We may be a data processor or data controller according to the applicable law. Regardless of our status, we will deal with any personal data as required by any applicable regulation, including but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) when we offer our services or goods to individuals in the countries of the European Economic Area.
We do not knowingly attempt to solicit or receive information from children. Our services do not aim at children. The concrete age of the children are defined differently, so any case involving a child will be reviewed individually.
1. Terms we use as legal guidelines of the processing
There are some legal bases for the processing of your personal data and we count on them to process your personal data. We use the main three bases to process your personal data: consent, contract, and legitimate interest.
Consent – your clear agreement to the processing of your personal data for a specific purpose.
Contract – the reason why the processing is necessary based on a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
Legitimate Interests – the reason why the processing your data is necessary which is based on the legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.
Some applicable laws may indicate other legal grounds for the processing and when applicable we will count on such grounds.
2. Consent rule and interrelation with other legal grounds
If you have given consent to the processing of your data you can freely withdraw such consent at any time by contacting us.
If you do withdraw your consent, and if we do not have another legal basis for the processing of your data, then we will stop the processing of the personal data.
If we have another legal basis for the processing of your data, then we may continue to do so, subject to your legal interests and rights.
3. Our responsibilities
As we may have both roles as a data controller and data processor, we have obligations according to the applicable laws. We act as a data controller when we determine the purposes and means of the processing of your personal data. As a data processor, we process personal data on behalf of the controller.
4. Recommendations for you
According to the applicable law, you may become a data controller/processor and it will impose on you additional obligations.
5. Processed data
We process personal data when you interact with our websites https://www.gumtoo.com and https://www.gumtoostickers.com (the “Website”), especially:
We collect the following types of data:
The recipients of the collected data are the highest management level of our company.
6. Purposes and legal basis for the processing
We process the data for:
Registering users- We need your personal data to register you and identify each time you access the Website or use our services. Legal basis: Consent; Legitimate Interests.
Providing services- We need to provide services accessible via the Website. Legal basis: Consent; Legitimate Interests.
Delivering our products- We need to know what your address is to be able to deliver what you have ordered. Legal basis: Contract; Legitimate Interests
7. Your rights as data subject
You may ask us to refrain from using your data for marketing (when you opted-in). You can opt-out from marketing by contacting via the contact form.
You can exercise the following rights by sending us by contacting via the contact form.
You have the right to access information about you, especially:
You have the right to make us correct any inaccurate personal data about you.
You can object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behavior).
You have the right to the data portability of your data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
You have the right to be “forgotten”. You may ask erasing any personal data about you if it is no longer necessary for us to store the data for purposes of your use of the Website.
You have the right to lodge a complaint regarding the use of your data by us. You can address any complaint to your national regulator.
In the context of the right to access information, we shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster. This term may be prolonged according to the applicable law.
We have security and organizational measures and procedures to secure the data collected and stored. You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks. You are responsible for your login information and password. You shall keep them confidential. In case if your privacy has been breached, please contact us immediately.
9. Location of the processing of personal data and third party service providers
The personal data is collected by our company incorporated in Singapore.
Our servers are provided by hosting provider, the Endurance International Group, Inc. and its brand Bluehost, based out of the United States of America which participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
10. Retention policy
We store personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data. The retention period is based on criteria that include legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.
We collect certain types of information when you access or use the Website, including cookies and similar tracking technologies.
Cookies are small data files that are placed on your computer or mobile device when you visit the Website. Cookies are used by the Website in order to make the Website work, or to work more efficiently, as well as to provide reporting information.
You may turn off cookies in your browser via settings. You can block cookies on your browser refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the Website and browse its pages, but the Website and certain services will not work properly.
The list of cookies we use is listed in your browser or there is a list of types of such cookies.
Essential Cookies – These cookies are essential to provide you with services available on the Website and to enable you to use some of our features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies – These cookies allow the Website to remember choices you make when you use the Website. The purpose of these cookies is to provide you with more personal experience and to avoid you having to re-enter your preferences every time you visit.
Analytics and Performance Cookies – These cookies are used to collect information about traffic and how users use the Website. The information gathered does not identify any individual visitor. It includes the number of visitors to the Website, the websites that referred them to the Website, the pages they visited on the Website, what time of day they visited the Website, whether they have visited the Website before, and other similar information.
Targeted and advertising cookies – These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third-party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites
You can disable cookies which remember your browsing habits and target advertising at you by visiting www.youronlinechoices.com/uk/your-ad-choices. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.
12. Transfer of your personal data
In case if you reside in the EU/EEA and we offer our services or goods in your country, we would like to inform you that information we collect from you will be processed in Singapore which has not got a finding of “adequacy” from the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to Singapore personal data only: with your consent; to perform a contract with you, or to fulfill a compelling legitimate interest in a manner that does not outweigh your rights and freedoms.
13. Contact information and data protection officer
may contact us in writing at:
Gumtoo Private Ltd.
Registration number: 201224214W
Registered address: 51, Changi Business Park Central 2, #04-05, The Signature, Singapore 486066