We are pleased about your use of our website. The protection of your personal data is important to us and we want you to feel safe when using this website. This privacy statement is issued in compliance with the Philippines’ Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, its corresponding implementing rules and procedures (“IRR), and other issuances of the National Privacy Commission (“NPC”) (hereinafter, collectively referred to as the “DPA”). Please read this privacy statement carefully.
1. Information concerning the collection of personal data
a. This privacy statement applies to our collection, processing and utilization of your personal data through this website. “Personal data” means all information relating to an identified or identifiable natural person whether recorded in a material form or not, which, by itself or when put together with other information, would reasonably and directly reveal the identity of a natural person. Our website does not knowingly collect nor process “sensitive personal data” as defined under the DPA.
b. Personal information controller (the “Controller”) as per the DPA is:
Name: Emma Sleep Singapore Pte. Ltd.
Address 135 Cecil Street, #10-11 MYP Plaza, Singapore 069536
You can reach our data protection officer through the following contact details:
c. If we use contracted service providers for individual functions to present our services to you or to your data for advertising purposes, we will inform you in detail about the respective processes below.
2. Your rights as a data subject
a. You have the following rights against us with respect to the personal data concerning you:
• Right to be informed (Section 16(a) & 16(b), DPA)
You have the right to request for information regarding the existence of past, present, or planned future processing of your personal data. This privacy statement further provides the information required by the DPA to be furnished to you prior to the processing of your personal data or at the next practical opportunity.
• Right of access (Section 16(c), DPA):
You have the right to request from us the following information about the personal data we hold about you: contents of your personal data that were processed, sources of your personal data, names and addresses of recipients of your personal data, manner by which your personal data were processed, reasons for the disclosure of your personal data, information on automated processes which use your personal data as sole basis for decisions significantly affecting you, date when your personal data were last accessed and modified, and the identity and contact details of the Controller.
• Right to rectification (Section 16(d), DPA):
You have the right to dispute your personal data that we process which are inaccurate, incomplete, obsolete, or contains any error (hereinafter referred to as “Erroneous Personal Data”). Upon substantial proof, you may request that we correct the Erroneous Personal Data immediately and to inform third parties to whom we previously transferred your Erroneous Personal Data of the rectification once made. We will take appropriate steps to keep your personal data that we process on an ongoing basis as accurate, complete, and current as possible based on the most up-to-date information available to us.
• Right to erasure or blocking (Section 16(e), DPA):
You have the right to demand the suspension, withdrawal, blocking, removal, anonymization, deletion, or destruction your personal data that we process upon discovery and substantial proof of any of the grounds enumerated in the DPA.
• Right to damages (Section 16(f), DPA):
You have the right to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.
• Right to data portability (Section 18, DPA):
You have the right to request for a copy of your personal data in an electronic or structured format which is commonly used and allows for your further use in accordance with the standards set out by the NPC, if any, and subject to commercial and industrial secrets. Note, that we may charge you for the reproduction costs.
• Right to object (Section 34(b), IRR):
You have the rights to object to the processing of your personal data, including processing for direct marketing, automated processing, or profiling.
b. Inquiries and requests regarding your rights as a data subject, including any objections to or complaints regarding our processing of your personal data, can be sent to us at firstname.lastname@example.org.
c. If you feel that we have not responded in an appropriate manner to your requests or complaints regarding our processing of your personal data, you have the right to complain to the NPC through their website (https://privacy.gov.ph).
d. You can send your inquiries regarding your rights as a data subject to us by completing the data subject rights (DSR) Request Form available at the bottom corner of this page or the one available by clicking this or file here .
3. Collection of personal data when visiting our website
If you use the website simply for informational purposes (i.e. if you do not register yourself or send us any personal data) we collect only the personal data which your browser sends to our server. If you wish to view our website, we collect the following technical personal data on the legal basis of legitimate interests (Section 12(f), DPA) to enable us to show you our website and ensure stability and security:
a. IP address
b. date and time of the query
c. time zone difference relative to Greenwich Mean Time (GMT)
d. content of the query (specific site)
e. access status/HTTP status code
f. data volume transmitted in each case
g. website from which the request emanates
i. operating system and its user interface
j. language and version of the browser software
The personal data mentioned above gets processed for the following purposes:
a. To ensure a smooth connection of the website;
b. Guarantee a comfortable use of the website;
c. Evaluation of system security and stability as well as for other administrative purposes. These personal data are temporarily stored in so-called log files, recorded without your intervention, and stored until the same are automatically deleted. If you don’t want the above personal data to be collected, you should not access our website as we will be unable to allow you access to our website without such personal data.
4. Recipients or categories of recipients of personal data
a. Within the scope of our activities and services, it may become necessary for us to disclose the personal data stored about you to natural persons, legal entities or public authorities. We conclude contracts with our service providers, which ensure that they may only process your personal data in a way that we have explicitly instructed them to do so. Furthermore, we ensure that they take the necessary technical and organizational measures to process your data securely and store your personal data only as long as necessary. External service providers who may receive personal data generally fall into the following categories of recipients:
• Subsidiaries and affiliates
• Credit institutions and providers of payment services for billing and payment processing (online payment providers)
• Parcel Shipper
• Non-Governmental/Charitable Organization that collects product returns
• IT service provider to maintain our IT infrastructure
• Cloud provider
• Service provider for the optimization of the online offer
• Collection service providers or lawyers to collect receivables and enforce claims in court. If, in the event of a collection case, personal data (customer and contact data, payment and consumption data and data on the claim) is transferred to a collection service provider, we will inform you in advance about the intended transfer.
b. If personal data is processed in countries outside the Philippines, we will ensure that your personal data is transferred to countries that provide a level of protection of personal data that is adequate to the provisions of the DPA or that there are acceptable contractual guarantees in place to ensure the processing of your personal data in accordance with the DPA’s data protection level. In the absence of these, we will request your explicit consent for the international transfer of your personal data.
5. Contact form
a. When you contact us, the personal data you provide will be processed for the purpose of processing your request and for the event that follow-up questions arise based on legal obligations (Section 12(c), DPA).
b. The personal data collected by us in this context will be deleted when the data subject request associated with the contact has been completely clarified and it is also not to be expected that the specific contact will become relevant again in the future, unless legal storage obligations stand against this. We will retain a copy of the final communication regarding your data subject request in order to evidence our compliance with our legal obligations as controller (Section 12(c), DPA) and in our legitimate interest to protect and defend against future litigation (Section 12(f), DPA).
6. Use of our Webshop, Orders
If you would like to order from our webshop, it is necessary for the conclusion of the contract (Section 12(b), DPA) that you provide your personal data, which we need to process your order. Mandatory personal data necessary for the processing of the contracts are marked in our forms. Further data are voluntary. We use the personal data you provide to process your order. For this purpose, we can pass on your payment data to our house bank or to the selected payment service provider. If we deliver goods to you, we will pass on your data to the assigned shipping company for delivery.
If you want to do a product return, we will pass on your data to the assigned non-governmental/ charitable organization for the pick-up and collection of the product. Failure to provide this personal data may mean that the order cannot be carried out.
a. We send newsletters, e-mails and other electronic notifications containing promotional information. Our newsletters contain information about our products, offers, promotions and our company. With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection.
b. For the subscription to our newsletter we use a logged double-opt-in procedure. This means that after subscription you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with e-mail addresses they do not own. Newsletter subscriptions are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your personal data stored by the service provider are also logged. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
c. To subscribe to the newsletter, it is sufficient to enter your e-mail address. The provision of further data is voluntary and is used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The newsletter dispatch and the measurement of performance are based on your consent (Section 12(b), DPA).
d. If you receive a newsletter, notification, and/or marketing without subscribing, we are doing so on the basis of our legitimate interest for marketing and to inform you about our products and services (Section 12(f), DPA).
e. To stop receiving the newsletter, you may withdraw your consent to or object to receiving the same at any time by clicking on the unsubscribe link provided in every newsletter e-mail or by completing the DSR Request Form. </p>
b. Kinds of Cookies This website uses the following types of cookies:
• Transient Cookies
Transient cookies are automatically deleted when you close your browser. These are mostly session cookies, which save a so-called “session-ID”, which allows for the assigning of different queries within your browser during a particular session. This can be used to identify your device when one repeatedly visits a website during a session. These cookies are deleted once you log out or the browser window is closed.
• Persistent Cookies
Persistent cookies enable the website to remember your information and settings on your next visit. This gives you faster and more convenient access to the website, as you do not have to change your language settings again, for example. How long the cookie remains on your device depends on the duration or expiration date of the respective cookie and your browser settings. These cookies are automatically deleted after a set period of time which can differ from cookie to cookie. Persistent cookies can be deleted via the security settings in your browser at any time.
9. Social-Media, portals
a. We are represented in the social networks and employer evaluation portals mentioned below. These presences are operated exclusively by the respective provider. They serve to communicate directly with customers, interested parties and users. If you contact us via our social media channels, we process the personal data that you provide us with on the basis of consent (Section 12(b), DPA) while we process your personal data that is necessary to process your request on the basis of our legal obligation (Section 12(c), DPA) or legitimate interests (Section 12(f), DPA) depending on the type of request.
b. When you visit our social media pages, your user data is recorded and provided to us by the operator. The exact types of data differ from provider to provider, but generally include the following information:
• Follower: number and stored profiles; information about growth and development over a defined time frame.
• Reach: number of people who see a specific contribution; number of interactions with a contribution. From this, it can be deduced, for example, which content is better received by the community than others.
• Ad performance: How many people were reached by a contribution or a paid ad and have interacted with it.
• Demographics: Average age of visitors, gender, location, language.
c. Since our social media channels are operated by the providers of the respective social networks, there may be a supplementary use of your personal data by the respective operator, over which we have no influence. This often involves the recording of your IP address, the creation of static evaluations and the processing of further information stored in the form of cookies. We have no influence on the generation and presentation of this personal data and can neither turn off this function nor prevent the processing of the personal data.
d. The assertion of data subject rights and requests can most effectively be addressed directly to the platform providers, since only they have access to your data and can take immediate action and provide information. Should our cooperation be necessary for this, we will support you in enforcing your rights as a data subject.
10. Personal data collected from minors, legally-incompetent persons, and other individuals (hereinafter, collectively referred to as a “Minor” or “Minors”),
a. Our Website is intended only for persons who are of legal age and are deemed legally competent to provide their valid and binding consent under Philippines law. If you are a Minor, please consult your parent(s) or legal guardian(s) first before visiting our website.
b. We neither offer products nor services to, nor knowingly collect personal data of Minors without any legal basis. Should we learn that we were provided with personal data of Minors without any legal basis, we will delete the same.
c. To the extent that you have provided (or will provide) personal data about your family members, spouse, other dependents, and/or other natural persons, you represent and warrant that, prior to sharing their personal data, you have explained to them that you will provide their personal data to us and that they consented to the same being processed (including disclosure and transfer) in accordance with this privacy statement.
11. Data retention and deletion
We keep your personal data for the period of the customer relationship with you or for the legally-required period after termination of such relationship or agreement in order to defend our legal claims, to protect and enforce our rights, or to comply with laws and regulations. In general, the legal retention period for documents important for taxation (such as accounting receipts) is ten (10) years while other documents that can be considered as commercial or business transaction documents is six (6) years.
12. Changes and updates to the privacy statement
We may modify or amend this privacy statement from time to time to keep up with any changes in relevant laws and regulations applicable to us or how we collect, use, protect, store, share or dispose of your personal data. Any changes or updates will be posted on our website and the same shall be effective immediately upon such posting.