Privacy Policy

Privacy Policy

Dear Visitor, We are happy You stopped by. Let Us explain how We approach privacy. In this Notice below, “We”, “Us”, “Goodpack” shall refer to Goodpack IBC (Singapore) Pte Ltd and all the affiliates within the Goodpack group. This Privacy Notice relates to Our Sales and Marketing Register. We/Goodpack act as the Controller. You can contact us at privacy@goodpack.com and/or through ethics.hotline@goodpack.com because We take privacy seriously.

On What Legal Basis and for What Purpose Do We Process Personal Data?

We only process personal data for legitimate reasons (e.g. customer and prospective customers relationship management, invoicing, performance of a contract and/or a legal obligation). We process personal data to:

  • deliver and develop our products and services to meet our customers’ needs;
  • fulfill our contractual and other promises and obligations;
  • prepare for sales meetings and make offers to prospective customers;
  • take care of the customer relationship;
  • analyze and profile behavior;
  • enable electronic and direct marketing; and
  • target advertising in our online services.

We may outsource some of our IT management to outside service providers on whose server the personal data may be stored. We may then both process information together with such subcontractors processing on Our behalf (to get more information on our then acting subcontractors, please Contact Us). We may use the personal data stored in the customer register also for profiling purposes. If we do, then profiling would be carried out by creating a unique customer ID for the data subject and storing this ID on the device of the data subject. This enables us or our subcontractor to combine the data generated by the use of different products and services, and to create a profile of the data subject’s behavior. The purpose of this profiling would simply be to identify customers’ behavior to enable more targeted marketing and the development of our services to better meet our customers’ needs.

What Data Do We Process?

We process the following personal data of our customers or other data subjects (like individuals of prospective customers and other contacts) in connection with this Sales and Marketing Register:

  • Basic information of the data subject such as name*, date of birth, gender, identification number, customer number*, username and/or other identifier, mother language;
  • Contact information of the data subject such as e-mail address*, phone number, postal address;
  • Information of the company and company’s contact persons such as commercial registry ID number and names* and contact details* of the contact persons at the customer or prospective customers;
  • Information of the customership and the contract such as information of past and current contracts and orders, correspondence with the customer and other references, customer’s payment information and other information of the customership which the customer itself voluntarily provides;
  • Information of the connection and device the data subject is using such as the IP address, device ID or other device identifier and cookies;
  • Information related to the data subject’s direct marketing opt-out;
  • Other possible information gathered with the data subject’s consent.

(*) Committing personal data marked with an asterisk, is a requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide our products and/or services.

In addition, We may collect personal data via cookies or similar techniques, including, but not limited to:

  • Your IP address;
  • Your cookie ID;
  • Your web browser;
  • Your location;
  • The web pages You visit on our websites;
  • The advertisements you've viewed or clicked through; etc.

From Where Do We Receive Data?

We receive information primarily from the data subject him-/her-/itself. We also receive information via other people at the company a data subject works for (nominated noticee, contact persons in the contract, etc.), authorities, credit information companies, contact information service providers and other similar reliable sources. For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

To Whom Do We Disclose Data and Do We Transfer Data Across Borders?

We do not disclose information of the register to external third parties (other than Our IT subcontractors as mentioned above for the sole purpose of fulfilling their work for Us). We do however disclose the information among companies within the Goodpack group. We are, after all, a global network and we strive at providing our products and services to You, around the world. When We do transfer personal data across borders as a part of our operations, We make sure that the personal data in question is protected according to the privacy legislation in force from time to time.

Again, We both process information ourselves and use subcontractors that process personal data on Our behalf. We may outsource some of our IT management to outside service providers on whose server the personal data may be stored.

How Do We Protect the Data and How Long Do We Store It?

The information is collected into databases protected by firewalls, passwords and other technical measures. The databases and their respective backup copies are in locked premises and can be accessed only by certain pre-designated persons. Each user has a personal username and password to the systems where personal data are stored. We remind our employees on the importance of keeping their username and password safe on a regular basis.

We store the data as long as it is necessary for the purpose of processing the data. Personal data in the customer and marketing register is erased after the claim period related to a specific customer relationship or service has elapsed or the data related to marketing activities has been identified as outdated or unresponsive.

We regularly review the need for data storage taking into account the applicable legislation. In addition, we take all reasonable actions to ensure that no incompatible, outdated or inaccurate personal data are stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

What Are Your Rights as a Data Subject?

As a data subject You have the right to access the personal data stored in this register concerning Yourself, and the right to require rectification or erasure of that data. You also have the right to withdraw Your consent and the right to data portability.

As a data subject, You may, under certain conditions, have the right, according to EU’s General Data Protection Regulation (applied from 25.5.2018), to object to processing or to request that the processing be restricted, and to lodge a complaint with a supervisory authority.

For specific personal reasons, You may also have a right to object to profiling and other processing concerning You, when processing the data is based on the customer relationship. In connection to Your claim, You should identify the specific situation on which You object the processing. We can refuse to act on such request if the law allows. As a data subject You may have the right to object to the processing of Your personal data at any time free of charge, including profiling in so far as it relates to direct marketing.

All requests and requirements concerning this section should be submitted in writing to the e-mail address mentioned above.

Changes in this Privacy Policy

Should we make amendments to this privacy notice, we will place the amended notice on our website, with an indication of the amendment date.