Privacy Policy for The Gini Group

At The Gini Group, accessible from https://www.gininow.com, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by The Gini Group and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in The Gini Group. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.

How we use your information

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyze how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails
  • Find and prevent fraud

Data Protection and Security Measures

The security of your personal information is of paramount importance to us. We have implemented comprehensive technical, administrative, and physical security measures to protect all sensitive data collected through our platform:

Technical Security Measures

  • Encryption in Transit: All data transmitted between your device and our servers is protected using industry-standard TLS/SSL encryption (minimum TLS 1.2)
  • Encryption at Rest: All sensitive data stored in our databases is encrypted using AES-256 encryption algorithms
  • Secure Authentication: We implement multi-factor authentication for admin access and use secure OAuth 2.0 protocols for user authentication
  • Data Tokenization: Sensitive information such as payment details are tokenized and never stored in plain text
  • Regular Security Updates: Our systems are regularly updated with the latest security patches and undergo continuous vulnerability assessments

Administrative Security Measures

  • Access Controls: We implement role-based access controls ensuring that only authorized personnel have access to personal data, and only to the minimum extent necessary for their job functions
  • Employee Training: All employees with access to personal data receive regular training on data protection, privacy laws, and security best practices
  • Background Checks: Personnel with access to sensitive data undergo thorough background checks and sign confidentiality agreements
  • Data Minimization: We collect and process only the minimum amount of personal data necessary to provide our services
  • Regular Audits: We conduct regular internal audits and assessments of our data handling practices and security measures

Physical Security Measures

  • Secure Data Centers: Our servers are hosted in certified, secure data centers with 24/7 physical security, biometric access controls, and environmental monitoring
  • Redundancy and Backup: We maintain secure, encrypted backup systems to ensure data availability and integrity
  • Disaster Recovery: Comprehensive disaster recovery plans are in place to protect against data loss and ensure business continuity

Data Processing Security

  • Secure APIs: All API endpoints are secured with authentication tokens and rate limiting to prevent unauthorized access
  • Data Anonymization: When possible, we anonymize or pseudonymize personal data for analytics and processing purposes
  • Secure Data Transmission: All third-party integrations use secure, encrypted channels for data transmission
  • Incident Response: We have established procedures for detecting, responding to, and reporting security incidents in compliance with applicable regulations

Sensitive Data Categories Protected

Our security measures specifically protect the following categories of sensitive data:

  • Personal identification information (names, addresses, phone numbers, email addresses)
  • Account credentials and authentication tokens
  • Payment and financial information
  • Calendar and scheduling data from third-party services
  • Communication content and metadata
  • Behavioral and usage analytics data
  • Professional and service provider information

Third-Party Security Standards

When working with third-party service providers, we ensure they meet our security standards through:

  • Due diligence assessments of their security practices
  • Contractual obligations requiring appropriate security measures
  • Regular reviews of their compliance with our data protection requirements
  • Limiting data sharing to the minimum necessary for service provision

Data Breach Response

In the unlikely event of a security incident affecting personal data, we will:

  • Immediately investigate and contain the incident
  • Assess the scope and impact of the breach
  • Notify affected users within 72 hours when required by law
  • Report incidents to relevant authorities as required by applicable regulations
  • Take corrective measures to prevent future incidents
  • Provide support and guidance to affected users

We continuously review and update our security measures to address emerging threats and maintain compliance with evolving data protection standards and regulations.

Log Files

The Gini Group follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

Advertising Partners Privacy Policies

You may consult this list to find the Privacy Policy for each of the advertising partners of The Gini Group.

Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on The Gini Group, which are sent directly to users' browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Note that The Gini Group has no access to or control over these cookies that are used by third-party advertisers.

Third Party Privacy Policies

The Gini Group's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

Integration with Third-party Calendar Services

In our commitment to enhance user experience and facilitate the scheduling of meetings between clients and service providers, The Gini Group integrates with third-party calendar services like Google Calendar. When a service is booked, we may request permission to access and manage events on both the client's and service provider's calendars to automatically add the scheduled service.

  1. Data Accessed: We will only access event details pertinent to appointments made through our platform. This might include the date, time, and title of the event, along with any descriptions or notes added during the booking process.
  2. Purpose: The sole purpose of accessing these calendar events is to ensure that service bookings are efficiently scheduled without conflicts and to provide reminders for both parties.
  3. Data Storage and Management: Any data retrieved from third-party calendar services will not be stored longer than necessary and will be used exclusively for the stated purposes. We do not sell, share, or use this data for any other reason than to facilitate the scheduling of services.
  4. User Consent: Users will always be prompted for explicit consent before any calendar-related operations occur. They retain the right to revoke this access at any time through their respective calendar service settings.
  5. Security: We employ robust security measures to ensure that any data accessed from third-party calendar services is protected from unauthorized access, alteration, disclosure, or destruction.
  6. Disclosure: Gini's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Google User Data Retention and Deletion

In compliance with Google's data protection requirements and our commitment to user privacy, we have established clear policies regarding the retention and deletion of data accessed through Google services:

Data Retention

  1. Calendar Data: Event information accessed from Google Calendar is retained only for the duration necessary to provide our scheduling services. This data is automatically purged from our systems within 30 days of the completion of the scheduled service or immediately upon user request.
  2. Profile Information: Basic profile information (such as name and email address) obtained through Google OAuth is retained for as long as your account remains active with our service. This information is necessary for account management and service delivery.
  3. Authentication Tokens: Google OAuth tokens are stored securely and are automatically refreshed as needed. These tokens are immediately revoked and deleted when you disconnect your Google account from our service.

Data Deletion

  1. User-Initiated Deletion: You can request deletion of your Google-sourced data at any time by:
    • Revoking access to your Google account through your Google Account settings
    • Contacting us directly to request data deletion
    • Deleting your account with our service
  2. Automatic Deletion: Data accessed from Google services is automatically deleted from our systems when:
    • Your account is deactivated or deleted
    • You revoke access to Google services
    • The retention period expires (as specified above)
  3. Complete Data Removal: Upon deletion request, all Google-sourced data will be completely removed from our active systems within 30 days. Some data may persist in backup systems for up to an additional 60 days for disaster recovery purposes, after which it is permanently and irreversibly deleted.

Your Rights Regarding Google Data

You have the following rights concerning data we've accessed from your Google account:

  • Access: Request to see what Google data we have stored about you
  • Correction: Request correction of any inaccurate Google-sourced data
  • Deletion: Request immediate deletion of all Google-sourced data
  • Portability: Request a copy of your Google-sourced data in a portable format
  • Revocation: Revoke access to your Google account at any time through Google's security settings

To exercise any of these rights or if you have questions about our Google data practices, please contact us at [email protected]. We will respond to all requests within 30 days.

Data Sharing with Third-Party Tools

In our commitment to transparency and in alignment with our ongoing dedication to user privacy, we wish to clearly describe the data sharing practices of our app with third-party tools:

ChatGPT (OpenAI)

We utilize ChatGPT to enhance user interactions and provide more accurate responses. When you interact with our service, the queries and responses are processed by ChatGPT. However, this data is anonymized and does not include personally identifiable information. OpenAI’s privacy practices ensure that user data is neither stored nor used for future model training.

ElasticSearch

We use ElasticSearch to optimize our service provider search. This involves processing your search queries to yield more accurate results. The data shared with ElasticSearch is limited to search terms and does not encompass personal or identifiable details.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

The Gini Group does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.