Goofish Privacy Policy
(Effective as of January 22 2025)
1.About Goofish
1.1 This Privacy Policy applies to your use of services provided by GOODUSUS PTE. LTD, GOOFISH PTE. LTD, and their affiliated companies (“Goofish”, “we”, “us”, “our”). These services (collectively, the “Goofish Services”) include the Goofish mobile application (the “Community”), as well as any new service forms emerging from technical developments, including but not limited to, mini-programmes. We attach great importance to the protection of users’ privacy and personal data. This Privacy Policy sets out how we may collect, use, disclose and otherwise process (“process”) your personal data when you use Goofish Services. If you are located in the European Economic Area (“EEA”), the UK, the United States (“US”), Singapore, Hong Kong Special Administrative Region of China (“Hong Kong SAR”), Canada or Malaysia, Australia, and Thailand, there are additional jurisdiction-specific supplemental terms that apply to you. Please see the respective sections under “Jurisdiction-Specific Supplemental Terms” below.
1.2 The Community is an online consumer-to-consumer focused idle resources exchange community that provides various services to individual users, enabling users to post idle resources information online, communicate with other users and facilitate transactions.
Based on your region of residence, the entity responsible for the handing of your personal data is:
●
For users located in the United States: If you are a registered user of Goofish Services, and you are from United States, you are contracting with GOODUSUS PTE. LTD.
●
For users in other countries or regions: If you are a registered user of Goofish Services, and you are from a place other than United States, you are contracting with GOOFISH PTE. LTD.
Your region of residence is determined based on the region you actively select when you register or the region information displayed in your device’s system setting.
2.Collection of personal data
We collect your personal data in the following ways:
2.1 Personal data you actively provide
When you create an account, search or browse our apps (including the Community), sell or purchase goods, contact us directly, or otherwise use the services, you may provide your profile information, including mobile phone number, email address, avatar, nickname, location, and communication information (e.g., chat messages, and images sent via chat functions).
2.2 Personal data we collect automatically
We automatically collect certain information when you use Goofish Services, including technical information (such as Internet or other network activity information, device information), details of transactions and communications over the Community, details of buying and browsing activities on the Community, and other types of information regarding how you use Goofish Services.
We also employ cookies and similar tracking technologies, which may collect personal data about you. For further information, please refer to Section 3 of this Privacy Policy.
2.3 Personal data we receive from other sources
2.3.1 We may collect personal data about you from third parties, such as through Apple ID and the Google platform, if you choose to register via a third-party account. Exactly what information we receive will depend on your privacy settings on the applicable third-party platform, but would typically include basic public profile information such as:
●
Your email address
●
Your name, and/or nickname.
You can determine the personal data that we can access when authorizing the connection with the single sign-on service.
2.3.2 We may also collect personal data about you from other e-commerce marketplaces, if you choose to sell goods on other e-commerce marketplaces through Goofish conveniently. Normally, the third-party marketplace may require you to authorize the disclosure of your relevant information (which may include your account information, avatar, nickname, and goods items) to us.
2.3.3 We will only collect personal data from third parties for the purposes stated in this Privacy Policy where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us.
3.Cookies and similar technologies
This section explains how we use cookies and similar technologies (we refer to them collectively as “Cookies”, or “Cookie”) to recognize you when you visit our Community. It explains what these technologies are and why we use them, as well as your rights to control them.
3.1 Cookies are small text files collecting amounts of data that your browser receives and stores on the local drive of your computer or mobile device, which enable your device to be recognized when you visit a website or application. Goofish, particularly mobile application version, use other technologies that function in a similar way to cookies. For example, we use Software Developer Kits (“SDKs”), a collection of software development tools in one installable package, which allows third party developers to integrate with our mobile application for specific purposes (e.g., authentication).
3.2 We, and our partners or authorized third-providers make use of Cookies to provide you with a better, faster and safer user experience. Some Cookies are strictly necessary to make our Services work and to ensure data and IT security and prevent fraudulent activities. We refer to these as “operationally necessary Cookies”. Other Cookies enable us to provide Service functionality, or to enhance user experience on our Services, for instance, we may provide users with personalized content and advertising in the future.
3.3 Operationally necessary Cookies are strictly necessary to enable to access and use of our Service, and you cannot disable them. We may integrate third party cookies in the future, you have the right to decide whether to accept, reject or customize optional Cookies through our Cookie Settingtool to be updated simultaneously. If you disable non-operationally necessary Cookies, you can still use our Services although your use of some features and access to some areas on our Services may be limited.
3.4 For further information about the categories of Cookies we use, and how you can control Cookies, please see our Cookie Policyand Cookie Settings.
4. Details and Purposes of processing
4.1 How we process your personal data generally depends on the specific activity you carry out. Our legal bases for processing your personal data will depend on the personal data processed, the specific context in which it is processed, and applicable laws. These include but are not limited to: consent, the performance of our contract with you, the legitimate interests of Goofish or other parties, and compliance with our legal obligations. Legitimate interests, namely our legitimate interest in safeguarding our Services and its users. Where we rely on the bases of the legitimate interests of us or a third party, we will carry out a balancing test if required by applicable laws (e.g., the GDPR).
4.2 We may process personal data for the following purposes:
●
Enabling you to access Goofish Services (including the Community) and avail yourself of its functionalities (including editing and posting idle resources information, searching, and browsing etc.);
●
Providing you Goofish Services you request;
●
Enabling you to register for a Goofish Services (including Community) account;
●
Providing you with customer service and technical and operational support;
●
Learning about and understanding the behaviour and preference of our users;
●
Carrying out campaigns and events;
●
Detecting and preventing fraud, money-laundering and other crimes and security incidents;
●
Conducting research and analytics to ensure the security of Goofish Services, improve the content and layout of Goofish Services, and to improve Goofish Services, product offerings and services, and operational methods and processes;
●
Handling any disputes or for the purpose of any legal proceedings;
●
Compliance with legal obligations to which we are subject, in accordance with applicable specific legal requirements. These legal requirements include, but are not limited to, content mitigation, anti-money laundering, and account verification.
The following table provides more details on our purposes for processing your personal data and the related legal bases. The legal bases under which your data is processed will depend on the data concerns and the specific context in which we use it.
User Activity/Purpose | Personal data | Legal Bases |
● Helping you register Goofish and account management | ● User profile data, such as nickname, avatar, country of residence, your accounting setting. ● External account data, shared by Google/Apple when registering Goofish or interacting with Goofish via an external service, such as your Google/Apple/Taobao user name, email address, and/or other profile information. ● Identity verification data, such as mobile phone number, verification code. | ● Contract ● Legitimate interests |
● Providing you browsing and searching services, including displaying content based on your individual usage habits, and etc. | ● Device data, such as device type, unique device identification numbers or other identifiers. ● User usage data, such as activity and App interactions information that we capture using Cookies and similar technologies, including browsing records, clicks, likes and comments, search keywords, filtering conditions. | ● Contract ● Consent (where consent is required under applicable law) Otherwise Legitimate interests |
● Helping you post information and interacting with other users on Community | ● Uploaded content data, such as order information obtained through Taobao e-commerce platform, and other information actively provided by users for purpose of posting content, including idle resources information and events information. ● Community interaction data, such as comment, like, share other users’ content, information actively provided by users for purpose of establishing, managing, or joining Fishponds, including interaction among Fishpond members, and message content sent through Goofish chatting tools, including text, picture, and address information sent by users. ● Location data, such as the authorized GPS location information, events location information or residence information you actively provide. | ● Contract ● Consent (where consent is required under applicable law) Otherwise Legitimate interests |
● Helping you correspond and interact with Goofish for submitting inquiries, complaints and seeking service support | ● Communication data, such as contact information, inquiries content you submit through Help Center or any other feedback channels. ● User profile data, including user name, residence, email address. | ● Contract ● Legitimate interests |
● Manage your Setting | ● User profile data, including nickname, avatar, gender, and personal status/signature, selected region. ● User preference data, including notification preference, language choice, privacy preference. ● User usage Data, such as click, and impression. | ● Contract ● Legitimate interests |
● User profiling and knowing Community trends, including identifying usage trends and analyzing functionalities performance on an aggregated, specific group(s), and individual bases | ● Device Data, such as device type, unique device identification numbers or other identifiers. ● User usage data, such as activity and App interactions information that we capture using Cookies and similar technologies, including browsing records, clicks, likes and comments, search keywords, filtering conditions. ● Account data, such as mobile phone number, IP, device information when registering. ● External Account data, such as third-party account ID. | ● Consent (where consent is required under applicable law) Otherwise Legitimate interests |
● Complying with legal and regulatory obligations to which we are subject and to protect our legal rights, including content mitigation, money laundering, and etc. | ● Uploaded content, such as commodity ID, price, picture, region, address information. ● User profile data, such as user ID, nickname, avatar, gender, birthday, profile, status. ● Communication data, such as content creation/revision time. ● Account data, such as mobile phone number, IP, device information when registering. ● External Account data, such as third-party account ID. | ● Legal obligation ● Legitimate interests |
4.3 Where necessary, we may transmit your personal data to third-party service providers and Goofish-affiliated companies in connection with the purposes set out herein. These recipients are contractually obliged to take appropriate security measures with regard to the personal data they receive, and limit their use of such data to the purposes necessary to fulfil their contractual obligations.
4.4 We may process your personal data by relying on other legal bases, which are not stated above, if authorized under applicable laws.
5. Disclosure or sharing of personal data
We may disclose, transfer, communicate or otherwise share your personal data to the following parties:
5.1 Goofish-affiliated companies, who may use it to for purposes such as:
●
providing processing services for purposes described in Section 4.
5.2 Third-party service providers, who may use it for purposes such as:
●
providing cloud computing or other hosting service providersto provide cloud storage services;
●
providing artificial intelligence (“AI”) technology support for certain functions, such as AI tools for helping user generate idle resources information content.
5.3 An actual or potential buyer and/or successor (its agents and advisers included) in connection with any actual or proposed purchase, merger or acquisition of any part of our business.
5.4 Our professional advisors, law enforcement agencies, and Government or regulatory authorities, for purposes such as legal proceedings, or as authorized or required under applicable laws, who may use it for purposes relating to criminal investigations into any alleged or suspected illegal activity.
5.5 Any other person, with your consent to the disclosure or as authorized under applicable laws.
6. Data Retention
6.1 We retain your personal data for as long as necessary for the provision of Goofish Services, or for other legal or business purposes (e.g., complying with our legal obligations, or resolving disputes), in accordance with applicable laws.
6.2 The specific data retention periods are determined mainly based on the following criteria (where applicable):
●
to fulfil the purpose of the services we provide to you, and to maintain the corresponding records in order to respond to your possible inquiries or complaints;
●
to ensure the safety and quality of the services we provide to you;
●
your consent on a longer retention period;
●
other special agreements or legal and regulatory requirements regarding retention periods.
6.3 We will delete your personal data in accordance with our data retention and deletion policy. In cases where we are legally obliged or permitted to keep your personal data longer, we may restrict the processing of your data instead of deleting it (e.g., by restricting access to it, anonymization), as far as legally permissible or required.
7.Your rights as a data subject
7.1 As a data subject, you may have the right of access, rectification, erasure, restriction of processing and data portability with regard to your personal data, depending upon your jurisdiction and prevailing circumstances. If Singapore’s data protection laws apply to you, you have the right to access and correct your personal data, as well as the right to withdraw your consent in accordance with the Personal Data Protection Act 2012.
7.2 You can exercise your rights as a data subject by using the contact information provided in Section 13 of this Privacy Policy.
7.3 The exercise of the above data subjects' rights (e.g., withdrawal of consent or erasure) is generally free of charge. However, we may refuse to process (e.g., if the request is manifestly unfounded or excessive) and/or charge an appropriate fee (at most our actual costs) to process your request, in accordance with the applicable laws.
8. Minors
Minors are rejected from creating Goofish Services (including the Community) accounts, as we do not intend to provide any of Goofish Services to users who are under 18 years old. If a minor has provided us with his or her personal data without parental or guardian’s consent, the parent or guardian shall contact us to remove such information.
9. Security measures
We implement appropriate organizational and technical measures to protect your personal data. For instance, we limit access to your personal data to Goofish’ employees, agents, contractors and other third parties who require such access to carry out their duties and contractual obligations. We implement both physical access restrictions for our data centers and logical access controls for data and systems access. In addition, we implement appropriate technical measures to prevent unauthorized access, use, disclosure, modification, disposal or similar risks to the data we hold, and to maintain data accuracy, among other things. We will notify you and the regulatory authorities in accordance with the timescales and scope required by applicable data protection law, in the event of a data breach.
10. International transfer of personal data
10.1 Your personal data may be transferred to recipients located outside where you reside. We primarily store your personal data in the United States. Also, we may process your personal data in China and enable access from China to your personal data. The categories of our recipients are as following:
●
Goofish-affiliated companies, who receive the transferred data to provide services such as software, tools, systems, content mitigation, safety measures, customer service, and technical and operational support;
●
Third-party service providers, whoreceive the transferred data to fulfil their contractual obligations, such as cloud computing or other hosting service providers, and artificial intelligence technology support.
10.2 We only transfer your personal data outside where you reside where there are appropriate measures put in place in accordance with applicable laws.
11. Language
To the extent permitted by applicable law, if there is any conflict between the English version and another language version of this Privacy Policy, the English version shall prevail.
12. Privacy Policy Updates
12.1 We may update this Privacy Policy from time to time in response to changing legal, technical or business developments.
12.2 When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make and as required by applicable laws. You may receive notifications concerning our major changes to this Privacy Policy timely through various channels, for example, via our apps. We recommend you check back frequently to see any updates or changes. Please check the date displayed at the top of the Privacy Policy to see when it was last updated.
13.Contact us
For any questions, comments regarding this Privacy Policy, or requests to exercise your data subject rights under the laws of your jurisdiction, you may contact our Data Protection Officer via privacy@igoofish.com.
Jurisdiction-Specific Supplemental Terms
If you belong to a jurisdiction outside Singapore, please refer to the set of supplemental terms that are applicable to your jurisdiction, unless you are from a jurisdiction with no specific requirements.
14. Visitors from the European Economic Area and United Kingdom
This section applies if you are based in the European Economic Area (“EEA”) or United Kingdom (“UK”). The data controller of your personal data is GOOFISH PTE. LTD, which contact detail is: 9 RAFFLES PLACE, #26-01, REPUBLIC PLAZA, SINGAPORE 048619. For contact details of our data protection officer, please see Section 13. Contact us above.
14.1 Legal bases for Data Processing
We process personal data for the purposes set out in this Privacy Policy. Our legal bases to process your personal data will depend on the personal data concerned and the specific context in which we collect it, but will include where it is:
●
necessary for the performance of contract between you and Goofish (for example, to provide you with the services you request and to identify and authenticate you so you may use the Goofish Services);
●
necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement);
●
necessary for our legitimate interests and not overridden by your rights (as described further below);
●
and/or where it is based on your consent.
If we collect and use your personal data in reliance on our legitimate interests (or those of any third party), this interest will normally be to improve our Goofish Services, manage our relationship with you and communicate with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our Goofish Services, or for the purposes of ensuring the security of our Goofish Services and our Community, and detecting or preventing illegal activities such as fraud. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
If we ask you to provide personal data to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data). In some instances, you may be required to provide us with personal data for processing as described above, enabling us to provide you all of our services, and for you to use all the features of Goofish Services.
If you have questions about or need further information concerning the legal bases on which we collect and use your personal data, please contact us using the contact details provided under Section 13. Contact us above.
14.2 Disclosure of Personal Data
Further to Section 5, we may disclose your personal data to the following parties as our data processors:
14.2.1 Goofish-affiliated companies acting as a processor on behalf of us, who may use it to for purposes such as:
●
providing processing services for purposes described in Section 4.
14.2.2 Third-party service providers acting as a processor on behalf of us, who may use it for purposes such as:
●
providing cloud computing or other hosting service providersto provide cloud storage services;
●
providing artificial intelligence (“AI”) technology support for certain functions, such as AI tools for helping user generate idle resources information content.
14.3 International Data Transfers
Transfers of your personal data to a country outside the EEA and/or UK for the purposes described above in Section 10 may be legitimized on the basis of an adequacy decision. This is a decision in which the European Commission or UK Government states that a certain country offers a level of data protection comparable to the (UK) GDPR. If and insofar as we transfer personal data to parties in countries outside the EEA or UK to which no adequacy decision applies, we would implement appropriate measures (where applicable), including the standard contractual clauses established by the EU Commission for cross-border transfers and the UK International Data Transfer Agreement or Addendum. Upon your request that you may pose to the contact named in Section 13. Contact us above, you may receive a copy of the applicable safeguards.
The categories of our recipients are as follows:
●
Goofish-affiliated companies, who receive the transferred data to provide services such as software, tools, systems, content mitigation, safety measures, customer service, and technical and operational support, including those based China, Singapore and United States;
●
Third-party service providers, whoreceive the transferred data to fulfil their contractual obligations, such as cloud computing or other hosting service providers, and artificial intelligence technology support, including service providers located in China, Singapore and United States.
14.4 Your Rights
If you are a resident of the EEA or UK, depending on the circumstances, you may have the following data protection rights, which you can by contacting us using the contact details provided under Section 13. Contact us above:
●
The right to access your personal data and confirm the existence of processing.
●
The right to correct, update or request anonymization, blocking or deletion of your personal data.
●
The right to object to processing of your personal data when it is based on our legitimate interests, unless we can demonstrate a compelling interest that requires the processing.
●
The right to ask us, in some situations, to restrict processing of your personal data or request portability of your personal data.
●
If we have collected and process your personal data with your consent, then you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
●
You will not be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or that similarly significantly affects you.
●
The right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
If you are aware of changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected.
15. Visitors from the United States
This Section applies if you reside in any of the following states in the United States: California, Colorado, Connecticut, Florida, Oregon, Texas, Utah, or Virginia (collectively, “U.S. Residents”). This Section provides U.S. Residents with information that is not provided elsewhere in this Privacy Policy and is required by the law of the state where U.S. Residents reside (collectively, “Applicable State Privacy Laws”). In the event of any inconsistency between this section of the Privacy Policy and the remainder of the Privacy Policy as it pertains the processing of U.S. Residents’ personal information, this section of the Policy shall prevail.
Depending on the Applicable State Privacy Law, this section does not apply to:
●
information publicly available from government records or made publicly available by you or with your permission;
●
deidentified or aggregated information; or
●
any other personal data excluded from the scope of Applicable State Privacy Laws.
15.1 Your Privacy Rights
Subject to any applicable limitations and exceptions, U.S. Residents have the following rights under their respective Applicable State Privacy Laws. Additional rights and disclosures in the States of California and Colorado are set forth below.
●
Right to Access/ to Know: You have the right to information about whether we process your personal data, to have access to such data, and certain details about how we use it.
●
Right to Delete: You have the right to submit a verifiable request to delete personal data that Goofish has collected from or about you. If you reside in California or Utah, you have the right to submit a verifiable request to delete personal data that Goofish has collected from you.
●
Right to Correct: You have the right to submit a verifiable request to correct inaccurate personal data that Goofish has collected from or about you. The Company will determine whether correction is required, taking into account the nature of the personal data and the purposes of processing the personal data.
●
Right to Data Portability: Except for residents of California, you have the right to obtain from Goofish, or to ask us to send to a third party, a copy of your personal data in electronic form that you provided to us.
●
Right to Appeal: You may have the right to appeal any decision we make in response to a request to exercise rights listed above. We will inform you of any action taken in response to an appeal, along with a written explanation of the reasons for our decision(s), in accordance with Applicable State Privacy Laws.
●
Non-Discrimination: Goofish will not unlawfully discriminate against you for exercising your privacy rights under Applicable State Privacy Laws.
If you reside in Oregon: In addition to the rights described above, you also have the right to obtain, at Goofish’ option, a list of specific third parties to which we have disclosed either your personal data, any personal data and a copy of your personal data that Goofish processes.
How to Exercise Your Privacy Rights
Goofish will respond to requests in accordance with Applicable State Privacy Laws, if Goofish can verify the identity of the individual submitting the request. To exercise your rights, please contact us using the e-mail address in Section 13. Contact us of this Privacy Policy.
How We Will Verify Your Request
If you submit a request, we match personal data that you provide us with your request against personal data we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal data), the more items of personal data we may request to verify your identity. If we cannot verify your identity to a sufficient level of certainty to respond securely to your request, we will let you know promptly and explain why we cannot verify your identity.
Authorized Agents
If an authorized agent submits a request on your behalf, the authorized agent must submit with the request a document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you to follow the applicable process described above for verifying your and the authorized agent’s identity.
15.2 Opting out of “Sales” of Your Personal Information
Certain U.S. state privacy laws broadly define “sale” of personal information to include the exchange, transfer or disclosure of personal information for valuable consideration to third parties. While Goofish does not sell your personal information for monetary compensation, our efforts to better understand your interaction with our services to improve our services (see Details and Purposes of processing in Section 4) may be considered “selling” under certain state privacy laws. Under those laws, you have the right to opt out of these “sales” of personal information through our About Goofish by clicking here. Goofish does not knowingly collect, disclose or sell personal information of individuals persons under the age of 13 or under the age of 16.
Under some state privacy laws, individuals have the right to opt out of certain automated processing performed on personal information to analyze or predict personal aspects related to an identified or identifiable individual, such as related to economic situation, health, personal interests, behavior, location or movements, a process known as “profiling.” These laws grant you the right to opt out of profiling connected with decisions that produce legal or similarly significant effects concerning you. These effects could include certain decisions related to lending, housing, insurance, education enrollment, employment opportunities, health care services, or access to essential goods and services. Goofish does not engage in these forms of profiling.
15.3 Additional Information for California Residents
The California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA”) requires the following additional information for California residents. The information below concerning the collection and disclosure of California residents’ personal information (as defined under the CCPA) as well as the information in Sections 2 through 6 of this Privacy Policy, above, apply to Goofish’s collection, use, and disclosure of California residents’ personal information as described herein.
Notice at Collection and Use of Personal Information
Categories of Personal Information We Collect
Depending on how you interact with us, we may collect the categories of personal information listed above in the Details and Purposes of processing Section 4.
Purpose for Collection and Use of Information
We may collect and use your personal information for the purposes listed above in Details and Purposes of processing Section 4.
Additional Information About Disclosures of Personal Information
Depending on how you interact with us, we may collect, or in the preceding 12 months, have collected, the following categories of personal information (as defined under the CCPA), including:
●
Identifiers, such as your name, email address, IP address, account name, or other contact information submitted by users through Help Center or any other channels.
●
Commercial information, such as records of products and other goods considered, purchased, or listed on the Community, and purchasing or consuming histories.
●
Internet or other electronic network activity information, such as browsing records, clicks, likes and comments, search records, and other interactions using Goofish Services.
●
Geolocation data, including your general location data based on IP Address or the location of goods listed, without the precise location data of your mobile device, if you grant permission to do so in your device settings. Please note that for most mobile devices, you can manage or disable the use of location services for applications in the settings menu of your device.
●
Audio, electric, or visual information, including photographs.
●
Inferences, including information about your interests, preferences, and favorites.
Our Collection, Use, Disclosure, Sale and Sharing of Personal Information and Sensitive Personal Information
What Information We Have Collected, the Sources from Which We Collected It, and Our Purpose for Collecting the Information
In the preceding twelve (12) months, depending on how you interact with us, we may have collected the categories of personal information listed above in the section, Categories of Personal Data We Collect. We may collect personal information from all or some of the categories of sources listed in Section 2 (Collection of personal data). We may collect all or a few of the categories of personal information for the business or commercial purposes identified in Section 4 (Details and Purposes of processing).
Our Disclosure, Sale and Sharing of Personal Information
We do not knowingly sell or share personal information of consumers under 16 years of age. In the preceding twelve (12) months, we may have disclosed for a business purpose or “sold,” or “shared” (as such terms are defined under the CCPA) the categories of personal information to the categories of third parties, described in the chart below:
Category of Personal Information | Category of Third Party Information Disclosed to for a Business Purposes | Category of Third Party Information Sold To or Shared With |
Identifiers (for example, your name, address, and online identifiers) | ● Affiliated entities ● Operating systems and platforms | ● N/A |
Commercial Information (for example, records of products or services purchased, obtained or considered or purchasing histories) | ● Affiliated entities | ● N/A |
Geolocation Data (as information about your location or the location of your device) | ● Third party service providers | ● N/A |
In addition, we may disclose and, in the preceding twelve (12) months, may have disclosed all of the categories of personal information identified above in Categories of Personal Information We Collect, to the following categories of third parties: (i) judicial courts, regulators, or other government agents purporting to have jurisdiction over us, our subsidiaries or our affiliates, or opposing counsel and parties to litigation; (ii) any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets; and (iii) other third parties as may otherwise be permitted by law.
Finally, we may disclose personal information to all of the third parties above to comply with our legal obligations or for the business or commercial purposes identified in Section 4 (Details and Purposes of processing). We may “share” or “sell” the categories of personal information to the third parties listed above for the business or commercial purposes identified in Section 4 (Details and Purposes of processing). Additionally, we may disclose your personal information to third parties upon your request, at your direction or with your consent.
Our Use and Disclosure of Sensitive Personal Information
As noted above in Categories of Personal Information We Collect, we collect geolocation data. Under the CCPA, this geolocation data may be considered “precise geolocation data” and therefore considered “sensitive personal information.” The CCPA requires that we provide you with a right to limit our use or disclosure of such sensitive personal information for limited purposes, such as providing you with the services you requested, in certain circumstances. Currently, we are not using your sensitive personal information for purposes that would require that we provide you with a right to limit, such as inferring characteristics about you.
California Resident’s Rights
The CCPA provides consumers with specific rights regarding their personal information, subject to applicable exemptions and limitations. Specifically, consumers may have the right to:
●
Be informed, at or before the point of collection, of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used.
●
Not be discriminated against because you exercise any of your rights under the CCPA
●
Request that we delete any personal information about you that we collected or maintained, subject to certain exceptions (“Request to Delete”);
●
Opt-out of the “sale” (as that term is defined in the CCPA) of your personal information if a business sells your personal information;
●
Opt-out of the “sharing” (as that term is defined in the CCPA) of your personal if a business shares your personal information with third parties;
●
Limit the use and disclosure of sensitive personal information (“Right to Limit”) (please note that we are not using your sensitive personal information for purposes that would require that we provide you with a Right to Limit);
●
Correct inaccurate personal information (“Right to Correct”); and
●
Request that we, as a business that collects personal information about you and that discloses, sells or shares your personal information provide you with certain information about such activities (“Request to Know”).
How to Exercise Your Rights
Below, we describe the different ways in which you can submit requests to exercise your rights under the CCPA.
Requests to Know, Requests to Delete and Right to Correct
If your personal information is subject to the CCPA, you may submit Requests to Know, Requests to Correct and Requests to Delete (“Consumer Rights Request”) through method in Section 15.1 or the contact details provided under Section 13. Contact us above.
We are required to provide certain information, delete personal information, or to correct inaccurate personal information only in response to verifiable requests made by a California resident or their legally authorized agent. When you submit a Consumer Rights Request to, we may ask that you provide clarifying or identifying information to verify your request. Such information may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, your name and email address. Any information gathered as part of the verification process will be used for verification purposes only.
You are permitted to designate an authorized agent to submit a Consumer Rights Request on your behalf and have that authorized agent submit the request through the aforementioned methods. In order to be able to act, authorized agents have to submit written proof that they are authorized to act on your behalf or have a power of attorney. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on your behalf. We may also require that you directly verify your own identity with us and directly confirm with us that you provided the authorized agent permission to submit the request.
Other California Privacy Rights
●
California Shine the Light Law. California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to request annually, free of charge, information about what personal information LDR disclosed to third parties, including affiliates, for direct marketing purposes. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which Lazy Dog shared information in the immediately preceding calendar year. To make such a request, please use the contact details provided under Section 13. Contact us, above.
●
Do Not Track. When you use Goofish Services, we and our service providers may track your online activities over time and across websites or online services as described in Section 3 (Cookies and similar technologies), above. Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, Goofish’s services are not designed to respond to “Do Not Track” signals received from browsers. If you would like to find out more about Do Not Track you may find the following link useful: http://www.allaboutdnt.com/
15.4 Additional Information for Colorado Residents
The Colorado Privacy Act (the “CPA”) requires the following additional information for Colorado residents. The information below concerning the collection and disclosure of Colorado residents’ personal data as well as the information in Sections 2 through 6 of this Privacy Policy, above, apply to Goofish’s collection, use, and disclosure of Colorado residents’ personal data.
Categories of Personal Information Processed
Goofish processes personal data identified in Section 4 (Details and Purposes of processing) and personal information as described in Section 15.3 under Additional Information for California Residents.
We do not knowingly process personal information from children under the age of 13. We do not knowingly process “sensitive data” as defined in the CPA.
Uses of Personal Information
Please see Section 4 (Details and Purposes of processing) for information about the purposes for which we use the categories of personal information we collect.
Sharing and Selling of Personal Information
We may share all of the categories of personal information identified above in Categories of Personal Information We Collect, to the categories of third parties identified above in Section 5 (Disclosure or sharing of personal data).
Further, we may disclose personal information to all of the third parties listed above to comply with our legal obligations or for the business or commercial purposes identified in Section 4 (Details and Purposes of processing).
While Goofish does not sell your personal information for monetary compensation, our efforts to better understand your interaction with our services to improve our services (see Details and Purposes of processing in Section 4) may be considered “selling.” To exercise your right to opt-out of the “sale” of your personal information through our About Goofish by click here.
Profiling
Colorado users have the right to opt-out of “profiling,” This opt-out applies to the automated processing of personal data that is utilized to render decisions that could have a legal or similarly-significant effect on the user. Examples of such decisions include those related to credit and access to fundamental goods and services. Goofish does not engage in profiling as described above.
Colorado Consumer Privacy Rights
Please refer to Section 15.1 (Your Privacy Rights), How to Exercise Your Privacy Rights, and Authorized Agents, above, for information about your privacy rights and how to exercise them.
16. Visitors from Hong Kong SAR
This section applies if you are based in Hong Kong SAR. The data controller of your personal data is GOOFISH PTE. LTD. For contact details, please see Section 13. Contact us above.
16.1 Collection of personal data
When you create an account, search or browse our apps (including the Community), sell or purchase goods, contact us directly, or otherwise use the services, you may provide the following personal data:
●
mobile phone number*
●
email address*
●
avatar
●
nickname
●
location*
●
communication information* (e.g. chat messages, and images sent via chat functions).
*mandatory personal data
If you do not provide us with mandatory personal data, you may not be able to create and register your account on the Community, and we may not be able to communicate with your or respond to you.
We may also collect your personal data through cookies and similar technologies used in apps. Please see the Section 3. Cookies and similar technologies, and Cookie Policyfor more details.
16.2 Your rights as a data subject
If you are a resident of Hong Kong SAR, you have the following rights, which you can exercise at any time by contacting us using the contact details provided under Section 13. Contact us above:
●
You have the right to request a copy of your personal data held by us, unless we are exempted from complying with a data access request.
●
You have the right to request for us to make necessary corrections in respect of any personal data that you consider inaccurate after we have fulfilled a data access request from you. We may refuse a data correction request if we believe the personal data is accurate, an expression of opinion or the proposed correction is inaccurate.
●
We reserve the right to charge a reasonable fee to process any personal data access or correction request.
16.3 Direct Marketing
We may use your personal data in direct marketing in the future. However, we will not use your personal data for such purpose unless we have received your consent.
You may in future withdraw your consent to the use and provision of your personal data for direct marketing. If you wish to withdraw your consent, please send a request to us using the contact details set out at Section 13. Contact us above. We will, without charge, ensure that you are not included in future direct marketing activities.
17. Visitors from Canada
This section contains disclosures required by the Personal Information Protection and Electronic Documents Act and substantially similar provincial privacy laws in Canada, including Quebec’s Act respecting the protection of personal information in the private sector, as may be amended from time to time (“Canadiandisclosures”). These Canadian disclosures supplement the information contained in our Privacy Policy and apply solely to individual residents of Canada (“you”). In the case of conflict between our Privacy Policy and these Canadian Disclosures, these Canadian Disclosures control. References in the Privacy Policy to personal data shall be replaced with “personal information” for the purposes of these Canadian Disclosures, and shall mean any information which relates to a natural person and allows that person to be identified directly, or indirectly in combination with other information. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in our Privacy Policy or as otherwise defined in the applicable Canadian privacy law.
17.1. Consent
In Canada, we collect, use and disclose your personal information only with your consent, unless otherwise allowed or required by law. BY SUBMITTING PERSONAL INFORMATION TO US AND THE COMMUNITY, YOU CONSENT THAT WE MAY COLLECT, USE AND DISCLOSE SUCH PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY AND AS PERMITTED OR REQUIRED BY LAW.
17.2. Your Legal Rights
Subject to certain exemptions, under applicable laws you may have some or all of the following rights in relation to the personal information we hold about you:
●
Right of Access. You have the right to access the personal information we hold about you and to receive a general account of our uses of that personal information. Upon receipt of a written request from you, we will provide you with a copy of your personal information, although in certain limited circumstances, we may not be able to make all relevant personal information available to you, for example, where that personal information also relates to another individual. In such circumstances, we will, upon request, provide you with the reasons for such refusal. We will endeavour to deal with all requests for access of personal information in a timely manner.
●
Right to Rectification. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. Where appropriate, such amended personal information will be provided to the parties to whom we are authorized to disclose your personal information. We will endeavour to deal with all requests for rectification of personal information in a timely manner.
●
Right to Withdraw Consent. If we rely on your implicit or explicit consent as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent or if your consent is not required. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. We may use your information to send important notices or communications as required or permitted by law, even if you have opted out from our marketing communications.
17.3. Complaint
Our Data Protection Officer is accountable for compliance with applicable privacy laws and is responsible for coordinating the investigation of any complaints and resolving privacy-related issues. The Privacy Officer will manage any complaints received in a timely manner and provide you with a response to your complaint. You can submit a complaint to our Privacy Officer using the contact details set out at section 13 above.
18. Visitors from Malaysia
This section applies if you are based in Malaysia. For the avoidance of doubt, the Goofish Privacy Policy also constitutes the personal data protection notice required pursuant to Section 7 of the Personal Data Protection Act 2010 (“Personal Data Protection Notice”). The data controller/data user of your personal data is Goofish PTE. LTD.
18.1 What are the effects arising from failure to provide your personal data
The provision of your personal data is voluntary. However, failure to supply such data may result in us not being unable to provide the services you may require.
18.2 Access and Inquiries
Written requests for access to personal data or correction of personal data or for information regarding policies and procedures and types of personal data handled by us can be made via our email: privacy@igoofish.com.
19. Visitors from Australia
19.1 Definition of personal data
References to “personal data” in this privacy policy will mean “personal information” as defined in the Privacy Act 1988 (Cth) of Australia (Privacy Act).
19.2 Basis for processing your personal data
Rather than relying on “legitimate interests” as the basis for processing your personal data, we will use your personal data for the purposes for which we collected it (as outlined in “Section 4. Details and purposes of processing” above), for related secondary purposes you may reasonably expect, or other purposes permitted under the Privacy Act.
19.3 International data transfers
We may disclose your personal data to recipients located in China, Singapore and the United States.
19.4 Your rights as a data subject
You have the following rights, which you can exercise at any time by contacting us using the contact details provided under “Section 13. Contact us” above:
●
The right to access and request a copy of your personal data held by us.
●
The right to seek correction of your personal data held by us.
●
The right to complain about a breach of the Australian Privacy Principles (APPs) contained in schedule 1 of the Privacy Act.
How to exercise your right to access your personal data
You are entitled to request access to your personal data we hold about you. We request that you contact us using the contact details provided under “Section 13. Contact us” above and we will respond to it within a reasonable time.
We may charge a reasonable fee for the processing of any data access request.
We may deny access to your personal data in certain circumstances permitted under the Privacy Act. We will tell you why access is denied and the options you have to respond to our decision.
How to complain about a breach of the APPs
If you have a complaint about a suspected breach by us of the APPs or an applicable registered APP code, we request that you contact us using the contact details provided under “Section 13. Contact us” above.
Upon receipt of a complaint, we will review the details and aim to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with how we handle a complaint or the outcome, you may lodge a privacy complaint to the Australian Information Commissioner (http://www.oaic.gov.au/privacy/privacy-complaints).
20. Visitors from Thailand
If you are residing in Thailand, this section of the Privacy Policy shall apply. This section of the Privacy Policy provides you with information that is not provided elsewhere in this Privacy Policy and is required by Thailand’s Personal Data Protection Act B.E. 2562 (2019), as amended from time to time (“PDPA”). In the event of any inconsistency between this section of the Privacy Policy and the remainder of the Privacy Policy as it pertains to the processing of personal data of data subjects in Thailand, this section of the Privacy Policy shall prevail.
Capitalized terms used in this section shall have the same meaning as those defined in the remainder of this Privacy Policy unless otherwise defined in this section of the Privacy Policy.
20.1 Details and Purposes of Processing
Clause 4.2 of the Privacy Policy: a reference to ‘Contract’ as a legal basis shall be construed as a legal basis to proceed with your request prior to entering into a contract with you and/or to perform contractual obligations under the agreement with you, as applicable.
A new Clause 4.5 shall be added to the Privacy Policy as follows:
In the event that your personal data is required for the performance of contract or for pre-contractual measures, and you did not provide such personal data to us, we may not be able to proceed with your request to enter into a contract with us, or may not be able to perform our obligation under the contract with you, either in whole or in part. For example, we may not be able to provide you with Goofish Services, either in whole or in part. In addition, in the event that your personal data is required for the performance of legal obligations, failure to provide personal data under said circumstance may result in us and/or you being in breach of the applicable law or regulation.
20.2 Data Retention
A new Clause 6.4 shall be added to the Privacy Policy as follows:
We retain your personal data for as long as is required in order to fulfil our contractual obligations with you. In general, we will retain your personal data throughout the period which you are our active registered users and for ten (10) years after the cessation of our contractual relationship, or our last contact/communication, unless otherwise required or permitted by applicable law.
Notwithstanding the above, we may retain your Personal Data longer than the above period, only as otherwise permitted or specified by the applicable law.
20.3 Your rights as a data subject
Clause 7.1 of the Privacy Policy shall be subject to the following:
Subject to the conditions and limitations imposed by the PDPA, you have the following rights with respect to your personal data:
(a) where we rely on your consent to process your personal data, you may withdraw your consent at any time;
(b) to request to have access to, or to obtain a copy of, your personal data, and to request that we disclose the source(s) of your personal data which has been obtained without your consent;
(c) to request that we correct, rectify, complete or update your personal data;
(d) to request that we delete, destroy or de-identify your personal data;
(e) to request to object the processing of your personal data;
(f) to request to have your personal data in a format which is generally readable or usable by the automatic tools or devices, and which can be used or disclosed via automatic means, and to have your personal data in said format transmitted to another data controller; and
(g) to request suspension of the use of your personal data.
In addition to the rights above, you also have the right to file a complaint in relation to our processing of your personal data with the Expert Committee of the Office of the Personal Data Protection Committee, in accordance with the procedures set out in the PDPA.
20.4 Minors
Clause 8 of the Privacy Policy shall be subject to the following:
Minors under Clause 8 refers to users who are under 20 years old and have not legally married. If a minor has provided us with his or her personal data without parental or guardian’s consent, we may proceed to delete such information immediately upon becoming aware of such information.
20.5 Contact us
Clause 13 of the Privacy Policy shall be deleted in its entirety and replaced with the following:
For any questions, comments regarding this Privacy Policy, or requests to exercise your data subject rights under the PDPA, you may contact us and our Data Protection Officer (DPO) at:
GOOFISH PTE. LTD.
9 RAFFLES PLACE#26-01REPUBLIC PLAZASINGAPORE (048619)
21. Visitors from the Philippines
This section of the Privacy Policy applies if you are a citizen or resident of the Philippines. This section provides you with information relating to Republic Act No. 10173 or the Philippine Data Privacy Act of 2012 (“Data Privacy Act”) and its implementing rules and regulations, as may be amended from time to time, which govern the processing of your personal data. The data controller of your personal data is GOOFISH PTE. LTD. For contact details of our data protection officer, please see Section 13. Contact us above.
21.1 Legal Bases for Processing Your Personal Data
We process personal data for the purposes set out in this Privacy Policy. Our legal bases to process your personal data will depend on the personal data. Personal data may either be “personal information” or “sensitive personal information”.
Personal information refers to any information whether recorded in a material form or not, from which your identity is apparent or can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify you. We will process your personal information only if any of these legal bases for processing is present:
●
You have given your consent;
●
The processing of your personal information is necessary and is related to the fulfillment of a contract with you, or in order to take steps at your request prior to entering into a contract;
●
The processing is necessary for compliance with a legal obligation to which we are subject;
●
The processing is necessary to protect your vitally important interests, including your life and health;
●
The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or
●
The processing is necessary for our legitimate interests, except when such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.
Sensitive personal information, on the other hand, refers to any of the following personal information:
●
About your race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
●
About your health, education, genetic or sexual life, or to any proceeding for any offense you have committed or alleged to have committed, the disposal of such proceedings, or the sentence of any court in such proceedings;
●
Issued by government agencies peculiar to you (such as social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
●
Specifically established by an executive order or an act of Congress to be kept classified.
We will process your sensitive personal information in line with the purposes in Clause 4 of the Privacy Policy and in accordance with the legal bases provided under the Data Privacy Act.
21.2 Data Transfer and Data Sharing
We may disclose your personal data for the purposes mentioned and the entities enumerated in section 5 above. The sharing or transfer of your personal data to another authorized personal information controller for commercial purposes shall be covered by a data sharing agreement. In case we need to subcontract or outsource the processing of your personal data to a personal information processor, we shall have the appropriate subcontracting or outsourcing agreement with the personal information processor in place to ensure that there will be proper safeguards to ensure the confidentiality, integrity, and availability of the personal data processed, prevent unauthorized use of your personal data, and ensure compliance with the Data Privacy Act.
21.3 Direct Marketing
We may use your personal data in direct marketing in the future in reliance on our legitimate interests. Where we process your personal data for direct marketing purposes, the processing shall only be limited to the personal information necessary and proportionate to achieve our legitimate interest. Hence, only personal information which is necessary for us to be able to contact you will be processed. We will likewise ensure that the processing of personal information will be done in the least intrusive way so as not to impede your rights as a data subject.
21.4 Your rights as a data subject
You have the following rights under the Data Privacy Act:
●
Right to access: You have the right to reasonable access to, upon demand, the following:
-
Contents of your personal information that were processed;
-
Sources from which personal information were obtained;
-
Names and addresses of recipients of the personal information;
-
Manner by which such data were processed;
-
Reasons for the disclosure of the personal information to recipients;
-
Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;
-
Date when information concerning the data subject were last accessed and modified; and
-
The designation, or name or identity and address of the personal information controller.
●
Right to object: You have the right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You likewise have the right to be notified and given an opportunity to withhold consent to the processing in case of changes to the information given to you regarding the processing of your information.
●
Right to erasure or blocking: You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information from our filing system upon discovery and substantial proof that the personal information is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected.
●
Right to rectification: You have the right to dispute the inaccuracy or error in the personal information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.
●
Right to damages: You have the right to be indemnified for any damages sustained due to any inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
●
Right to complaint: If you are the subject of a privacy violation or personal data breach, or are otherwise affected by a violation of the Data Privacy Act, you may file complaints with the National Privacy Commission.
●
Right to data portability: Where your personal information is processed by electronic means, you have the right to obtain from us a copy of your personal data in an electronic or structured format that is commonly used and allows for further use.
Your lawful heirs and assigns may also invoke your rights at any time in the event of your death, or incapacitation, or subsequent incapability of exercising your rights as a data subject.
If you have any questions regarding the exercise of any of the abovementioned rights, please contact us through the contact details provided in section 13.
