PRIVACY POLICY



Supernova Pte Ltd. and its affiliates and subsidiaries (“Supernova”, “Supernova Group”, “we”, “us”, “our”) are committed to safeguarding your privacy rights and ensuring that your personal data is protected. This Privacy Policy explains our use of your personal data when you use our websites (the “Sites”) and/or interact with us through social media or adverts and content on third party websites.

The relevant Supernova entity that is responsible for your personal data will be the Supernova entity that you provided your personal data to; however as we may share your personal data within our group, other Supernova entities may also use your personal data in accordance with this Privacy Policy.

For further information about the Supernova entities who act as controllers of your personal data, please click here

COLLECTION OF INFORMATION

Site Visitors: when you visit one of our Sites, we collect various types of information, such as browser type, IP address, date and time of visit, average time spent on the Site, cookie ID, hyperlinks that you have clicked, and websites you visited before arriving at our Site. We also collect information such as, your name and email address when you contact our Customer Services Team.

Guest Checkout: when you place an order for goods via one of our Sites as a guest, we collect your name, contact details, order details, and tokenized payment details.

Account Holders: when you open an account with us and place an order for goods via one of our Sites as an account holder, we collect your name, contact details, passwords, transactional history, and tokenized payment details.

You may also provide us with personal data in other ways, such as if you communicate with us through social media or participate in our promotions.

USE OF INFORMATION

Depending on how you interact with the Sites (i.e., depending on the services, products or functionalities you choose to use), we will process your personal data for the following purposes:

Purpose

Legal Basis

When you visit our Site:

To provide support and to respond to your requests and enquiries

We have a legitimate interest to respond to your requests and enquiries for ongoing business administration

To personalize your visit to our Sites and to assist you while you use the Sites

We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be

To improve the Sites by helping us understand who uses the Sites

For fraud prevention and detection and to comply with applicable laws, regulations or codes of practice

To comply with our legal or regulatory obligations

To contact you to tell you about products and services offered by us as well as other promotions and competitions, which we believe may interest you unless you advise us that you do not wish to receive marketing or market research communications from us

If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent.

If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details below.

We have a legitimate interest to carry out direct marketing

For tailored advertising on third party sites either because of the website you are viewing, or based on your interests which we have inferred from your information.

With your consent, if required by applicable law.

If you no longer wish to see tailored advertising, you can amend your cookie preferences (see section: COOKIES / TRACKING TECHNOLOGY / LOGFILES).

When you open an account with us and/or purchase goods online:

To provide goods or services to you

To manage and perform our contract with you

We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be

To manage and maintain our relationships with you and for ongoing customer service

To enforce or defend our rights, ourselves or through third parties to whom we delegate such responsibilities

To share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including screening transactions, reporting suspicious activity and complying with production and court orders

To comply with our legal or regulatory obligations

To report tax related information to tax authorities

To investigate and resolve complaints and manage regulatory matters, investigations and litigation

To monitor electronic communications for investigation and fraud prevention purposes, crime detection, prevention and investigation

To comply with any of our applicable legal, or regulatory obligations. For example, if you are a business customer we need to process your information to verify your identity and undertake necessary due diligence checks.

The day to day running and management of the business including to:

  • monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use;
  • perform general, financial and regulatory accounting and reporting;
  • compile or aggregate personal data in certain data analyses, or reports;
  • monitor and record calls for quality, business analysis, training and related purposes in order to pursue our legitimate interests to improve our service delivery;
  • protect our legal rights and interests; or
  • share such personal data with third parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business;

We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests

To comply with our legal or regulatory obligations

Your Right to Object - Please note that you have a right to object to processing of your personal information where that processing is carried out for our legitimate interest or for direct marketing purposes.

Where we require your personal data to comply with legal requirements, failure to provide this information means we may not be able to accept you as a customer and/or may be unable to process your purchases. We will tell you when we ask for your information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.

COOKIES / TRACKING TECHNOLOGY / LOGFILES

Like many websites, the Site employs cookies and web beacons (also known as clear GIF technology or “action tags”) to speed up your navigation of the Site, recognize you and your access privileges, and track your Site usage.

Cookies are small pieces of information that are stored as text files by your Internet browser on your computer’s hard drive. Most Internet browsers are initially set to accept cookies. You can set your browser to refuse cookies from web sites or to remove cookies from your hard drive, but if you do, you will not be able to access or use portions of the Site. We have to use cookies to enable you to select products, place them in an online shopping cart, and to purchase those products. If you do this, we keep a record of your browsing activity and purchases. THE SITE’S COOKIES DO NOT AND CANNOT INFILTRATE A USER’S HARD DRIVE TO GATHER A USER’S CONFIDENTIAL INFORMATION. Our cookies are not “spyware.”

Web beacons assist in delivering cookies and help us determine whether a web page on the Site has been viewed and, if so, how many times. For example, any electronic image on the Site, such as an ad banner, can function as a web beacon.

We may use third-party advertising companies to help tailor site content to users or to serve ads on our behalf. These companies may employ cookies and web beacons to measure advertising effectiveness (such as the web pages visited or products purchased and in what amount). Any information that these third parties collect via cookies and web beacons is not linked to any personal data collected by us.

As an example, Facebook collects certain information via cookies and web beacons to determine which web pages are visited or what products are purchased. Please note that any information collected by Facebook via cookies and web beacons is not linked to any customer's personal data collected by us.

SHARING OF INFORMATION

We may share your personal data within the Supernova Group to allow us to provide our goods and services to you and to market products sold by other Supernova Group entities, including to the entities on the Controller List.

We may use trusted third parties to provide us with services (e.g., technical support for the Sites, fulfilment of your order, payment processing, marketing, data analyses firms, web-hosting companies, and support services) who may have access to your personal data. All service providers are permitted to use data only for the purpose of performing services on our behalf.

We may share your personal data with competent authorities, courts and bodies in response to a court order, summons or subpoena, regulatory requests, or as permitted or required by law when we reasonably believe it is necessary or appropriate to investigate, prevent or take action against illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.

We may also disclose your personal data to any third party that acquires, or is interested in acquiring, all or part of our assets or shares, or that succeeds us in carrying on all or part of our business.

INTERNATIONAL TRANSFER OF INFORMATION

Some of the recipients above are located in countries outside of the European Economic Area (“EEA”) including in Singapore and the U.S., and which are not considered by the European Commission to provide an adequate level of data protection.

Where we transfer your personal data to such recipients, we will enter into an EU-style data transfer agreement with the recipient or seek assurances from the recipient that they are EU -U.S. Privacy Shield certified or have Binding Corporate Rules in place.

More details on the transfer mechanisms can be obtained using the contact details at the end of this Privacy Policy.

COMMITMENT TO DATA SECURITY

To protect your personal data, we take reasonable precautions and follow the industry’s best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. Your personally identifiable information is kept secure and encrypted during the type of transmission.

For payments we are using a certified payment gateway provider. All credit card details are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. We therefore do not see or keep your credit card information.

While we use industry-standard precautions to safeguard your personal data, we cannot guarantee complete security. 100% complete security does not presently exist anywhere online or offline.

RETENTION OF INFORMATION

We will retain your personal data as necessary for the provision of the goods/services, internal analytical purposes, or to comply with our legal obligations, resolve disputes and enforce agreements (e.g. settlement). The criteria used to determine the retention periods include:

  • how long the personal data is needed to provide the goods/services and operate the business; 
  • the type of personal data collected; and 

whether we are subject to a legal, contractual or similar obligation to retain the data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).

YOUR RIGHTS

If you are located in Europe and/or you are a customer of Supernova UK Pty Ltd, and certain requirements are fulfilled, you have the right to:

  • request access to personal data we hold about you;
  • the correction of your personal data when incorrect, out of date or incomplete;
  • request that we erase your personal data;
  • opt-out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reason to do so;
  • request that we restrict the processing of your personal data – i.e., we would need to secure and retain the data for your benefit but not otherwise use it; 
  • withdraw your consent at any time; and
  • the portability of personal data – i.e., ask for a copy of your personal data to be provided to you, or a third party, in a digital format

All such requests should be made using the contact details set out below. Please be advised that if you request that your personal data be deleted, you may no longer be able to access or use certain parts of the Sites. You may also, at any time, request for the modification or deletion of your account or personal details such as name, surname, address, country of residence, and payment card details.

We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details below.

You also have the right to lodge a complaint about the processing of your personal data with the data protection authority.

LINKS TO OTHER WEBSITES

Our Sites may contain links to other websites that are not operated or controlled by us. We do not control such third-party websites or their privacy practices.  Any personal data you choose to give to third-party websites is not covered by this Privacy Policy.

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time. We will notify you of any material changes via e-mail or through a notification on our Sites. Any changes to the this Privacy Policy will become effective immediately after being posted. We encourage you to periodically review the this Privacy Policy to stay informed of changes and on how we are protecting your personal data.

MINORS

You must be aged 16 or over to use the Sites and our other digital offerings. We do not solicit or knowingly collect personal data from children aged 16 and under. If we are made aware that we have received such information, or any information in violation of our policy, we will use reasonable efforts to locate and remove that information from our records.

CONTACT US

If you have questions in relation to this Privacy Policy or our use of your personal data, or you would like to exercise your data subject rights please send your request to the Supernova Data Protection Officer: privacy@supernova.xyz

CONTROLLER LIST

Supernova UK Pty Ltd of Suite 1, 3rd Floor, 11-12 St James’ Square, London SW1Y 4LB UK
Supernova Pte. Ltd. of 20 Martin Road, #10-01 Seng Kee Building, Singapore 239070
Supernova AU Pty Ltd of Lvl 2, Duckboard House, 91-93 Flinders Lane, Melbourne 3000 Australia
Supernova USA Inc. of 4th floor, 12655 W Jefferson Blvd, LA, CA 90066 USA
Supernova North America Enterprises Ltd of 1700-1075 West Georgia Street, Vancouver, BC, Canada V6E 3C9
Supernova (India) Private Limited of B183, Sector 14, Noida Uttar Pradesh, India 201301
Skinnymint Pte. Ltd. of 6001 Beach Road, #22-01 Golden Mile Tower, Singapore 239070
Sand & Sky Pty Ltd of Lvl 2, Duckboard House, 91-93 Flinders Lane, Melbourne 3000 Australia
Coco & Eve Limited of 20 Martin Road, #10-01 Seng Kee Building, Singapore 239070

Last updated February 2019