Introduction to our privacy policy

Glider for iOS and Android (the app) is provided by CGM Me Limited, a company incorporated in England and Wales with company number: 14786216 and its registered address at C/O Cls Accountants Ltd, 2 Rythe Close, Esher, Surrey, United Kingdom, KT10 9DD (“we”, “our” or “us”).

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your information).

It also explains your rights in relation to your information and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your information is regulated by law, including under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other laws which apply to us in relation to the processing of personal data (collectively referred to as “Data Protection Laws”).

In this privacy policy, “controller” “personal data”, and “process” (and their derivatives) have the meanings given to those terms in Data Protection Laws. Personal data generally means information that can be used to individually identify a person, and processing generally covers actions that can be performed in connection with data such as the collection, use, storage, or disclosure.

  1. Important information, who we are and how to contact us

    We are the controller of your information obtained via the app, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

    Our details are below:

    CGM Me Limited
    C/O Cls Accountants Ltd,
    2 Rythe Close,
    Esher, Surrey,
    United Kingdom,
    KT10 9DD
    Company number: 14786216
    ICO registration number: ZB627944
    Email: info@cgmme.com
    If you have any questions about this privacy policy, including any requests to exercise your legal rights, or any questions about this privacy policy or our privacy practices please contact us using the details set out above.

  2. What and who this policy applies to

    This privacy policy relates to your use of the app only.

    The app links to your Dexcom and/or Freestyle Libre (via an API provided by Terra Enabling Developers Inc., and its affiliates for your Freestyle Libre data) continuous glucose monitoring systems to access your blood glucose data. These other apps, websites or services may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other apps, websites or services, please consult their privacy policies as appropriate.

    If you are aged under 16 you must not use the app as it is not designed for you. We do not intend to collect the information of anyone under 16. If you are aware that any information of anyone under 16 has been shared with the app, please let us know so that we can delete that data.

    If you are aged 16 or over, you may use the app. This version of our privacy policy is primarily written for adults, including parents and guardians of child users.

    If you are aged under 18, we recommend that you speak to an adult that you trust if you have any difficulties reaching an informed decision regarding the activation of any use of your information or our treatment of your information.


  3. Information we collect about you

    The information we collect about you depends on the particular activities carried out through the app. We will collect and use the following information about you:

    Category of data In more detail
    Identity and contact data” you input into the app when you sign up and create an account

    Registration is mandatory in order to use the app

    • your first and last name;

    • your email address;

    • your age, weight, and gender;

    • your diabetic type (e.g. Type 1 or Type 2);

    • your blood glucose data;

    • your country of residence;

    • your account details, such as username and password;

    • your replies to security questions, if applicable.

    Data collected when you permit the collection of “location data
    • details of your location with a high degree of precision, see the section ‘Location services/data’ below

    Other data the app collects automatically when you use it, (“Technical data”)
    • your activities on, and use of, the app which reveal your preferences, interests or manner of use of the app and the times of use

    • IP address, device type, IMEI numbers, MAC address of networks, other unique device identification, device operating system, mobile network information, app version number, storage usage, data usage, time zone settings etc.

    Special Category Data

    We collect and process personal data in order to provide the app and its services. Some of the information we collect is sensitive personal data, (Special Category Data). In particular, we process personal data that relates to your health, including your blood glucose data, and other contextual health information such as your diabetic type, gender, age, and weight. Please see below for more detail on how this information is collected and used.

    When you create your account with us, we will ask for your consent for us to process this Special Category Data via a tick-box. By ticking this tick-box you are providing us with your informed consent for us to process this Special Category Data and we will rely on this as our lawful bases for processing such data.

    Please note that you are under no obligation to consent to the processing of your health-related data, however if you do not consent, you will be unable to use the features of the app, including linking the app to your Dexcom or Freestyle Libre account.

    You can withdraw your consent at any time by contacting us (see “Important information, who we are and how to contact us” above).

    For further information on Special Category Data, please see the Information Commissioner’s Office website

    Providing information and using the app

    Sometimes you can choose if you want to give us your information and let us use it. Where that is the case, we will tell you and give you the choice before you give the information to us. Wherever possible, we will also tell you whether declining to share the information will have any effect on your use of the app or our services.

    We collect and use your information for the purposes described in the section ‘How and why we use your information’ below.


  4. Location data

    The app will request your consent to use the location services of your device in order for us to determine your location. We require access to that data in order to for us to collect your blood glucose data from your continuous glucose monitoring system.

    If you do not provide your consent, you may continue to use the app but that will mean we will not be able to collect your blood glucose data. To withdraw your consent at any time you can turn off this permission within the app’s settings or in your device’s settings (that will not affect the lawfulness of our use of that data in reliance on the consent before it was withdrawn). I if you have any questions or concerns about the use of this data you can contact us using the details in the “how to contact us” section above.

    We will not process your location data other than as strictly required to enable the blood glucose collection function of the app.


  5. How your information is collected

    We collect information from you directly when you input it into the app, e.g. through filling out the registration form, or indirectly, such as your activity while using the app.

    We also collect information about you from other sources. We collect your blood glucose data collected by DexCom, Inc., which we received from Dexcom, Inc. directly and data collected by Freestyle Libre, which we collect via a third-party API provider (Terra Enabling Developers Inc.).

    The app can be linked to your Dexcom or Freestyle Libre account, and your blood glucose data as collected by these applications is transferred to and displayed within the app. Should you require any more information on how we collect this data, please contact us using the details provided in the “how to contact us” section.


  6. How and why we use your information

    Under data protection law, we can only use your information if we have a proper reason, e.g.:

    1. where you have given consent;

    2. to comply with our legal and regulatory obligations;

    3. for the performance of a contract with you or to take steps at your request before entering into a contract; or

    4. for our legitimate interests or those of a third party

    A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).

    The table below explains what we use your information for and why.

    What we use your information for Type of data Our reasons
    Create and manage your account with us Identity and contact data For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.
    Providing services and/or the functionalities of the app to you Identity and contact data

    Technical data

    Location data

    For our legitimate interests, to provide you with the following services and functionalities within the app:
    • to enable the blood glucose and contextual health data tracking and sharing services;
    • to enable the functioning of the in-app games and comparisons with other users;
    • to enable all other blood glucose-related features.
    Providing specific blood glucose data services and functionalities via the app to you Special Category Data Subject to you providing us you’re your informed consent which you can withdraw at any time.
    Communications with you not related to marketing, including about changes to our terms or policies or changes to the app or service or other important notices Identity and contact data Depending on the circumstances:
    • to comply with our legal and regulatory obligations;
    • in other cases, for our legitimate interests, to provide the best service to you
    Operational reasons, such as improving our services or to provide support to you Technical data For our legitimate interests, to be as efficient as we can so we can deliver the best service to you
    Statistical analysis to help us understand our user base Technical data For our legitimate interests, to be as efficient as we can so we can deliver the best service to you
    Updating and enhancing customer records Identity and contact data

    Technical data

    Depending on the circumstances:

    • to perform our contract with you or to take steps at your request before entering into a contract
    • to comply with our legal and regulatory obligations
    • where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our users about the app

    To enforce legal rights or defend or undertake legal proceedings Identity and contact data Depending on the circumstances:

    • to comply with our legal and regulatory obligations
    • in other cases, for our legitimate interests, to protect our business, interests and rights.

    To send you marketing information about the app (for more information see “Marketing” below). Identity and contact data For our legitimate interests, to promote the app and pursuing our business interests to encourage use of the app.

  7. Marketing

    We will use your information to send you updates by email about our services, including exclusive promotions, new features and services.

    We have a legitimate interest in using your information for marketing purposes (see above ‘How and why we use your information’). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

    You have the right to opt out of receiving marketing communications at any time by:

    1. contacting us using the details provided above under “How to contact us”, or
    2. using the ‘unsubscribe’ link in emails.

    We will always treat your information with the utmost respect and never sell or share it with other organisations outside of CGM Me Limited for marketing purposes.

    For more information on your right to object at any time to your information being used for marketing purposes, see ‘Your rights’ below.


  8. Who we share your information with

    We do not share your personal data with anyone else, other than with service providers we use to help us run our business or provide the services or functionalities in the app, such as:

    1. our hosting, technology and communications provider; and
    2. analytics providers (needed to provide the app’s functionalities and so we can continue to improve our services).

    We only allow the service providers referred to above to handle your information if we are satisfied they take appropriate measures to protect your information. We also impose contractual obligations on service providers to ensure they can only use your information to provide services to us and to you.

    We or the third parties mentioned above occasionally also need to share your information with:

    1. our, or their, external auditors, e.g. in relation to the audit of our accounts—the recipient of the information will be bound by confidentiality obligations;
    2. our or their professional advisors (such as lawyers and other advisors)—the recipient of the information will be bound by confidentiality obligations;
    3. law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory obligations; and
    4. other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised, but this may not always be possible. The recipient of any of your information will be bound by confidentiality obligations.

    We will not share your information with any other third party.


  9. Making your data available to other users of the app

    Whilst using the app’s community sharing features (e.g. when registered users can see each other’s’ profiles and blood glucose data) your personal data, including the Special Category Data will be made available to other registered users of the app when you use these community features of the app.

    You can disable or avoid using community sharing features in the app so that your personal data will not be shared with other registered users in the way described above.


  10. How is your information protected and how long will it be kept

    We seek to protect your personal data from unauthorized access, use and disclosure using appropriate physical, technical, organisational and administrative security measures based on the type of personal data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your device; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

    The periods for which we retain individual categories of personal data are explained in the table below, but please note in some cases we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or is otherwise permitted or required by applicable law, rule or regulation.

    Information we collect We keep this for
    Identity and contact data in order for us to create and manage your account with us. Throughout your use of the app and for a period of 6 years thereafter.

    Keeping it for this length of time allows us to recognise you if you wish to open your account again, and is also necessary for us in case we need to resolve any legal disputes that might arise or to comply with our legal obligations.

    Special Category Data (including your blood glucose data, and other contextual health information such as your diabetic type, gender, age, and weight). We keep this data for as long as you have an account with CGM Me, but we will delete it if you withdraw your consent or specifically request that we delete it.
    Technical data collected automatically. We keep this data for a period of 90 days, unless we are aware of any serious problem that required investigation (for example fraud or a hostile attack to our systems).

  11. International transfers

    By using the community sharing features feature in the app, your personal data (including your Special Category Data) will be shared with other registered users who use this feature and who may be located outside of the United Kingdom. When completing the sign-up process, we will request your consent for your personal data (including your Special Category Data) to be made available to other users in this way. You can withdraw this consent at any time by contacting us and/or disabling these features in the settings section of the app. These transfers will only happen when you use the community sharing features in the app (as described in “Making your data available to other users of the app” above).

    Other than as set out above:

    1. if you are a user based in the United Kingdom, we do not transfer your personal data outside the United Kingdom.
    2. If you are a user based in the United States of America, we do not transfer your personal data outside the United States of America.

    Any changes to our international data transfer practice will be notified to you in accordance with the section on ‘Change to this privacy policy’ below.


  12. Your rights

    You generally have the following rights, which you can usually exercise free of charge:

    Access to a copy of your information The right to be provided with a copy of your information

    A more detailed explanation of this right is available here

    Correction (also known as rectification) The right to require us to correct any mistakes in your information

    A more detailed explanation of this right is available here

    Erasure (also known as the right to be forgotten) The right to require us to delete your information—in certain situations

    A more detailed explanation of this right is available here

    Restriction of use The right to require us to restrict use of your information in certain circumstances, e.g. if you contest the accuracy of the data

    A more detailed explanation of this right is available here

    Data portability The right to receive your information that you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

    A more detailed explanation of this right is available here

    To object to use

    The right to object:

    • at any time to your information being used for direct marketing (including profiling)
    • in certain other situations to our continued use of your information, e.g. where we use your information for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims

    A more detailed explanation of this right is available here

    Not to be subject to decisions without human involvement The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

    We do not make any such decisions based on data collected by the app

    A more detailed explanation of this right is available here

    The right to withdraw consents

    If you have provided us with a consent to use your information, you have a right to withdraw that consent easily at any time

    You may withdraw consents by contacting us at the addresses stated above under “Important information, who we are and how to contact us”).

    Withdrawing a consent will not affect the lawfulness of our use of your information in reliance on that consent before it was withdrawn.

    For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us. You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.

    If you would like to exercise any of those rights, please do so via our ‘Contact Us’ from—(see above “Important information, who we are and how to contact us”). When contacting us please:

    1. provide enough information to identify yourself (e.g. your full name and email address) and any additional identity information we may reasonably request from you, and
    2. let us know which right(s) you want to exercise and the information to which your request relates

  13. How to complain Please contact us if you have any queries or concerns about our use of your information (see above “Important information, who we are and how to contact us”). We hope we will be able to resolve any issues you may have.

    You also have the right to lodge a complaint with the Information Commissioner.

    The Information Commissioner can be contacted using the details at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

  14. Changes to this privacy policy

    We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example via the app or by other means, such as email.

    UNITED STATES SUPPLEMENT

    The provisions set forth below supplements the privacy policy above with information as we apply them to all of our users in the United States of America, including without limitation the states of California, Connecticut, Colorado, Nevada, Utah, and Virginia (collectively, “US Users”). Without limiting any of the disclosures or consumer rights as set forth above in this privacy policy, in accordance with the supplemental provisions below, US Users have the following rights.

    For purposes of the United States Supplement below, “business” “service provider”, “personal information”, “sell”, and “share” have the meanings given to those terms in Data Protection Laws applicable in the United States.


  15. United States - The right to know/ the right to access.

    US Users have the right to request and obtain from us information regarding: (i) the categories of personal information we collect about you, (ii) the categories of sources from which such personal information is collected, (iii) the business or commercial purpose for collecting, selling or sharing personal information (as may be applicable), (iv) categories of third parties to whom the we disclose personal information (including categories of personal information and third parties to whom personal information is shared for a business purpose), (v) categories of personal information that we sold or shared about you (if any), the categories of third parties to whom the personal information was sold or shared (if any), and (vi) any specific pieces of personal information that we collect about you.

    Please note that the information noted above is provided in the form this privacy policy, but you are welcome to request confirmation that the information noted above is current.


  16. Right to Opt-out of Sale or Sharing of Your Personal Information and/or Use of Your Personal Information for Targeted Advertising.

    US Users have the right to direct us not to sell or share your personal information to or with third parties, and/or otherwise use your personal information for targeted advertising.

    As described above:

    (i) we do not sell your personal information;

    (ii) we do not share your personal information, as that term is defined under the California Consumer Privacy Act (the “CCPA”); and

    (iii) we do not use your information for targeted advertising.

    US Users can submit such a request by using the same “Contact Us” page, and providing the same information, as referenced in Section 12 above. Where required and/or permitted, we reserve the right to verify your identity and details thereof as a condition of completing your request.


  17. The right not to be discriminated or retaliated against.

    Although we do not sell or share your information as defined under the CCPA, we do provide notice to our US Users that where a US User exercises your rights to opt-out of the sale or sharing of your personal information, provided for in Section 16 above, businesses that do sell or share personal information cannot discriminate or retaliate against you for choosing to exercise such rights, including by:


  18. Supplemental US User Rights

    The right to delete personal information

    US Users have the right to request the deletion of your personal information that we have collected from, or about, you

    The right to correct inaccurate personal information

    In the event that we maintain inaccurate personal information about you, you have the right to request that we correct that inaccurate personal information

    The right to limit use and disclosure of sensitive information

    In accordance with Sections 3 and 10 above, we collect “Special Category Data”. The Special Category Data as defined above, is sensitive personal information for purposes of this United States Supplement. You have the right to direct us to limit our use of your sensitive personal information to that use that is necessary for us to perform our services and/or provide our goods to you. In accordance with the privacy policy above, we do not use your sensitive personal information for any purpose other than that which is necessary for us to perform our services to you.


  19. Exercising Your Supplemental US User Rights

    To exercise any of your consumer rights as set forth in Section 18 above, you can submit such a request by using the same “Contact Us” page, and providing the same information, as referenced in Section 12 above. Upon receipt of any such consumer request, where required and/or permitted, we shall promptly take steps to determine whether the request is a verifiable consumer request in accordance with applicable law. Unless otherwise provided under applicable law, we require that any consumer request received MUST be verifiable. Except where otherwise required under applicable law, no information will be released or changed until the requestor is verified to be the owner of the data in question. Upon verifying the consumer request, we will respond to such request in accordance with the requirements under applicable law, or where no such applicable law exists, in a commercially reasonable manner.


  20. Children Aged 13 and Under

    As referenced in Section 2 above, if you are aged under 13 you must not use the app as it is not designed for US Users aged 13 or younger. We do not intend to collect the information of anyone under 13. If you are aware that any information of anyone under 13 has been shared with the app, please let us know so that we can delete that data.

    We do not target any of our products or services to any US User aged 13 or under and we do not knowingly collect personally identifiable information from anyone under the age of 13. However, if you are a parent or guardian and you are aware that your child has provided us with personal information under this privacy policy, please Contact Us.

    If we become aware that we have collected personal information from anyone under the age of 13 without verifiable parental consent, we will take steps to remove such personal information from our systems and servers.


  21. “Do Not Track” and Browser Based Opt-Out Signals

    This privacy policy is specific to our mobile application. Please note as well that we do not sell or share your personal information within the definitions of the CCPA. Our mobile app does not change its behavior based on any Do Not Track or other browser based opt-out signals that you may separately set in your internet browser.


  22. Complaints and Appeals

    US Users may direct any queries or concerns, including appeals, regarding the manner in which any of the requests set forth in this United States Supplement have been handled by us, please contact us in accordance with Section 13 above, and we will respond in accordance with applicable United States laws, or where an applicable law does not exist, in a commercially reasonable manner.

    You also generally have the right to lodge a complaint, with your state’s Attorney General and some states may have specific divisions within the Attorney General’s offices or specific agencies responsible for data privacy, e.g., the California Privacy Protection Agency in California.

    Without limiting the forgoing, to comply with applicable law, we hereby notify residents of Colorado and Virginia who are US Users that they may lodge complaints about the outcome of our internal complaints and appeals process as follows:

    Colorado Attorney General’s Office

    https://coag.gov/file-a-complaint/data-privacy-data-breach/

    Virginia Attorney General’s Office

    https://www.oag.state.va.us/consumercomplaintform/start