rights.
OPTING OUT
We make sure we do not collect more information than is needed to provide our Services and we strive to limit our Providers to do so as well. However, you are always free to opt out of data collection by not using our Services.
Facebook Lead Ads. If you have subscribed to receiving selected content via Facebook Lead ad, you can unsubscribe by clicking “unsubscribe” link which is present in every email you receive.
Typeform. Enables you to exercise your right to access, rectification, erasure, restriction and objection by opening a support ticket via the Help Centre. You can send a request via https://typeform.com/help.
Zendesk. Correcting, updating and removing your information. If you seek to exercise your data protection rights in respect of personal information stored or processed by Zendesk on our behalf (including to seek access to, or to correct, amend, delete or restrict processing of such personal information) you should direct your query to us by sending an email to privacy@gad-specialists.com. We will then instruct Zendesk to remove the personal information and they will respond within 30 days. They will retain personal information which they process and store on our behalf for as long as is needed to provide services to us.
CALIFORNIA RESIDENCE PRIVACY INFORMATION
This section of our Privacy Policy contains information required by California Consumer Privacy Act (hereinafter the "CCPA") that came into force on January 1st, 2020.
If you are a California resident (as defined in the section 17014 of Title 18 of the California Code of Regulations), California law requires us to provide you with some additional information regarding your rights with respect to your “personal information”.
We may transfer your personal data to third party processors in order to achieve the purposes of the processing listed in section ‘How we use your data’ above. Please see section ‘Who has access to your data’ to learn about what third party processors do we use.
CCPA provides Californian consumers the following rights (which does not interfere with GDPR):
Right to request disclosure of any personal information we collected. This means in particular that you have:
- the right to request disclosure of the categories of personal information we collected from you, together with the categories of sources from which it was collected (please see section “The data we collect”),
- the purpose of the collection (please see section “How we use your data”),
- the categories of third parties with whom we shared your personal information (please see section “Who has access to your data”), and
- the specific pieces of personal information that have been collected please see section “The data we collect”).
Please see “Right to reassure/access/copy” section to learn how we process your request.
Right to request deletion of any personal information that we collected from you. Please see section “Right to erasure”.
Right to non-discrimination. We will not discriminate against you for exercising your CCPA rights. This generally means that we will not deny you Services or provide a different level of Service or quality of Services. However, please bear in mind that, if you ask us to delete your data, it may impact your experience with us, and you may not be able to use our Services which require usage of your personal information to function properly.
Right to Opt-Out of Sale.
Under the CCPA placing of third party behavioral advertising cookies on your device could be considered a “sale” of your personal data. For this purpose we are providing an opt-out option on our Site (“Do Not Sell My Personal Information") where you are able to opt out from such placement by clicking on Cookie policy link available in the footer of our Site.
STORING SECURITY AND DATA TRANSFERS
We follow generally accepted industry standards and internal procedures to protect information submitted to us.
STORING
We store identifiable personal data and health data in separate databases. This means that whatever you enter or do when using our Services, it is not connected to data that could personally identify you. We normally process your data with the help of identifiers, namely profile ID, consultation/ conversation ID and analytic identifiers to avoid personal identification. In limited cases when required for user safety or critical systems issues, authorised personnel can access personal data along with Health Data. Your IP address is used to determine location, but it is normally masked (hashed) when stored on our backend.
We store your information for as long as needed to provide our Service. We may store the information longer, but only in a way that it cannot be tracked back to you. We use Google Cloud Platform for storing of information.
Google Cloud Platform. We store all analytical data on Google Cloud Platform (GCP). We control the stored data while Google is the processor. This means that Google processes the data only for the purposes of providing GCP services and technical support to us, in accordance with data processing and security terms https://cloud.google.com/terms/data-processing-terms. We control what happens to the data and can access it at any time. We have chosen to store the data in the US. Google stores data in a multi-tenant environment on Google-owned servers. The data and file system architecture are replicated in multiple geographically dispersed data centres. Google also logically isolates stored data. We have control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, enable us to determine the product sharing settings applicable to this privacy policy. We may choose to make use of certain logging capability that Google may make available via the services. Google has updated their data processing terms for GCP to reflect various models of the E.U Standard Contractual Clauses (SCCs) regarding International Data Transfers. Get more information on Google Cloud Platform and the terms: https://cloud.google.com/blog/products/identity-security/how-google-cloud-helps-eu-companies-under-new-data-transfer-rules
SECURITY
To guarantee your privacy, we securely encrypt, limit, and restrict access to your personal details.
We encrypt all your data at rest and any directly identifiable personal information is double encrypted with two keys at both the infrastructure and application level. We have restricted access to production environments and monitoring of your activities. The information is encrypted and key protected, and we have integrated commercially reasonable efforts to make sure your information remains secure when processed by us. However, please be aware that no security measures are impenetrable. If you have any concerns about the security of our Services, please contact us at privacy@gad-specialists.com.
To ensure security of processing we may engage third-party providers for penetration testing (security testing) - a controlled form of hacking in which a professional tester, working on behalf of an organization, uses the same techniques as a criminal hacker to search for vulnerabilities in the company's networks or applications. During security testing, the third-party provider may have access to your personally identifiable data. Any such security testing providers shall be contractually bound to take all necessary technical and organizational measures to protect data, and they are not allowed to transfer it to third-parties or use it for any other purpose besides security testing for us.
TRANSFERS
EU and UK Territory We delete logs we keep of the IP address within six months. We store your personally identifiable data for the duration of the provision of our Services or up to 30 days after your deletion request. This section shall not prevent any technical storage or access to information for the sole purpose of carrying out the transmission of a communication, or as strictly necessary for us to provide the Services you requested. We reserve the right to delete your profile after an extended period of inactivity.
US Territory We will retain collected information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable legislation. We reserve the right to delete your profile after an extended period of inactivity.
Storing might be different depending on which territory is collecting the information and the applicable legislation, but we always strive to store the information only if it is needed for the purposes of providing, improving or personalising our Services.
COOKIES
For information about cookies, please see our Cookie Policy which is hereby incorporated into this Policy. You can manage cookies on our Site at any time by visiting Cookie settings section available in the footer of our Site. You can turn off cookies by changing your specific browser settings. You may disable cookies or delete any individual cookie set by Google Analytics. Google Analytics supports an optional browser add-on that - once installed and enabled - disables measurement by Google Analytics for any site you visit. This add-on only disables Google Analytics measurement. You can use Ads Settings to manage the Google ads you see and disable personalisation. Even if you opt out of personalised ads, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. You can also manage many companies' cookies used for online advertising via the consumer choice tools created under self-regulation programs in many countries, such as the US-based aboutads.info choices page or the EU-based Your Online Choices. Finally, you can manage cookies in your web browser. For more information visit https://policies.google.com/technologies/ads?hl=en and read our Cookie Policy.
GENERAL
Should you have any privacy-related questions, please contact us at privacy@gad-specialists.com. Should you have any concerns or complaints that we are not able to resolve, you can contact the Norwegian Data Protection Authority (“Datatilsynet”). We update this Privacy Policy to reflect changes in our data processing practices. Because we are constantly adding new services and features, we may not make an immediate upgrade of the Privacy Policy unless material changes occur. We encourage you to periodically review https://www.gad-specialists.com/legal/privacy-policy for the latest information on our privacy practices.
GAD-Specialists
Anthony Hovenburg
