Privacy Statement

 
 
 

Our company respects your privacy and is committed to protecting your personal data. Our company privacy policy provides the information for the persons which our company is processing personal data about and will give you as a data subject information on how our company process and handle your personal data.

The term of Application, Services and other terms contained herein have the same meaning with the terms defined in the Terms and Conditions https://GoodDigitalIdentity.com/terms-and-conditions/, unless otherwise provided in this Privacy Policy.

privacy policy and personal data regulation

This privacy policy aims to give you information on how Our company is collecting and processing personal data through the use of our company’s applications, services, websites etc. Our company services are not intended for children (i.e. persons below the age of 16) and Our company is not knowingly collecting personal data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice our company may provide on specific occasions when our company is collecting or processing personal data so that you as a data subject are fully aware of how and why Our company are processing personal data.

Our company takes privacy and processing of personal data seriously, and as a commitment of securing personal data and the users privacy rights, our company will comply to the EC General Data Protection Regulation (GDPR) for all its users, regardless if the user is an individual located in the European Union, the European Economic Area or elsewhere.

Our company as Controller

Our company is the controller and responsible for the processing of personal data in the applications, services and on any webpage provided by our company.

Our company has appointed a Chief Data Protection Officer (DPO) responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact information for our company privacy questions are as follows:

Email address: privacy@josephtoh.com

It is important that the personal data Our company hold about the data subjects is accurate and current. Please keep our company informed if your personal data changes during your relationship with us.

Personal data processed

Personal data, or personal information, means any information about a physical individual person which may directly or indirectly be related to that person. It does not include data where the identity has been removed (anonymous data).

Our company may collect, use, store and transfer different kinds of personal data in the following categories:

Contact information, which includes name, identification (such as copy of identification papers if required), email and/or physical address, phone no. etc. Contact information includes access information, such as username and password. This is information given by you when sign up for services from our company and is necessary for our company to provide our services. For using the Application and the services, it is required that a set of personal data that personally identifies the user and the storing of tokens.

Financial Information is information includes: Monthly income, credit card number, expiration date, and billing address. This is information given by you when you purchase services from our company and is necessary for our company to provide our company services.

Social Media Information includes information provided from Facebook, Twitter, Instagram and Linkedin. Social Media Information is collected as channel/referral data, all other personal data would be provided by the user.

Technical data are data provided or collected when using the applications and services, including internet protocol (IP) address, login data, browser type and version, geographical information, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the applications and services.

User data includes information generated when using the applications and services, such as transactions, purchases, referral source, the visit period on the applications, page views and link clicks. In addition, any contact with our company by use of email, phone by using the call center service, or otherwise complete online forms, or surveys, will be collected and handled as personal data.

You may choose not to provide us with certain personal data. In such an event, you can still access and use the applications and services, provided that enough information to enable the applications or services are provided. In addition, you can choose not to provide certain optional information, but then you might not be able to take full advantage of many of the features on the applications and the services.

Retention and deletion of personal data

Our company will only retain your personal data for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In some circumstances our company may anonymise personal data (so that it can no longer be associated with the data subjects) for research or statistical purposes in which case our company may use this information indefinitely without further notice to you.

Basis and purposes for Processing personal data

When the our company applications or any of our company services are being used, or our company are contacted, personal data may be collected for the following purposes:

  •  Recognize, verify and identify the user

  •  improve performance and security of applications and services

  •  communication with the user and potential users

  •  mitigate the risk of fraud.

Our company may collect personal and financial data as mentioned above while the application and/or services are used. Most of the personal data is provided to our company by the users. Our company may also collect data from user’s social media accounts provided by the social media throughout the data subjects.

Our company may require additional information necessary for the use of the applications and the services as well as obtain information about users from third parties. Our company will not disclose personal and financial data to any other party without the user’s prior approval.

Our company will only process personal data if:

  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR article 6 no. 1 item b).

  • The processing is necessary for compliance with a legal obligation to which our company is subject (GDPR article 6 no. 1 item c).

  • Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (GDPR article 6 no. 1 item f).

Performance of contract means processing your data where it is necessary for the performance of a contract to which the data subject is a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing the data subject’s personal data where it is necessary for compliance with a legal or regulatory obligation that our company are subject to.

By legitimate interest is understood the interest of our company business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. Our company will make sure to consider and balance any potential impact on the data subjects (both positive and negative) and the rights of the data subject before our company process the data subject’s personal data for our company legitimate interests. Our company does not use personal data for activities where our company interests are overridden by the rights of the data subject unless we have your consent or are otherwise required or permitted to by law.

 When the above is not enough to process personal data, we will collect the consent from the data subject prior to the processing. But generally, our company will not rely on consent as a legal basis for processing personal data.

 Our company will only use personal data for the purposes for which the personal data was collected, unless our company reasonably considers the need to use the personal data for another reason and that reason is compatible with the original purpose. Our company will provide explanation as to how the processing for the new purpose is compatible with the original purpose if requested.

 Please note that our company may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Processing of personal data for marketing purposes

Our company may use personal data to offer products or services, including special offers, promotions, contests or entitlements that may be of interest to the data subjects or for which the data subject may be eligible.

 Marketing messages may be sent to the data subjects in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, and other mobile messaging services. The providing of marketing will only be made in compliance with relevant regulation, and with the consent of the receiver if required. If we have an ongoing relationship with the receiver and the receiver has not indicated to us that it does not wish to receive marketing, a consent is not required in some jurisdictions.

 The receiver of marketing may at any time request that our company stop the marketing via selected or all modes. To find out more on how you can change the way we use your personal data for marketing purposes, please contact us.

Sharing and transfer of personal data

Our company may have to share personal data with our data processors or third parties, if our company wishes to sell, transfer, or merge parts of the business or assets. If a change happens to our company business, any acquirer may use your personal data in the same way as set out in this privacy notice.

Our company require all third parties to respect the security of your personal data and to treat it in accordance with the law. Our company does not allow our third-party service providers to use personal data for their own purposes and only permit them to process personal data for specified purposes and in accordance with our instructions.

Our company share personal data within the Our company group of companies. This will involve transferring your data also outside the European Economic Area (EEA). Personal data is protected by requiring all group companies to follow the same rules when processing your personal data. Whenever personal data is transferred outside the EEA, Our company ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Transfer of personal data will only be done to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

Where certain service providers are used, our company will use the EC Model Clauses approved by the European Commission which give personal data the same protection it has in Europe.

Where providers based in the US are used, our company may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Rights related to personal data

When our company are processing your personal data, you have the right to:

Request access to your personal data. Upon your request, our company will confirm whether we are processing your personal data and provide you with information on how we process the personal data. If requested, we provide you with a copy of that personal data. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.  In the app, under the credentials section, the user will have access to user name, email address and phone number that was used as part of opening the account. The user can change the email and phone number, however, would have to re-verify the changes with OTP codes.

Request correction of the personal data that we hold about you. By having the access to personal data, you may be able to ensure the accuracy of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request deletion of your personal data. This enables you to ask us to delete or remove personal data which we have no purpose for continuing to process. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

 Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data unless we demonstrate compelling legitimate grounds for the processing. This enables you to ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy; where our use of the data is unlawful but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request to object to have automated decision‐making and profiling as you have the right to not be subject to decisions based solely on automated processing of your personal data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format, provided that the information requested to be transferred is provided by you, is processed on the basis of fulfilling an agreement or based on consent, and provided that the processing of personal data is carried out by automated means.

Withdraw consent at any time where we are relying on consent to process your personal data if we rely on your consent to process your personal data. You have the right to withdraw that consent at any time but provided always that this shall not affect the lawfulness of processing based on your prior consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

The right to complain to a supervisory authority in your country of residence if data is misused. If you believe that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you are a resident of an EU or EEA member state, you may do so in the state of your residence. You may exercise any of your rights in relation to your personal data by contacting our company at the above contact information, and we would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority so please contact us in the first instance.

To get response within one month of the request. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

If you wish to exercise any of the rights set out above, you must contact our company on the contact information provided above.

Security of data

Our company will use its reasonable efforts to ensure that recorded data, including personal data, credit card data, password and any confidential information, will not be disclosed, transferred, given to, or illegally used by unauthorized persons. In connection with this, our company will regularly audit its system in order to prevent possible vulnerabilities and attacks. However, since the internet is not a 100% secure environment, our company cannot, from time to time, ensure or warrant the security of information transmitted to our company Application. While information sent via the Application is encrypted, our company advises you to be prudent with any confidential information communicated through this means.

Amendment of the Privacy Policy

We will publish any substantial change and amendment of this Privacy Policy (if any) through this Application and you must read and understood all the changes and amendments. If you still access and use the application after the publication of substantial change and amendment, you are deemed that you have read, understood and agreed of the change and amendment.