Collection, Use and Storage of Personal Data
1.1 Definition of personal data.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data.Personal data does not include data that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.
Here is a description of the types of personal data we may collect and how we may use it:
1.2 What Personal Data We Collect
Depending on the products and services you choose, we collect different kinds of personal data from or about you.
Data you provide
We collect the personal data you provide when you create an account to use our products and services or otherwise interact with us, such as when you fill in account information, contact us, participate in an online survey, use our online help or online chat tool.
Data from your terminal equipment
. Photos/ Media/ File
Our app can use files or data stored on your device. If you want to prevent our app from accessing to your phone data ,you can reset your permission on your phone.After obtaining your permission, Photos/Media/Files access may include the ability to:
① Read the contents of your USB storage (such as SD card).
② Add contents to your USB storage
③ Format external storage
④ Mount or unmount external storage
We may collect and store information (including personal data) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
You can upload photos when you comment by online services. So, we should collect images and other information from your device's camera and photos. For example, you will not be able to upload photos from your camera roll unless we can access your camera or photos by your permission.
.Unique application numbers
Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to website when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
Data about purchase
If you make a purchase, we collect personal data in related with the purchase. This data includes your purchase data, such as your mail of PayPal, user name, shipping address and other authentication information, as well as billing, shipping, and contact details.
Data about improving our services and products
When you visit our websites, we may collect data about the type of device you use, your device's unique identifier, the IP address of your device, your operating system, the type of Internet browser that you use, usage information, diagnostic information, and location information from or about the computers, phones, or other devices on which you install or access our products or services. Where available, our services may use GPS, your IP address, and other technologies to determine a device's approximate location to allow us to improve our products and services.
1.3 How We Use Your Personal Data
Generally speaking, we use personal data to provide, improve, and develop our products and services, to communicate with you, to offer you targeted advertisements and services, and to protect us and our customers.
Gracosy determines and controls how to process your personal data as data controller for the following purposes:
Providing, improving, and developing our products and services
Communicating with you
Subject to your prior express consent, we may use personal data to send you marketing communications in relation to our own products and services, communicate with you about your account or transactions, and inform you about our policies and terms. If you no longer wish to receive email communications for directly marketing purposes, please contact us to opt-out. We also may use your data to process and respond to your requests when you contact us. If you no longer wish to agree above services we provide, please contact us to opt-out.
Offering and measuring targeted advertisements and services
Subject to your prior express consent, we may use your personal data to personalize your experience with our products and services and on third-party websites and applications and to determine the effectiveness of our promotional campaigns. You are free to choose whether receive promotion information or not. If you no longer wish to agree above services we provide, please send e-mail to us to opt-out or choose"unsubscribe" to opt out in those e-mails.
Promoting safety and security
Subject to your prior express consent, we may use some technology measures to protect your personal data for helping verify accounts and user normal activities, as well as to promote data safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies. Such processing is based on our legitimate interest in helping ensure the safety of our products and services.
1.4 How We Store Your Personal Data
We may take technology measures to make sure your personal data record is complete and accurate, such as cookies and similar technologies. And Subject to your prior express consent, we may store our processing record of your personal data for ten years.
Cookies and Similar Technologies
You can remove or reject cookies using your browser or device settings, but in some cases doing so may affect your ability to use our products and services.
2.1 Definition of "Cookies"
Cookies are small pieces of text used to store information on web browsers. Cookies are widely used to store and receive identifiers and other information on computers, phones, and other devices. These types of files do a number of different jobs such as remembering your preferences and chosen items, assisting you to improve your site experience as well as trying to ensure that the adverts or offers you see online are more relevant to you. These "cookies" can be divided into 4 types each of which is outlined below.
2.2 Types of Cookies
Strictly Necessary Cookies
In order to provide you with fundamental services of our website,such as visit our website or make a purchase, these cookies are essential. If you disable these cookies, we will not be able to fulfill your request.
This type collect anonymous information on how people use the site and the data is merged with other users to enable us to improve how the site operates. For example we utilise Google Analytics cookies to help us understand how customers arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, shopping experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.If you disable or opt-out of these cookies, you may not be able to use certain features of our websites and services, and it may reduce the support or information that we can provide you.
These cookies may remember the operations such as your preference so that we can provide you with better services and improve our operation models.If you reject these cookies, you may not be able to use certain functions of our websites.
Targeting Cookies or Advertising Cookies
These cookies collect information about your browsing habits in order to make advertising more personalize to you.These cookies may remember the websites you have visited and share them with the third parties such as advertisers.If you reject these cookies, you may not be able to use certain functions of our websites and services, and it may affect your experience.
Social networking cookies
These cookies are used to enable you to share pages and content on our websites and services through third-party social networking and other websites. These cookies may also be used for advertising purposes. If you reject these cookies, you may not be able to use certain functions of our websites, and it may affect your experience.
2.3 Cookies Placed by Third Parties
2.4 Controlling and Opting-Out of Cookies
You can change the settings on your browser to prevent cookies being stored on your computer or mobile device without your explicit consent. Your browser "help" section will normally provide details on how to manage the cookie settings. If you choose to reject cookies, as noted above, you may not be able to use certain features of our websites and services.
2.5 Other similar technologies
DPAPI (Data Protection Application Programming Interface) is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems. In theory the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy.DPAPI can help record and store users’ personal data.
Data Cube is a simple application for record and analyze personal data.
If you choose to reject cookies, as noted above, you may not be able to use certain features of our websites and services.
We take reasonable steps to ensure that your personal data is accurate, complete, and up to date. Based on protection for your privacy, your have the following rights:
You have the right to contact us to know whether or not your personal data is being processed, and, where that is the case, access to the personal data and information,including but not limited to the purposes of the processing and the categories of personal data concerned.
You have the right to contact us to correct or delete your inaccurate personal data concerning. Taking into account the purposes of the processing, you are also free to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to obtain from us the erasure of personal data concerning yourself.
You have the right to contact us to set the restriction of processing, which limited our processing authorities
You have the right to receive the personal data you provide in a structured, commonly used and machine-readable format and to transmit those data to a third party.
You have the right to contact us to make your objection on grounds relating to your particular situation, at any time to processing of personal data
You have the right not to be subject to a decision based solely on automated processing,including profiling, which produces legal effects concerning you or similarly significantly affect you. When you need to realize this right, please contact us to offer help.
To protect the privacy and the security of your personal data, we may request data from you to enable us to confirm your identity and right to access such data, as well as to search for and provide you with the personal data we maintain. There are instances where applicable laws or regulatory requirements allow or require us to refuse to provide or delete some or all of the personal data that we maintain.
You may contact us to exercise your rights. We will respond to your request within 30days.
3.1 Checking your details
How can I check my personal data
You can check your personal data via entering "My Account".
Deleting your Information
Please contact us when you find it necessary to delete your information :
Personal data for providing, improving, and developing our products and services. If this type of data is deleted, your account will be close because your account can not be used normally without this type of data.
Personal data that we use to communicate with you. If this type of data is deleted, we will be unable to contact you. Please make your decisions cautiously.
Personal data to offer and measure targeted advertisements and services. If this type of data is deleted, you will not receive the latest marketing news and personalized shopping services.
Personal data relating to promoting safety and security. If this type of data is deleted, your account will be strongly threatened that you may not use your account normally.
If you delete your data, we have no obligation to retain your data, and we may delete any or all of your data without liability. However, we may retain data related to you if we believe it may be necessary to prevent fraud or future abuse, if required by law, or for legitimate purposes, such as analysis of non-personal data, account recovery, auditing our records, and enforcing our rights and obligations under our agreements.
Data processed by Third Party
4.1 Third party's previous authorization to us
4.2 Other Third parties that may reach your information
To provide better products and service for our customers, we may mainly transfer your data to the two types of third parties,
Third party related to Advertising & Marketing——Google, Facebook etc.
Information of your activities on our website, for example, what products you like to browse, may be transferred to these third parties. You may receive Communication letters on advertising and marketing in your e-mail sent by us and/or selected third parties. You have the option to opt-out of receiving marketing communications from us and/or selected third parties. When you do not want to receive advertisements from us and/or selected third parties any more, you should opt-out by contacting us (e-mail) or click on the "unsubscribe" link in any email communications which you receive.
Third-party related to Payment & Delivery——Paypal etc.
If you make a purchase from our store, your payment and delivery information will be necessary to the trade. Your information may be transferred to third parties above and processed by them. We promise that appropriate or suitable safeguards, for example, encryption technology, will be provided to ensure security of your information This type of personal date is so important to your purchase activities that we strongly recommend you to think twice when you want to delete or object to the processing of these data.
4.3 About Third party located in a third country
As we has stated above, model contractual clauses or alternative legal bases or binding corporate rules will help protect your information security. Once we notice a third party breach its obligation and infringe your privacy, we will immediately notice it to correct its mistake. If you notice a third party breach its obligation and infringe your privacy owing to Gracosy’s mistake, you may contact us to obtain remedies. We promise that appropriate or suitable safeguards, for example, encryption technology, will be provided to ensure security of your information. Our customers have right to obtain copy of those data transferred to a third country. If you need to realize your rights, please contact us.
4.4 About Third-party websites
Our website may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and we do not share your information with them unless your permission or other legal basis authorize us to do so. Please check these policies before you submit any personal data to these websites. We should not be liable for personal data breach caused by these third-party websites.
We use reasonable technical, administrative, and physical security measures designed to safeguard and help prevent unauthorized access to your data, and to correctly use the data we collect. For example, access to your personal data is strictly limited to our data controller, data processor, data protection officer who need access to such data to perform their assigned job duties. We have built up recovery system to prevent your data from destruction, loss, alteration, unauthorized disclosure caused by automatic technology.
It is important that you take precautions to protect against unauthorized access to your account credentials, and computer or other devices. "personal data breach"means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.If you notice such kind of personal data breach, please immediately contact us. We will investigate any complaint and notify the individual of the outcome of the investigation within a reasonable period. Gracosy has set up Data Protection Officer(DPO) to provide professional analysis about personal data processing. Whenever you need help directly from our DPO, you are free to inform us of your requirement. Please be aware that, despite our best efforts, no security system is impenetrable. In the event of a security breach, we will promptly notify you and the proper authorities if required by law.