1. COMPANY AS THE DATA CONTROLLER
2. GENERAL DEFINITIONS
(a) “Affiliate” means any entity controlling, controlled by, or under common control with the referenced entity, where the term “control” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise.
(b) “APIs” means any form of application programming interface that Gomu makes available in its software-as-a-service products which you have subscribed to, which may include object code, software libraries, software tools, sample source code, published specifications, and any related developer documentation and other developer services, functions and features made available through such application programming interfaces by or on behalf of Gomu. APIs shall include any future, updated or otherwise modified version(s) thereof.
(c) “API Data” means any content, images, photographs, illustrations, icons, texts, video, audio, written materials, software, sample codes, applications, specifications or other content, materials or data made available to you through the APIs.
(d) “Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Website and the Services.
(e) “Data Protection Laws” means applicable laws and regulations relating to the use and/or processing of personally identifiable information and data and privacy.
(f) “NFT” means a non-fungible token or similar digital item implemented on a blockchain, which uses smart contracts to link to or otherwise be associated with certain content or data.
(g) “NFT Hub Services” means any and all services offered by Gomu in relation to the proprietary digital platform provided by Gomu on a software-as-a-service basis that, among other features, includes a range of tools for you to build and customise blockchain-based online marketplaces and community hubs to facilitate Web 3.0 community-focused experiences for your End Users and enable your End Users to view, swap, buy and sell NFTs, and other related services made available by Gomu from time to time.
(h) “Personal Data” means:
(i) data, whether true or not, about an individual who can be identified:
(1) from that data; or
(2) from that data and other information to which we have or are likely to have access; and
(ii) any data that is analogous to the foregoing, as defined in Data Protection Laws.
(j) “Services” means all services provided by Gomu associated with the Website, (ii) the APIs, (iii) the NFT Hub Services, (iv) the Services Data, and (v) and other related services made available by Gomu from time to time, including but not limited to other content, software, and mobile applications made available by Gomu.
(k) “Services Data” means any content, images, photographs, illustrations, icons, texts, video, audio, written materials, software, sample codes, applications, specifications or other content, materials or data made available to you through the Website, the APIs and/or the NFT Hub Services, and includes API Data;
(l) “Third Party Provider” means any third party providing services, products, applications or programmes which are accessible through the Website and/or the Services, and which is neither Gomu nor an Affiliate of Gomu.
(m) “User” or “you” means the individual accessing or using the Website and the Services.
3. HOW WE COLLECT YOUR PERSONAL DATA
3.1 We receive your Personal Data when you:
(a) register for a Gomu Account;
(b) use the Website or any of the Services;
(c) enter into transactions with us (or express interest in doing so);
(d) enter into any agreement with us or provide other documentation or information in respect of your interactions and transactions with us;
(e) you interact with our employees, representatives, agents or appointed service providers (for example, via telephone calls, letters, face-to-face meetings, digital platforms, surveys, workshops, campaigns and/or emails); and/or
(f) contact or engage with us for any of the purposes listed above.
3.2 In connection with the Services, and to the extent permitted by applicable laws (including Data Protection Laws), we may also be collecting from sources other than yourself, your Personal Data, for one or more of the Purposes, and thereafter using, disclosing and/or processing such Personal Data for one or more of the Purposes.
4. TYPES OF PERSONAL DATA WE COLLECT
4.1 In connection with your use of the Website or the Services, we may collect the following Personal Data from you:
(a) your contact and registration information such as your name, your organisation’s name, date of birth, email and mailing addresses and/or telephone number;
(b) geographical-specific information such as nationality and country of residence;
(c) specific usage data from your use of the Website and the Services;
(d) technical information related to your use of the Website and the Services, such as IP addresses, browser information and mobile device information;
(e) if applicable, payment details in order to process payments for purchases and/or subscriptions made on the Website or as part of the Services;
(f) if applicable, your blockchain wallet identifier from your participation in any campaigns held by Gomu;
(g) aggregated information such as statistical or usage data (note that such aggregated and statistical data may be derived from your Personal Data but is anonymised);
(h) unique social media identifiers (e.g. profile names, in-game names) on certain social networking platforms (e.g. Facebook, Discord), where your use of the Services involves the use of third-party platforms or services; and/or
(i) any other information which you may provide to Gomu.
4.3 Note on collection of your national identification number (e.g. NRIC for Singapore Users): We are fully aware of the sensitive nature of your national identification number, and we only collect, use and disclose such information to the extent necessary under applicable laws and regulations, as well as in order to accurately establish and verify your identity to a high degree of fidelity. Please refer to the sections below for further information on how we use, disclose and maintain your Personal Data.
5. HOW WE PROCESS AND USE YOUR PERSONAL DATA
5.1 We may process and use your Personal Data for the following purposes:
(a) to perform obligations in the course of or in connection with our provision of the Services requested by you;
(b) to facilitate and administer your use of the Website and the Services;
(c) to administer and keep track of your participation in the Services, including verifying your information in connection with your use of the Website and the Services to monitor and analyse your use of the Website and the Services;
(d) to personalise your user experience on the Website and in your use of the Services;
(e) to monitor and analyse your use of the Website and the Services;
(f) to inform you of updates and announcements regarding the Website and the Services, including providing you with regular communications and newsletters from Gomu;
(h) to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Website and the Services, and to take any action in any legal dispute or proceeding;
(i) to improve the Website and the Services;
(j) to ensure the security of our Website, by trying to prevent unauthorized or malicious activities;
(l) to tailor content, advertisements, and offers for you;
(m) to contact you with information in relation to your use of the Website and the Services, or at your request; and/or
(n) any other incidental business purposes related to or in connection with the above.
5.2 Our legal basis to process and use the Personal Data of Users as the Data Controller is where:
(a) Users have given their consent for one or more specific purposes (such as the Purposes);
(b) Data Protection Laws permit a Data Controller to process Personal Data until the User objects to such processing (also known as opting-out), without having to rely on consent or any other legal basis. Note that this does not apply, whenever the processing of Personal Data is subject to the General Data Protection Regulation governing the Personal Data of Users from the European Union;
(c) processing and use of Personal Data is necessary for:
(i) the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
(ii) the establishment, exercise or defence of legal claims or proceedings;
(iii) compliance with a legal and regulatory obligation to which the Data Controller is subject;
(d) processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
(e) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party; and
(f) where otherwise permitted or not prohibited under Data Protection Laws.
5.4 Your Personal Data is processed at Gomu’s operating offices and in any other places where the parties involved in the processing are located. Depending on the User's location, transfers of Personal Data may involve transferring the User's Personal Data to a country other than their own.
6. HOW WE DISCLOSE OR EXPORT YOUR PERSONAL DATA
6.1 We may need to disclose your Personal Data to trusted third-parties, whether located within or outside Singapore, for one or more of the Purposes, as such third-parties, would be processing your Personal Data for one or more of the above Purposes (“Third-Party Processors”). In this regard, you hereby acknowledge, agree and consent that we are permitted to disclose your Personal Data to such Third-Party Processors (whether located within or outside Singapore) for one or more of the above Purposes and for the Third-Party Processors to subsequently collect, use, disclose and/or process your Personal Data for one or more of the above Purposes. Without limiting the generality of the foregoing, such Third-Party Processors include:
(a) any of our agents, contractors or third-party service providers that process or will be processing your Personal Data on our behalf including but not limited to those which provide administrative or other services to us;
(b) our professional advisers, for example, our auditors and lawyers, as well as our insurers;
(c) the Third Party Providers;
(d) third-parties to whom disclosure by us is for one or more of the Purposes and such third-parties would in turn be collecting and processing your Personal Data for one or more of the Purposes; and
(e) any actual or proposed assignee or transferee of the business of Gomu, or a merged entity in the event Gomu is merged to create the said merged entity.
6.2 Where we disclose your Personal Data, we will do so only in accordance with Data Protection Laws. This includes taking steps to ensure the security and privacy of your Personal Data, and where required, it will be subject to contractual terms ensuring the security and protection of any Personal Data under any sub-processor or data intermediary, whether within or outside of Singapore.
7. HOW WE MAINTAIN YOUR PERSONAL DATA
7.1 Security of your Personal Data is important to us. We will put in place reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorised use of your Personal Data by third-parties which are wholly attributable to factors beyond our control.
7.2 We will put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which your Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.
8.1 We may also obtain information about your use of the Website and the Services through the use of 'cookies' which enable us to make certain parts of the Website easier to use and to improve the Website and the Services generally.
8.2 A cookie is a small file which asks permission to be placed on your device’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular website or web-based application. Cookies allow web-based applications to respond to you as an individual. The website or web-based application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
8.3 We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web-based traffic and improve the Website and the Services in order to tailor it to user needs. If we do use such cookies, we will only use this information for statistical analysis purposes and then the data is removed from the system thereafter.
8.4 Overall, cookies help us provide you with a better Website and better Services, by enabling us to monitor which sections you find useful and which you do not. A cookie in no way gives us access to your device or any information about you, other than the data you choose to share with us.
8.5 You can generally choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, some cookies are essential and some websites or web-based applications (such as automatic user logins) won’t operate as expected without them and some features of the website or web-based application may not be available.
9. WHERE YOU PROVIDE US WITH THIRD-PARTY PERSONAL DATA
(a) for any Personal Data of individuals that you disclose to us, you would have prior to disclosing such Personal Data to us obtained consent from the individuals whose Personal Data are being disclosed, to:
(i) permit you to disclose the individuals’ Personal Data to us for the Purposes; and
(ii) permit us to collect, use, disclose and/or process the individuals’ Personal Data for the Purposes;
(b) at our request, you will use such form(s) or document(s) provided by us in obtaining such consents from the individuals in question (for the avoidance of doubt, we are under no obligation to you to create any such form(s) or document(s));
(c) any Personal Data of individuals that you disclose to us are accurate; and
(d) for any Personal Data of individuals that you disclose to us, that you are validly acting on behalf of such individuals and that you have the authority of such individuals to provide their Personal Data to us and for us to collect, use, disclose and process such Personal Data for the Purposes.
10. THIRD-PARTY LINKS
10.1 The Website may contain links to third-party websites and applications whose data protection practices may differ from ours. We are not responsible for the content and privacy policies of these third-party websites and applications, and we encourage you to consult their privacy policies before accessing or using the third-party websites and applications.
11. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
11.3 We may be prevented by law from complying with any request that you may make. We may also decline any request that you may make if the law permits us to do so.
11.5 We may charge you a fee for responding to your request for access to your Personal Data which we hold, or for information about the ways in which we have (or may have) used your Personal Data. If a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received.
12.2 Should the changes affect the processing activities performed on the basis of the User's consent, the Company shall collect consent from the User, where required.
LIST OF THIRD PARTY PROCESSORS
Last updated: 11/24/2022