Updated August 1, 2020
The Company has a contract with all Data Processors that it uses in compliance with Article 28 & Article 29 of the GDPR and ensures that all Data Processors are compliant with Data Protection Legislation. The policy does not apply to third party services. Where third party services are used, and the third party is not a Data Processor, no Relevant Data (as defined below) is shared with them, or the Relevant Data has been anonymised such that the GDPR does not apply. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties. In addition, a separate agreement governs delivery, access and use of the Products (the “User Agreement”), This policy applies to Relevant Data received and processed only.
Capitalised terms used in this Policy and not otherwise defined shall have the meanings provided below:
Gopass Global Family of Companies – the list of the Gopass Global family of companies is as follows:
Gopass Global Pte Ltd.
Gopass Global Risk Map, Gopass Global Health Rating Tool, Gopass Global Corporate Suite
Relevant Data – Personal Data and Special Categories of Data are the Relevant Data covered by this policy and as defined in the Data Protection Legislation.
Personal Data – any information relating to an identified or identifiable natural person.
Special Categories of Data – Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data and data concerning health or a person’s sex life or sexual orientation.
Processing/Processed – any operation on personal data, whether automated or not.
Contagious Disease – any infection subject to a specific health alert including epidemics and pandemics including but not limited to: COVID19, MERS, SARS.
When you interact with our Sites and Products, we collect information that, alone or in combination with other data, could be used to identify you (Personal Data). Some of the Information we collect is stored in a manner that cannot be linked back to you (Non-Personal Data). Gopass Global collects, generates and/or receives the following Information:
Certain data about the devices you use to connect with Gopass Global and your use of the Site and/or Product are automatically logged in our systems, including:
Gopass Global may receive data about Site visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
We receive Other Information when submitted to our Site or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Gopass Global.
Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.
Gopass Global does not knowingly collect personal information from children under the age of 15. If we determine we have collected personal information from a child younger than 15 years of age, we will take reasonable measures to remove that information from our systems. If you are under the age of 15, please do not submit any personal information through the Site and/or Products. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Sites and/or Products without their permission.
We use, process, and store your information as necessary to perform our contract with you and for our legitimate business interests, in operating our Sites, Products, Services, and business including:
We only disclose Personal Data to third parties when:
Some third-party applications and services that work with us may ask for permission to access your information. Those applications will provide you with notice and request your consent in order to obtain such access or information. Please consider your selection of such applications and services, and your permissions, carefully.
Some third parties’ embedded content or plugins on our Sites and/or Products, such as Facebook “Like” buttons, may allow their operators to learn that you have visited the Sites, and they may combine this knowledge with other data they have collected about your visits to other websites or online services that can identify you.
Data collected by third parties through these apps and plugins is subject to each parties’ own policies. We encourage you to read those policies and understand how other companies use your data.
From time to time, we may want to contact you with information about product announcements, software updates, and special offers. We also may want to contact you with information about products and services from our business partners. We only send marketing communications to users with your prior consent. All Gopass Global account holders will continue to receive transactional messages related to our Products, even if you unsubscribe from promotional emails.
Information submitted to Gopass Global will be transferred to, processed, and stored in Australia. When you use the Product on your computing device, user content you save will be stored locally on that device and synced with our servers. Once the data has been stored on our servers, it will no longer be stored on your computing device. To view any of these data on your device, a secure key is used to request upload from our server. Please note that your device will require an internet connection to access the data. If you post or transfer any information to or through our Site and/or Product, you are agreeing to such information, including Personal Data and user content, being hosted and accessed in Australia.
When you give us personal information, we take steps to make sure that it’s treated securely.
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology. Once we receive your data, we protect it on our servers using a combination of technical, physical, and logical security safeguards. The security of the data stored locally in any of our Product installed on your computing device requires that you make use of the security features of your device. We recommend that you take the appropriate steps to secure all computing devices that you use in connection with our Site and Product.
The Company takes the security of your data very seriously and works to protect your data from loss, misuse and unauthorised access or disclosure.
All staff and officers who handle Relevant Data are aware of this policy and have been given training in how to correctly collect, process, store and delete data. The Company holds a log of when staff training was undertaken and updates it on an annual basis.
All access or attempts to access your personal information are automatically monitored by the Gopass Global security systems and any Gopass Global officer who breaches our privacy and data protection rules will have their access suspended and may face disciplinary action and/or prosecution.
All breaches will be reported to the relevant supervisory authority within 72 hours, unless the data was anonymised or encrypted or if it has a particularly high risk. Breaches of this policy by staff, contractors, officers of the Company will be dealt with under the Company’s grievance and disciplinary policy and may lead to a disciplinary sanction.
If Gopass Global learns of a security system breach, we will attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on the Site. Depending on where you live, you may have a legal right to receive such notices in writing.
Gopass Global uses, processes, and stores Personal Data, as necessary to perform our contract with you, and based on our legitimate interests in order to provide the services in connection with the Product and maintaining Product’s functionality, namely:
In some cases, GGopass Global may process Personal Data pursuant to legal obligation or to protect your vital interests or those of another person.
What personal information will be collected, and why is it being collected?
We will ask you to consent to the collection of your:
If you are under 15 years of age, your parent or guardian will need to consent to the collection of your registration information and contact data.
You or your travel agent will be asked to upload your current travel itinerary – so that we can automatically upload your travel itinerary and alert you if any part of your itinerary is likely to be a threat to your health.
Your health score is calculated for the purposes of providing a risk score to add to the Gopass Global travel score. No personal data is ever kept by Gopass Global, without the direct consent of the user for reuse purposes, and not for any further data accumulation or use.
We will store all registration information and other data encrypted in the Singapore data store. It is a cloud-based facility, using infrastructure located in Singapore, which has been classified as appropriate for storage of data.
We will delete all personal data in the data store if you request this through the Gopass Global application
We will use or disclose your personal information to enable contact tracing by health officials. This includes:
the Australian Privacy Principles (APP)
Contact to find out more about privacy within the department, or to make a privacy enquiry or complaint
100C Pasir Panjang Road
#04-03 SLC House
Phone: +65 98378813
We may need to update this Policy to keep pace with changes in our Sites, Products, and Services, our business, and laws applicable to us and you. We will, however, always maintain our commitment to respect your privacy. We will notify you of any material changes that impact your rights under this Policy by email (to your most recently provided email address) or post any other revisions to this Policy, along with their effective date, in an easy-to-find area of the Sites, so we recommend that you periodically check back here to stay informed of any changes. Please note that your continued use of Gopass Global after any change means that you agree with, and consent to be bound by, the new Policy. If you disagree with any changes in this Policy and do not wish your information to be subject to it, you will need to stop using the Sites and/or Products.
Individuals located in the European Economic Area (EEA) have certain rights in respect to their personal information, including the right to access, correct, or delete Personal Data we process through your use of the Site and/or Product. Gopass Global applies the following to any Gopass Global user, regardless of their location.
To communicate with our Data Protection Officer, please email firstname.lastname@example.org
The Company is not established in the EU and therefore VeraSafe has been appointed as Gopass Global’s representative in the EEA for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union.
To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative. Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Prague 1, 11002
Contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative