Sugarbook, which is operated by Sovrnt Ltd. ("Sovrnt") (Company No. HE395258), is committed to protecting your privacy in line with European Union’s General Data Protection Regulation (GDPR). We will use our best efforts to ensure that the information you submit to us remains private and is used only for the purpose(s) set forth herein.
Collection of Personal Data
To access or use our Service, you may provide your location information for some functions and features that utilize geolocation data for your convenience and to improve your user experience. In cases where we collect or use your geolocation data or any other Personal Data in the course of providing any additional service, we are not required to provide you with any notice or obtain your prior consent unless the applicable laws otherwise provided.
If you provide us Personal Data about another person, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:-
- give consent on his/her behalf to the processing of his/her Personal Data;
- receive on his/her behalf any data protection notices; and
- warrant that you have obtained his/her consent for us to store his/her Personal Data or have the right to allow us to process his/her Personal Data.
Cookies and other tracking technologies
Cookies (small text files placed on your device) and similar technologies may be used on some pages of our website and mobile application to enable us to streamline your experience of using our website and/or mobile application, to enable effective provision of our Service, and to help collect usage and performance data. Cookies allow us to help us recognize when you return, store your preferences and settings, enable you to sign-in, combat fraud, and analyze how our website and mobile application are performing.
We may also use small pieces of code called “web beacons” or “clear GIFs” to collect anonymous and aggregate advertising metrics such as counting page views, promotion views, or advertising responses. A web beacon is an electronic image called a single-pixel or clear GIF. Web beacons can recognize certain types of information, such as a user’s cookie number, time and date of a page view, and description of the page where the web beacon is placed. These web beacons may be used to deliver cookies that conform to our cookies policy. Such cookies, web beacons and clear GIFs may come from third parties.
- Security enhancement of our systems;
- Storage of your preferences and provide customized services to you; and
- Helping us understand how people use these services and improving them.
Cookies and other tracking technologies may also be used to support analytics by other third parties.
Source of Personal Data
The Personal Data collected, used and processed by us are sourced from wholly legitimate and transparent means including but not limited to:-
- your access or use of our Service;
- any emails or correspondences that we have received from you requesting for information or making any inquiries;
- during conversations between you and our representatives;
- any applications or forms that you have submitted on our website and/or mobile application;
- when you complete a purchase order on our website and/or mobile application;
- customer surveys or promotional events;
- authorized third parties, including but not limited to credit reporting agencies, regulatory and enforcement agencies, and other government entities;
- contractors, and business partners; and
- mailing lists.
At no time will any of the Personal Data be purchased by us or in any way commercially acquired through the purchase or trading of illegitimate and illegal personal databases or lists.
Purpose of Collection of Personal Data
We may collect, use and process Personal Data which shall include but not limited to the following purposes:-
- to administer your Account;
- to enable us to provide, facilitate, perform, personalize and improve our Service to meet your current and future needs;
- to help us understand and develop a customized user experience based on your preferences, behavior, and activities;
- to contact and communicate with you;
- to respond to your inquiries, and to provide customer support;
- to resolve disputes or to investigate any complaints you made or made against you;
- to prevent, detect or investigate any potential breaches, illegal activities or prohibited content on our Service;
- to monitor and analyze your use of our Service;
- to research, evaluate and develop our Service;
- for general operation and maintenance of our Service and/or our website and mobile application;
- to promote or communicate information, updates, and news about our Service or new services of ours, our subsidiaries and third parties, and such communications may be initiated from us or through third parties;
- to be used in, to provide and/or to improve our Service, market surveys, processing invoices and payment, and client profiling activities regarding our Service;
- for internal functions such as evaluating the effectiveness of marketing, market research, statistical analysis and modeling, reporting, audit, and risk management;
- to develop, show, measure, and track advertising (including but not limited to content, survey, and promotions of our Service or new services of ours, our subsidiaries and third parties), and to collect information about you and on how you interact with it while you use our Service;
- to maintain our operations or client relationship management systems;
- to maintain and upkeep customer or company records and development in the ordinary course of business;
- for our internal record keeping;
- for prevention and detection of crime;
- to conduct client due diligence, to verify your identity, to monitor, detect and deter unauthorized or fraudulent use or abuse of our Service;
- for the preparation and execution of all necessary documents, agreements and/or contracts for our Service;
- those purposes specifically provided for in any particular service offered by us; and
- to meet any legal or regulatory requirements relating to all the commercial transactions, our conduct of the business or activities or our provision of services, and to make disclosure under the requirements of any applicable law, regulation, direction, court order, by-laws, guideline, circular, code applicable to us or any member of our group of companies from time to time.
Consequences of Refusal or Failure to Provide Personal Data
- the inability for us to provide you with the products or services you requested, either to the same standard, or at all (for example, if you do not register as a user of Sugarbook, you will not be able to access features or services that are reserved for users only);
- the inability for us to provide you with information about products and services that you may want, including information about discount sales or special promotions, or our new products or services;
- the inability for us to tailor the content of our website and/or mobile application to your preferences and your experience of our website and/or mobile application may not be as enjoyable or useful;
- the inability to complete commercial transactions in relation to our Service; and
- the inability to comply with any applicable law, regulation, direction, court order, by-laws, guidelines and/or codes applicable to us.
Disclosure of Personal Data
In order for us to fulfill the purposes listed above, the Personal Data may be disclosed to the following, but not limited to, classes of parties:-
- any persons, government agencies, statutory authorities and/or industry regulators whom we are compelled or required to do so pursuant to any law, or if we have good faith belief that such disclosure is necessary to protect and/or defend our rights and interests or in connection with an investigation of fraud, infringement, piracy, tax avoidance, and evasion or other unlawful activity;
- any of our holding, subsidiary or related companies, including those incorporated in the future, and/or any member of our group of companies;
- our existing or potential business partners and affiliates that provide related services or products in connection with our business;
- our auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with our business;
- our employees, partnerships, joint venture entities, contractors or third-party service providers, third-party management companies, subcontractors or other parties as may be deemed necessary by us to facilitate your dealings with us;
- third parties (including those overseas) who provide data processing services or payment gateway services; and
- any person who is under a duty of confidentiality to which he/she has undertaken to keep such data confidential which we have engaged to fulfill our obligations to you.
Third parties are legally tasked with processing the Personal Data in line with the principles specified by us. Third parties are also held legally responsible for securing the Personal Data at an appropriate level of security in relation to applicable data protection laws and widely accepted industry standards.
In the event of your passing or incapacitation, your Account may be deleted. We do not release information residing in your Account to any other third party.
If we or our business is acquired by another entity or merged with another entity or there is a proposed acquisition or merger, the Personal Data may be transferred to such entity as part of the proposed or actual merger or acquisition.
Protection of Personal Data
- storing the Personal Data in systems that are protected by secure networks and secure operating environments that are not available to the public and are only accessible by our employees for the purpose of performing their official duties, and authorized third parties who are contractually bound to take reasonable measures to keep the Personal Data secure;
- regularly monitoring our systems for possible vulnerabilities and attacks and regularly review our information collection, storage, and processing practices to update our physical, technical and organizational security measures; and
- verifying the identities of users before they can access the Personal Data we maintain about them.
- Compliance with these provisions will be required by all authorized third parties who may access the Personal Data as described above.
We may send you direct marketing communications and information that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS or email. If you indicate a preference for a method of communication, we will endeavor to use that method whenever practical to do so.
Third parties and social media
We may allow third parties including but not limited to authorized service providers, advertising companies, data management platforms, and advertising networks to serve advertisements on our website and mobile application. These third parties may use tracking technologies (e.g. cookies, web beacons, device IDs, or advertising IDs) to collect information about users who view or interact with their advertisements. Any information that these third parties collect via cookies is completely anonymous and non-identifiable. You may refuse the use of third-party data collection by selecting the appropriate settings on your browser.
When you place an order online, your personal details and credit card information are encrypted using SSL encryption technology, before it is sent to us from your computer. Although we cannot guarantee encryption or the privacy of your personal details, SSL encryption makes it very difficult for your information to be stolen or intercepted. We strive to protect your personal information, however, we cannot warrant the security of any information you transmit to us.
Our credit card transactions are processed by our third-party payment processor via secure SSL encryption. We do not store your financial account information on our systems; however, we have access to, and may retain, subscriber information through our third-party payment processor.
Choices to Limit Processing of Personal Data
You have the right to limit in part, or wholly, any of the processes by which the Personal Data is subjected to in terms of the operations allowed to be performed upon it, the period of time allowed, or alternatively, the deadline of the consent given.
The responsibility for compliance rests with us, who determines the purposes and means of processing of the Personal Data.
You shall notify us in writing to request the Personal Data to be retained by us so long as it is necessary for the fulfilment of the purposes for which it was collected only or inform us your objection to the use of the Personal Data for marketing purposes whereupon we will not use the Personal Data for such purpose. You may withdraw, in full or in part, your consent given below. Your withdrawal in each case is subject to any applicable legal restrictions, contractual conditions, and a reasonable time period. Your withdrawal may also be subject to whether it would affect the operation of our business.
In respect of the Personal Data which you have submitted to us, you have the right at any time to:-
- request for access to the Personal Data in our records;
- request to make correction of the Personal Data in our records in the event the information is inaccurate, misleading, out-of-date or incomplete upon validation and verification of the new information provided;
- request to cease processing the Personal Data for the purposes of marketing;
- object to the processing of the Personal Data, ask us to restrict or limit the processing of the Personal Data or request portability of the Personal Data;
- withdraw your consent for us to continue processing the Personal Data; and
- complain to a data protection authority about our collection and use of the Personal Data. For more information, please contact your local data protection authority.
In respect of requests for access to or to make correction of the Personal Data in our records, or to cease processing the Personal Data for the purposes of marketing, such requests must be made in writing and supported with submission of the relevant documents as required by us in person from time to time to the following address listed below. We will only make appropriate corrections based on the updated information provided by you. When requested and practical, we will delete identifying information from our current operation systems. Your request may also be subject to payment of a fee in accordance with applicable legal requirements.
Editing or Deleting Personal Data
You may edit the information stored for your Account during the registration at any time through your user account control panel. You may request for deletion of the Personal Data by us, and we will use commercially reasonable efforts to honor your request. However, please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database but may remain in our archives. We may also retain your information for fraud or similar purposes.
To provide our Service, we may process and store your information on servers located in Malaysia or other jurisdictions where we deem it appropriate or desirable unless the applicable law otherwise provided. There may be a possibility that the data protection level in other jurisdictions does not completely meet the requirements of data protection law in your country or region, but all such transfers are performed in accordance with the requirements of applicable law.
Further, we may retain the Personal Data following the closure or termination of your account if retention is reasonable and necessary to:-
- comply with applicable laws, regulations or legal obligations;
- provide and complete customer support service;
- resolve disputes between or with our users; or
- detect and deter unauthorized or fraudulent use of or abuse of our Service.
Retention of Personal Data
The Personal Data you submit to us will only be retained for as long as is required for the purpose(s) for which it was collected or as permitted by applicable law.
In practice, we delete or anonymize the Personal Data upon deletion of your Account, unless:-
- we must keep it to comply with applicable law;
- we must keep it to evidence our compliance with applicable law;
- there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved; or
- the information must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security.
Even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific timeframe due to technical constraints.
Opting Out and Unsubscribe
If you change your mind at any time about receiving information from us, you can contact us in writing to us. Please be aware that once we have received your request to unsubscribe, it may take up to fourteen (14) working days for us to process your request and to be reflected in our systems. Therefore, you may still receive marketing materials/communication during this period of time.
As our Service is strictly for individuals who are 18 years of age and above, such individuals are not allowed to use our Service or provide any personal data. We do not knowingly solicit, collect, store, use or share personal data from any individuals under the age of 18. If we discover that we have collected or received personal data from such individuals, we will delete that data from our servers. If you believe that a user is under the age of 18 and has provided us with their personal data, please notify us to report this on our mobile application. By using our Service, you represent that you are at least the age of consent in your state, province or country of residence.
Contact: Privacy Officer
22 Arch. Makariou III,
Avenue Makaria Centre, 4th Floor, Office 403
6016 Larnaca, Cyprus
Email: [email protected]
Dated: 1 February 2021