globe-icon
Contact Us
menu-icon
globe-icon
phone-icon
pdpa

GoPomelo's Privacy Policy

Personal Data
Scope of this Privacy Policy
Personal Data that the Company collects, use, or disclose
Source of the Receipt of Your Personal Data 
Purpose for Personal Data Collection
Disclosure of your Personal Data
Sending or Transferring of Personal Data Overseas
Storage of Personal Data and Duration of Storage of Personal Data
Services provided by third parties or sub-provider
Connecting to third parties site
Security of your Personal Data
The Rights of the Owner of the Personal Data
Cookies*
Amendments on Personal Data Protection Policy

 
 

Personal Data Protection Policy of GoPomelo Group (“Privacy Policy”)

Recitals:

GoPomelo and its affiliates (hereinafter referred to as the "Company" or the “GoPomelo Group”) are committed to conducting business in full compliance with all applicable laws, particularly those related to the protection of Personal Data. We respect the privacy rights of all individuals and ensure that Personal Data is safeguarded at every stage of our business processes.

For the purposes of this Privacy Policy, "Company" or “GoPomelo Group” refers to GoPomelo Co., Ltd., GoPomelo X Co., Ltd., GoPomelo Pte. Ltd., GoPomelo Sdn. Bhd., GoPomelo Vietnam Co., Ltd., GoPomelo HK Ltd., and PT GoPomelo Cloud Indonesia.

This Privacy Policy outlines the types of Personal Data collected, the purposes for which the data is gathered, used, or disclosed, the retention period, and the categories of individuals or entities to whom the Company may disclose the collected Personal Data. It also describes data subject rights and the security measures implemented to protect Personal Data in compliance with legal provisions, as well as other relevant details regarding the Company's Personal Data management.

This Privacy Policy is also considered part of the terms and conditions for using the Company's services. The Company may amend, update, modify, or change this policy as necessary. Any changes will be communicated to you, and your consent will be requested in accordance with applicable Personal Data protection laws.

1. Definition

“Personal Data” refers to any information related to an individual that enables the identification of such a person, whether directly or indirectly, but does not include information of a deceased person, as specified by the applicable Personal Data Protection Laws.

“Sensitive Personal Data”  refers to specific categories of Personal Data as defined by applicable Personal Data Protection Laws, including but not limited to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability status, trade union membership, genetic data, biometric data, or any other data that may affect the data subject in the same manner as prescribed by the competent authority.

“Data Subject” refers to an individual who owns the Personal Data collected, used, or disclosed by the Company.

“Data Controller” means a person or entity having the authority to make decisions regarding the collection, use or disclosure of Personal Data.

“Data Processor” refers to a person or entity that collects, uses, or discloses Personal Data on behalf of and under the instructions of the Data Controller. The Data Processor does not have independent authority to decide on the purposes or means of processing Personal Data.

2. Scope of this Privacy Policy

This Privacy Policy applies to Data Subjects whose Personal Data is processed by the Company, including its officers, employees, business units, or any other entities operated by the Company. It also applies to third-party Data Processors that handle Personal Data on behalf of the Company in relation to the Company’s products and services, such as websites, applications, documents, or other communication channels (collectively, the "Services").

If there is any conflict between this Privacy Policy and a specific Privacy Notice issued for certain products or services, the provisions of the Privacy Notice shall prevail.

Individuals who have a relationship with the Company under the provisions of the above paragraph include:

  1. Individual customers, candidate
  2. Officers or operators
  3. Individual vendors and service providers
  4. Directors, attorneys, representatives, agents, shareholders, employees or other individuals that are related to the business of the Company
  5. Users of the Company’s products or Services
  6. Visitors or users of the Company’s website www.gopomelo.com including systems, applications, devices or other communication channels which controlled by the Company
  7. Other individuals whose the Company collects the Personal Data from, such as job applicants, relatives of the employees and beneficiaries in the insurance policy, etc.
No.1 - No. 7 collectively called “You”

In addition to this Privacy Policy, the Company may issue a Privacy Notice ("Notice") for certain products or services to inform Data Subjects about the processing of their Personal Data, including:  The types of Personal Data collected, the purposes and legal basis for processing, the retention period for Personal Data, and the rights of the data subjects

In the event that there is a conflict in relation to contents between this Privacy Policy and Notice, the contents in the Notices shall prevail.

3. Personal Data that the Company collects, use, or disclose

The Company may collect, use, or disclose, including cases where you have provided your consent to the Company, as follows. This depends on the Services you may use or the context of your relationship with the Company and other considerations that apply to the Personal Data collection. The types of information listed below are just the general framework for collecting your Personal Data by the Company. Providing however that, your Personal Data will be only applicable to the certain products or Services you may use or have a relationship with.

Types of Personal Data Descriptions and Examples
Personal Data

Your identifiers or information from official documents, such as first name, last name, middle name, nickname, signature, ID card number, nationality, driver’s license number, passport number, house registration information, professional license number (for each occupation), insurance identification number, and social security number.
Personal Characteristic Information

Date of birth, gender, height, weight, age, marital status, military service status, photographs, language skills, behavioral data, preferences, bankruptcy status, and legal capacity status.
Contact Information

Home phone number, mobile phone number, fax number, email address, home address, social media usernames (LINE ID, Instagram, Facebook), and accommodation details.
Employment and Educational Information Work history, job title, occupation, expertise, tax ID number, employment status, salary details, employment start/end dates, benefits, reference information, education background, degrees, and graduation dates.
Insurance Policy Information

Details about insurance policies, including policyholder, beneficiary, policy number, policy type, coverage limits, and claims history.
Social Relationship Information Political status, political positions, affiliations with the Company’s employees, contractor/vendor/customer status, and stakeholder status in relation to the Company.

Use of Company’s Service Information

Information related to service usage, such as account name, password, PIN, Single Sign-On (SSO ID), OTP, browsing history, cookies, geolocation data, and login credentials.
Sensitive Personal Data

Racial/ethnic origin, religion, disability status, political opinions, criminal records, biometric data (e.g., facial recognition), and health information.

Please note that if you do not provide consent for the processing of certain Personal Data, the Company may not be able to offer specific services. This may impact contractual obligations, service performance, or legal compliance.

4. Source of the Receipt of Your Personal Data 

The Company may collect your Personal Data through the following channels:

  1. The Company collects Personal Data directly from you through various service channels, such as during the process of applying or registering for jobs, signing contracts, submitting documents, completing surveys, or using products and services. This also includes interactions through other controlled service channels maintained by the Company, such as when you communicate with the Company in person at the office or through official communication channels supervised by the Company.

  2. The Company may collect Personal Data when you access the Company's website, products, or services, whether under a contractual obligation or a specific project. This may include tracking website usage behavior, monitoring service interactions, or utilizing cookies and similar technologies. The Company may also collect data from software installed on your device that interacts with the Company's services.

  3. The Company may collect Personal Data from external sources other than directly from the Data Subject, provided that these sources have the legal authority, legitimate grounds, or have already obtained consent from the Data Subject to disclose such information to the Company.

For example, the Company may receive Personal Data from:

  • Government agencies that link digital services to provide comprehensive public benefit services to Data Subjects.

  • Other government agencies where the Company has contractual obligations to act as a central information exchange center to support digital public services.

Contractual service providers where Personal Data is exchanged as part of the contractual relationship.

If you provide the Personal Data of third parties to the Company, you are responsible for informing those individuals about the details outlined in this Privacy Policy or the specific Privacy Notice for a product or service, as applicable. You must also obtain their consent where required before disclosing their Personal Data to the Company.

5. Purpose for Personal Data Collection

The Company process your Personal Data under the activities and purposes as followings:

(1)

The Company may use and process your Personal Data to fulfill contractual obligations, including:
  • Verifying your identity
    Contacting you to provide services or conduct transactions related to the sale and purchase between you and the Company
  • Exercising the Company’s legal rights regarding transactions related to the sale and purchase between you and the Company
  • Requesting payment for products or services

(2)

The Company may obtain your consent to collect, use, process, and disclose your Personal Data for the following purposes:
  • Sending marketing communications, advertisements, or promotional offers related to products or services of the Company, including those of its affiliates or business partners
  • Conducting direct marketing activities to promote the Company’s products or services
  • Analyzing your behavior in relation to the use of products or services of the Company, including its affiliates
  • Tracking your website activity through the use of cookies* and other tracking technologies to improve the Company’s services
  • Providing personalized content based on your website browsing behavior

(3)

The Company may collect, use, disclose, process, or transfer your Personal Data for the following purposes:
  • Contacting you to offer products or services after you have provided feedback, suggestions, or requested improvements to products or services
  • Monitoring website access and online service usage to improve the Company’s website and online presentation of products or services
  • Verifying identity for security purposes and preventing fraudulent activities
  • Disclosing Personal Data where necessary for investigations, prevention, or retaliation against suspected illegal or fraudulent activities to protect the safety, rights, and assets of the Company or third parties
  • Using your Personal Data to protect the Company’s legal rights, including but not limited to defense, analysis, investigation, negotiation, resolution of disputes, or legal proceedings
  • Disclosing your Personal Data for internal audits
  • Complying with relevant laws and internal management operations
  • Ensuring business continuity and safety

(4)

The Company may disclose, process, or transfer your Personal Data to comply with relevant laws, including:
Disclosing Personal Data to government authorities or legal entities that have the legal authority to access such information, as required by law enforcement

 (5)

The Company may collect sensitive Personal Data without obtaining your consent in the following cases:
  • To prevent or mitigate harm: When necessary to prevent or stop danger to life, body, or health, and the Data Subject is unable to provide consent for any reason.
  • Publicly disclosed information: When the Data Subject has explicitly made such information publicly available.
  • Legal claims and compliance: When necessary for the establishment, compliance, exercise, or defense of legal claims.
  • Compliance with laws related to public health and employment: When necessary to comply with preventive medicine, occupational health, employee assessments, medical diagnosis, or public health measures, provided that the Company implements appropriate safeguards to protect fundamental rights.

If it is necessary for the Company to collect your Personal Data for the purpose of contract performance, legal compliance, or legitimate interest in order to enter into a contract with you, and you refuse to provide your Personal Data or object to its processing for these purposes, the Company may be unable to provide certain services, either in whole or in part, as requested by you.

6. Disclosure of your Personal Data

The Company shall not disclose your Personal Data to any third parties for the purpose of direct marketing in the event that the Company has not obtained your prior consent. In the event that the Company has obtained your consent or received your approval to disclose your Personal Data in any other cases, the Company is entitled to disclose your Personal Data only for the purpose that you have provided your consent to or agreed to disclose to.

The Company may disclose your Personal Data to individuals, entities, or organizations, including government agencies, private organizations, state enterprises, and public organizations, as necessary to achieve the purposes outlined above. The disclosure will be conducted in accordance with applicable laws and for the following purposes:

  1. Employees of GoPomelo in other countries, where GoPomelo operates, are subject to Personal Data protection policies and security measures that meet appropriate standards. Since employees in different departments perform different duties, your Personal Data  may be shared with them for various reasons, including:
     
    • GoPomelo Group employees worldwide who handle IT operations.
    • GoPomelo’s affiliates worldwide if you have expressed interest in a particular job position, or if a GoPomelo employee identifies you as having specialized skills relevant to a specific job role.

      The followings are the names and details of the Company’s affiliates:
    • GoPomelo Co., Ltd.
    • GoPomelo Holding Pte. Ltd.
    • GoPomelo Sdn. Bhd.
    • GoPomelo X Co., Ltd.
    • PT GoPomelo Cloud Indonesia.

  2. Product owners for the purpose of maintaining a record of purchase history, and in such cases, the Company will only disclose information necessary for such operations and only to the relevant product owners.
  3. Government agencies in compliance with legal requirements, regulations, and governmental orders, including but not limited to the Revenue Department, Social Security Office, Department of Business Development, Office of the Consumer Protection Board, Industrial Standards Institute, Customs Department, Department of Employment, Office of Labor Protection and Welfare, Department of Skill Development, Stock Exchange, as well as banks and financial institutions.
  4. Business partners in compliance with relevant contractual obligations and agreements, including financial institutions, insurance companies, healthcare providers, securities companies, and asset management companies, in order to ensure your benefits and welfare.
  5. Professional service providers, such as financial consultants, legal advisors, quality management consultants, auditors, and internal auditors.
  6. IT and infrastructure service providers, including cloud storage service providers and IT infrastructure support.
  7. Marketing and statistical data providers responsible for marketing services, statistical data analysis, advertising, public relations, and communications 
  8. In cases where government regulations, legal mandates, regulatory orders, or judicial orders require disclosure of your Personal Data, the Company must comply with such legal requirements.
  9. The successor or prospective transferee, who will be required to comply with the privacy policy outlined in this Privacy Policy, if the Company transfers its rights and obligations, including a business transfer, merger, or restructuring, your Personal Data may be disclosed to 

In addition, the Company may require to disclose your Personal Data for investigation or legal action as requested from any governmental authorities or regulatory authorities, including transfer your Personal Data to the credit bureau authorities for inspection in order to prevent fraud or corruption conducts.

7. Sending or Transferring of Personal Data Overseas

In some cases, the Company may be required to send or transfer your Personal Data abroad in order to provide services to you. For example, this may include transferring your Personal Data to a cloud system where the platform or server is located in a foreign country (e.g., Singapore or the United States) to support information technology systems located outside of the country in which you reside. However, this depends on the specific services you use or are involved in on a case-by-case basis.

When the Company needs to send or transfer your Personal Data to another country, it will ensure that the data being transferred is adequately protected in accordance with international standards or legal requirements. The Company will implement the following measures:

  1. Complying with legal requirements that mandate the Company to send or transfer Personal Data abroad.
  2. Notifying you and obtaining your consent if the destination country has insufficient Personal Data Protection standards, as determined by the Data Protection Committee's official list of countries.
  3. Transferring data as necessary to fulfill the Company’s contractual obligations with you or to comply with your request before entering into such a contract.
  4. Transferring data as required under contracts between the Company and other individuals or legal entities for your benefit.
  5. Preventing or mitigating harm to life, body, or health when you are unable to provide consent at that time.
  6. Transferring data as necessary for public interest or when assigned by official authorities.

8. Storage of Personal Data and Duration of Storage of Personal Data

The Company will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Privacy Policy or any applicable notice, unless a longer retention period is required or permitted by law, auditing, or compliance obligations.

Once the retention period expires, and your Personal Data is no longer necessary for the purposes for which it was collected, the Company will delete, destroy, or anonymize your Personal Data in accordance with the data destruction standards set forth by the Personal Data Protection Committee, applicable laws, or recognized international standards.

However, in the event of disputes, legal claims, or the exercise of rights related to your Personal Data, the Company reserves the right to retain your Personal Data until the dispute is resolved by a final court order or judgment.

The Company will not retain your Personal Data longer than necessary for the purposes specified in this policy. However, if applicable laws require the Company to retain your Personal Data beyond the stated retention period, the Company will continue to protect your Personal Data in compliance with the relevant legal requirements.

9. Services provided by third parties or sub-provider

The Company may assign or engage third parties (Data Processors) to process Personal Data on its behalf. These third parties may provide services in various forms, such as hosting, outsourcing, cloud computing services/providers, or other types of contract-based services.

When assigning third parties to process Personal Data as a Data Processor, the Company, as the Data Controller, will enter into a formal agreement with the Data Processor. This agreement will specify:

  • The rights and obligations of both the Company (Data Controller) and the Data Processor
  • The types of Personal Data the Data Processor is authorized to process
  • The purposes and scope of the Data Processing
  • Other relevant terms and conditions that the Data Processor is required to comply with

The Data Processor must process Personal Data strictly within the scope defined in the agreement and under the Company’s instructions. It is strictly prohibited for the Data Processor to process Personal Data for any other purpose. If a Data Processor engages a sub-processor to process Personal Data on its behalf, the Company will require the Data Processor to:

  • Provide documentation or an agreement between the Data Processor and the sub-processor
  • Ensure that the agreement between the Data Processor and the sub-processor follows the same or higher standards as the agreement between the Company and the Data Processor

10. Connecting to external websites of services

The Company's services may include links to third-party websites or online services. These third-party websites or services may have privacy policies and practices that differ from this Privacy Policy. The Company strongly recommends that you carefully review the privacy policies of such third-party websites or services before using them.

The Company has no control over and is not responsible for:

  • The content, availability, or security of third-party websites
  • The privacy and data security practices of such third-party services
  • Any losses or damages arising from your use of third-party websites

Third parties may collect and use your information for their own purposes, including behavioral tracking and advertising. This Privacy Policy does not cover the privacy practices of any third parties, and the inclusion of a link to a third-party website does not imply endorsement of its content, products, or services. These links are provided for your convenience only.

If you choose to access any third-party website linked to the Company’s services, you do so at your own risk and subject to that website’s terms and conditions. The Company is also not responsible for the privacy or data security practices of other organizations.

  • To protect your data, we recommend that you:
  • Review the privacy policies of third-party websites and services
Adjust your browser or mobile device settings to limit the disclosure of sensitive information, such as location data

Any Personal Data you provide through third-party websites, mobile applications, or social platforms will be subject to the privacy policy of that service provider, and not this Privacy Policy.

11. Security of your Personal Data

11.1 The Company has implemented technical measures and data management methods to appropriately maintain the security of your Personal Data, ensuring its confidentiality, and preventing loss, unauthorized access, destruction, misuse, alteration, modification, or disclosure of your Personal Data.

11.2 If certain transactions on the Company's website, application, or social networks require a password for login, you are responsible for keeping your password confidential. The Company will not be responsible for any Personal Data leakage or breach resulting from you sharing your password with others.

11.3 If you share a computer or mobile phone with others or use a public computer, the Company recommends that you:

    • Do not enable automatic password saving on the device
    • Log out every time you finish using the computer or mobile phone
    • Adjust your privacy settings appropriately when using the Company's website, application, or social networks

12. The Rights of the Owner of the Personal Data

The Company warrants that during the retention period, you have the following rights:

  • Withdraw any consent previously provided to the Company.
  • Request access to your Personal Data, obtain a copy of your Personal Data held by the Company, or request disclosure of the method by which your Personal Data was acquired, particularly if it was collected without your consent.
  • Request to receive your Personal Data from the Company and have it delivered or transferred to another recipient, including requesting receipt of your Personal Data that the Company has already sent or transferred.
  • Object to the collection, use, or disclosure of your Personal Data if it was collected without your consent or is being used for direct marketing purposes.
  • Request the Company to delete, destroy, or anonymize your Personal Data if the Company no longer needs to retain it.
  • Request the Company to suspend the use of your Personal Data if it is no longer necessary for the original purposes of collection.
  • Request the Company to ensure that your Personal Data is accurate, up-to-date, complete, and not misleading.
  • File a complaint with the relevant authorities if there is any unlawful conduct concerning your Personal Data under applicable laws.

You also have the right to request the deletion or suspension of the use of your Personal Data, transfer your Personal Data to another recipient as you prefer, and object to the processing of your Personal Data on reasonable grounds. Furthermore, you may file a complaint with the Personal Data Protection Committee if there is a violation of data protection laws.

However, your exercise of rights must comply with applicable laws, and the Company may refuse to fulfill your request if it can rely on other legitimate grounds. In such cases, the Company will provide you with the reason for its refusal.

The Company does not charge any fees for the exercise of your rights. However, if your request for access to Personal Data is excessive or unreasonable, the Company reserves the right to charge an appropriate fee.

You may contact the DPO (Data Protection Officer) at any time to file a request regarding your rights via the contact channels specified by the Company in the Data Subject Right Form. The Company will review and respond to your request without undue delay, within thirty (30) days from the date of receipt of your request.

13. Cookies*

Cookies are small data files sent from a website and stored on your computer. These cookies help record your browsing activities on the Company's website, including preferred languages, favorite lists, general usage, and other settings. This enables the website to be customized to better suit your needs and makes your browsing experience faster and more convenient.

You can adjust your browser settings to disable cookies. However, disabling cookies may affect your browsing experience, reduce website functionality, or cause difficulties in performing transactions with the Company through the website.

When you visit the Company's website, cookies may be placed on your device and used to collect your Personal Data to enhance your browsing experience and improve the website's functionality. You can manually manage or delete cookies through your web browser settings.

14.  Amendments on Personal Data Protection Policy

We may periodically update this Privacy Policy. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our Sites. Your use of the Sites following these changes means that you accept the revised Privacy Policy.

This Personal Data Privacy Policy is currently reviewed last time as of February 7, 2025