Last updated 1st April 2021
- Geographic scope
- What information can we collect?
- How is your personal information collected?
- How and why do we use and share your personal information?
- For how long do we keep your personal information?
- International data transfers
- Your rights
- Contact details
- Geographic scope
This Website is operated in the United States and is intended for users located in the United States and Canada. It is therefore governed by and operated in accordance with the laws of the United States. If you are located outside of the United States, please be aware that information you provide to us or that we obtain as a result of your use of the Website will be collected in the United States and/or transferred to the United States and will be subject to U.S. law.
Please note that this Website is an online product shopping platform directed to adults only (including parents and/or guardians). We do not knowingly collect personal data about children under the age of 13. We anticipate only collecting data from parents and guardians purchasing products for and on behalf of their children.
If you are under the age of 13, you may only use our Website and submit personal information if you have the consent of, and are supervised by, a parent or guardian. If we believe a child using this Website is under 13 we will not process any personal information of that child without the verifiable consent of the parent or guardian. If, as a parent or guardian, you believe we have collected personal data about your child, you may contact us to review the data and request that we cease processing data about your child.
- What personal data do we collect?
What is personal data?
- Basic details like your name, date of birth and gender.
- Contact details like your e-mail address, phone number, delivery address and shipping address if you are purchasing products or services from us.
- Transaction data like details about payments you have made to us and the products or services you have purchased.
- Technical data about your browsing actions and interactions with this Website. We collect this information by using cookies and other similar technologies.
- Usage data about how you use our Websites.
- Marketing and communications data which includes your preferences in receiving marketing from us and third parties.
- How do we collect your personal data?
Automated technologies or interactions
We also collect information about you when you visit and interact with our Website through the use of technologies such as cookies. The following are examples of information we may collect:
- information about your device, browser or operating system;
- your IP address;
- information about links that you click and pages you view on our Website;
- length of visits to certain pages;
- subjects you viewed or searched for;
- page response times;
- records of download errors and/or broken links;
- page interaction information (such as details of your scrolling, clicks, and mouse-overs);
- methods used to browse away from the page; and
- the full Uniform Resource Locators (URL) clickstream to, through and from this Website (including date and time).
- How and why do we use and share your personal data?
Lawful basis for processing your information
We will only use your personal data when the law allows us to. Most commonly we will use personal data in the following circumstances:
- Where you have asked us to do so, or consented to us doing so;
- Where we need to do so in order to perform a contract we have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation.
Here are some examples about how we may use the information we collect about you and the lawful basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
|Activity||Examples of the types of personal data we may collect||Lawful basis for processing|
|To manage our relationship with you including notifying you of any changes to the Website or services provided on the Website or dealing with any enquiries made by you.||Basic, Contact and Marketing and communications data.||Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated, manage the operation of the Website and study how users use our products & services)|
|To send you marketing communications, news, information about giveaways and to keep you up-to-date about our products and services which we think will interest you.||Marketing and communications data.||Necessary for our legitimate interests (to develop our business/brand and improve our marketing strategy)|
|To allow you to attend an event or so that you can enter a competition or prize draw.||Basic, Contact and Marketing and communications data.||Necessary for our legitimate interests (to develop our business/brand and improve our marketing strategy)|
|To administer and protect our business and the Website (including fraud prevention and detection, troubleshooting, data analysis and system testing.)||Basic, Contact, Usage and Technical data.||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)|
|To deliver relevant Website content and advertisements to you.||Basic, Contact, Marketing and communications and Technical data.||Necessary for our legitimate interests (to study how customers use our products/ services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our Website, services, marketing, customer relationships and experiences.||Technical and Usage Data.||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|Where you are a business contact: · to enter into a busines relationship with you. For example, to licence our brand and contact you about this where necessary · to manage our ongoing business relationship with you||Contact details and marketing and communications data.||Necessary for our legitimate interests in entering into commercial relations with your business.|
|To enable us to comply with any legal or regulatory requirements and otherwise any relevant regulator or competent authority.||Any personal data.||To comply with our legal obligations.|
Where you have given your consent, or where we have an alternative lawful basis, you may receive marketing communications from us.
You can unsubscribe (or ‘opt out’) from marketing emails at any time by clicking on the unsubscribe link at the bottom of any marketing email. You may also contact us directly if you do not wish to receive any marketing materials from us.
Sharing your personal data
Depending on how and why you provide us with your personal data, we may share it in the following ways where appropriate:
- with selected third parties who we sub-contract to provide various services (such as for marketing purposes) and/or aspects of the Website’s functionality;
- with analytics and search engine providers that assist us in the improvement and optimisation of our Website as described above;
- if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that sale;
- if GAGS or substantially all of its assets are acquired by a third party, in which case personal data held by us about you will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or if we are asked to provide your details to a lawful authority in order to aid in a criminal or legal investigation; and
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your personal data, including information about your payment details (such as credit card information and bank account details), is stored through Shopify’s data storage, databases and the general Shopify application. GAGS do not process any payments, including but not limited to credit or debit cards, and neither party has access to this information.
Links to third party sites
- For how long do we keep your personal data?
We will hold your personal information on our systems only for as long as required to provide you with the services you have requested, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances you can ask us to delete your data: see ‘Your rights’ below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research, demographic, analytical or statistical purposes in which case we may use this information indefinitely.
GAGS takes the protection of personal data seriously. We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, including use of secure servers and passwords. In circumstances where we have given you a password that enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Despite these precautions, and although we will do our best to protect your personal data, GAGS cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal data. In the event of an actual or suspected data breach, we have put in place procedures to deal with this and will notify you and any applicable regulator of a breach where required to do so.
9. Your rights
Depending on which law applies, as a data subject you have certain rights in relation to your personal data. Below, we have described the various rights that you may have, depending on applicable privacy laws, as well as how you can exercise them. These rights can be exercised by contacting us – see the “Contact Details” section below.
Right of Access
You may have a right to request access to the personal data that we hold which relates to you. If this right does apply, please note that this right entitles you to receive a copy of the personal data that we hold about you. It is not a right to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.
Your right to rectification and erasure
You may have a right to request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it.
Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Further, we are not always obliged to erase personal data when asked to do so; if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to the request.
Your right to restrict processing
Where we process your personal data on the basis of a legitimate interest, you may be entitled to ask us to stop processing it if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.
You may also be entitled to ask us to stop processing your personal data: (a) if you dispute the accuracy of that personal data and want us verify that data’s accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.
Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will explain that reason, either at the time we first respond to the request or after we have had the opportunity to consider and investigate it.
Your right to portability
Under certain circumstances, where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party, you may be entitled to write to us and ask us to provide it to you in a commonly used machine-readable format.
Your right to object to processing
You may be entitled to object to processing of your personal data where we rely on legitimate interest for processing that personal data. Where applicable, we will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.
Your right to withdraw consent
Where our processing of your data is on the basis of consent, you can withdraw this consent at any time. This would not affect the lawfulness of the processing based on consent prior to the withdrawal.
Right to Opt Out of Sale of Personal Data
A consumer (as defined in the California Consumer Privacy Act 2018 (or “CCPA”)) has the right to request disclosure of personal data about him or her sold by GAGS and opt out of the sale of that consumer’s personal data by GAGS by contacting us using the contact details set out below.
Shine the Light
California law provides that you have the right to submit a request to us at our designated email address and receive the following information: (i) the categories of information disclosed to third parties for the third parties’ direct marketing purposes during the preceding calendar year; and (ii) the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed. Please put “Shine the Light Request” in the subject line of your email.
Exercising your rights
When you write to us making a request to exercise your rights, we may ask for copies of relevant ID documents to help us to verify identity.
It will help us to process your request if you clearly state which right you wish to exercise, what personal data it is that is of particular concern to you and, where relevant, why it is that you are exercising it. The clearer and more specific the request, the faster and more efficiently we can deal with that request. If insufficient information is provided then there may be a delay in actioning the request until additional information is provided (and where this is the case we will endeavour to tell you).
Please note that all the rights mentioned in this section are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. For example, we may refuse to comply with a request if it is manifestly unfounded or excessive.
10. Contact Details
Whilst we would prefer that you direct any complaints or queries you have to us first, you may also lodge a complaint to the supervisory authority applicable in your country about the way we process your personal data.