Glider for iOS and Android (the app) is provided by CGM Me Limited, a company incorporated in England and Wales with company number: 14786216 and its registered address at C/O Cls Accountants Ltd, 2 Rythe Close, Esher, Surrey, United Kingdom, KT10 9DD (“we”, “our” or “us”).
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your information).
It also explains your rights in relation to your information and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your information is regulated by law, including under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other laws which apply to us in relation to the processing of personal data (collectively referred to as “Data Protection Laws”).
In this privacy policy, “controller” “personal data”, and “process” (and their derivatives) have the meanings given to those terms in Data Protection Laws. Personal data generally means information that can be used to individually identify a person, and processing generally covers actions that can be performed in connection with data such as the collection, use, storage, or disclosure.
We are the controller of your information obtained via the app, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
Our details are below:
CGM Me LimitedThis privacy policy relates to your use of the app only.
The app links to your Dexcom and/or Freestyle Libre (via an API provided by Terra Enabling Developers Inc., and its affiliates for your Freestyle Libre data) continuous glucose monitoring systems to access your blood glucose data. These other apps, websites or services may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other apps, websites or services, please consult their privacy policies as appropriate.
If you are aged under 16 you must not use the app as it is not designed for you. We do not intend to collect the information of anyone under 16. If you are aware that any information of anyone under 16 has been shared with the app, please let us know so that we can delete that data.
If you are aged 16 or over, you may use the app. This version of our privacy policy is primarily written for adults, including parents and guardians of child users.
If you are aged under 18, we recommend that you speak to an adult that you trust if you have any difficulties reaching an informed decision regarding the activation of any use of your information or our treatment of your information.
The information we collect about you depends on the particular activities carried out through the app. We will collect and use the following information about you:
Category of data | In more detail |
---|---|
“Identity and contact data” you input into the app when you sign up and create an
account
Registration is mandatory in order to use the app |
|
Data collected when you permit the collection of “location data” |
|
Other data the app collects automatically when you use it, (“Technical data”) |
|
We collect and process personal data in order to provide the app and its services. Some of the information we collect is sensitive personal data, (Special Category Data). In particular, we process personal data that relates to your health, including your blood glucose data, and other contextual health information such as your diabetic type, gender, age, and weight. Please see below for more detail on how this information is collected and used.
When you create your account with us, we will ask for your consent for us to process this Special Category Data via a tick-box. By ticking this tick-box you are providing us with your informed consent for us to process this Special Category Data and we will rely on this as our lawful bases for processing such data.
Please note that you are under no obligation to consent to the processing of your health-related data, however if you do not consent, you will be unable to use the features of the app, including linking the app to your Dexcom or Freestyle Libre account.
You can withdraw your consent at any time by contacting us (see “Important information, who we are and how to contact us” above).
For further information on Special Category Data, please see the Information Commissioner’s Office website
Providing information and using the app
Sometimes you can choose if you want to give us your information and let us use it. Where that is the case, we will tell you and give you the choice before you give the information to us. Wherever possible, we will also tell you whether declining to share the information will have any effect on your use of the app or our services.
We collect and use your information for the purposes described in the section ‘How and why we use your information’ below.
The app will request your consent to use the location services of your device in order for us to determine your location. We require access to that data in order to for us to collect your blood glucose data from your continuous glucose monitoring system.
If you do not provide your consent, you may continue to use the app but that will mean we will not be able to collect your blood glucose data. To withdraw your consent at any time you can turn off this permission within the app’s settings or in your device’s settings (that will not affect the lawfulness of our use of that data in reliance on the consent before it was withdrawn). I if you have any questions or concerns about the use of this data you can contact us using the details in the “how to contact us” section above.
We will not process your location data other than as strictly required to enable the blood glucose collection function of the app.
We collect information from you directly when you input it into the app, e.g. through filling out the registration form, or indirectly, such as your activity while using the app.
We also collect information about you from other sources. We collect your blood glucose data collected by DexCom, Inc., which we received from Dexcom, Inc. directly and data collected by Freestyle Libre, which we collect via a third-party API provider (Terra Enabling Developers Inc.).
The app can be linked to your Dexcom or Freestyle Libre account, and your blood glucose data as collected by these applications is transferred to and displayed within the app. Should you require any more information on how we collect this data, please contact us using the details provided in the “how to contact us” section.
Under data protection law, we can only use your information if we have a proper reason, e.g.:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
The table below explains what we use your information for and why.
What we use your information for | Type of data | Our reasons |
---|---|---|
Create and manage your account with us | Identity and contact data | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you. |
Providing services and/or the functionalities of the app to you |
Identity and contact data
Technical data Location data |
For our legitimate interests, to provide you with the following services and functionalities
within the app:
|
Providing specific blood glucose data services and functionalities via the app to you | Special Category Data | Subject to you providing us you’re your informed consent which you can withdraw at any time. |
Communications with you not related to marketing, including about changes to our terms or policies or changes to the app or service or other important notices | Identity and contact data |
Depending on the circumstances:
|
Operational reasons, such as improving our services or to provide support to you | Technical data | For our legitimate interests, to be as efficient as we can so we can deliver the best service to you |
Statistical analysis to help us understand our user base | Technical data | For our legitimate interests, to be as efficient as we can so we can deliver the best service to you |
Updating and enhancing customer records |
Identity and contact data
Technical data |
Depending on the circumstances:
|
To enforce legal rights or defend or undertake legal proceedings | Identity and contact data |
Depending on the circumstances:
|
To send you marketing information about the app (for more information see “Marketing” below). | Identity and contact data | For our legitimate interests, to promote the app and pursuing our business interests to encourage use of the app. |
We will use your information to send you updates by email about our services, including exclusive promotions, new features and services.
We have a legitimate interest in using your information for marketing purposes (see above ‘How and why we use your information’). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
We will always treat your information with the utmost respect and never sell or share it with other organisations outside of CGM Me Limited for marketing purposes.
For more information on your right to object at any time to your information being used for marketing purposes, see ‘Your rights’ below.
We do not share your personal data with anyone else, other than with service providers we use to help us run our business or provide the services or functionalities in the app, such as:
We only allow the service providers referred to above to handle your information if we are satisfied they take appropriate measures to protect your information. We also impose contractual obligations on service providers to ensure they can only use your information to provide services to us and to you.
We or the third parties mentioned above occasionally also need to share your information with:
We will not share your information with any other third party.
Whilst using the app’s community sharing features (e.g. when registered users can see each other’s’ profiles and blood glucose data) your personal data, including the Special Category Data will be made available to other registered users of the app when you use these community features of the app.
You can disable or avoid using community sharing features in the app so that your personal data will not be shared with other registered users in the way described above.
We seek to protect your personal data from unauthorized access, use and disclosure using appropriate physical, technical, organisational and administrative security measures based on the type of personal data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your device; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.
The periods for which we retain individual categories of personal data are explained in the table below, but please note in some cases we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or is otherwise permitted or required by applicable law, rule or regulation.
Information we collect | We keep this for |
---|---|
Identity and contact data in order for us to create and manage your account with us. |
Throughout your use of the app and for a period of 6 years thereafter.
Keeping it for this length of time allows us to recognise you if you wish to open your account again, and is also necessary for us in case we need to resolve any legal disputes that might arise or to comply with our legal obligations. |
Special Category Data (including your blood glucose data, and other contextual health information such as your diabetic type, gender, age, and weight). | We keep this data for as long as you have an account with CGM Me, but we will delete it if you withdraw your consent or specifically request that we delete it. |
Technical data collected automatically. | We keep this data for a period of 90 days, unless we are aware of any serious problem that required investigation (for example fraud or a hostile attack to our systems). |
By using the community sharing features feature in the app, your personal data (including your Special Category Data) will be shared with other registered users who use this feature and who may be located outside of the United Kingdom. When completing the sign-up process, we will request your consent for your personal data (including your Special Category Data) to be made available to other users in this way. You can withdraw this consent at any time by contacting us and/or disabling these features in the settings section of the app. These transfers will only happen when you use the community sharing features in the app (as described in “Making your data available to other users of the app” above).
Other than as set out above:
Any changes to our international data transfer practice will be notified to you in accordance with the section on ‘Change to this privacy policy’ below.
You generally have the following rights, which you can usually exercise free of charge:
Access to a copy of your information |
The right to be provided with a copy of your information
A more detailed explanation of this right is available here |
---|---|
Correction (also known as rectification) |
The right to require us to correct any mistakes in your information
A more detailed explanation of this right is available here |
Erasure (also known as the right to be forgotten) |
The right to require us to delete your information—in certain situations
A more detailed explanation of this right is available here |
Restriction of use |
The right to require us to restrict use of your information in certain circumstances, e.g. if you
contest the
accuracy
of the data
A more detailed explanation of this right is available here |
Data portability |
The right to receive your information that you provided to us, in a structured, commonly used and
machine-readable
format and/or transmit that data to a third party—in certain situations
A more detailed explanation of this right is available here |
To object to use |
The right to object:
A more detailed explanation of this right is available here |
Not to be subject to decisions without human involvement |
The right not to be subject to a decision based solely on automated processing (including profiling)
that
produces
legal effects concerning you or similarly significantly affects you
We do not make any such decisions based on data collected by the app A more detailed explanation of this right is available here |
The right to withdraw consents |
If you have provided us with a consent to use your information, you have a right to withdraw that consent easily at any time You may withdraw consents by contacting us at the addresses stated above under “Important information, who we are and how to contact us”). Withdrawing a consent will not affect the lawfulness of our use of your information in reliance on that consent before it was withdrawn. |
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us. You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
If you would like to exercise any of those rights, please do so via our ‘Contact Us’ from—(see above “Important information, who we are and how to contact us”). When contacting us please:
You also have the right to lodge a complaint with the Information Commissioner.
The Information Commissioner can be contacted using the details at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example via the app or by other means, such as email.
UNITED STATES SUPPLEMENT
The provisions set forth below supplements the privacy policy above with information as we apply them to all of our users in the United States of America, including without limitation the states of California, Connecticut, Colorado, Nevada, Utah, and Virginia (collectively, “US Users”). Without limiting any of the disclosures or consumer rights as set forth above in this privacy policy, in accordance with the supplemental provisions below, US Users have the following rights.
For purposes of the United States Supplement below, “business” “service provider”, “personal information”, “sell”, and “share” have the meanings given to those terms in Data Protection Laws applicable in the United States.
US Users have the right to request and obtain from us information regarding: (i) the categories of personal information we collect about you, (ii) the categories of sources from which such personal information is collected, (iii) the business or commercial purpose for collecting, selling or sharing personal information (as may be applicable), (iv) categories of third parties to whom the we disclose personal information (including categories of personal information and third parties to whom personal information is shared for a business purpose), (v) categories of personal information that we sold or shared about you (if any), the categories of third parties to whom the personal information was sold or shared (if any), and (vi) any specific pieces of personal information that we collect about you.
Please note that the information noted above is provided in the form this privacy policy, but you are welcome to request confirmation that the information noted above is current.
US Users have the right to direct us not to sell or share your personal information to or with third parties, and/or otherwise use your personal information for targeted advertising.
As described above:
(i) we do not sell your personal information;
(ii) we do not share your personal information, as that term is defined under the California Consumer Privacy Act (the “CCPA”); and
(iii) we do not use your information for targeted advertising.
US Users can submit such a request by using the same “Contact Us” page, and providing the same information, as referenced in Section 12 above. Where required and/or permitted, we reserve the right to verify your identity and details thereof as a condition of completing your request.
Although we do not sell or share your information as defined under the CCPA, we do provide notice to our US Users that where a US User exercises your rights to opt-out of the sale or sharing of your personal information, provided for in Section 16 above, businesses that do sell or share personal information cannot discriminate or retaliate against you for choosing to exercise such rights, including by:
The right to delete personal information |
US Users have the right to request the deletion of your personal information that we have collected from, or about, you |
The right to correct inaccurate personal information |
In the event that we maintain inaccurate personal information about you, you have the right to request that we correct that inaccurate personal information |
The right to limit use and disclosure of sensitive information |
In accordance with Sections 3 and 10 above, we collect “Special Category Data”. The Special Category Data as defined above, is sensitive personal information for purposes of this United States Supplement. You have the right to direct us to limit our use of your sensitive personal information to that use that is necessary for us to perform our services and/or provide our goods to you. In accordance with the privacy policy above, we do not use your sensitive personal information for any purpose other than that which is necessary for us to perform our services to you. |
To exercise any of your consumer rights as set forth in Section 18 above, you can submit such a request by using the same “Contact Us” page, and providing the same information, as referenced in Section 12 above. Upon receipt of any such consumer request, where required and/or permitted, we shall promptly take steps to determine whether the request is a verifiable consumer request in accordance with applicable law. Unless otherwise provided under applicable law, we require that any consumer request received MUST be verifiable. Except where otherwise required under applicable law, no information will be released or changed until the requestor is verified to be the owner of the data in question. Upon verifying the consumer request, we will respond to such request in accordance with the requirements under applicable law, or where no such applicable law exists, in a commercially reasonable manner.
As referenced in Section 2 above, if you are aged under 13 you must not use the app as it is not designed for US Users aged 13 or younger. We do not intend to collect the information of anyone under 13. If you are aware that any information of anyone under 13 has been shared with the app, please let us know so that we can delete that data.
We do not target any of our products or services to any US User aged 13 or under and we do not knowingly collect personally identifiable information from anyone under the age of 13. However, if you are a parent or guardian and you are aware that your child has provided us with personal information under this privacy policy, please Contact Us.
If we become aware that we have collected personal information from anyone under the age of 13 without verifiable parental consent, we will take steps to remove such personal information from our systems and servers.
This privacy policy is specific to our mobile application. Please note as well that we do not sell or share your personal information within the definitions of the CCPA. Our mobile app does not change its behavior based on any Do Not Track or other browser based opt-out signals that you may separately set in your internet browser.
US Users may direct any queries or concerns, including appeals, regarding the manner in which any of the requests set forth in this United States Supplement have been handled by us, please contact us in accordance with Section 13 above, and we will respond in accordance with applicable United States laws, or where an applicable law does not exist, in a commercially reasonable manner.
You also generally have the right to lodge a complaint, with your state’s Attorney General and some states may have specific divisions within the Attorney General’s offices or specific agencies responsible for data privacy, e.g., the California Privacy Protection Agency in California.
Without limiting the forgoing, to comply with applicable law, we hereby notify residents of Colorado and Virginia who are US Users that they may lodge complaints about the outcome of our internal complaints and appeals process as follows:
Colorado Attorney General’s Office |
https://coag.gov/file-a-complaint/data-privacy-data-breach/ |
Virginia Attorney General’s Office |
https://www.oag.state.va.us/consumercomplaintform/start |