Privacy Policy

Last updated May 5, 2022

1. Company as the data controller

1.1 This Privacy Policy applies to your access and use of https://www.gomu.co/ (the “Website”) owned and operated by Supercharge Labs. Pte. Ltd. (UEN No.: 202202619G) and/or its related corporations (collectively, “Gomu”, “us”, “our”, “we”), as well as to the use of (which includes any participation in) the Services.

1.2 This Privacy Policy is incorporated as part of Gomu’s API Terms of Use, accessible at https://gomu.co/terms-of-use (the “Gomu API Terms of Use”).

1.3 Your privacy is important to Gomu, and we have adopted this Privacy Policy to inform you about how we as the Data Controller collect, process, use and disclose your Personal Data derived from your access and use of the Website and the Services.  

1.4 If you have any questions about this Privacy Policy, or if you wish to access, update or correct your Personal Data or withdraw your consent to the use, collection and disclosure of your Personal Data in accordance with this Privacy Policy, please email us at legal@gomu.co.

2. General definitions

2.1 In this Privacy Policy, unless the context otherwise requires, the following general definitions apply:

  • (a) “Affiliate” means any entity controlling, controlled by, or under common control with the referenced entity, where the term “control” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise;
  • (b) “Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Website and the Services.
  • (c) “Data Protection Laws” means applicable laws and regulations relating to the use and/or processing of personally identifiable information and data and privacy.
  • (d) “Personal Data” means:
  • (i) data, whether true or not, about an individual who can be identified:
  • (1) from that data; or
  • (2) from that data and other information to which we have or are likely to have access; and
  • (ii) any data that is analogous to the foregoing, as defined in Data Protection Laws.
  • (e) “Purposes” means the purposes for which we collect your Personal Data as set out in this Privacy Policy.
  • (f) “Services” means all services provided by Gomu associated with the Website, other content, software, and mobile applications made available by Gomu, and any form of application programming interface that Gomu makes available in its software-as-a-service products which you have subscribed to, which may include object code, software libraries, software tools, sample source code, published specifications, and any related developer documentation and other developer services, functions and features made available through such application programming interfaces by or on behalf of Gomu.
  • (g) “Third Party Provider” means any third party providing services, products, applications or programmes which are accessible through the Website and/or the Services, and which is neither Gomu nor an Affiliate of Gomu;
  • (h) “User” or “you” means the individual accessing or using the Website and the Services.

2.2 Except as otherwise defined above, capitalised terms in this Privacy Policy have the same meanings as those given in the Gomu API Terms of Use.

3. How we collect your personal data

3.1 We receive your Personal Data when you:

  • (a) register for a Gomu Developer Account;
  • (b) use the Website or any of the Services;
  • (c) enter into transactions with us (or express interest in doing so);
  • (d) enter into any agreement with us or provide other documentation or information in respect of your interactions and transactions with us;
  • (e) you interact with our employees, representatives, agents or appointed service providers (for example, via telephone calls, letters, face-to-face meetings, digital platforms, surveys, workshops, campaigns and/or emails); and/or
  • (f) contact or engage with us for any of the purposes listed above.

3.2 In connection with the Services, and to the extent permitted by applicable laws (including Data Protection Laws), we may also be collecting from sources other than yourself, your Personal Data, for one or more of the Purposes, and thereafter using, disclosing and/or processing such Personal Data for one or more of the Purposes.

3.3 We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the Purposes (depending on the types of information we receive). If you suspect that any of your Personal Data has not been lawfully disclosed to us, please contact us (details are set out at the start of this Privacy Policy).

3.4 Unless otherwise stated, this Privacy Policy does not cover any collection, use or disclosure by third-parties, including through any applications, websites, products or services that we do not control or own.

3.5 Other than as stated in this Privacy Policy, we do not collect or process any other Personal Data.

4. Types of personal data we collect

4.1 In connection with your use of the Website or the Services, we may collect the following Personal Data from you:

  • (a) your contact and registration information such as your name, your organisation’s name, date of birth, email and mailing addresses and/or telephone number;
  • (b) geographical-specific information such as nationality and country of residence;
  • (c) specific usage data from your use of the Website and the Services;
  • (d) technical information related to your use of the Website and the Services, such as IP addresses, browser information and mobile device information;
  • (e) if applicable, payment details in order to process payments for purchases and/or subscriptions made on the Website or as part of the Services;
  • (f) if applicable, your blockchain wallet identifier from your participation in any campaigns held by Gomu;
  • (g) aggregated information such as statistical or usage data (note that such aggregated and statistical data may be derived from your Personal Data but is anonymised);
  • (h) unique social media identifiers (e.g. profile names, in-game names) on certain social networking platforms (e.g. Facebook, Discord), where your use of the Services involves the use of third-party platforms or services; and/or
  • (i) any other information which you may provide to Gomu.

4.2 Note on third-party features: The Website may include social media features, such as “liking” and “sharing” functions to third-party social media platforms, or links to groups formed on third-party social media platforms for the purpose of communicating information in relation to the Website or the Services. These features may collect your personal information and track your use of the Website. These social media features are either hosted by the third-party or hosted directly on the Website. Your interactions with these features are governed by the privacy policy of the company providing such functionality.

4.3 Note on collection of your national identification number (e.g. NRIC for Singapore Users): We are fully aware of the sensitive nature of your national identification number, and we only collect, use and disclose such information to the extent necessary under applicable laws and regulations, as well as in order to accurately establish and verify your identity to a high degree of fidelity. Please refer to the sections below for further information on how we use, disclose and maintain your Personal Data.

5. How we process and use your personal data

5.1 We may process and use your Personal Data for the following purposes:

  • (a) to perform obligations in the course of or in connection with our provision of the Services requested by you;
  • (b) to facilitate and administer your use of the Website and the Services;
  • (c) to administer and keep track of your participation in the Services, including verifying your information in connection with your use of the Website and the Services to monitor and analyse your use of the Website and the Services;
  • (d) to personalise your user experience on the Website and in your use of the Services;
  • (e) to monitor and analyse your use of the Website and the Services;
  • (f) to inform you of updates and announcements regarding the Website and the Services, including providing you with regular communications and newsletters from Gomu;
  • (g) to enforce the Gomu API Terms of Use, including managing our licenses and partnerships;
  • (h) to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Website and the Services, and to take any action in any legal dispute or proceeding;
  • (i) to improve the Website and the Services;
  • (j) to ensure the security of our Website, by trying to prevent unauthorized or malicious activities;
  • (k) to enforce compliance with our Gomu API Terms of Use and other policies;
  • (l) to tailor content, advertisements, and offers for you;
  • (m) to contact you with information in relation to your use of the Website and the Services, or at your request; and/or
  • (n) any other incidental business purposes related to or in connection with the above.

5.2 Our legal basis to process and use the Personal Data of Users as the Data Controller is where:

  • (a) Users have given their consent for one or more specific purposes (such as the Purposes);
  • (b) Data Protection Laws permit a Data Controller to process Personal Data until the User objects to such processing (also known as opting-out), without having to rely on consent or any other legal basis. Note that this does not apply, whenever the processing of Personal Data is subject to the General Data Protection Regulation governing the Personal Data of Users from the European Union;
  • (c) processing and use of Personal Data is necessary for:
  • (i) the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • (ii) the establishment, exercise or defence of legal claims or proceedings;
  • (iii) compliance with a legal and regulatory obligation to which the Data Controller is subject;
  • (d) processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • (e) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party; and
  • (f) where otherwise permitted or not prohibited under Data Protection Laws.

5.3 We may collect, use, disclose or process your Personal Data for other purposes that do not appear in this Privacy Policy. However, we will notify you of such other purposes at or before the time of obtaining your consent, unless processing of your Personal Data without your consent is permitted by Data Protection Laws.

5.4 Your Personal Data is processed at Gomu’s operating offices and in any other places where the parties involved in the processing are located. Depending on the User's location, transfers of Personal Data may involve transferring the User's Personal Data to a country other than their own.

6. How we disclose or export your personal data

6.1 We may need to disclose your Personal Data to trusted third-parties, whether located within or outside Singapore, for one or more of the Purposes, as such third-parties, would be processing your Personal Data for one or more of the above Purposes (“Third-Party Processors”). In this regard, you hereby acknowledge, agree and consent that we are permitted to disclose your Personal Data to such Third-Party Processors (whether located within or outside Singapore) for one or more of the above Purposes and for the Third-Party Processors to subsequently collect, use, disclose and/or process your Personal Data for one or more of the above Purposes. Without limiting the generality of the foregoing, such Third-Party Processors include:

  • (a) any of our agents, contractors or third-party service providers that process or will be processing your Personal Data on our behalf including but not limited to those which provide administrative or other services to us;
  • (b) our professional advisers, for example, our auditors and lawyers, as well as our insurers;
  • (c) the Third Party Providers;  
  • (d) third-parties to whom disclosure by us is for one or more of the Purposes and such third-parties would in turn be collecting and processing your Personal Data for one or more of the Purposes; and
  • (e) any actual or proposed assignee or transferee of the business of Gomu, or a merged entity in the event Gomu is merged to create the said merged entity.

6.2 Where we disclose your Personal Data, we will do so only in accordance with Data Protection Laws. This includes taking steps to ensure the security and privacy of your Personal Data, and where required, it will be subject to contractual terms ensuring the security and protection of any Personal Data under any sub-processor or data intermediary, whether within or outside of Singapore.

6.3 A list of our current Third-Party Processors is set out at the end of this Privacy Policy.

7. How we maintain your personal data

7.1 Security of your Personal Data is important to us. We will put in place reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorised use of your Personal Data by third-parties which are wholly attributable to factors beyond our control.

7.2 We will put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which your Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.

8. Cookies

8.1 We may also obtain information about your use of the Website and the Services through the use of 'cookies' which enable us to make certain parts of the Website easier to use and to improve the Website and the Services generally.

8.2 A cookie is a small file which asks permission to be placed on your device’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular website or web-based application. Cookies allow web-based applications to respond to you as an individual. The website or web-based application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

8.3 We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web-based traffic and improve the Website and the Services in order to tailor it to user needs. If we do use such cookies, we will only use this information for statistical analysis purposes and then the data is removed from the system thereafter.

8.4 Overall, cookies help us provide you with a better Website and better Services, by enabling us to monitor which sections you find useful and which you do not. A cookie in no way gives us access to your device or any information about you, other than the data you choose to share with us.

8.5 You can generally choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, some cookies are essential and some websites or web-based applications (such as automatic user logins) won’t operate as expected without them and some features of the website or web-based application may not be available.

9. Where you provide us with third-party personal data

9.1 You should only provide us with Personal Data of third parties where expressly permitted under the Gomu API Terms of Use. Should you provide us with Personal Data of any individual other than yourself, you represent, undertake and warrant to us that:

  • (a) for any Personal Data of individuals that you disclose to us, you would have prior to disclosing such Personal Data to us obtained consent from the individuals whose Personal Data are being disclosed, to:
  • (i) permit you to disclose the individuals’ Personal Data to us for the Purposes; and
  • (ii) permit us to collect, use, disclose and/or process the individuals’ Personal Data for the Purposes;
  • (b) at our request, you will use such form(s) or document(s) provided by us in obtaining such consents from the individuals in question (for the avoidance of doubt, we are under no obligation to you to create any such form(s) or document(s));
  • (c) any Personal Data of individuals that you disclose to us are accurate; and
  • (d) for any Personal Data of individuals that you disclose to us, that you are validly acting on behalf of such individuals and that you have the authority of such individuals to provide their Personal Data to us and for us to collect, use, disclose and process such Personal Data for the Purposes.

9.2 Should you provide us with Personal Data of your child or children, you confirm, declare and agree that you are the parent and/or legal guardian of such child/children, and that we may collect, use and/or disclose your child’s or children’s Personal Data for the Purposes and in the manner as set out in this Privacy Policy.

10. Third-party links

10.1 The Website may contain links to third-party websites and applications whose data protection practices may differ from ours. We are not responsible for the content and privacy policies of these third-party websites and applications, and we encourage you to consult their privacy policies before accessing or using the third-party websites and applications.

11. Your rights in respect of your personal data

11.1 If you have any questions about the processing of your Personal Data or about this Privacy Policy, if you do not accept an amended Privacy Policy, if you wish to withdraw any consent you have given us at any time, or if you wish to update or have access to your Personal Data, you are welcome to contact us through the contact details listed at the start of this Privacy Policy.

11.2 You have the right to access and/or correct any Personal Data that we hold about you, subject to exceptions under the law. This right can be exercised at any time by contacting us through the contact details listed at the end of this Privacy Policy. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. All requests for correction or for access to your Personal Data must be in writing. We will endeavour to respond to your request within 30 days, and if that is not possible, we will inform you of the time by which we will respond to you.

11.3 We may be prevented by law from complying with any request that you may make. We may also decline any request that you may make if the law permits us to do so.

11.4 In many circumstances, we need to use your Personal Data in order for us to enable your use of the Website and the Services. If you do not provide us with the required Personal Data, or if you do not accept an amended Privacy Policy or withdraw your consent to our use and/or disclosure of your Personal Data for the Purposes, it may not be possible for us to continue to enable your use of the Website and the Services.

11.5 We may charge you a fee for responding to your request for access to your Personal Data which we hold, or for information about the ways in which we have (or may have) used your Personal Data. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received.

11.6 We are fully committed to protecting your Personal Data and ensuring that you are able to enjoy all the rights granted to you in relation to your Personal Data under Data Protection Laws. Nothing in this Privacy Policy should be construed as limiting any of your rights prescribed for under Data Protection Laws.

12. Changes to this Privacy Policy

12.1 We reserve the right to make changes to this Privacy Policy at any time by giving notice to Users on this page and possibly within the Website and/or, as far as technically and legally feasible, sending a notice to Users via any contact information available to the Company. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. It is strongly recommended to review the Website and this Privacy Policy periodically for updates.

12.2 Should the changes affect the processing activities performed on the basis of the User's consent, the Company shall collect consent from the User, where required.

List of third party processors

N/A