Privacy Policy — How We Protect Your Data

1. Data Controller

The Controller of the data collected through the Give Zero mobile application and the website givezero.co is GENERAL INTELLECT, S.L. (hereinafter referred by its trade name, "GIVE ZERO"), with registered office at 1710 KELLER PARKWAY #9899 KELLER, TX 76248, USA

EU Representative

Entity Name: Ametros Ltd
Address: Commerce House, Washington Street West, Cork, Ireland
Email: gdpr@ametrosgroup.com
Web: www.ametrosgroup.com

UK Representative

Entity Name: Ametros Group Ltd
Address: Lakeside Offices, Thorne Business Park, Hereford, England
Email: gdpr@ametrosgroup.com
Web: www.ametrosgroup.com

2. Purposes of Processing

The User's personal data will be processed for the following purposes:

Management of registration and application access: Data processed for this purpose includes email address, encrypted password and, where applicable, Google authentication data if the User chooses this registration option. The legal basis for processing is the performance of the service contract. Data will be kept as long as the account remains active and, after its closure, during the legally provided limitation periods.

Provision of personalized health management services: This involves processing health data related to perimenopause and menopause symptoms entered via questionnaires, data from connected wearable devices (such as physical activity and sleep), blood test results voluntarily provided by the User, symptom history, menstrual cycle information, age, and any other health information provided voluntarily. The objective is to provide personalized information on symptom management, health pattern analysis, and recommendations adapted to the User's profile. The legal basis is the explicit consent of the User for the processing of health data in accordance with Article 9.2.a of the GDPR. Data will be kept while the account is active and the User does not withdraw consent. Upon account closure or withdrawal of consent, data will be deleted unless there is a legal obligation to retain it.

Subscription and payment management: For this purpose, billing data, subscription history, and payment data are processed. GIVE ZERO does not store full credit card data, as processing is carried out through an external payment gateway. The purpose is to manage the contracting and renewal of premium subscriptions, process payments, and issue invoices. The legal basis is the performance of the subscription contract. Data will be kept for the duration of the subscription and, upon termination, during the legally provided accounting and tax retention periods.

Customer Service and Technical Support: Contact details, the content of inquiries, and the history of interactions with customer service are processed to respond to queries, resolve technical incidents, and provide support. The legal basis is the legitimate interest of GIVE ZERO in providing quality service. Data will be kept until the resolution of the query and, thereafter, during the legally provided limitation periods.

Commercial communications and newsletters: Your email address may be used to send information about news, features, educational resources on women's health, and offers related to GIVE ZERO services. The legal basis is the legitimate interest of GIVE ZERO for informing users of other related goods or services that may be of interest. You may be withdrawn at any time via the unsubscribe link included in each communication.

Product Sales Management: If GIVE ZERO offers physical products for sale, identification, contact, shipping, and billing data will be processed to manage the order and delivery. The legal basis is the performance of the purchase contract.

3. Special Legitimation for Health Data

Health data constitutes a special category of personal data under Article 9 of the GDPR. GIVE ZERO only processes this data when the User has provided explicit consent. Withdrawal of consent will result in the inability to continue using the personalized services of the application.

4. Recipients and Data Processors

GIVE ZERO does not sell or transfer personal data to third parties for commercial purposes. Data may be communicated to Public Authorities or Courts if required by law. Data may also be communicated to the following categories of Data Processors:

Hosting and storage providers: Heroku, Supabase, OpenAI.
Analysis and web analytics providers: Google Analytics.
Payment gateway providers: Stripe, ApplePay.
Artificial Intelligence service providers: GIVE ZERO uses the OpenAI API (ChatGPT) to generate personalized responses through the virtual assistant Nova. Data necessary to generate the response (symptoms, age, etc.) is processed by OpenAI. Under OpenAI's enterprise API terms, data sent via the API is not used to train their models nor retained beyond the time necessary to provide the service. OpenAI is located in the United States.
Email marketing providers: MailChimp.
Business Transfers: In connection with a sale, merger or financing of the company.

Data processing agreements shall be in place with all third-parties in accordance with Article 28 of the GDPR.

5. International Transfers

GIVE ZERO is headquartered in the United States and processes data on servers located in the US. Consequently, personal data is transferred outside the European Economic Area. To ensure an adequate level of protection, GIVE ZERO applies safeguards such as Standard Contractual Clauses (SCCs) and adherence to the Data Privacy Framework. For more information, contact privacy@givezero.co.

6. Your Rights

Interested parties may exercise their rights of access, rectification, erasure, limitation of processing, data portability, and objection, as well as withdraw consent at any time. Requests should be sent to:

Postal Mail: GIVE ZERO Inc. 1710 KELLER PARKWAY #9899 KELLER, TX 76248, USA
Email: privacy@givezero.co

7. Minors

GIVE ZERO services are directed exclusively to persons over 18 years of age. We do not knowingly collect data from minors. If a parent or guardian becomes aware that a minor has provided personal data, please contact us for immediate deletion.

8. U.S. Security and Privacy

As a U.S. company, in addition to the GDPR, we comply with applicable transparency principles. If you are a resident of states with specific legislation (such as California - CCPA), you may request additional information regarding your privacy rights by contacting our support team.

9. Updates to the Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.