Privacy Policy
We may amend this policy from time to time to ensure that this policy is consistent with any developments to the way Gateway uses your personal data or any changes to the laws and regulations applicable to Gateway.
- In this policy, “we”, “us”, “our” or “Gateway” means Gateway Pte Ltd, and “you”, “your” or “yours” means the persons to whom this policy applies.
- The security of your personal data is important to us. ICON has in place safeguards to protect the personal data stored with us. This policy describes how we may collect, use, disclose, process and manage your personal data.
- This policy applies to any individual’s personal data which is in our possession or under our control.
- In the event of any inconsistency between different versions of this policy, the English version shall prevail.
What Personal Data We Collect
“Personal data” is data that can be used to identify a natural person. The personal data we learn from you help personalize and continually improve your experience at the Platform. Types of personal data that we may collect are:
Personal particulars
You provide personal data when you download the app, search, read and watch the content, open an account, use the Services or communicate with us. As a result of those actions, you might supply us with the following information:
- biographical data, such as your full name, date and place of birth, ID or passport, gender, religion, nationality
- contact details (address, telephone number or mobile phone, email address)
- academic background, such as your prior and current schools, transcripts, school activities and disciplinary records;
- family background, including information on parents, guardian, siblings, estimated family income, etc.
- financial, credit, billing and account information
- photographic data such as, photo, handwriting, signature specimens and video clips;
- data related to your health and dietary information, such as medical conditions;
- images and recordings of our interactions with you.
All information that you add to your account is optional and may be changed or removed at any time. Gateway will not collect any personally identifiable information about you, unless you provide it.
Payment information
To purchase products or services within the Platform, you must submit a valid payment method and necessary billing information (e.g. full legal name, your billing address and phone number/email address). Your credit card information or payment information will be stored and processed by PayPal and Stripe (payment platforms) which will treat and safeguard your data with the exclusive purpose of processing the purchase of the Services. Gateway reserves the right to contract any payment platform available in the market, which treats your data for the exclusive purpose of processing the purchase of the Services.
If you do not wish to have your payment information stored, you may opt out of this. However, if you have purchased a product that requires a subscription (e.g. monthly, annually) you will have to manually re-enter your payment information at each billing interval. Failure to re-enter your payment information prior to the end of the billing period will result in the deactivation of your purchase and you may only access it by re-entering your payment information.
Content you create or submit
Once you begin using the Platform, all content you submit will be collected and stored. This includes, but is not limited to, your posts, comments, audio, images and video you broadcast or audio, images or video you upload in a post, messages (both private and/or to group chats), uploading or sharing files, reports of other users or content, images and recordings of our interactions with you, and any other communications with moderators. This is subject to change, but all Users will be notified in advance of any potential change.
We collect information relating to each User’s use of, and interaction with, the Platform, other Users, and the User Content shared within. This includes, but is not limited to, interactions with User Content, interactions with other Users, interactions with communities, and personal opinions made known to us (e.g. feedback or responses to surveys).
Automatic information
Data will be collected from the device you use to access the Platform and your use of the Services. This includes, but is not limited to, IP address, browser information, operating system, device settings (in relation to the Platform, e.g., if you have enabled microphone or camera), device information, pages visited, links clicked and search terms.
Furthermore, Gateway uses ‘cookies’ to personalize your experience within the Platform. A cookie is a small text file placed on your computer or mobile device when you visit a web site or use an app. Cookies collect information about users and their visit to the web site or use of the app, such as their Internet protocol (IP) address, how they arrived at the Platform (for example, through a search engine or a link from another web site) and how they navigate within the Platform. We use cookies and other technologies to facilitate your internet sessions and use of the Platform, offer you products and/or Services according to your preferred settings, track use of the Platform and to compile statistics about activities carried out on or through the Platform.
A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of the Platform but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting the Platform.
You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your Platform visit. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies and pixel tags, you may not be able to use certain features and functions of the Platform.
Information Collected by Third Parties
We work with service providers that perform audience measurement to learn demographic and behavioral information about the population that uses our Services.
Furthermore, we use Google Analytics provided by Google, Inc., USA (“Google”). These tool and technologies collect and analyze certain types of information, including IP addresses, device and software identifiers, referring and exit URLs, feature use metrics and statistics, usage and purchase history, media access control address (MAC Address), mobile unique device identifiers, and other similar information via the use of cookies. The information generated by Google Analytics (including your IP address) may be transmitted to and stored by Google on servers in the United States. We use the Google Analytics collection of data to enhance the website and platform and improve our service.
Usage of Your Personal Data
We may use your personal data to provide, maintain, protect and improve the Platform and the Services. We use personal data collected through the Platform to:
- develop and provide products or services (whether made available by us or through us);
- assess and process applications, instructions or requests from you or our customers;
- communicate with you, including to provide you with updates on changes to products and services (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products and services and their terms and conditions;
- manage our infrastructure and business operations and complying with internal policies and procedures;
- respond to queries or feedback;
- address or investigate any complaints, claims or disputes;
- comply with all applicable laws, regulations, rules, directives, orders, instructions and requests from any local or foreign authorities;
- monitor products and services provided by or made available through us;
- protect, investigate and deter against fraudulent, unauthorized or illegal activity; and
- seek professional advice, including legal advice.
We may also use personal data for purposes set out in the Terms of Use that governs our relationship with you.
We may also use your personal data to offer you products or services, including special offers, promotions, contests or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, facsimile and other mobile messaging services. In doing so, we will comply with the PDPA and other applicable data protection and privacy laws.
In respect of sending telemarketing messages to your Singapore telephone number via short message service, telephone calls, facsimile and other mobile messaging services, please be assured that we shall only do so if we have your clear and unambiguous consent in writing or other recorded form to do so or if you have not otherwise made the appropriate registration of that number with the Do Not Call Registry. If we have an ongoing relationship with you and you have not indicated to us that you do not wish to receive telemarketing messages sent to your Singapore telephone number, we may send you telemarketing messages to that number related to the subject of our ongoing relationship via short message service, facsimile and other mobile messaging services (other than a voice or video call).
You may at any time request that we stop contacting you for marketing purposes via selected or all modes.
To find out more on how you can change the way we use your personal data for marketing purposes, please contact us (please see the “How to contact us” section below).
Nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.
Your Rights
Withdrawing your consent
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at dpo@gateway-plus.com.
Upon receipt of your written request to withdraw your consent, we may require reasonable time for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent or to erase your personal data, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing or via email to our Data Protection Officer at dpo@gateway-plus.com.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
Erasing personal data
You may also request that we erase the personal data we hold about you including, but not limited to, where you believe it is no longer necessary for us to hold the personal data, or we are processing it based on your consent and you wish to withdraw your consent, or you believe we are unlawfully processing your personal data.
Upon request for erasure of your personal data, it will take us approximately thirty (30) days to delete your personal data. We will send you an update to inform you of the deletion. It is important to note that if we delete your personal data, it is permanent and we will not be able to retrieve such personal data.
Accessing and correcting incorrect information
You have the right to access or require us to correct any personal data held about you that is inaccurate and have incomplete personal data completed. Please contact us for details on how you may request such access or corrections. We will then assess whether a correction is required.
Deleting your account
You have choices and abilities to protect and limit our collection, use and sharing of your information while you use the Platform and the Services. As such, at any time and for any reason, you may delete your Gateway account. If you decide to delete your account, these actions will occur and they cannot be undone:
- your account, personal data, posts, and diagnosis data will be permanently removed;
- you will not be able to log in again to recover any of the User Content, and
- your profile to other Users will be anonymized
To avoid further charges, before you delete your account, please make sure that you cancel any active subscriptions you may have.
Protection of Personal Data
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Accuracy of Personal Data
We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email to dpo@staging2.gateway-plus.com
Disclosure and Sharing of Personal Data
We may from time to time and in compliance with all applicable laws on data privacy, disclose your personal data to any personnel of Gateway or to third parties, whether located in Singapore or elsewhere, as described below:
- third-party service providers: we may share certain specific information with companies and individuals we hire to carry out specific tasks for us as it is necessary for them to complete those tasks. For example, we work with secure payment processors, who process transitions with the app on our behalf. They require certain information to complete your transaction. We may also share limited information with advertisers or advertising platforms to help reach a specific audience that may be interested in our Services and to measure the effectiveness of our advertising. They have access to personal data needed to perform their functions, but may not use it for other purposes;
- Schools: We partner with Schools to deliver our Services. User Content may be provided to your School through the Platform. The Schools are neither our employees nor agents nor representatives. The Platform’s role is limited to enabling the Schools to access the User Content for the sole purpose of and solely to the extent necessary for monitoring and understanding the state of mental development of Users. We will share your personally identifiable information or non-identifying and aggregated information with Schools in order to fulfil our legal and contractual obligations to the Schools. While we require every School accessing User Content from the Platform or from us to agree to our Privacy Policy and will enter into confidentiality and non-disclosure agreements with all Schools that have access to the User Content which will prohibit them from using or disclosing the User Content except for the purpose of providing the Services, we do not guarantee absolute security. We are not responsible for the unauthorized acts of others and we assume no liability for any disclosure of information due to errors in transmission, unauthorized third-party access (such as through hacking) or other acts of third parties, or acts or omissions beyond our reasonable control.
- business transfers: in the event that Gateway creates, merges with, or is acquired by another entity, your information will most likely be transferred. Gateway will email you or place a prominent notice on the Platform before your information becomes subject to another privacy policy;
- enforcing our policies and rights: we release personal data when we believe release is appropriate to enforce or apply our Terms of Use and other agreements, or protect the rights, property, or safety of Gateway, our Users or others;
- legal compliance: if requested by a court or regulatory body, we may have to share information. Where possible or allowed, we will attempt to give your prior notice before your information is disclosed in response to any such legal request; and
- with your consent: other than as set out above, you will receive notice when personally identifiable information about you might go to third parties, and you will have an opportunity to choose not to share the information.
Please be assured that when we disclose your personal data to such parties, we require them to ensure that any personal data disclosed to them are kept confidential and secure. For more information about the third parties with whom we share your personal data, you may, where appropriate, wish to refer to the Terms of Use that govern our relationship with you. You may also contact us for more information (please see the “How to contact us” section below).
We wish to emphasise that Gateway does not sell personal data to any third parties and we shall remain fully compliant of any duty or obligation of confidentiality imposed on us under the Terms of Use that govern our relationship with you or any applicable law.
Transfers of Personal Data Outside of Singapore
We are based in Singapore. Our servers used to store and process information are located in Singapore and the United States. Depending on several factors, including user locations and availability of service providers, we may transfer, store, process and/or deal with your personal data outside Singapore. By using the Platform and the Services or in any other way providing us with your information, you consent to the transfer, processing, and storage of that information in Singapore and the United States and or other countries, wherein your rights may not be the same as they are in the country where you live. IIn doing so, we will comply with the PDPA and other applicable data protection and privacy laws obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
Other Web Sites
Our Platform may contain links to other web sites which are not maintained by Gateway. This privacy policy only applies to Gateway’s Platform. When visiting these third party web sites, you should read their privacy policies which will apply to your use of the web sites. If you disclose your information to others, whether other Users or suppliers on the Platform, different rules may apply to their use or disclosure of the information you disclose to them. Gateway does not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable. Gateway is not responsible for the privacy or security practices of other websites on the Internet, even those linked to or from the Platform. Gateway encourages you to ask questions before you disclose your personal data to others.
Retention of Personal Data
Your personal data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other legal or business purposes.
California Users
CalOPPA is the first state law in the United States to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. Furthermore, the California Consumer Privacy Act (“CCPA”) requires that we provide all residents of California with certain additional information. To understand this additional information and how it impacts you as a California resident, please read below.
Information we have collected in the previous twelve (12) months:
- identifiers (such as your Username, the email address you signed up with, phone number if you provided it, your IP address);
- commercial Information (transaction history if you have made purchases within the Platform);
- financial Data (your payment information you used for purchases, if any were made);
- internet or other network activity information (how you use and interact with the Platform and what content you may be most interested in);
- location Information (based off your IP address, or, if you authorize us to do so on your device, a more specific location);
- your Messages with other Users (such as private messages, chats, group messages etc.); and
- User Content.
In so far as we collect and or use your sensitive personal data as it is defined by laws like the CCPA, we do so in full accordance with every applicable legal requirement. Nor do we use or disclose that information for any purposes other than those that are not limited by the CCPA.
Information that is collected and used are for the purposes that are explained above in the sections “What Personal Data We Collect” and “Usage of Your Personal Data”. Information that is shared with third parties is also explained in the “Disclosure and Sharing of Personal Information” section. There are certain obligations set out in the CCPA that prohibit businesses selling or sharing personal data. We comply with these provisions and do not sell or share your information in any way that contravenes the CCPA. You have the right and ability to make choices concerning that how certain information as outlined above in the “Disclosure and Sharing of Personal Information” section is disclosed. The process for making such choices is explained in this Privacy Policy in the section “Your Rights”. Before your information can be deleted, you will be asked to sign into your account to verify your identity, or potentially requestion further information if needed to verify your identity. If you have any further questions or concerns, please email us at “dpo@gateway-plus.com”.
Under the “Shine the Light” law, California residents, under certain circumstances, also have the right to request information from us about the way we share certain types of personal data (as the “Shine the Light” law defines them) with third parties for their own direct marketing reasons. To obtain this information, please send an email to dpo@gateway-plus.com. Gateway currently does not share your personal data with third parties for direct marketing purposes.
EU Member’s Rights (GDPR Compliant)
If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances.
The rights are set out as follows:
- access and porting: you can access your information at any time;
- rectify, restrict, limit, delete: you can also rectify, restrict, limit or delete much of your information by contacting us;
- object: where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons;
- revoke consent: where you have previously provided your consent, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities; and
- complain: should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
Additionally, if you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe.
Children
We do not knowingly collect personal data from children under the age of 13 and do not target our Services to children under 13. If you are under 13, please do not submit any personal data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Data through any of our Services without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to us, please contact us, and we will endeavour to delete that information from our databases.