We, Grasse Global Inc. and our affiliated companies worldwide (collectively, “we”, and the terms “our” and “us” are used accordingly), respect privacy of personal information. We are committed to implement the necessary systems and process which (a) ensure an appropriate level of protection of personally identifiable information that a visitor, a user, a client, a beneficiary, or a partner (“you”) share with us through our website www.grasseglobal.com, its applications, mobile applications and digital interactions (collectively, “Platform“) or whose information we otherwise receive in connection with our products and services, and (b) which gives you control over your personally identifiable information with us. This Privacy Policy (“Policy“) describes how we collect, use, disclose and transfer your personal information through the Platform. By accessing the Platform and/or by availing any of our products or services or by partnering with us, you agree to the terms of this Policy. This Policy will be updated from time-to-time. Please refer back regularly to keep yourself updated. This Policy is a part of and must be read along with the Terms of Use and the Cookie Policy.
For residents (data subjects) of the European Union, when we collect and use personal data (information) about you, we may be subject to the General Data Protection Regulation (‘GDPR’) of the European Union and be responsible as a ‘data controller’ for such personal data. In such a case, references to the GDPR will apply to your information with us.
|
For residents (consumers) of California, when we collect and use personal information about you, we may be subject to the California Consumer Protection Act (CCPA) and responsible as a ‘business’ or ‘service provider’ for such personal data. In such a case, references to the CCPA will apply to your information with us.
|
CONTENTS
- Data we collect or process and its purpose
- How we use your information
- How we use your details for audience profiling
- Sharing Information
- External links and Cookies
- How we work with third parties
- Retaining and storing your information
- How can you control your data or information.
- How long will we keep your information.
- Your rights regarding your information with us
- International transfers
- California Consumer Privacy Act (CCPA)
- Policy Change
- Contact Us / Data Protection Officer / Grievance Officer
- Data we collect or process and its purpose
- We may process data about your use of the Platform (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of your visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. In addition, we may use third-party analytics tracking services such as Google Analytics and Facebook Pixel. This usage data may be processed for the purposes of analysing the use of the Platform and our products and services in order to improve our performance metrices, and for communicating with you. The legal basis for this processing is your consent. In some cases, the legal basis for this processing is our legitimate interests, namely monitoring and improving the Platform and our products and services.
- We may process your information included in your personal profile on the Platform (“profile data”). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. The profile data may be processed for the purposes of enabling and monitoring your use of the Platform and services and for communicating with you. The legal basis for this processing is your consent. In some cases, the legal basis for this processing is our legitimate interests, namely the proper administration of the Platform and our products and services.
- We may process your personal data that are provided in the course of the use of our products and services (“service data”). The service data may include your name, address, telephone number, email address. The source of the service data is you. The service data may be processed for the purposes of providing our products and services, ensuring the security of the Platform and of our products and services, maintaining back-ups of our databases, and for communicating with you. The legal basis for this processing is your consent. In some cases, the legal basis for this processing is our legitimate interests, namely the proper administration of the Platform and business. In some cases, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
- We may process information that you post for publication on the Platform or through our products and services (“publication data”). The publication data may be processed for the purposes of enabling such publication and administering the Platform and our products and services. The legal basis for this processing is your consent. In some cases, the legal basis for this processing is our legitimate interests, namely the proper administration of the Platform and business. In some cases, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
- We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data”). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you and for and for communicating with you. The legal basis for this processing is your consent.
- We may process information relating to our customer relationships, including customer contact information (“customer relationship data”). The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. The source of the customer relationship data is you or your employer. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications, promoting our products and services to customers, and for communicating with you. The legal basis for this processing is your consent. In some cases, the legal basis for this processing is our legitimate interests, namely the proper administration of the Platform and business. In some cases, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
- We may process information relating to transactions, including purchases of our products and services, that you enter into with us and/or through the Platform (“transaction data”). The transaction data may include your contact details, your banking details, your credit card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services, keeping proper records of those transactions, and for communicating with you. The legal basis for this processing is your consent. In some cases, the legal basis for this processing is our legitimate interests, namely the proper administration of our business. In some cases, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
- We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters, and for communicating with you. The legal basis for this processing is your consent.
- We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. The Platform will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is your consent. In some cases, the legal basis for this processing is our legitimate interests, namely the proper administration of the Platform and business and communications with our business counterparts.
In addition to the specific purposes for which we may process your personal data set out in this Section, we may process any of your personal data identified in this Policy where necessary for:
- the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
- the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
- compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
- How we use your information
We will only use your personal data in a fair and reasonable manner, and where we have a lawful reason to do so. We primarily use your information for the following purposes.
To provide products and services. We may use your information and share your information with third-party service providers to provide products and services to you. We may also use your information for the following purposes.
- To manage your access to the Platform, and to send you content via push notifications, newsletters, subscriptions, etc.
- To send you service notifications related to your product or service such as subscription renewal notifications, password resets and order confirmations.
- To manage customer service queries and complaints.
- To manage your privacy preferences and to ensure you only receive communications that you have requested, which may include using your details to suppress you from communications.
- To send you administrative emails about your account, reminders for upcoming events, service changes, or new policies. These updates, changes and notifications are essential for the services that you have selected.
- To provide general location-based services (e.g., based on the region or country you are in), advertising or search results for our content.
- To detect and reduce fraud and harassment, including DDOS and other efforts.
- To prevent users from posting illegal, offensive or objectionable comments on the Platform.
- To run competitions, prize draws and promotions or if you agree to be a speaker or contributor at, or in, one of our events, projects or films. In these cases, you grant a global right to us to use your name, picture, likeness, voice, biographical information and statements, for advertising, trade, publicity and promotional purposes in all media now known or discovered afterwards and on the internet.
To deliver marketing and advertising. We need your consent to use your information for specific purposes – such as marketing, brand communication and personalised advertising. If you consent, we will use your information as follows:
- We may send you marketing communications through a range of channels including email and push notifications and you can opt out of these at any time.
- We may pass your information to third-parties who would like to contact you with information regarding their own products and services. Those parties are responsible for their use of your data and you should read their privacy policies carefully.
- We will ask you if you wish to opt-out of marketing when you first sign up to receive our products or services. You can opt out of email marketing by clicking the ‘unsubscribe’ link at the bottom of our emails. Do note that this opt out mechanism does not apply to important service notifications such as license expiry notifications, payment confirmations or where we have some other legal basis for contacting you.
- In order to deliver advertising and marketing messages that are relevant to you, we may use the information we have about you, to ensure that the advertising you see is of interest to you.
Research. We use information you share with us, or that we collect to conduct research, surveys, product testing, and troubleshooting to help us operate and improve our products and services.
Other uses of your information. Other than where we have sought your consent, we rely on two other individual bases to lawfully use your information. First, we need to use your information in certain ways to provide our products or services to you, in accordance with our contract with you. In this case, it is necessary for us to use your information so that we can deliver the products or services you have chosen. In certain cases, we may use your information where necessary to further our legitimate interests, where those legitimate interests are not overridden by your rights or interests, including:
- To measure customer and user response and engagement with our products and services such as online content, email newsletters and subscription offers. This may include sharing your information with third-parties who help us to analyse and measure these parameters.
- To ensure our products and the Platform are compatible with the browsers and operating systems used by you.
- To help us improve our customer and user experience and to support new product development.
- To enable us to solicit feedback through customer satisfaction surveys and market research questionnaires (for which we may share your information with third-party service providers engaged by us).
- To create audience profiles for personalised advertising, marketing or research and development on and off the Platform.
- To detect and reduce fraudulent activity and for other security related purposes such as to help us protect against harassment, DDOS, IP infringement, crime or other security issues.
- For any purpose required by contract, law or regulation and to verify information that we provide to third-parties for compliance and audit purposes.
- To the extent required for identity verification, government sanctions screening and due diligence checks.
- Establishing, exercising or defending legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings.
You have the right to object to any of the above uses of your information, please contact us if you wish to do so. We will consider all objections reasonably, but there may be legal reasons where we deem that the use of your information is still appropriate. We are committed to explain our decision to you.
We do not store any account-related information or any payment instrument (including credit card) details. We are not liable for any loss or damage caused to you as a result of any disclosure (inadvertent or otherwise) of any information concerning your accounts (including third-party account) or payment instruments in the course of any transactions or payments made for any products and/or services by you through the Platform.
- How we use your details for audience profiling
To enable us to personalise the content and advertising you see (including on social media), we may use your interaction and browsing behaviour or preferences (such as the pages to visit and the content you access on the Platform) to create audience profiles. This is to enable content and message personalisation, and in some cases, advertising to be delivered to you or a group of users (an audience) with similar interests to you. This can be done both on our site and on those of third-parties. Please see our Cookie Policy for more information. We may analyse your individual information to create a profile of your interests and preferences as a part of an audience. These insights are used to help us make marketing decisions so that we can ensure our messages are relevant to you. There are times we may use additional information available from external sources to help us do this effectively.
- Sharing Information
- We may disclose your personal data to any of our employees, officers, and agents as long as such disclosure is reasonably necessary for the purposes, and on the legal bases, set out in this Policy.
- We may disclose your personal data to any member of our group of companies (this means our ultimate holding company and all its subsidiaries and joint venture partners) as long as such disclosure is reasonably necessary for the purposes, and on the legal bases, set out in this Policy.
- We may disclose your personal data to our insurers and professional advisers as long as such disclosure is reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- We may disclose your personal data to our suppliers or subcontractors as long as such disclosure is reasonably necessary for providing services to you.
- Financial transactions relating to the Platform and Services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
- We may disclose your personal data to third-party suppliers of goods and services for the purpose of enabling them to contact you so that they can offer, market and sell to you the relevant goods and/or services.
- In the case where we go through a reorganisation process, we may share, sell, or transfer information about you in connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy. However, this Privacy Policy will apply to your personal information that is shared with or transferred to the new entity.
- In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- External links and Cookies
External links. This privacy policy only applies to our use of your data. Our services, products or the Platform may, from time to time, contain links to external websites. We are not responsible for the privacy policies or the content of such external websites and we recommend that you read the privacy policies on any external websites that you use. Similarly, if you are directed to the Platform from a third-party, then we are not responsible for the privacy policy or practices of the third party. We strongly recommend you read their privacy policy.
Cookies. Some of our web pages utilize “cookies” and other tracking technologies. A “cookie” is a small text file that may be used, for example, to collect information about web-site activity. Cookies may be created in your web browser when you visit any part of the Platform. Some cookies and other technologies may serve to recall Personal Information previously indicated by a user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. Tracking technologies may record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that our site is accessed. Our use of cookies and other tracking technologies allows us to improve our Platform and the overall website experience. We may also analyse information that does not contain Personal Information for trends and statistics. You can find more information about the types of cookies that we, and certain third parties use, why we use them, and how to manage them in our Cookie Policy.
- How we work with third parties
We pass information to third-parties. In some instances, we disclose personal information to third-parties when it is necessary to deliver a service or product, or to help us improve your experience with us, or when we are required to do so by contract or law. “Third-parties” include agents, subcontractors, sponsors and other associated organisations. We have in place contracts to ensure the information remains secure and limited in use, and if we do not have a legitimate business reason to pass on your information, we will ask you to give consent first. Some examples of when we share your information are below:
- When you make a payment on the Platform, your payment will be processed by a specialist payment processor to ensure a secure transaction. All payment processors used by us are compliant with required security standards.
- When we send you an email or a push notification, these are delivered by marketing platforms. As part of this service, certain information such as message opens, clicks and formatting are recorded to help deliver the best email experience.
- When we test and launch new products, services or offers, we may work with trusted third-parties to support us.
- We also employ third-parties to carry out statistical analyses and conduct surveys on our behalf, to support our advertising and content production efforts respectively.
- To enhance your profile with non-personal information.
- To enable third-parties such as advertisers or sponsors to contact you with information about their own products and services that may be of interest, only if you give explicit permission for us to do so.
Third parties who pass information to us. We may use technology like APIs and embeds to make information available to websites, apps, and others for their use, for example, selecting a proper agent for your preference, choosing a special gift of your choice, etc.
Our subscriptions services sometimes use additional information such as telephone numbers or postcodes from third-parties (like list brokers, researchers or telemarketing agents, who have gathered this information lawfully) to help us to contact you with important service updates via phone or post or to help us make marketing decisions. This includes advertising (by ourselves or via advertising partners) to groups of people with particular interests. These third-parties may give us access to your personal information, if you have allowed them to do so. We may also work with third-parties to identify individuals who may be interested in our products and services or in some cases our sponsors / advertisers’ products and services. These third-parties may give us access to your personal information, if you have allowed them to do so. The collection, use, and disclosure of information by these third-parties are described in their own privacy policies, and consequently may differ from that set out in this Policy. We are not responsible for those third-party privacy policies, and you should ensure that you have read and understood all applicable privacy policies before proceeding.
- Retaining and storing your information
Data Retention policy. We securely store your information, and hold it for as long as we need to in order to provide our products and services to you in accordance with (i) applicable law, or (ii) as long as is set out in any relevant contract you have with us. We review our retention periods for personal information regularly. If you have not interacted with us in any way, we will generally no longer hold your information after seven (7) years from its last use. We would only keep it for longer than this if we are required to by law or if we have a legitimate reason to do so. Sometimes, we may need to keep it for longer periods for reasons such as tax and other financial regulatory mandates.
Data Erasure Policy. If you request for us to no longer contact you, for example with marketing communications, we will retain the minimum amount of information about you so that we can ensure we remove you from any future communications. Please note that if you ask us to completely remove all information about you, and you subsequently use our products and services at a later date, we will no longer be able to recognise your previous request not to be contacted, which is why we would keep it and suppress it in line with industry standards.
Storing and transferring information internationally. As the internet is a global environment and we work with third-parties across the globe, collecting and using your personal information may involve the transfer of this information internationally, including outside of the European Union. By using our products and services, you acknowledge and agree to your personal information being transferred in this way, including to jurisdictions outside the EEA. We will maintain strict policies to ensure all information that is transferred is done so safely and securely.
Keeping your information safe. We take information security seriously and have policies and procedures in place to ensure the information we hold on you remains safe. We limit who has access to your information and ensure that those who do are bound by contracts to keep your information confidential and safe.
Individuals under 16. We do not, intentionally or knowingly, process personal information of individuals under the age of 16. We will make every effort to delete any details of such users where a parent or guardian has informed us that these details have been collected.
- How can you control your data or information.
Access, Correction, Portability. You can access, correct, or modify the information you provided to us by editing your profile and adjusting your account settings by emailing details of your request to : [email protected].
Deleting your information/ withdrawing your consent. You can delete your information or withdraw your consent which you provided to us by emailing details of your request to : [email protected]
- How long will we keep your information.
When you give us any personal information, we will generally let you know for how long we will hold the information. In other cases, we will hold your information only for as long as it is required for the performance of our obligations under our contract with you or under any applicable law.
- Your rights regarding your information with us
You may exercise your rights which are available to data subjects in relation to your Personal Information which is being held or processed by us.
Rights under the GDPR. Under certain circumstances, you have the right to:
- Request accessto your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
- Request correctionof the personal data that we hold about you. This enables you ask us to have any incomplete or inaccurate information we hold about you corrected.
- Request erasureof your personal data. This enables you to ask us, in certain situations, to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processingof your personal data where we are relying on a legitimate interest (or those of a third-party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processingof your personal data. This enables you to ask us, in certain circumstances, to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Data portability: This enables you to ask us, in certain circumstances, to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format or to transmit the personal data that you have provided to us to another party.
- Automated decision-making: The right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.
- Right to withdraw consent: In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officers (details provided in this Policy). Once we have received a notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legal basis for doing so.
Rights under the CCPA. If the processing of your personal information is subject to the CCPA, you are entitled to the rights listed below.
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
- Request erasure of your personal data. This enables you to ask us, in certain situations, to delete or remove personal data unless our processing is specifically permitted under the CCPA.
- Right of disclosure for sale of data or use for business purpose. This enables you to ask us, in certain circumstances, to provide you with the categories personal data and third-parties we disclose for sale or business purposes.
- Data portability: This enables you to ask us, in certain circumstances, to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format or to transmit the personal data that you have provided to us to another party.
- Right to opt-out: This enables you to opt-out of the sale of your personal data by a business to other third-parties.
- Right to non-discrimination: This specifies that we will not discriminate against you in any way or under any circumstance for exercising your rights to your data under the CCPA.
- Right to withdraw consent: In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officers (details provided in this Policy). Once we have received a notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legal basis for doing so.
- Rights in general. We provide you the right to keep your Personal Information held by us accurate and up-to-date. You may do so by contacting our Data Protection Officer on the details provided in this Policy if you wish to (a) rectify, update or correct your Personal Information, (b) obtain confirmation on whether or not your Personal Information is processed by us, or (c) access your Personal Information.
Do note that if you exercise any of the above rights, we may need to request specific information from you to help us confirm your identity and to ascertain that you are entitled to make such a request. This is to ensure that your personal data is not disclosed to any person who is not authorised to receive it. For the exercise of certain rights, you may be required to approach the designated data protection officer. You may be charged a fee for the processing of your request, particularly in case of frivolous, excessive, or manifestly unfounded requests. Do note that your rights listed in this Policy are not absolute and are subject to limitations as per the applicable data protection laws.
- International transfers
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the European Economic Area (EEA) unless the transfer meets certain criteria. We and many of our third-parties service providers are based outside the EEA, including in India, so the processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place;
- We will only transfer your personal data to companies that have appropriate measures to data security; or
- We will only transfer your personal data to companies that comply with the GDPR.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
- California Consumer Privacy Act (CCPA)
In addition to the rights documented elsewhere in this Privacy Policy, if you are a California Resident you have some additional rights under the CCPA. These include being informed of any of your personal data that has been “sold” (where sold for this purpose is defined below) and to opt out of the future selling of your personal data to third parties. Do note that we may share your details with selected third-parties, where you have opted in for us to do so, which is defined as a “sale” of data under the CCPA. You can opt out of the sale of personal data at any time by contacting us. To submit requests for information about any of your personal data which we have sold according to the CCPA, you can get in touch with us by any of the methods listed in the Contact Us section of this policy. If you are emailing us for a request, please indicate in the subject that it is a CCPA-related request.
- Policy Change
This is the most current version of the Privacy Policy which governs our processing of your personal data/ information and we may revise this Privacy Policy from time to time as needed. If we do revise this Privacy Policy and make changes that are determined by us to be material, we will post the revised Privacy Policy, and it will be effective from the date of such posting.
- Contact Us / Data Protection Officer / Grievance Officer
For the purposes of your data collected through the Platform, held by us, or processed by us, the data controller (under GDPR and other laws which use a similar concept) and the business/service provider (under CCPA and other laws which use a similar concept) is Sun Waters Group LLC. If you have questions about this Policy or about your personal information, or if you wish to exercise a right regarding your information, please contact the Data Protection Officer-cum-Grievance Officer at email: [email protected]