GAIA Expansion Holdings Inc
PRIVACY POLICY
What is this?
Information for you about why and how your personal data is processed by GaiaGold. We, GaiaGold (“We” “Our” “Us” “GaiaGold”), are committed to protecting and respecting your privacy.
Introduction
When we say “GaiaGold”, we mean “Gaia Expansion Holdings, Inc.”, a new age gold mine funding company which is based in the Philippines.
General data protection laws
Republic Act No. 10173, known as the Data Privacy Act of 2012 (the “Data Privacy Act”).
The Implementing Rules and Regulations of the Data Privacy Act (“IRR”) were
promulgated on 24 August 2016.
Philippine Data protection law (Data Privacy Act of 2012)gives you rights (please see below), and we want to make sure we’re doing right by you. If you have any questions, concerns or requests about your data, or if you think there is any info missing, unclear or incorrect then please do get in touch with us on info@gaiagold.io.
National Supervisory Authority
The National Privacy Commission (the “Commission”). The Commission is attached to the Department of Information and Communications Technology.
5th Floor, Delegation Building
PICC Complex,
Roxas Boulevard, Manila
Metro Manila
www.privacy.gov.ph/
About this Policy
This Privacy Policy explains how we use any personal data you provide to us during
or arising out of:
- your use of Our website at the domain name, gaiagold.io;
- all correspondence, related submissions, content or other material exchanged between GaiaGold and you;
- all interactions with GaiaGold made via our Website or other communications channels;
- details you provide to Us using our “info@gaiagold.io” Contact form on Our Website.
Personal data is any information which personally identifies you, and can include your name, address or email address. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By accessing, browsing or otherwise using our Website you confirm that you have read and agree to this Privacy Policy.
Data Controller
Our Website is owned and operated by GaiaGold, which for the purpose of data protection laws makes us the Personal Information Controllers.Personal Information Controller is defined as
“a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf.The
term excludes:
(i) a natural or juridical person, or any other body, who performs such functions as instructed by another person or organization; or
(ii) a natural person who processes personal data in connection with his or her personal, family or household affairs”.
Data we will collect from you
We retain information which is provided by you directly and information that is passively or automatically collected from you. Specifically, GaiaGold will collect and process the following data from you:
• Information that you provide when filling in the contact form on Our Website. This includes information you provide when you complete our “Contact Us” form;
• Information that you provide when corresponding with us;
• Details of your visits to our Website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources and links that you access;
• Information you provide about yourself any time you contact us or follow us through social media or when you take part in our promotions, competitions or submit reviews about us; and
• Any other information which you may provide to Us when using our Website.
We do not collect sensitive personal data or special category personal data but if you ever disclosed such information to us then we would treat this information in accordance with the additional protection it is given under data protection laws.
Data we collect through our Website
As you use our Website, we will also passively collect data through our use of cookies, pixels, beacons, log files and other technologies. This data helps us to deliver more helpful information, services and tools.
Please see our Cookies Policy for more information.
Storing your personal data
GaiaGold will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. The personal information that you provide will be retained by us in accordance with applicable laws and our internal retention policy. We will only hold your personal information on our systems for as long as is necessary for the relevant purpose for which it was collected.
We will take all reasonable steps to destroy or de-identify personal information we hold if it is no longer needed for the purpose for which it was collected.
Uses made of the data
We use data held about you for the following reasons and in the following ways:
When there is an obligation arising from a contract entered into between you and us:
• To provide you with information about products and/or services which you request from us;
• To notify you about changes to our products and/or services.
When necessary for our legitimate interests:
• To ensure that content from our Website is presented in the most effective manner for you and for your computer; and
• To allow you to participate in interactive features of our service.
When you consent:
• For certain types of targeted marketing and advertising purposes which are subject to your consent; and
• To allow us to contact you to discuss your product query or complaint received via Our “Contact Us” form on our Website or social media.
When there is a legal and/or regulatory obligation:
• To comply with applicable laws where we are obliged to retain and/or disclose certain information; and
• For internal and external auditing purposes.
Disclosure of Information
We sometimes need to share your data with third parties who help us provide our services.
We will never share your personal data with other companies or organisations for their own marketing or promotional purposes. We also make sure that any third parties who have access to your personal data have reviews and processes in place to keep it confidential and only use it in ways that you would reasonably
expect.
We will disclose your personal data to third parties:
- As part of Our services we use a number of third party organisations to help (e.g. fulfilment providers). These organisations act as Personal Information Processors and will be strictly controlled in how they may/may not use your data and GaiaGold will remain responsible for the protection of your data. Such selected third parties include:
* business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.
- If we go through a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets, your data may be one of the transferred assets and you acknowledge that such transfers may occur and are permitted by this Privacy Policy;
- If GaiaGold are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms and Conditions of use and other agreements; or to protect the rights, property, or safety of GaiaGold, our community, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Marketing
Where you have provided us with the appropriate consents to our general marketing, We will send you marketing materials about other products or services offered by GaiaGold.
You have the right to object to the use of your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by
emailing us info@gaiagold.io or by clicking “unsubscribe” on the relevant email communication(s).
Transfer of Personal Data to Third Countries
Restrictions on transfers to third countries
Transfers to third countries are permissible under the Data Privacy Act.
As Personal Information Controller we are responsible for Personal Information under our control or custody, including information that has been transferred to a third party for processing overseas.
As Personal Information Controller we must use contractual or other reasonable means to provide a comparable level of protection for Personal Information processed by a third party.
Notification and approval of national regulator (including notification of use of Model Contracts)
As Personal Information Controllers, we are required to register that our data processing systems provide certain details about its data processing system(s) including whether the personal data it processes would be transferred outside of the Philippines.
Use of binding corporate rules
The Data Privacy Act does not contain the concept of binding corporate rules.
Changes to our Privacy Policy
We reserve the right to change the contents of our Website. Any changes we may make to our Privacy Policy in the future will be posted on this page. It is your responsibility to familiarise yourself with this Privacy Policy regularly. Your continued use of our Website following the posting of any such changes will constitute your acceptance of the revised policy.
Your rights
Data protection law gives you rights to help you understand and control how personal data about you is used. This section explains what these rights are and what GaiaGold has in place to help you exercise them.
Your rights are….
Rights to access information
As a data subject, you are entitled to reasonable access to:
(i) the contents of the Personal Information that was processed;
(ii) the sources of the Personal Information;
(iii) the names and addresses of recipients;
(iv) the manner by which the Personal Information was processed;
(v) the reasons for the disclosure of the Personal Information to recipients;
(vi) information on automated decision processes;
(vii) the date when his or her Personal Information concerning the data subject was last accessed and modified; and
(viii) the designation, name or identity and address of the Personal Information Controller.
Rights to data portability
Where Personal Information is processed by electronic means and in a structured and commonly used format, the data subject has a right to obtain the Personal
Information in that format.
Right to be forgotten
Under the Data Privacy Act and the IRR, data subjects have the right to erasure and blocking. A data subject has the right to suspend, withdraw, order the blocking, removal or destruction of his or her Personal Information from a Personal Information Controller’s filing system.
This right may be exercised upon discovery and substantial proof of any of the following:
(i) the personal data is incomplete, outdated, false, or unlawfully obtained;
(ii) the personal data is being used for unauthorised purpose;
(ii) the personal data is no longer necessary for the purposes for which they were collected;
(iv) the data subject withdraws consent or objects to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
(v) the personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorised;
(vi) the processing is unlawful; or
(vii) the Personal Information Controller or Personal Information Processor violated the rights of the data subject.
Objection to direct marketing and profiling
The Data Privacy Act defines direct marketing as communication by whatever means of any advertising or marketing material which is directed to particular individuals. The IRR explicitly states that the data subject has the right to object to the processing of his or her personal data, including processing for direct marketing, automated processing or profiling. The data subject shall be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared data.
Other rights
As a data subject, you are also entitled to object to unauthorised use of your Personal Information and to have inaccurate or incorrect Personal Information corrected in some cases.
The rights of the data subject are transmissible to their heirs and assigns at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising his rights.
