DentroChat logo
Δοκιμάστε δωρεάν

gemini.com privacy policy — score 52/100 (medium risk)

Τελευταία ανάλυση

Το περιεχόμενο της αναφοράς (περίληψη, ευρήματα, αποσπάσματα) δημιουργήθηκε στα αγγλικά και δεν έχει μεταφραστεί.

Νέα ανάλυση σε άλλη πολιτική

Gemini · gemini.com

Λεπτομέρειες αναφοράς

medium κίνδυνος

Gemini collects extensive personal and financial data as a regulated crypto exchange, shares it widely with third parties for marketing and analytics, and transfers it globally, though it provides standard GDPR rights and SCCs for EU users.

Gemini's privacy policy reflects its status as a heavily regulated financial institution, requiring vast amounts of sensitive personal and financial data for KYC/AML compliance. However, the policy also permits broad data sharing with marketing and advertising partners, extensive tracking (including keystrokes and session replays), and global data transfers. While EU users are provided with Standard Contractual Clauses and clear supervisory authority contacts, the policy contains ambiguous language regarding the universality of user rights and the use of data for AI training.

Τελευταία ανάλυση
ΠηγήURL
Μήκος33,931 χαρακτήρες

Αξιολόγηση ανά κατηγορία

Ανάλυση της πολιτικής σε βασικούς τομείς συμμόρφωσης. Καλό = ισχυρό, μέτριο = μικτό, κακό = ανησυχητικό.

Data Minimizationpoor

Collects highly sensitive data like biometrics, keystrokes, and session replays alongside extensive financial and identification information.

Transparencyfair

The policy is detailed and structured, but the broad language around 'other business or commercial purposes' and discretionary rights creates ambiguity.

Third-party Sharingpoor

Data is shared with marketing, advertising, and analytics partners in addition to service providers, which is excessive for a financial platform.

International Transfersfair

SCCs and UK IDTA are used for EU/UK transfers, but data flows globally including to the US, with an exception carved out for emergency law enforcement transfers.

AI/Model Trainingfair

Explicitly states anonymized data is used for internal AI training and records inputs to AI tools, but lacks detail on anonymization standards or opt-out.

User Rightsfair

Provides standard GDPR rights and DPA contacts for EU/UK users, but makes rights discretionary for users in other jurisdictions.

Βασικά ευρήματα

Σημαντικές ρήτρες, ζητήματα ή θετικές πρακτικές (κρίσιμα πρώτα)

Κρίσιμο

Excessive Data Collection for Non-Essential Purposes

The policy collects a vast array of highly sensitive data beyond what is strictly necessary for a crypto exchange, including biometric information (face geometry), employment/institutional details, and session replay/keystroke data.

Κρίσιμο

Broad Third-Party Sharing for Marketing

Personal information is shared broadly with marketing and advertising partners, analytics partners, and business partners, which is concerning for a financial institution handling sensitive data.

Προειδοποίηση

Ambiguous AI Training Practices

The policy explicitly states Gemini may use 'anonymized Personal Information to train AI models for internal use only' and records inputs to 'AI-supported tools', but lacks clarity on whether this data is truly irreversible anonymized or if users can opt out.

Προειδοποίηση

Discretionary User Rights

The policy states that if rights are not provided by law for the operating entity, 'Gemini may exercise its discretion in providing you with these rights,' creating uncertainty about the universality of data subject rights.

Προειδοποίηση

Vague Retention Periods

The policy states data is retained 'for as long as is reasonably necessary' or to comply with legal obligations, without specifying concrete retention periods for different categories of data.

Περίληψη για τον χρήστη

Gemini collects a massive amount of sensitive data, including biometrics and detailed tracking data, and shares it with marketing partners. While they offer standard EU privacy rights, users outside the EU may find their rights applied at Gemini's discretion.

Στάση συμμόρφωσης

mixed

Μεταφορές ΕΕ

Data is transferred globally, including to the US. For EU/UK users, Gemini relies on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA)/Addendum. The policy also mentions using Article 49(1)(f) derogations for law enforcement in emergencies, which is a potential loophole.

Εντοπισμένα σήματα

Συγκεκριμένα δεδομένα και πρακτικές που εντοπίστηκαν στο κείμενο

Δεδομένα που συλλέγονται
NameEmailDate of birthPhone numberPostal addressGovernment-issued identity documentsTrading activityOrder activityDepositsWithdrawalsAccount balancesBank account informationRouting numberCorrespondenceImages and video for identity verificationAudio recordingsFace geometry (biometric)Job titleSource of wealthInstitution's legal nameEINProof of legal existenceSocial Security NumberDriver's license numberPassport numberPreferencesSurvey responsesContacts' phone or email addressesIP addressDomain nameGeographic locationHardwareOperating systemBrowserScreen sizeClickstream informationKeystrokesMouse movementsForm field entriesRecordings of chat sessionsInputs to AI-supported toolsSession replay informationBlockchain dataCredit and fraud informationCriminal records
Σκοποί επεξεργασίας
Performing the contract (service provision, customer support, security)Complying with legal obligations (KYC/AML, law enforcement, tax)Legitimate interests (fraud prevention, service optimization, marketing, R&D)Consent (device settings, marketing communications)Vital interests (law enforcement emergencies)
Κοινοποίηση σε τρίτους
Service ProvidersAffiliatesBusiness PartnersAnalytics PartnersMarketing and Advertising PartnersLaw Enforcement/Government AgenciesProfessional AdvisorsCorporate Transaction Recipients
Διεθνείς μεταφορές
IrelandUKMaltaSingaporeAustraliaUSStandard Contractual Clauses (SCCs)UK International Data Transfer Agreement (IDTA)UK Addendum to EU SCCsAdequacy DecisionsArticle 49(1)(f) GDPR derogation
AI / Εκπαίδευση μοντέλων
We may use anonymized Personal Information to train AI models for internal use only.

Αποσπάσματα αποδείξεων

Απευθείας αποσπάσματα από την πολιτική που υποστηρίζουν αυτά τα ευρήματα

Biometric Information, such as scans of your face geometry extracted from identity documents

We may use anonymized Personal Information to train AI models for internal use only.

We rely primarily on the European Commission’s Standard Contractual Clauses to facilitate international transfers of Personal Information to third countries, including from Gemini’s European operations to Gemini Trust Company, LLC in the United States.

If any of the rights listed below are not provided by law for your operating entity or jurisdiction, Gemini may exercise its discretion in providing you with these rights.

Usage Data, such as system activity, internal and external information related to Gemini pages that you visit, clickstream information, keystrokes, mouse movements, form field entries, recordings of chat sessions or your use of and inputs to other AI-supported tools

Λείπει ή ασαφές

  • No specific list of sub-processors or third-party partners is provided in the main policy.
  • No clear retention periods specified, only that data is kept 'as long as is reasonably necessary' or to comply with legal obligations.
  • No explicit opt-out mechanism for AI model training on user data, only a claim that it is anonymized.
  • No detail on the specific legal bases used for marketing and advertising sharing beyond 'legitimate interests' or 'consent'.
  • No information on Data Protection Impact Assessments (DPIAs) for high-risk processing like biometrics.

Ερωτήσεις προς υποβολή

  • What specific third parties act as your marketing, advertising, and analytics partners, and where is the sub-processor list maintained?
  • How is personal data anonymized before being used for internal AI model training, and is this process irreversible?
  • What are the specific retention periods for different categories of personal data, particularly biometric and KYC data?
  • Under what specific circumstances do you use Article 49(1)(f) derogations to transfer data to law enforcement outside the EEA, and how is necessity demonstrated?
  • How do you ensure that session replay and keystroke data is minimized and not used for purposes beyond security and fraud prevention?
Αυτή η ανάλυση δημιουργείται από AI και δεν αποτελεί νομική συμβουλή. Συμβουλευτείτε πάντα εξειδικευμένο νομικό για αποφάσεις συμμόρφωσης GDPR.

Κοινοποίηση αυτής της ανάλυσης

Οποιοσδήποτε με αυτόν τον σύνδεσμο μπορεί να δει το αποτέλεσμα παραπάνω.

Δημιουργήθηκε από το DentroChat

100% ευρωπαϊκό AI chat για όλους

Συνομιλήστε με AI, εργαστείτε με αρχεία, δημιουργήστε εικόνες και αναζητήστε στο διαδίκτυο. Τα δεδομένα παραμένουν στην Ευρώπη.

Υποδομή φιλοξενούμενη στην ΕΕΚείμενο, αρχεία, εικόνες και αναζήτηση webΛειτουργίες Γρήγορη, Σκέψη και ΔημιουργικήΠροτεραιότητα στην ιδιωτικότηταΚανένα δεδομένο δεν φεύγει από την Ευρώπη
Δοκιμή δωρεάν →