GOMI CORPORATION (hereinafter referred to as “GOMI”) takes the personal information of users very seriously, we establish and publicize the following Privacy Policy in order to protect the personal information of the personal information subject and handle related complaints quickly and conveniently.
GOMI CORPORATION is the 'data controller' of all personal data that may be collected, used and stored about you unless otherwise notified.
○ This Privacy Policy will be effective from February 26, 2025.
The Privacy Policy below will be updated when there are changes in laws or directives related to personal information, and there may be differences based on changes in Gomi's policies.
1. Types of information collected
Personal information collected from you may include the following items.
Your full name
Gender
Date of birth
Email address
Phone number
Social login ID
Device or other ID (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)
Nickname
Billing / shipping address
Financial information (e.g. credit card number)
Location data (country, city)
Connection cookies, such as pixels in emails, etc.
Product and service purchase history
Other information you may wish to send to us
Image, audio and video recordings
Records of communications with our service providers
Your searches, orders and the ads and content you interact with on the platform
Your usage and transaction history, including details about products and services relevant to you
How you use our services or platform
Aggregated data about the content you engage with
The above content only describes some general items, not all personal data items collected.
2. When data is collected (When)
We may collect personal data about you as follows.
When you open an account on our services or platforms
When you use your account in connection with social media or other external accounts
When you submit an application for our products and services or all forms including but not limited to online or in person
When you interact with us via telephone calls (which may be recorded), letters, faxes, in person, social media platforms and emails
When you use our electronic services, interact with us through our platforms or use services on our platforms
When you authorize your device to share information with our platforms
When you transact through our services
When you provide us with feedback or complaints
When you submit your personal data to us for any reason
The above content only describes some general cases, not all where your personal data is collected.
3. How we use the collected data (How)
We may collect, use, disclose and process your information for the following purposes.
Process your transactions with us or transactions/communications between us and third parties through the services we provide
Provide, operate and manage your account access to our services and platforms
Respond to, process and complete transactions with you, process your requests for certain goods or services and notify you of service issues or unusual account activity
Enforce our terms of service and other terms
Identify, verify, assess or understand customer intent
Maintain and manage software updates necessary for the smooth operation of our services and other updates
Research, analyze and develop service usage, etc. (e.g. data analysis, surveys, product and service development and profiling, etc.) to improve our services or products and enhance the customer experience
Communicate to you marketing and promotional information relating to our products and services through various means and media for marketing and advertising purposes
Carry out due diligence and assessments as required by legal or regulatory obligations, or in accordance with risk management procedures established by us
Verify our services and GOMI CORPORATION's business
Investigate any actual or suspected violations of our terms of service (fraud, illegal acts, omissions, illegal acts) in connection with your use of the services and other matters
Retention, storage and backup of your personal data within or outside the jurisdiction for disaster recovery and other situations
Other purposes we have notified you upon obtaining your consent
4. Sharing data with third parties (Who)
We will never sell your personal data to third parties. However, we may transfer your personal data to trusted third party service providers or group companies to provide services to you. We strive to keep your personal data safe from processing or similar risks such as unauthorized access, collection, use, disclosure, etc. by third parties and our subsidiaries, and only retain your personal data for as long as necessary.
(1) Third Party Service Providers
We work with a number of service providers to fulfil orders for products and services. This includes shipping goods when you purchase products and services from us.
We share financial information, including credit, debit card or other payment information, with third parties to ensure that your payments are secure and that your details are not misused.
We use chat service providers to respond to your questions and your personal data may be shared with service providers when you interact with us via chat.
We may be required to disclose your personal data to our insurers where it is deemed necessary based on our contractual relationship with the insurers.
We work with third parties to use pixels and cookies to serve relevant advertising content on our website, other websites, online media channels and applications.
In each case, we will only allow service providers to use your personal data to provide services to us, and will not allow it to be used for any other purpose.
(2) Government or regulatory authorities
Data may be provided to a government or regulatory authority if we are under a legal obligation to share or disclose your personal data, for example to law enforcement or public authorities, to prevent or detect crime or to respond to legal requests.
(3) Group companies
We may share personal data that we collect with other organizations within our group, where other companies share various business and operational processes with us.
(4) International transfers of personal data
We may need to transfer your personal data internationally in the following circumstances.
If you request a service to be performed by one of our group companies in a third country
If we work with a supplier who processes some of your personal data in a third country
5. International Data Transfer
We entrust personal information overseas to provide users with stability in providing services as well as the latest technology, personal information obtained or generated from users is stored in the database (direct storage location: Singapore) owned by AWS (Amazon Web Services Inc.). AWS only directly manages the server and cannot access users' personal information.
We entrust the processing of personal information overseas as follows.
Transferee: Amazon Web Service Inc.
Country of transfer: Singapore
Date and method of transfer: After collection, personal information is encrypted using a secure server and transferred directly to the data server via the communication network
Items transferred: All information collected when registering and using Gomi Mall, including name, gender, date of birth, email address, phone number, social network login ID, address, etc.
Purpose of use: Storing and managing log information, etc. such as members' collected personal information and service usage history such as orders, etc.
Duration of use: Until the service changes (until the change to use the cloud service that the company is currently using)
We take all necessary measures to ensure that your personal data transferred abroad is securely protected in accordance with Vietnamese law and GOMI's internal policies implemented from GOMI.
6. Children's Information
Our services are not intended for children under the age of 10 under the Personal Information Protection Act. We do not knowingly collect or maintain personal data or non-personally identifiable information from anyone under the age of 10. If we determine that an account user is a child under the age of 10, we may close the account and remove and delete personal data about that user.
7. Your rights
You have the following rights in relation to your personal data and actions taken with your personal data.
Right to erasure
You have the right to request the deletion of personal data relating to you in certain circumstances where we have no legitimate reason to continue processing it.
Right to be informed
You have the right to know about the collection and use of your personal data. We publish our policy on the collection and use of personal information through this ‘Privacy Policy’. In addition, we will notify you if there are any changes and will update and publish those contents in writing.
Right to object
You have the right to consent/object at any time to the collection and use of your personal data for direct marketing purposes.
Right to access
You can request access to the personal data we hold about you.
Right to data portability
Technically, if you are able, you have the right to transfer your personal data to us or another data controller in a structured, commonly used and machine-readable format.
You can take the following actions to withdraw your consent or edit any information you have provided to us.
If you want to withdraw your consent to items that require your consent to use our services, you can do so by cancelling your membership. However, you cannot re-register with the same account after cancelling your membership.
If you want to withdraw your consent to items that require your consent to be optional, you can change your consent directly on the personal information edit screen.
If you want to edit personal information that you have provided to us, you can edit it directly on the personal information edit screen.
There may be limitations to exercising your rights to personal data subject to the following exceptions.
Emails and social network login IDs are retained permanently to prevent duplicate service registrations.
Data necessary for processing your order and other complaints will be retained.
If we are legally obliged to share or disclose your personal data, for example to law enforcement agencies or public authorities, in response to a legal request, the data will be retained.
If you have any questions about your rights or would like to exercise your rights, please contact the telephone number specified in section ‘11. Contact’.
The processing time for complaints related to personal information is 7 days.
8. Security & Retention
(1) Security of personal data
We take the security of your personal data very seriously. We have implemented various strategies, controls, policies and measures to keep your data safe and we review this carefully. We use encryption technology to protect your data and use other security measures such as firewalls and password protection. This means that your data is protected and only employees who need the data to perform their jobs have access to it.
(2) Retention of personal data
Your personal data will be retained for the period necessary to achieve the purpose pursued at the time of collection. After achieving the purpose pursued, the data will be retained with limited access in relation to the legal retention period.
(3) Conducting periodic self-audits
To ensure the stability of the processing of personal information, we are conducting periodic self-audits (once a quarter).
(4) Minimize and train personal information processing personnel
We are implementing personal information management measures by designating personal information processing personnel and minimizing and limiting the work of the person in charge.
(5) Encryption of personal information
User passwords are encrypted, stored and managed so that only the user can know them. For important data, we use separate security functions, such as encrypting files and transmitted data or using file locking functions, etc.
(6) Restriction of access to personal information
We take necessary measures to control access to personal information by granting, changing and revoking access rights to the personal information processing database system and using intrusion prevention systems to control unauthorized access from outside.
(7) Access Control for Unauthorised Persons
We have a dedicated direct storage location to secure personal information and have established and operated access control procedures for that information.
9. Marketing
If you have provided your contact details, we may use that personal information to send you marketing messages by email, push notifications on the app and to keep you informed of current events, subject to the basic settings you have chosen.
We have a legitimate interest relationship to promote products using marketing messages for the purpose of sales or services as part of our business activities, unless you have requested otherwise.
When collecting your personal data, we will give you the opportunity to choose whether or not to receive marketing messages. There is also a way to stop or start receiving marketing messages if you change your mind. (Can be edited in profile settings)
10. Profiling and Automated Decision Making
We collect and analyze various types of information that you have provided or that is collected from your interactions with us to segment customers into groups to personalize and improve your shopping experience. We may use this information to decide which offers you may be interested in, through the method you choose to contact us for marketing purposes, or through automated decision making to improve your shopping experience, such as product and service recommendations or improving remote service experiences.
11. Contact Information
If you have any questions about this Privacy Policy or your rights under the Policy, please contact us using the following contact information:
Gomi Corporation
WhatsApp :
Updated date : 26.02.2025
