Modified 22 October 2019
Our privacy obligations
Xuanhealingcove.com (“Xuan Healing Cove”) is governed by the Singaporean Personal Data Protection Commission (PDPC) under the Personal Data Protection Act 2012 – PDPA). The PDPA regulates how personal data is collected, used, shared and stored by xuanhealingcove.com.
This policy will be reviewed regularly, and it may be updated it from time to time.
The types of personal data we collect and hold
We collect personal data about our users in order provide our products, services, and customer support. Our products, services, and customer support are provided through many platforms including but not limited to: in-person events, websites, phone apps, email, and telephone. The specific platform and product, service, or support you interact with may affect the personal data we collect.
How we collect personal data
Information that we collect from you
While you use or subscribe to our services and products you may be asked to provide certain types of personal data. This might happen through our website, applications, online chat systems, telephone, paper forms, or in-person meetings. We will give you a Collection Notice or equivalent, at the time, to explain how we will use the personal data we are asking for. The notice may be written or verbal.
We may request, collect, or process the following information:
- Account Details– username, password, profile picture if applicable.
- Contact Details– email address, phone number, username for WhatsApp/WeChat/Telegram or other communication application.
- Location Details– physical address, billing address, timezone.
- Identity Details– full name, proof of identity (e.g. drivers licence, passport), proof of address (e.g. utility bill), photograph of the user, company name.
- Financial Information– credit card details, wire transfer details, payment processor details (e.g. Stripe, paypal), bank transfer details, tax numbers.
- User Generated Content– user profiles; user reviews; user purchases; user messages; user testimonials and reviews in audio, video, written or other forms; user photographs and videos of user participation at in-person events related to Xuan Healing Cove and etc.
- Other Personal Details – physical, medical and psychological history and details.
Information that we collect from others
Users have the ability to invite non-users to our platform by providing contact details such as email address. In these situations, the information will be collected and stored by us to contact the non-user and to prevent abuse of the invite systems.
Your payment provider may transmit information about the payment that we may collect or process.
In some situations, personal data of users may be collected from public sources.
We may collect or process the following information:
- Basic Details– username, profile picture.
- Contact Details– email address, phone number, username for WhatsApp/WeChat/Telegram or other communication application
- Location Details– Physical Address, billing address, timezone.
- Financial Information– payment account details (e.g. paypal email address and physical address), and wire transfer details.
- List of contacts– email provider address book.
- User Generated Content– user profiles; user reviews; user messages; user testimonials and reviews in audio, video, written or other forms; user photographs and videos of user participation at in-person events and etc.
- User Generated Content– user profiles; user reviews; user purchases; user messages; user testimonials and reviews in audio, video, written or other forms; user photographs and videos of user participation for in-person events related to Xuan Healing Cove and etc.
Information we collect as you use our service/website
We maintain records of the interactions we have with our users, including the products, services and customer support we have provided. This includes the interactions our users have with our platform such as when a user has viewed a page or clicked a button.
In order to deliver certain products or services we may passively collect your GPS coordinates, where available from your device. Most modern devices such as smartphones will display a permission request when our platform requests this data.
When we are contacted we may collect personal data that is intrinsic to the communication. For example, if we are contacted via email, we will collect the email address used as well as the name used with the email.
We may collect or process the following information:
- Metadata– IP address, computer and connection information, referring web page, standard web log information, language settings, timezone, etc.
- Device Information– device identifier, device type, device plugins, hardware capabilities, etc.
- Location– GPS position.
- Actions– pages viewed, buttons clicked, time spent viewing, search keywords, etc.
Links to other sites
How we use personal data
The information we request, collect, and process is primarily used to provide users with the product or service they have requested. More specifically, we may use your personal data for the following purposes:
- to provide the service or product you have requested;
- to facilitate the creation of a User Contract (see Terms of Service for more information);
- to facilitate the creation of a User Account and to manage it
- to provide technical or other support to you;
- to answer enquiries about our services, or to respond to a complaint;
- to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications);
- to allow for debugging, testing and otherwise operate our platforms;
- to conduct data analysis, research and otherwise build and improve our platforms;
- to comply with legal and regulatory obligations;
- if otherwise permitted or required by law; or
- for other purposes with your consent, unless you withdraw your consent for these purposes.
The ‘lawful processing’ grounds on which we will use personal data about our users are (but are not limited to):
- when a user has given consent;
- when necessary for the performance of a contract to which the user is party;
- processing is necessary for compliance with our legal obligations;
- processing is necessary in order to protect the vital interests of our users or of another natural person.
- processing is done in pursuing our legitimate interests, where these interests do not infringe on the rights of our users.
When we disclose personal data
Our third party service providers
The personal data of users may be held, transmitted to or processed on our behalf outside Singapore, including ‘in the cloud’, by our third party service providers. Our third party service providers are bound by contract to only use your personal data on our behalf, under our instructions. Therefore, their obligations to comply with Singapore PDPA will be assured for any location where the cloud is hosted.
Our third party service providers include:
- Cloud hosting, storage, networking and related providers
- SMS providers
- Payment and banking providers
- Marketing and analytics providers
- Security providers
Third party applications
Other disclosures and transfers
We may also disclose your personal data to third parties for the following purposes:
- if necessary to provide the service or product you have requested;
- we receive court orders, subpoenas or other requests for information by law enforcement;
- if otherwise permitted or required by law; or
- for other purposes with your consent.
Accessing, correcting, or downloading your personal data
You have the right to request access to the personal data Xuan Healing Cove holds about you. Unless an exception applies, we must allow you to see the personal data we hold about you, within a reasonable time period, and without unreasonable expense for no charge. Most personal data can be accessed by logging into your account. If you wish to access information that is not accessible through the platform, or wish to download all personal data we hold on you in a portable data format, please contact our Website Administrator who also acts as a Privacy Officer.
You also have the right to request the correction of the personal data we hold about you. All your personal data can be updated through the user settings pages. If you require assistance, please contact our customer support.
Exercising your other rights
You have a number of other rights in relation to the personal data Xuan Healing Cove holds about you, however, there may be restrictions on how you may exercise the rights. This is largely due to the nature of the products and services we provide. Much of the data we collect is in order to facilitate contracts between users, facilitate payments, and provide protection for the legitimate users of our marketplace – these data uses are protected against the below rights.
You have the right to:
- seek human review of automated decision-making or profiling
- opt-out of direct marketing, and profiling for marketing
- temporary restriction of processing.
Direct marketing and profiling – users can control what emails they receive.
Erasure – Most personal data and user generated content cannot be deleted as they are used to support contracts between users, document financial transactions, and are used in providing protecting other legitimate users of the marketplace. In the case of non-personal data that can be linked with personal data, it will either be erased or otherwise anonymised from the personal data.
Temporary restriction to processing – under certain circumstances you may exercise this right, in particular if you believe that the personal data we have is not accurate, or you believe that we do not have legitimate grounds for processing your information. In either case you may exercise this right by contacting our privacy officer.
Unless stated above, users may exercise any of the above rights by contacting our Privacy Officer.
To contact our Privacy Officer
If you have an enquiry or a complaint about the way we handle your personal data, or to seek to exercise your privacy rights in relation to the personal data we hold about you, you may contact our Privacy Officer (Website Admin) as follows:
By Email: firstname.lastname@example.org
For the purposes of the GDPR, our Privacy Officer (Website Administrator) is also our Data Protection Officer (DPO).
While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by email as above. We will acknowledge your formal complaint within 10 working days of receipt.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Singaporean Personal Data Protection Commission (PDPC) by calling them on +65 6377 3131, making a complaint online at www.pdpc.gov.sg, or writing to them at 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438.
If you are in the European Union, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.