Privacy Policy
We collect, use, process and share personal data in accordance with privacy laws to make sure your data protection rights are implemented and enforced. We integrate various technical and organizational solutions to comply with applicable laws and rules related to personal data protection in countries where we operate. This Privacy Policy sets forth the basic rules and principles by which we process your personal data, and mentions our responsibilities while processing personal data.
We may be a data processor or data controller according to the applicable law. Regardless of our status, we will deal with any personal data as required by any applicable regulation, including but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) when we offer our services or goods to individuals in the countries of the European Economic Area.
We do not knowingly attempt to solicit or receive information from children. Our services do not aim at children. The concrete age of the children are defined differently, so any case involving a child will be reviewed individually.
We understand that you are aware of and care about your own privacy interests, and we take that seriously. This Privacy Policy describes the rules and practices with regard to the collection and use of your personal data and details your privacy rights. We recognize that privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy and security rules.
1. TERMS WE USE AS LEGAL GUIDELINES OF THE PROCESSING
There are some legal bases for the processing of your personal data and we count on them to process your personal data. We use the main three bases to process your personal data: consent, contract, and legitimate interest.
Consent - your clear agreement to the processing of your personal data for a specific purpose.
Contract - the reason why the processing is necessary based on a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
Legitimate Interests - the reason why the processing your data is necessary which is based on the legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.
Some applicable laws may indicate other legal grounds for the processing and when applicable we will count on such grounds.
2. CONSENT RULE AND INTERRELATION WITH OTHER LEGAL GROUNDS
If you have given consent to the processing of your data you can freely withdraw such consent at any time by contacting us.
If you do withdraw your consent, and if we do not have another legal basis for the processing of your data, then we will stop the processing of the personal data.
If we have another legal basis for the processing of your data, then we may continue to do so, subject to your legal interests and rights.
3. OUR RESPONSIBILITIES
As we may have both roles as a data controller and data processor, we have obligations according to the applicable laws. We act as a data controller when we determine the purposes and means of the processing of your personal data. As a data processor, we process personal data on behalf of the controller.
4. RECOMMENDATIONS FOR YOU
You should read this Privacy Policy carefully. We want to make sure that you understand all your rights. It is important for both of us that you maintain your personal data confidential and secure.
If you provide us with personal data about other individuals, we will only employ that data for the special reason for which it was provided to us. By sending the data, you shall be sure that you have the right to dispose to process the personal data on your behalf in accordance with this Privacy Policy. In case if you submit third party’s personal data, be sure that you have a legal basis for the processing of such data.
According to the applicable law, you may become a data controller/processor and it will impose on you additional obligations.
5. PROCESSED DATA
We process personal data when you interact with our websites https://www.gumtoo.com and https://gumtoo.sg/ (the “Website”), especially:
you browse any page of the Website;
you register on the Website;
you log in;
you purchase any goods available on the Website;
you communicate with us;
you use our services;
you receive notification from us;
we measure Website traffic;
in cases which do not depend on you but we have a legal basis to collect such data.
We collect the following types of data:
personal data which allows to register you such as first name, last name, email address, password;
personal data which identifies your physical address such as your street address, apartment’s number, city, state/province, zip/postal code, and country
contact personal data which such as your company’s name, telephone, fax,
personal data which allows conducting payments via the Website (this data may be collected by third parties and we just receive a confirmation that you have made a payment);
your balance indicated in special cards such as Gift Card;
history of your purchases and returns;
data that identifies you such as your IP address, login information, browser type, and version, time zone setting, browser plug-in types, some location information about where you might be, operating system and version;
data on how you use the Website such as your URL clickstreams (the path you take through the Website), page response times, download errors, how long you stay on web pages, what you do on those pages, how often, and other actions;
other personal data you share with us or personal data which we may legally obtain for our legitimate interests.
The recipients of the collected data are the highest management level of our company.
6. PURPOSES AND LEGAL BASIS FOR THE PROCESSING
We process the data for:
Registering users. We need your personal data to register you and identify each time you access the Website or use our services. Legal basis: Consent; Legitimate Interests.
Providing services. We need to provide services accessible via the Website. Legal basis: Consent; Legitimate Interests.
Delivering our products. We need to know what your address is to be able to deliver what you have ordered. Legal basis: Contract; Legitimate Interests
Providing offers and advertisement which may be interesting to you. Legal basis: Consent; Legitimate Interests.
Informing you about our services or news (for example, you may receive our newsletters). Legal basis: Consent; Legitimate Interests.
Keeping the Website running (managing your requests, login, and authentication, remembering your settings, processing payments, hosting and back-end infrastructure). Legal basis: legitimate Interests.
Preventing frauds, illegal activity or any violation of the terms or Privacy Policy. We may disable access to the Website, erase or correct personal data in some cases. Legal basis: legitimate Interests.
Improving the Website (testing features, interacting with feedback platforms, managing landing pages, heat mapping the Website, traffic optimization, and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this). Legal basis: legitimate Interests.
Customer support (notifying you of any changes to the Website, services, solving issues, any bug fixing). Legal basis: Contract; Legitimate Interests.
7. YOUR RIGHTS AS DATA SUBJECT
You may ask us to refrain from using your data for marketing (when you opted-in). You can opt-out from marketing by contacting via the contact form.
You can exercise the following rights by sending us by contacting via the contact form.
You have the right to access information about you, especially:
the categories of data;
the purposes of data processing;
third parties to whom the data disclosed;
how long the data will be retained and the criteria used to determine that period;
other rights regarding the use of your data.
You have the right to make us correct any inaccurate personal data about you.
You can object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behavior).
You have the right to the data portability of your data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
You have the right to be “forgotten”. You may ask erasing any personal data about you if it is no longer necessary for us to store the data for purposes of your use of the Website.
You have the right to lodge a complaint regarding the use of your data by us. You can address any complaint to your national regulator.
In the context of the right to access information, we shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster. This term may be prolonged according to the applicable law.
8. SECURITY
We have security and organizational measures and procedures to secure the data collected and stored. You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks. You are responsible for your login information and password. You shall keep them confidential. In case if your privacy has been breached, please contact us immediately.
9. LOCATION OF THE PROCESSING OF PERSONAL DATA AND THIRD PARTY SERVICE PROVIDERS
The personal data is collected by our company incorporated in Singapore.
Our servers are provided by hosting provider, the Endurance International Group, Inc. and its brand Bluehost, based out of the United States of America which participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
The Website contains links to third-party sites and features. The Privacy Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their sites, features or policies. Please read their privacy policies before you submit any data to them. There are the following third parties.
- MailChimp allows us to manage newsletter subscriptions.
- We use Wordpress plugins such as AddThis and Jetpack which allows us to improve the use of the Website;
- Google Analytics to analyze data and improve our services and Website;
- Google AdWords, Google Remarketing, Facebook Marketing, Facebook Remarketing, Instagram Marketing, Instagram Remarketing for marketing purposes;
- Payment processors such as PayPal;
- Social media such as Facebook, Google+, Instagram, LinkedIn, Pinterest, Twitter, YouTube.
10. RETENTION POLICY
We store personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data. The retention period is based on criteria that include legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.
11. COOKIE POLICY
We collect certain types of information when you access or use the Website, including cookies and similar tracking technologies.
Cookies are small data files that are placed on your computer or mobile device when you visit the Website. Cookies are used by the Website in order to make the Website work, or to work more efficiently, as well as to provide reporting information.
You may turn off cookies in your browser via settings. You can block cookies on your browser refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the Website and browse its pages, but the Website and certain services will not work properly.
The list of cookies we use is listed in your browser or there is a list of types of such cookies.
Type of cookie
Purpose
Essential Cookies
These cookies are essential to provide you with services available on the Website and to enable you to use some of our features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies
These cookies allow the Website to remember choices you make when you use the Website. The purpose of these cookies is to provide you with more personal experience and to avoid you having to re-enter your preferences every time you visit.
Analytics and Performance Cookies
These cookies are used to collect information about traffic and how users use the Website. The information gathered does not identify any individual visitor. It includes the number of visitors to the Website, the websites that referred them to the Website, the pages they visited on the Website, what time of day they visited the Website, whether they have visited the Website before, and other similar information.
Targeted and advertising cookies
These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third-party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites
You can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/uk/your-ad-choices. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.
12. TRANSFER OF YOUR PERSONAL DATA
In case if you reside in the EU/EEA and we offer our services or goods in your country, we would like to inform you that information we collect from you will be processed in Singapore which has not got a finding of “adequacy” from the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to Singapore personal data only: with your consent; to perform a contract with you, or to fulfill a compelling legitimate interest in a manner that does not outweigh your rights and freedoms.
We aim to apply appropriate safeguards to protect your privacy, security, your personal data and to use your personal data only consistent with your relationship with our company and the practices described in this Privacy Policy. We also enter into data processing agreements and model clauses with our vendors when applicable.
13. CONTACT INFORMATION AND DATA PROTECTION OFFICER
We welcome your comments or questions about the Privacy Policy, Terms, services, Website. You may contact us in writing at:
GUMTOO PRIVATE LTD.
Registration number: 201224214W
Registered address: 51, CHANGI BUSINESS PARK CENTRAL 2, #04-05, THE SIGNATURE, SINGAPORE 486066