logo
profile-pic

Privacy Policy (UK/EU)


Last updated: 23rd February, 2025

We value and respect your privacy and care about how your personal information is used. Our Privacy Policy explains how we collect, use, disclose, safeguard, and protect your personal information as a user ("you", "your", "user(s)") when you access or visit this website and/ or any of our other websites, mobile or digital applications, or any other services that we may offer from time to time, directly or in connection therewith that links to this Privacy Policy (collectively, the "Platform").

This Privacy Policy sets out the categories of information we collect, receive, or otherwise process when you use or interact with our Platform, the purposes for which such information is used, the legal basis for such processing (where applicable), and the circumstances under which such information may be shared with third parties.

This Platform is owned and operated by BetterLife Horizons Private Limited, a private limited company incorporated under the Companies Act 2013 and having its registered office at 18th Floor, Tower A, Building No.5, DLF Cyber City, DLF Phase-3, Gurugram, Haryana, India, 122002 ("we", "us", "our", "BetterLife", "Gabit").


Regional Applicability

This Privacy Policy applies to users of the Platform located in the United Kingdom and the European Union / European Economic Area. Depending on your location, the processing of personal data shall be governed by the applicable data protection laws of the relevant jurisdiction, as set out below:

RegionApplicable LawRelevant Section
United KingdomUK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018See "Your Rights Under UK GDPR"
European Union / EEAGeneral Data Protection Regulation (EU) 2016/679 ("GDPR")See "Your Rights Under EU GDPR"

While we are headquartered in India, we are committed to ensure full compliance with the UK GDPR and EU GDPR when processing the personal data of individuals located in the United Kingdom and European Economic Area.


Data Controller

For the purposes of the UK GDPR and EU GDPR, the data controller is:

BetterLife Horizons Private Limited
18th Floor, Tower A, Building No.5
DLF Cyber City, DLF Phase-3
Gurugram, Haryana, India, 122002
Email: care@gabit.com


Your Consent

By accessing or using this Platform, including downloading the mobile application, purchasing products or services via the Platform, you expressly consent to the collection, use, processing, and disclosure of your personal information in accordance with the practices and policies outlined in this Privacy Policy or as otherwise required by, or permitted under, applicable laws.

We process your Personal Data strictly in accordance with applicable data protection laws. Depending on the nature of the processing, we rely on applicable Articles of the UK GDPR and EU GDPR. Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time. You may exercise this right by contacting us at care@gabit.com.

IF YOU DO NOT CONSENT TO THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS SET FORTH IN THIS PRIVACY POLICY, PLEASE EXIT AND REFRAIN FROM USING THIS PLATFORM.


Scope of this Privacy Policy

This Privacy Policy explains how we collect, use, and protect personally identifiable information ("personal information" or "personal data") that we gather when you are accessing or using our Platform. This Privacy Policy does not apply to the policies or practices of third party companies or individuals that we do not own, control, or employ.

Personal information (also referred to as "personal data" under the UK GDPR and EU GDPR) is information that typically identifies, relates to, describes, or is reasonably capable of being associated with you personally, either alone or in combination with other information available to us. Examples of personal information include your name, contact details, information you provide when you create an account or a personal profile on one of our Platform.

We process your personal data only for lawful purposes, including the provision of our products and services, customer support, and compliance with legal obligations, in accordance with applicable UK and EU data protection laws.


User Categories

We interact with different categories of individuals:

CategoryDescription
VisitorsIndividuals who browse our website without creating an account
UsersIndividuals who create an account and use the Gabit platform
CustomersIndividuals who purchase products or services through our Platform

The personal data we collect and how we use it may vary depending on your relationship with us and the services you avail.


Children's Privacy

Our Platform and wearable devices are not intended for individuals under the age of 18. We do not knowingly collect or solicit personal information of minors or knowingly allow such persons to register for the products or services like delivering products, providing feedback on activities on the Platform, etc. If you are under the age of 18, please do not attempt to register for the products or services, or provide any information about yourself to us. No one under the age of 18 may provide any personal information to us without parental consent.

As a business service, we neither knowingly collect or store nor use any personal data of any individuals under the age of 18. We do not target our services towards individuals under the age of 18. Individuals under the age of 18 should seek the consent of their parents or legal guardian before providing any information about themselves, their parents, or other family members on our Platform.

You must ensure you have your parent or legal guardian's permission to use the Platform and we may request for verifiable parental consent in such case. If you are a parent or legal guardian and allow your child to use the Platform, you will be responsible for your child's activities on the Platform and the Terms of Use and this Privacy Policy will apply to you.

Note for UK residents: Under the UK GDPR and the Age Appropriate Design Code (Children's Code), the applicable age of consent for information society services is 13 years. Where a child is under 13, we require verifiable parental or guardian consent before processing their personal data.

Note for EU/EEA residents: Under Article 8 of the EU GDPR, the applicable age of consent for information society services is 16 years, although Member States may lower this to a minimum of 13 years.

If we become aware that the personal data from a child under the applicable age has been collected without verified parental consent, we will delete that information as quickly as possible, and in any event within 30 days.


Information That Is Collected Through Our Platform

We collect personal information that you knowingly provide to us when you interact with our Platform, as well as certain information automatically collected through your use of our services.

Information You Provide to Us

When you sign up or create a profile on Gabit, you may provide us with the following:

  • Name, phone number, and email address
  • Payment-related information (though we do not store credit card details)
  • Shipping address
  • Health and wellness information such as physical and mental health conditions, nutrition and dietary preferences, fitness goals, location, height, weight, body measurements, sleep patterns, and other lifestyle data
  • Login credentials and account settings
  • Feedback or content you submit while using the Platform

Special Category Data

Some of the health and wellness data we collect may constitute special category data under Article 9 of the UK GDPR and EU GDPR. This includes data revealing or relating to:

  • Health data (physical and mental health conditions, medical reports, blood glucose levels)
  • Precise geolocation data (where this may reveal sensitive information)

We only process special category data where a condition under Article 9(2) of the UK GDPR / EU GDPR is met. Specifically, we rely on:

  • Your explicit consent (Article 9(2)(a)) — for processing your health and wellness data to provide personalised recommendations and services
  • Provision of health-related services (Article 9(2)(h)) — where processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, or the provision of health or social care treatment

Information Collected Through Your Use of Our Services

When you browse or use our website or mobile application, we automatically collect certain technical and usage information. This is necessary to operate and improve our Platform. The categories of information we collect, together with their purpose and legal basis, are as follows:

Device Information

We collect information about the device you use to access our services, including device model, operating system and version, unique device identifiers (such as advertising IDs), and app version.

Purpose: To ensure compatibility, diagnose technical issues, and maintain the security of our Platform.

Legal basis: Legitimate interests (Article 6(1)(f) UK/EU GDPR) — necessary for the technical operation and security of the Platform.

Smart Ring and Connected Device Data

If you use a Gabit smart ring or other connected wearable device, we collect device identifiers (including MAC address), firmware version, and Bluetooth connectivity data generated during use.

Purpose: To enable device pairing, sync health data to your account, and provide device-related support.

Legal basis: Contract performance (Article 6(1)(b) UK/EU GDPR) — necessary to provide the connected device services you have requested.

Usage Data

We collect information about how you interact with our Platform, including features accessed, actions taken within the app, session duration, and timestamps of your activity.

Purpose: To understand how our Platform is used, improve user experience, and develop new features.

Legal basis: Legitimate interests (Article 6(1)(f) UK/EU GDPR) — to improve and optimise our services; and Consent (Article 6(1)(a) UK/EU GDPR) — for analytics and personalisation where your consent has been obtained.

Log Data

Our servers automatically record certain information when you use our Platform, including your IP address, browser type and version, referring and exit pages, access times, and pages or screens viewed.

Purpose: To diagnose technical problems, maintain security, prevent fraud, and analyse traffic patterns.

Legal basis: Legitimate interests (Article 6(1)(f) UK/EU GDPR) — to ensure the security and proper functioning of our Platform.

Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your use of our Platform. For full details about the cookies we use, their purposes, and how to manage your preferences, please see the "Cookies and Similar Technologies" section of this Privacy Policy.

Legal basis: Consent (Article 6(1)(a) UK/EU GDPR) — for all non-essential cookies; and Legitimate interests (Article 6(1)(f) UK/EU GDPR) — for strictly necessary cookies required for the operation of the Platform.

You can manage your cookie preferences through your browser or device settings. Disabling certain cookies may impact the availability or functionality of some features of the Platform and may affect your experience.

Information from Interactions with Coaches or Health Experts

If your plan includes sessions with coaches, nutritionists, or medical practitioners, we may collect:

  • Health and medical data, including test reports (e.g., glucose, blood)
  • Notes from consultations conducted via the Platform
  • Fitness and activity logs, dietary data, and health insights

This information helps tailor services to your wellness goals. We only collect medical data that you voluntarily provide or that professionals submit with your consent.

Information from Third-Party Sources

We may supplement the information you provide with data from:

  • Business partners and integrations with fitness/wellness apps
  • Social media (if you engage with us via social platforms)
  • Wearables or connected health devices

Examples of this may include your sleep patterns, step count, food preferences, or exercise history.

Product Usage Data

If you use Gabit-connected products or devices, information generated by your use, such as fitness readings or body measurements, may be automatically uploaded to your user profile. Where such data can identify you, it will be treated as personal data under this Privacy Policy and applicable data protection laws.

Aggregated and De-Identified Data

We may anonymize your personal information and use or share it in aggregated form. This means it cannot be used to identify you personally and is typically used for research, analytics, product development, and improving our services.

Your Choices

We strive to offer you control over your data. Subject to applicable laws, you may:

  • Choose not to provide certain data (please note that this may limit access to certain features or functionalities of the Platform)
  • Opt out of non-essential cookies or targeted marketing (via browser or app settings)
  • Withdraw your consent at any time where processing of data is based on your consent (without affecting the lawfulness of processing carried out prior to such withdrawal)

If you have any questions regarding this Privacy Policy or wish to exercise your privacy rights, you may contact us using the details provided in the "Contact Us" section of this Privacy Policy.


Information Collected Through Use of Our Devices or Services

If you are using one of our products or devices, your device may collect the following:

  • Activity data such as activities performed, calories burnt, daily patterns
  • Sleep data such as sleep schedule, sleep duration, sleep habits and areas for improving your sleep
  • Heart rate data
  • Blood glucose levels
  • Blood reports uploaded by you

If you are our customer, we may supplement the information you provide on our Platform with information you provide through your use of any of our products or devices. When your device syncs with our applications or software, data recorded on your device is transferred from your device to our servers or authorized service providers acting on our behalf.

We may also use your information to make inferences and show you more relevant content. For example, information like your height, weight, gender, and age allows us to improve the accuracy of your daily exercise and activity statistics like the number of calories you burned and the distance you travelled. Based on your sleep data such as sleeping patterns, we provide you with customized insights to help you improve your sleep. We may personalize activity goals for you based on the goals you previously set and your historical exercise or activity data.

As part of our services, it may also include collection of precise geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We collect this type of data if you grant us access to your location. You can withdraw your consent at any time by disabling the GPS or other location-tracking functions on your device. Disabling location services may limit certain functionalities of the Platform.


Legal Basis for Processing Your Personal Data

Under Article 6 of the UK GDPR and EU GDPR, we must have a valid legal basis for processing your personal data. Where we process special category data (including health data and biometric data), we additionally rely on a condition under Article 9(2) of the UK GDPR and EU GDPR. The legal bases we rely on are:

(a) Consent (Article 6(1)(a))

Where you have given clear consent for us to process your personal data for one or more specific purposes. You have the right to withdraw your consent at any time, however, such withdrawal shall not have any impact on processing of data carried out prior to such withdrawal.

Examples:

  • Processing your health and wellness data to provide personalized recommendations
  • Sending you marketing communications
  • Using cookies for analytics and personalization

(b) Contract Performance (Article 6(1)(b))

Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Examples:

  • Processing your account registration
  • Delivering products or services you have purchased
  • Providing customer support related to your subscription

(c) Legitimate Interests (Article 6(1)(f))

Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Examples:

  • Improving and developing our Platform and services
  • Ensuring network and information security
  • Preventing fraud

(d) Legal Obligation (Article 6(1)(c))

Where processing is necessary for compliance with a legal obligation to which we are subject.

Examples:

  • Responding to valid legal requests from authorities
  • Maintaining records required by law
  • Tax and accounting requirements

Special Category Data (Article 9)

Where we process special category data (such as health, biometric, or genetic data), we rely on:

  • Explicit consent (Article 9(2)(a)): Where you have given explicit consent to the processing of your health and wellness data for specified purposes including personalized health analytics and recommendations.
  • Health care provision (Article 9(2)(h)): Where processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, or the provision of health or social care.

Purpose and Use

We, our affiliates, and/or the sellers or service providers on the Platform may access and use your personal information for the following purposes:

PurposeLegal Basis (UK/EU GDPR)
To provide the products and services on the Platform including operating, maintaining, optimizing, or further developing/improving the functions, operation and performance of the Platform and/or for providing better user experienceContract performance (Article 6(1)(b))
To provide you with effective customer serviceContract / Legitimate interests (Article 6(1)(b) / 6(1)(f))
To contact you with service-related communications, updates, alerts, information and notices related to our PlatformContract / Legitimate interests (Article 6(1)(b) / 6(1)(f))
To understand your needs, interests and preferencesLegitimate interests (Article 6(1)(f))
To contact you for future collaborations with third party service providersConsent (Article 6(1)(a))
For general business and operating purposes, such as the administration, management and operation of the business, including client/user interaction, responding to requests, customizing and improving our servicesLegitimate interests (Article 6(1)(f))
For payment, billing and invoicing related purposesContract performance (Article 6(1)(b))
To generate aggregated, anonymized data to prepare insights to enable us to understand patterns and trends with a view to learn more about your preferences or other characteristicsLegitimate interests (Article 6(1)(f))
For compliance with our obligations under applicable laws and other regulations, including to protect against and prevent fraud and other legal or information security risksLegal obligation (Article 6(1)(c))
To improve and develop the products, features, and servicesLegitimate interests (Article 6(1)(f))
To invite you to participate in surveys and provide feedback to usConsent (Article 6(1)(a))

How We Share Your Personal Information

We share your personal information in personally identifiable form with third parties only as described below.

Service Providers

We employ other companies and individuals including but not limited to consultants such as nutritionists, coaches, medical practitioners, payment processors, cloud service providers, to perform services on our behalf and we may need to share your information with them to provide products or services to you.

Where such third parties process personal data on our behalf, they act as "data processors" within the meaning of Article 4(8) UK GDPR and EU GDPR. All service providers acting as data processors are bound by data processing agreements pursuant to Article 28 of the UK GDPR and EU GDPR, ensuring they handle your data only on our instructions and in accordance with applicable data protection law.

User Submissions

Any content or personal information that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others.

Business Transfers

We may decide, for strategic or other reasons, to sell, buy, merge or otherwise reorganize one or more of its businesses. A transaction of this type may involve the disclosure of personal data to prospective purchasers. Your personal data may be transferred to a company that has acquired the stock or assets or one of our business units, for example, as the result of a sale, merger, reorganization or liquidation. In such cases, we will ensure appropriate safeguards are in place to protect your data in accordance with the UK GDPR and EU GDPR.

Affiliated Businesses and Third-Party Websites We Do Not Control

In certain situations, businesses or third-party websites we're affiliated with may sell items or provide services to you through the Platform (either independently or jointly with us). Where such third parties act as independent data controllers, their processing of your personal data will be governed by their own privacy policies, and we encourage you to review those policies before engaging with their services. We will share your personal information with that affiliated business only to the extent such disclosure is necessary and is related to such a transaction or service.

Protection of Our Rights and Others

We may release personal information which we believe in good faith is necessary to:

  • Comply with legal obligation or applicable laws
  • Enforce or apply our conditions of use and other agreements
  • Protect the rights, property, or safety of BetterLife, our employees, our users, or others
  • Establish, exercise, or defend legal claims

This includes exchanging information with other companies and organizations for fraud protection, cyber security, and credit risk reduction.

Complementary Programs and Offers

We may offer certain programs (such as loyalty programs), benefits or offers provided by our affiliates, partners or third parties, which are complementary to our products or services.

Disclosure Pursuant to Agreements

We may disclose your personal data where such disclosure is mentioned in any click-through agreement to which you have agreed via Platform. We may disclose your personal data as described in any Privacy Notice posted on the Platform where you provide that information. By providing your personal data on that Platform, you will be consenting to the disclosure of your personal data as described in that Privacy Notice. You may withdraw your consent at any time in the manner mentioned in this policy.


International Data Transfers

Gabit is headquartered in India, and the personal information we collect may be transferred to, stored, or processed in India or other jurisdictions where our affiliates, service providers, or data processors are located.

Where we transfer your personal data outside the United Kingdom or the European Economic Area (EEA) to countries that have not been deemed to provide an adequate level of data protection, we ensure that appropriate safeguards are in place to protect your personal data. Specifically:

  • For transfers from the EEA, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914).
  • For transfers from the United Kingdom, we rely on the UK International Data Transfer Agreement (IDTA) issued by the Information Commissioner's Office under Section 119A of the Data Protection Act 2018, or the UK Addendum to the EU Standard Contractual Clauses, as applicable.

These safeguards ensure that your personal data receives a level of protection that is essentially equivalent to that guaranteed within the UK and EEA.

For UK Residents

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place to protect your data, including:

  • UK International Data Transfer Agreements (IDTAs): We use UK-approved International Data Transfer Agreements or the UK Addendum to EU Standard Contractual Clauses where required under Section 119A of the Data Protection Act 2018.
  • Data Processing Agreements: All our service providers and data processors are bound by contractual obligations pursuant to Article 28 of the UK GDPR to protect your personal data.
  • Technical and Organisational Measures: We implement appropriate security measures to protect your data during transfer and storage.

For EU/EEA Residents

India is not currently covered by an adequacy decision of the European Commission. Therefore, we ensure appropriate safeguards are in place for such transfers in accordance with Chapter V of the EU GDPR, including:

  • Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses for data transfers to third countries pursuant to Commission Implementing Decision (EU) 2021/914.
  • Data Processing Agreements: All our service providers and data processors are bound by contractual obligations pursuant to Article 28 of the EU GDPR.
  • Transfer Impact Assessments: Where required, we conduct assessments to evaluate the level of protection in the destination country and implement supplementary measures if necessary.

Cloud Infrastructure and Supplementary Measures

Your personal data may be transferred to and processed in India, where our primary cloud infrastructure is located. We have implemented supplementary technical measures, including encryption in transit (TLS 1.2+) and at rest (AES-256), to further protect your data during and after transfer.

You may request further information about these safeguards, or obtain a copy of the relevant transfer mechanism documents, by contacting us at care@gabit.com.


Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. We will also retain your data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

We will retain your personal information for a reasonable period as necessary for the purpose or as long as the law requires.

Data Anonymisation

Your data may be anonymised, de-identified and/or aggregated, and the resulting data may be held by us, our affiliates, service providers and sellers on the Platform, associates, agents, representatives, and other authorised third parties, for as long as necessary for us to provide the services effectively or for other purposes.


Your Rights Under UK GDPR

If you are located in the United Kingdom, you have the following rights under the UK GDPR and the Data Protection Act 2018:

1. Right to Be Informed (Articles 13 & 14 UK GDPR)

You have the right to be informed about the collection and use of your personal data. This Privacy Policy fulfils this obligation.

2. Right of Access (Article 15 UK GDPR)

You have the right to request confirmation as to whether we process your personal data and, if so, to obtain a copy of the personal data we hold about you, along with information about how we process it (including the purposes of processing, categories of data, recipients, retention periods, and your rights). This is commonly known as a "subject access request."

3. Right to Rectification (Article 16 UK GDPR)

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.

4. Right to Erasure (Article 17 UK GDPR — Right to Be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose for which it was collected or otherwise processed
  • You withdraw your consent (where consent was the lawful basis)
  • You object to the processing, and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

5. Right to Restriction of Processing (Article 18 UK GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, including:

  • You contest the accuracy of the data
  • The processing is unlawful, but you don't want us to erase it
  • We no longer need the data but you need it for legal claims
  • You have objected to processing and we are verifying legitimate grounds

6. Right to Data Portability (Article 20 UK GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where:

  • Processing is based on consent or contract performance
  • Processing is carried out by automated means

7. Right to Object (Article 21 UK GDPR)

You have the right to object to:

  • Processing based on legitimate interests or public interest
  • Direct marketing (including profiling for direct marketing)
  • Processing for research or statistical purposes

8. Rights Related to Automated Decision-Making and Profiling (Article 22 UK GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights (UK)

To exercise any of the aforementioned rights, please contact us at care@gabit.com. We will respond to your request without undue delay and in any event within 30 days of receiving it. This period may be extended taking into account the complexity and number of requests.

We may request reasonable verification of your identity before processing your request to ensure the security of your personal data.


Your Rights Under EU GDPR

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (EU) 2016/679:

1. Right to Be Informed (Articles 13 & 14)

You have the right to be informed about the collection and use of your personal data, including the identity of the data controller, the purposes for processing, the categories of personal data, recipients of the data, retention period, details of international transfers, and your statutory rights under applicable data protection laws.

2. Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information including the purposes of processing, categories of data, recipients, retention periods, and your rights.

3. Right to Rectification (Article 16)

You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.

4. Right to Erasure / Right to Be Forgotten (Article 17)

You have the right to request the erasure of personal data concerning you without undue delay in certain circumstances.

5. Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing in certain circumstances.

6. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

7. Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

8. Rights Related to Automated Decision-Making and Profiling (Article 22)

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights (EU)

To exercise any of the aforementioned rights, please contact us at care@gabit.com. We will respond to your request within 30 days of receipt. This period may be extended by two further months where necessary.


Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and use personal data about you. Cookies are small text files stored on your device that help us improve your experience on our Platform.

Types of Cookies We Use

Cookie TypePurposeConsent Required
Strictly NecessaryEssential for the Platform to function. Cannot be disabled.No
Performance/AnalyticsHelp us understand how visitors use our Platform.Yes (UK/EU)
Targeting/AdvertisingUsed to deliver relevant advertisements.Yes (UK/EU)

Managing Your Cookie Preferences

You can manage your cookie preferences through:

  • Our cookie consent banner (displayed when you first visit our Platform)
  • Your browser settings
  • The privacy settings within the Platform

Please note that disabling certain cookies may affect the functionality, performance, or availability of certain features or services of our Platform.

In accordance with the ePrivacy Directive and UK Privacy and Electronic Communications Regulations (PECR), we obtain your consent before placing non-essential cookies on your device.


Security

Your account is protected by a password for your privacy and security. You must take appropriate steps to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately, including in case of using any social logins such as Google or Facebook accounts as well as any logins based on OTP authentication. You must ensure the safety of your accounts and devices and limit access to your computer or device and browser by signing off after you have finished accessing your account.

Security Measures We Implement

We are committed to protecting your personal data and have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the UK GDPR and EU GDPR:

  • Encryption: We use SSL/TLS encryption (TLS 1.2+) to protect data transmitted between your device and our servers. Sensitive data is encrypted at rest using AES-256 encryption.
  • Access Controls: We limit access to personal data, on a need to know basis, to authorized personnel who need it to perform their job functions.
  • Regular Audits: We conduct regular security assessments and audits to identify and address potential vulnerabilities.
  • Secure Development: We follow secure coding practices and conduct security reviews of our software.
  • Incident Response: We have procedures in place to detect, investigate, and respond to potential data breaches.
  • Employee Training: Our staff receive regular training on data protection and security practices.

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.

We endeavour to protect the privacy of your account and other personal information we hold in our records, but we cannot guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

We are not responsible for the privacy policies or practices of third-party websites, mobile applications, or platforms that may be linked from our Platform. When you follow a link to another website, you should review that site's privacy policy before submitting any personal data. Any transmission of information by you to our Platform or otherwise is at your own risk. We assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorised third-party access, or other causes beyond our control. You play an important role in keeping your personal information secure.

Personal Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (the ICO in the UK, or the competent supervisory authority in your EU Member State) within 72 hours of becoming aware of the breach, in accordance with Article 33 of the UK GDPR and EU GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to you without undue delay in accordance with Article 34 of the UK GDPR and EU GDPR.


Marketing Communications

By creating a user account on our Platform or subscribing to our services, you consent to receiving communications from us via email, SMS, push notifications, WhatsApp and other channels. We may send you marketing messages, promotional offers, and important service updates related to your account or subscription.

Your Choices

  • Email: You may opt out of our marketing emails by clicking on the 'unsubscribe' link provided in the emails.
  • SMS/WhatsApp: You may opt out by following the instructions in the message or contacting us.
  • Push Notifications: You may disable push notifications through your device settings.

However, we may still send you non-marketing emails about your accounts or any other transactions with you.

Targeted Advertising

We may also use cross-device targeting to help identify our users and serve advertising.

To opt out of interest-based advertising:

  • Google Analytics: Visit the Google Ads Settings page
  • Twitter: Follow their instructions posted on their website/app
  • Facebook: Follow their instructions posted on their website/app
  • Instagram: Follow their instructions posted on their website/app
  • EU residents: Use the Digital Advertising Alliance's opt-out tool at www.youronlinechoices.eu

Third-Party Links

Our Platform may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.


Account Deletion

You may close your Gabit account at any time by e-mailing care@gabit.com.

Subject to our Privacy Policy and applicable laws upon account closure:

  • We will permanently erase your personal data from active systems within 30 days
  • Data in backup systems will be deleted within 90 days
  • Certain records may be retained as required by law (such as for tax purposes, to detect security incidents, or to defend against legal claims)

EU and UK Representative

As BetterLife Horizons Private Limited is established outside the European Union and United Kingdom, we have appointed representatives in accordance with Article 27 of the EU GDPR and Article 27 of the UK GDPR. Our representatives can be contacted directly on any matter relating to the processing of your personal data.

EU Representative:

EMB Ease My Biz UG
Address: Tina Maini, T Maini & Associates, Friedrichstr. 114A, 10117, Berlin, Germany
Email: team@tmassociatespro.com

UK Representative:

Ease My Biz Ltd
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: team@tmassociatespro.com
Phone: +44 20 3769 0873


Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO using the details below:

Data Protection Officer
Name: Prakhar Munde
Email: care@gabit.com
Address: 18th Floor, Tower A, Building No.5, DLF Cyber City, DLF Phase-3, Gurugram, Haryana, India, 122002

We would appreciate the opportunity to address your concerns before you approach any supervisory authority, we encourage you to contact us in the first instance.