When you visit our website / online store, our webserver may automatically collect a limited amount of information essential for the operation and security of our website. Some of this information, such as your browser type, does not identify who you are, while other information, such as your internet domain name or IP address, may identify you. We also collect information on users’ session to compile reports on the use of our website. These reports are statistical in nature and do not identify or profile individual users.
By accessing, browsing or using the site and/or by submitting personal information to GA, all users and viewers declare to acknowledge acceptance of the policy and authorise GA to collect, store, use and disclose personal information. If you do not accept the terms and conditions listed in this policy, please do not use the site and do not submit personal information about you to GA.
Some sections of this website may distribute small pieces of information (called “cookies”) to web browsers to assist you when you return to specific areas on the site. If you have concerns about this, you can change your web browser settings to not accept this information or to display warning messages.
We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise you and keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or in filling electronic forms.
Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.
You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.
Use of Personal information
When you register with GA we ask for certain personal information. This information includes name and contact information (e-mail, address and phone number). Your personal data will be added to our database so that we can use this information for the following purposes:
- to register you with Gaya Alegria
- to provide you with information regarding product information, sales, new arrivals, orders, shipment, payment and events.
- to otherwise provide you with requested information or services provided by Gaya Alegria
- we may disclose personal information to third parties
We may rely on exceptions to the need for consent under the PDPA for the collection, use or disclosure of your personal data under the following circumstances (only those relevant to Gaya Alegria are included):
- The personal data is publicly available
- The personal data is disclosed by a public agency or disclosed to a public agency
- The personal data is necessary for any investigation or proceedings
- The personal data is necessary for evaluative purposes (e.g., determining the suitability of a job applicant for the job applied for)
- The personal data is necessary for the purpose of managing or terminating an employment relationship
- The personal data is necessary for a business asset transaction
How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.
From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).
How We Protect Your Personal Data
We have implemented appropriate information security and technical measures (such as data encryption, firewalls, passwords and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data and will only share your data with authorised persons on a ‘need to know’ basis.
When we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures and have taken reasonable steps to comply with these measures.
How We Retain Your Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
How You Can Access and Make Correction to Your Personal Data
You may write in to us to find out how we have been using or disclosing your personal data over the past one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.
Disclosure of Personal information
We will also ensure that the information we collect, use and disclose is accurate, complete and up to date. We may disclose information in special cases when we have reason to believe that disclosing this information is reasonably necessary to: comply with the law, enforce or apply our terms of business, protect our rights and those of our users, or with your permission.
Transfer of Personal Data
Where there is a need to transfer your personal data to another country outside Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as those in Singapore.
Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g., without your personal contact information we may not be able to inform you of future services offered by us.
Your request for withdrawal of consent can take the form of an email or letter to us.
We do not get consent on behalf of another individual. We only get consent from the individual who will be dealing directly with us.
If you have any query or feedback regarding this Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: firstname.lastname@example.org
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.
Changes to this Data Privacy Notice
We may update this Data Privacy Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.
Changes to this Notice take effect when they are posted on our website.