Privacy policy

Effective as of March 29, 2023, Gurtam UAB, (“Gurtam”) and its subsidiaries, (collectively, the “Gurtam Group” or “we”, “us”, “our”) have updated the policy that applies to the visiting our web-site(https://gurtam.space/), and to the use of our mobile applications and their web-versions.

This Privacy Policy (this "Privacy Policy") describes:

a) the types of information we may collect or that all users or others may provide while downloading, installing, accessing, visiting or using ("Users", "User", "you" or "your", as applicable) our Service (as defined below);

b) our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Privacy Policy applies only to information we collect when you are using the Service or in connection with your using of the Service and via email, text, and other electronic communications sent through or in connection with the Service.

We undertake to build the Service and any of its features in such a way that it respects your privacy and are committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy not only allows you to understand what we do with your Personal Data (as defined below), but also to manage your Personal Data effectively.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. By downloading, installing, accessing or using the Service, you agree to this Privacy Policy. If you do not agree to this Privacy Policy, do not Use the Service.

If you have any questions about this Privacy Policy or the Service, please contact us (for contact information, please, see How to contact us Section).

This Privacy Policy DOES NOT apply to the information that:

a) the Gurtam Group collects offline or on any other our apps or websites, including websites you may access through the Service and which are not a part of the Services (as defined below);

b) you provide to or is collected by any third party, including through any other application or content that may link to or be accessible through the Service.

Our websites and other apps, and these other third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.

This Privacy Policy may change from time to time (see Changes to our Privacy Policy Section). Your continued use of the Service after we make changes is deemed to be your acceptance of those changes, so please check this Privacy Policy periodically for updates.

1. Definitions

For the purposes of this Privacy Policy:

"Privacy Policy" means this Privacy Policy including any schedules, and any amendments to this Privacy Policy from time to time;

"Gurtam" means Gurtam UAB established under the law of Lithuania, and registered at the address: Lithuania, Ozo 12A, Vilnius 08200;

"Gurtam Group" means Gurtam and its subsidiaries

"Gurtam Affiliate" means (a) an entity that directly or indirectly, through one or more intermediaries, owns more than 50% of the outstanding voting securities of Gurtam, and (b) an entity that directly or indirectly through one or more intermediaries, is controlled by Gurtam, in each case where the term control means possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract interest or otherwise.

"Services" shall refer to our web-sites, our mobile applications and their web-versions that the Gurtam Group operates and that link to this Privacy Policy;

"Service" shall refer to one of the Services,  using which you are linked with this Privacy Policy;

"Use of the Service" ("Using of the Service") means the use of applications or their web versions, as well as visiting, navigation or interacting with websites or other uses (in relation to the Service this term shall refer to those types of actions that are applicable to the Service);

"Account" means an account that provides access to the Service for the User, if authorization to access the Service is required;

"Profile" means a profile of the User who has the account and may include any additional information about the User, with the exception of information included in the User’s Account;

"Personal Data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Data Protection Law" means all applicable laws, regulations, and other legal requirements relating to (a) privacy, data security, consumer protection, marketing, promotion, and text messaging, email, and other communications; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Data; the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”, “EU GDPR”);

the terms "data controller", "data processor", "data subject", "personal data", "processing" and "appropriate technical and organisational measures" shall have the meanings given to them under applicable Data Protection Law.

2. Information we collect and how we collect it

We may collect several types of information, including but not limited to Personal Data, from and about you (“Collected Information”), including information:

a) by which you may be personally identified, such as name, email address, postal address, telephone number or any other identifier by which you may be contacted online or offline;

b) that is about you but individually does not identify you;

c) about your internet connection, the equipment you utilize to use the Service and your usage details.

We collect this information:

a) directly from you when you provide it to us;

b) automatically when you use the Service. Information collected automatically may include usage details, internet protocol (“IP”) addresses and information collected through cookies and other tracking technologies;

c) from third parties (only applicable to authorized use of the Service).

3. Information you provide to us directly

When you use the Service, we may ask you to provide certain Collected Information:

a) information that you provide by interacting with the Service (only applicable to authorized use of the Service) . This includes information provided at the time of using the Service, purchasing certain enhanced features of the Service and requesting further services through the Service. Among other this information includes: 

  • Account Information. When the User signs up for a Account, the certain information is required such as the name and email.  
  • Additional Profile Information. The User may choose to provide additional information as part of its Profile. Profile information helps the User to get more from the Service. It’s the User’s choice whether to include sensitive information on his/her Profile.
  • The data that you configure to send through your devices. To use some Service, you configure your devices (for example, trackers) to transfer data (among other a device identifier, location coordinates, speed of movement) to a server and a port that belongs to us or our sub-processors (as defined below).
  • Content Data. Information that is not included in the ones mentioned above, but in accordance with the Terms of Use of the Service is related to User Content (as defined in the Terms of Use of a particular Service).
  • Other Information. The User may otherwise choose to provide Gurtam information when the User fills in a form, conducts a search, updates or adds information to its Account, responds to surveys, posts to community forums, participates in promotions, or uses other features of the Service.

b) records and copies of your correspondence (including email addresses and phone numbers), if you contact us. We may also ask you for information when you report a problem with the Service.

4. Information we collect through automatic data collection technologies

When you use the Service, we may use automatic data collection technologies to collect certain Collected Information about your equipment and browsing actions, including:

a) Usage details. Details of your use of the Service, including traffic data, location data, logs and other communication data and resources you use through the Service.

b) Device information. Information about your device, among other may include:

    • IP address
    • Platform / OS and its version
    • Device Model
    • Device ID / Browser ID (only applicable to authorized use of the Service)

The information we collect automatically under this Privacy Policy may include your Personal Data and information we may maintain or associate with your Personal Data that we collect in other ways or receive from third parties. It helps us to improve the Service and to deliver a better service. For example, to estimate our audience size we may aggregate information and calculate the percentage of users in a particular country.

If the information covered by this Section 4 is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose.

The technologies we use for automatic data collection may include:

Third-party analytics. We can use analytical tools developed by third parties, but these tools are usually located on our servers and we do not transfer the collected information to third parties. These tools collect information sent by your device or the Service, including log file information, cookies, errors, add-ons and the web pages you visit and other information that assists us in improving the Service. 

Third party analytics tools that are not located on our servers are listed in the sub-processors list in Section 9.

Cookies (or mobile cookies) and similar technologies. A cookie is a small file placed on your device. When you use the Service, we may use cookies and similar technologies to collect information about how you use the Service and provide features to you. You may refuse to accept cookies by activating the appropriate browser setting on your device. However, if you select these browser settings you may be unable to access certain parts of the Service. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Service. More detailed information please see our Cookies Policy.

Log file information. Log file information is automatically reported by the Service each time you make a request to use the Service. When you use the Service, we may automatically record certain log file information, including your web request, IP address, browser, referring/exit pages and URLs, number of clicks and how you interact with links on and through the Service, domain names, landing pages, pages viewed, and other such information. The information allows us to receive more accurate reporting and improve the Service.

Device identifiers (only applicable to authorized use of the Service). A device identifier may be data stored in connection with the device hardware, operating system or other software, or data sent to the device by us. A device identifier may deliver information to us about how you browse and use of the Service. In order to be able to provide you with push notifications, we processes your browser ID, and your device ID for mobile devices, on our behalf. As part of this service and based on your consent, we store and process additional information, whether you open push notifications, your type of end device, operating system, browser and, if applicable, other device settings that you use. The data is processed for the purpose of optimising the push notification service according to your consent.

5. Information we collect from third parties

When you use Service that require authorization, we may collect some data from third parties. These third parties from which we may receive data include:

  • Gurtam Group or Gurtam Affiliate companies, which can provide processed information if they act as sub-processors, or information that you use other applications or services;
  • Google and Apple companies that provide information about subscriptions or payments if you make a subscription or payment regarding the paid functionality of the Service.

6. How we use Collected Information

In addition to some of the specific uses of information we describe in this Privacy Policy, we may use the Collected Information for the following purposes:

a) to present to you the Service and its contents and others that you request from us;

b) to automatically update the Service on your device (only applicable to authorized use of the Service);

c) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us;

d) to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses in relation to our Service.

e) to notify you about changes to the Service, including by sending you technical notices, notices about your subscription, including expiration and renewal notices, updates, security alerts and support and administrative messages;

f) to diagnose or fix technology problems in relation to our Service;

g) to monitor metrics in relation to our Service such as total number of Users or traffic;

j) to provide, improve, test, and monitor the effectiveness of the Service;

k) to develop and test new products and features;

l) in any other way, we may describe when you provide or when we collect your information or when is indicated in this Privacy Policy;

m) to fulfill any other purpose for which you provide it;

n) for any other purpose with your consent.

7. Your rights

Please bear in mind that provisions of this Section do not apply to your pseudonymized Personal Data.

Access, modification, correction and erasure. You can send us an email indicated in Section 14 "How to contact us"  to request access to, modification, correction, update, erasure or deletion of any Personal Data that you have provided to us and that we have about you. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

EEA residents. Individuals residing in the European Economic Area (“EEA”) have certain statutory rights in relation to their Personal Data, such as introduced by the General Data Protection Regulation (“EU GDPR”). You can exercise them by contacting us (for contact information, please, see How to contact us Section).

a. Right to be informed under Article 13 and 14 EU GDPR: you have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data;

b. Right to access under Article 15 EU GDPR: the right to obtain access to your information (if we’re processing it), and certain other information (like that provided in this Privacy Policy);

c. Right to rectification under Article 16 EU GDPR: if your Personal Data is inaccurate or incomplete you have the right to have your Personal Data rectified;

d. Right to erasure under Article 17 EU GDPR: this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defense of legal claims;

e. Right to restrict our use of your information under Article 18 EU GDPR: the right to suspend the usage of your Personal Data or limit the way in which we can use it. Please note that this right is limited in certain situations: When we are processing your Personal Data that we collected from you with your consent you can only request restriction on the basis of: (a) inaccuracy of data; (b) where our processing is unlawful and you don’t want your Personal Data to be erased; (c) you need it for a legal claim; or (d) if we no longer need to use the data for the purposes for which we hold it. When processing is restricted, we can still store your information, but may not use it further;

f. Right to data portability under Article 20 EU GDPR: the right to request that we move, copy or transfer (where technically feasible) your Personal Data in a structured, commonly used and machine-readable format, for your own purposes across different services;

g. Right to withdraw consent under Article 7 (3) EU GDPR: if you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful);

h. Notification requirements. We commit to notify you promptly and your data protection authority within the timeframe specified in applicable law (72 hours) about any Personal Data breaches in relation to you;

i. Notice about automated decision-making. We use automated decision-making tools (e.g. neural networks) that process your Personal Data in order to provide you better services through the Service;

j. Data Protection Authorities. Subject to the EU GDPR, you also have the right to lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with the EU GDPR.

Please keep in mind that in case of a vague access, erasure, objection request or any other request in exercise of the mentioned rights we may engage you in a dialogue to better understand the motivation for the request and to locate responsive information. In case this is impossible, we reserve the right to refuse granting your request.

Following the provisions of the EU GDPR, we might also ask you to prove your identity (for example, by requesting an ID or other proof) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.

Please note that we will grant your request within 30 days after receiving it, but it may take up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems – this is due to the size and complexity of the systems we use to store data.

8. Sharing of Collected Information

We may disclose aggregated information about our Users and information that does not identify any individual without any restriction. We may remove parts of data that can identify you and share anonymized data with any persons.

We will not rent or sell your Personal Data to third parties outside the Gurtam Group without your consent, except for the parties with whom we may share your information in accordance with this Privacy Policy.

Parties with whom we may share your Personal Data. We may share your Personal Data (including but not limited to, information from cookies, log files, device identifiers and usage data) with businesses that are legally part of the same group of companies that we are a part of, including our subsidiaries, or that become part of that group (the “Gurtam Group”). The Gurtam Group may use this information to help provide, understand, and improve the Service (including by providing analytics) and the Gurtam Group’ own services (including by providing you with better and more relevant experiences). The Gurtam Group is bound by the rules of this Privacy Policy.

Gurtam may transfer data for processing to sub-processors as described in Section 9.

What happens in the event of a change of control. If we sell or otherwise transfer part or the whole of Gurtam or our assets to another organization (e.g., in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation), your Personal Data and any other Collected Information may be among the items sold or transferred. The buyer or transferee will have to honor the commitments we have made in this Privacy Policy.

Responding to legal requests and preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions outside the Lithuania where we have a good faith belief that the response is required by law in that jurisdiction, affects the Users in that jurisdiction, and is consistent with internationally recognized standards.

We may also access, preserve and share information when we have a good faith belief it is necessary to:

(i) detect, prevent and address fraud and other illegal activity;

(ii) protect ourselves, you and others, including as part of investigations; 

(iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

9. Sub-processors

Gurtam may engage Gurtam Affiliate or third parties to process Personal Data in order to assist Gurtam to render the Service on behalf of the User (“Sub-processors”). 

The current Sub-processors for the Service are as follows: 

Please read their Privacy Policies carefully to understand their policies and practices regarding your information and how they will treat it. If you do not agree to their Privacy Policies, do not Use the Service.

10. How we store, process and transfer Collected Information

General. Gurtam is based in the Lithuania and the information we collect is governed by Lithuanian law. Please be advised that Lithuanian law and laws of other countries may not offer the same protections as the law of your jurisdiction.

Data security. We use reasonable and appropriate information security safeguards to help keep the Collected Information secure and to secure it from accidental loss and from unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Collected Information, we cannot guarantee the security of the Collected Information transmitted to or through the Service or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your Collected Information is at your own risk. We are not responsible for circumvention of security measures contained in the Service. Please understand that there is no ideal technology or measure to maintain 100% security. 

If you use our Service, which is available only after authorization, then you should also understand the following:

a. The safety and security of your information also depends on you.

b. You are responsible for controlling access to emails between you and us at all times.

c. We are not responsible for the functionality, privacy, or security measures of any other organization.

d. If you provide any personal contact information, including but not limited to such information as an email or phone number, in your account in the Application, as information that confirms that the account belongs to you, then you agree that we can contact you about your account and the Collected Information, including Personal Data, through this contact information. Only you are responsible for the safety and relevance of this contact information.

e. If you provide temporary access to certain data by means of sharing opportunities in the Service to third parties, then in this case you are fully responsible for the safety and security of the data which you shared with third parties.

f. If you shared access to your account with third parties, then only you are responsible for the safety of your data by third parties and for what actions will be performed by these third parties on your behalf through your account.

11. Retention period for Collected Information

We store your data as long as it is necessary for the provision of our Service to you or we have a legitimate interest in the further storage, in particular for reasons of troubleshooting.

We will delete your data, connected with Account, after you request your Account deletion without the possibility of recovery. Read more in Section 7 “Your rights”.

The data, connected with Account may also be deleted in cases described in the Terms of Use of a particular service. For example, as a result of deleting an Account in case of inactivity or violation by the User of the Terms of Use.

The log files with personal data are saved by us for the investigation of malfunctions and for security reasons (e.g. for investigating attack attempts). Log files whose further retention is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.

In certain circumstances, your data must also be retained for longer periods, such as when an order for a legal hold or a litigation hold has been issued in connection with official or legal proceedings (i.e. deletion of data is prohibited for the duration of the proceedings).

12. Children’s privacy

General age limitation. The Service is not intended for or directed at children under 16, and we do not knowingly collect or solicit any information from anyone under the age of 16 or knowingly allow such persons to use the Service.

If you are under 16, do not use or provide any information in the Service or through any of its features, or provide any information about yourself to us, including your name, address, telephone number or email address.

In the event that we learn that we have collected or received any Personal Data from a child under 16 without verification of parental consent, we will delete that information as quickly as possible.

If you believe we might have any information from or about a child under 16, please contact us (for contact information, please, see How to Contact Us Section).

13. Other websites and services

We are not responsible for the practices employed by any websites or services linked to or from the Service, including the information or content contained within them, excluding websites or services controlled by Gurtam. Where we have a link to a website or service, linked to or from the Service, we encourage you to read the privacy policy stated on that website or service before providing information on or through it.

14. How to contact us

If you have any questions about this Privacy Policy or the Service, please contact us via email at privacy@gurtam.com or our mailing address:

Gurtam, UAB
UAB Gurtam, Lithuania, Ozo 12A, Vilnius 08200

15. Complaint

Pursuant to Art.77 GDPR, you have the right to file a complaint with a supervisory authority of the EU Member State in which your permanent place of residence, place of work or in which there was an alleged violation of your information privacy.

16. Changes to our Privacy Policy

Gurtam may modify or update this Privacy Policy from time to time, so please review it periodically. The date this Privacy Policy was last revised is identified at the top of the page.