Give & Get Privacy & Data Protection Policy

1. Scope

The terms "we," "our," "us," or "Give&Get" refer to the entity specified in Section 14 that you or your organization has a relationship with. This Privacy Policy explains how Give&Get collects, uses, and processes personal data related to your use of our Services. Undefined capitalized terms are defined in the applicable Agreement or Terms of Services. This Privacy Policy applies to all Users of our Services and should be read alongside any business terms or other contractual documents, including any Agreements we may have with you. It covers personal data processing activities conducted by us across our Sites.

2. Controller

The entity responsible for processing your personal data is listed in Section 14.

3. Protection and storing of Personal Data

Give&Get is dedicated to implementing security measures to protect Users' personal data from destruction, loss, modification, or unauthorized processing. Some of these measures include:

- Using industry-standard encryption protocols to secure data transmission and storage.

- Implementing access controls to limit access to personal data to authorized employees or personnel who require it for legitimate purposes, bound by confidentiality obligations.

- Encouraging Users to use strong, unique passwords and keep their devices and software updated.

- Storing User data on servers without public IP addresses, accessible only through a separate private network.

- Ensuring SSH connections to public servers are only possible from Give&Get's (virtual) private network.

- Hashing User passwords and encrypting all user data stored in databases.

4. Information Collection and Processing

At Give&Get, we value transparency and strive to provide clarity on our data collection and processing practices. Below we present an overview of the data we collect, its source, category, a brief description, and the lawful basis for processing.  

Please keep in mind that the specific data we collect may vary depending on the Give&Get Service you are using. Therefore, we provide a comprehensive overview which does not limit the data we collect or imply that we collect this data in all instances.

We collect data through various methods, such as customer registration, Transactions, program participation, industry events, and customer service communications. While you have the option to decline providing personal data, not providing essential information may limit our ability to offer certain services.

I. Information Provided by User

Basic Information: We collect identity information such as gender, your first and last name, username, nationality/citizenship, and country of residence. Additionally, we collect contact information including your billing address, email address, and phone number, along with ID numbers and tax numbers when applicable. This data is necessary for the performance of our contract and to communicate with you.

Required by Law: To comply with KYC or AML obligations, we may collect your date and place of birth and a copy of your identity card or passport.

Voluntarily Provided Information: You may provide additional information such as your Social Security Number, financial information (e.g., bank account details, payment card details, balances and transactions, income, and source of funds), and communication preferences regarding receiving marketing from us and third parties. The processing of this information is based on your consent.

II. Information Collected Automatically

App, Browser, and Device Information: We collect technical data including your IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our sites and services. This information is necessary for the performance of our contract and to ensure functionality.

Product Usage Information: We collect transaction data detailing payments to and from you and other details of products and services you have purchased. Activity information includes what you view or click on while visiting our sites and how you use our services. Profile data such as your username and password, transactions made by you, your preferences, feedback, and survey responses are also collected. Diagnostic and troubleshooting information related to service performance, including timestamps, crash data, website performance logs, and error messages or reports, are gathered to ensure functionality and communicate with you.

Information from Cookies and Similar Technologies: We use cookies to administer our services, analyze usage and trends, track your browsing history, and improve service functionality. For more details, see our [Cookie Policy](insert link).

III. Information Obtained from Affiliates and Third Parties

G&G Group of Companies (Affiliates): We may obtain basic information, transaction information, and product usage data about you from our affiliates as part of our business operations.

Public Database Information: We may obtain information about you from public databases, such as the United Nations Sanctions List, US ITA Consolidated Screening List, and the SEC EDGAR, to comply with legal obligations.

Information from Marketing and Advertising Partners: We receive your name and contact information from our marketing partners, including details on the marketing content you viewed or actions you took on our sites, for marketing purposes.

Information from Analytics Providers: We receive data about your site usage, interactions, age group, and survey responses from our analytics providers, even before account creation, to enhance our marketing efforts.

Retail Merchant Information: If you conduct a transaction with a third-party merchant using your account, the merchant may provide us with data about you, including your name, contact details, and transaction details, for the performance of our contract.

Research and In-App Survey Information: We use third-party service providers to conduct in-app surveys to better understand customer experiences and improve our services. Information received from research partners is pseudonymous and used to enhance service quality.

*For entities, we may collect some of this information for individual members such as beneficial owners, directors, etc., as applicable.

We may also collect, use, and share aggregated data, such as statistical or demographic data, for various purposes. Aggregated data is derived from your personal data but is considered non-personal data under the law, as it does not directly or indirectly disclose your identity. For example, we may analyze your Product Usage Information in an aggregated form to determine the percentage of users accessing specific features on our Site. However, if we combine or link aggregated data with your personal data in a way that allows us to identify you directly or indirectly, we will treat the combined data as personal data and handle it in accordance with this Policy. Our approach to handling aggregated data aligns with industry-standard privacy practices.    

5. Purposes of the collection and processing

Give&Get can process personal data for (one of or several) the following purposes, based on one or more legal grounds:

- Contract Performance: For account creation, identity verification, service provision, and technical support.

- Functionality: To ensure proper website and service operation.

- Communication: To respond to inquiries, fulfill requests, and send updates.

- Marketing: To send promotional materials and offers aligned with your preferences.

- Service Improvement: To analyze trends, improve services, and ensure quality.

- Legal Compliance: To meet legal obligations and conduct audits.

- Asset Protection: To prevent fraud and ensure security.

- Consent-Based Purposes: To share information only with your consent.

6. Third-party access to User’s personal data

We do not share personal information with companies, outside organizations, individuals, or other recipients unless one of the following circumstances apply:

6.1 Legal, Regulatory, Safety, and Compliance Purposes. In certain situations, we may be required to share your information as required by law. These situations may include but are not limited to complying with a subpoena or other legal process requests; protecting your rights; protecting your safety or the safety of others; investigating fraud; and responding to a government request.

6.2 Sharing with Service Providers and Third Parties. Give&Get may disclose your information to third-party service providers who assist us in managing the Services. These providers may include IT service providers, data storage providers, identity verification service providers, payment processors, cloud service providers, and marketing service providers. However, we ensure that these providers are only allowed to use your personal information for the sole purpose of providing their services to us and not for their own promotional purposes. Your personal data may be stored within their systems, but we require them to uphold the confidentiality of your information and comply with all privacy and data protection laws. Rest assured; we do not sell your personal information to third parties.

6.3 Give&Get Affiliates. We may share your information within Give&Get Affiliates for various purposes, including providing you with our services, preventing fraud, conducting identity verifications, complying with the law, facilitating sales, mergers, acquisitions, or other liquidity events, and offering products and services to you. However, we do not share information about your creditworthiness with our Affiliates.

6.4 With your consent. We will share personal information with companies, outside organizations or individuals if we have your consent to do so.

7. Data Transfers

Data may be transferred internationally with appropriate safeguards, including Standard Contractual Clauses.

8. Your Rights

You have the following rights in respect of User’s personal data being processed by Give&Get:

- Access, rectify, or remove your data.

- Restrict processing or request data portability.

- Object to processing, particularly for direct marketing.

- Revoke consent at any time.

9. Data Protection Authorities

If you have concerns about your personal data processing or believe your data protection rights have been violated, you can file a complaint with the supervisory authority.

While you can directly contact the supervisory authority, we would appreciate the opportunity to resolve your concerns first. Please contact us for a prompt resolution.

You are not obligated to contact us before filing a complaint with the supervisory authority. You can do so at any time.

10. Contact Us

For exercising rights or inquiries, contact support@giveandget.io. Provide proof of identity for requests.

11. Retention

We retain personal information for as long as needed or as permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:

- the length of time we have an ongoing relationship with you (for example, for as long as you have an account with us or keep using Give&Get),

- whether there is a legal obligation to which we are subject (for example, certain laws, such as anti-money laundering requirements) require us to keep records of your transactions for a certain period before we can delete them); and/or

- whether retention is advisable considering our legal position or to protect the safety of individuals (such as regarding applicable statutes of limitations, litigation, or regulatory investigations).

12. California Residents

In compliance with the California Consumer Privacy Act of 2018 (CCPA), California residents can contact us at support@giveandget.io to request information about the personal information disclosed to third parties for direct marketing purposes over the past 12 months.

You have the right to:

- Access: Request details about the categories and specific pieces of personal information collected about you.

- Correct: Request corrections to inaccurate personal information.

- Delete: Request the deletion of your personal information.

We ensure no discrimination against individuals exercising their CCPA rights. We will not:

- Deny services.

- Charge different prices or rates.

- Provide a different level or quality of services.

- Suggest different prices or quality for services.

- We do not sell personal information in the ordinary course of business without your explicit consent.

To exercise CCPA rights on behalf of another, provide proof of authorization with a completed, signed, and notarized CCPA Agent Authorization Form. We may deny requests without proof of authorization or verifiable identity.

If your personal information is involved in a data breach, you have the right to initiate a private cause of action.

You can limit our use of sensitive personal information (SPI) to what is necessary for our Services. If we use SPI for other purposes, we will notify you and allow you to request limitations.

Sensitive Personal Information (SPI) includes:

- Social Security number, driver’s license number, state ID, or passport number.

- Account log-in details and financial information.

- Precise geolocation data.

- Racial/ethnic origin, religious/philosophical beliefs, or union membership.

- Contents of mail, email, or text messages (unless intended recipient).

- Genetic data.

For more details or to exercise your rights, contact us at support@giveandget.io.

13. Updates to the Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or for operational, legal, or regulatory reasons. Updates will be posted on this page with a revised "Last Updated" date. For significant changes, we will notify you via email (if provided) or by posting a notice on our website before the changes take effect. Continuing to use our services after the effective date of any revised policy constitutes your acceptance. If you disagree with the changes, please stop using our services and contact us to deactivate your account if needed.

We are not responsible for the privacy practices of third-party websites or services linked to or from our website. We recommend reviewing their privacy policies directly. If you have any questions or concerns about our privacy policy or practices, please contact us using the information provided in the "Contact Us" section above.

14. Your Data Controller

Services Provided: For residents of the United States

Operating entity: TG Consulting Inc.

Contact Address: 5 West Mendenhall Street, Suite 202, Bozeman, MT 59715, United States                                       

Last updated

June 27th 2024