Last Updated: 30 July 2021
Personal Data (hereinafter “personal data”) refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.
OUR COMMITMENT TO PROTECTING YOUR PRIVACY
At Mycelium, we take your privacy very seriously and we are committed to protecting your personal and data privacy. To ensure that you can make informed decisions and feel confident about supplying your Personal Data (as defined below) to us when using our website, mobile and other services, we provide this notice outlining our practices and the choices you have concerning how your Personal Data is being collected and used by us.
DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA
Your personal data includes any information that you provide to us, that we collect or that we are provided with by third parties and that identifies you, or from which you are identifiable, whether directly or indirectly. We may collect, use, store and transfer the following personal data about you:
DATA YOU GIVE US:
when you make a booking on the Mycelium website or otherwise;
when you create an account on the Mycelium website;
by filling in forms on the Mycelium website;
when you use the Mycelium website;
when you sign up to receive email updates from us;
when you ask us to provide you with marketing communications such as newsletters, updates or information about special events or promotions;
if you ask us to keep in touch with you or provide you with personalised content (such as targeted advertising); if you contact us or correspond with us (for example, by phone, email or otherwise) for any reason; or
when you provide us with comments, opinions and/or feedback about the Mycelium.
DATA WE COLLECT ABOUT YOU WHEN YOU VISIT OR USE THE MYCELIUM WEBSITE
Technical information, including the type of device (and its unique device identifier) you use to access the Mycelium website, the Internet protocol (IP) address used to connect your device to the Internet, your unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, your device and component serial numbers, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating systems, mobile network information and platform and details of any referring website or application; and
Information about your visit to the Mycelium website including full Uniform Resource Locators (URL), clickstream to, through and from the Mycelium website (including date and time), pages you viewed, page response time, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Data we collect from or are provided with by third parties. We may be given information about you from third parties, such as social media platforms or anyone making a booking on your behalf at one of our subsidiaries, associated companies and/or business associates. We may also collect information that is publicly available, for example, when we interact with you through social media.
The provision of certain personal data by you to us as such including but not limited to:
Your personal information such as your name, gender, date of birth, passport or other personally identifiable number and information about your registered status with any of our subsidiaries, associated companies and/or business associates
Your contact information such as your telephone numbers, mailing addresses, email addresses, and fax numbers;
Your credit or debit card information and billing information, including name of cardholder, card number, billing address and expiry date;
Your business information such as company name, business title and associated contact information;
Your responses to market surveys and contests conducted by us or on our behalf. Certain Personal Data (particularly relating to your personal information, contact information and past medical history) are required for specific services and if you fail to supply such Personal Data as requested from each specific service, we may be unable to deliver you the services in full.
As may be indicated by Mycelium will be compulsory or obligatory in order for us to perform the relevant services for the identified purposes. We may not be able to perform the relevant services for the identified purposes if you fail to supply the relevant personal data.
HOW WE USE YOUR PERSONAL DATA AND THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
MARKETING AND YOUR CHOICES
We will, if you have given us your consent and in line with your choices, provide you with information by post, telephone, email and SMS, which may be of interest to you in respect of Mycelium. Where you have consented to receiving our direct marketing online this means that you could be presented with our advertisements while using the Mycelium website or the services of our online partners. For example, if you have given us this consent we may run a Facebook advertisement campaign, which could include our advertisements being presented to you while you are on Facebook. We may also personalise the content that you see using analytical or profiling tools. We will only provide you with marketing communications if you would like us to.
HOW WE SHARE, DISCLOSE AND STORE YOUR PERSONAL DATA
for marketing, business, administrative and legal purposes (for example, payment, or verification);
Facebook, Twitter or Instagram (if you use your account with them to sign up / in with us), if applicable;
service providers, business partners, suppliers, subcontractors or agents (for example, IT services, reservation, booking, rewards management, customer relationship management, business development and marketing support services) who perform functions such as marketing on latest offers and promotions in connection with our products, services and conducting market research, payment, fulfillment and delivery of orders, administration and processing of payments, as well as bookings and reservations;
professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, carrying out research and analysis, and personalising individual Mycelium customer experiences. We do not allow these vendors to use this information or to share it for any purpose other than to provide services on our behalf;
government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information) which may be within or outside of Singapore;
third parties, who acquire us or substantially all of our assets, in which case your personal data (including any sensitive personal data) will be one of the transferred assets (however, we will let you know before this happens);
analytics and search engine providers that assist us in the improvement and optimisation of the Mycelium website;
for your use of the online services available at any of our websites and/or through other telecommunication channels;
for the supply of any products and/or services which we may offer to you or you may require from us from time to time including text message (SMS) alerts;
to contact you regarding your enquiries;
to administer contests and sweepstakes conducted by us on our behalf;
to facilitate the payment for products and services provided by us or our subsidiaries, associated companies and/or business associates including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);
to improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties). We may from time to time use aggregate non-identifying information about our customers to better design our website and/or to improve our services and products. This means we may provide this information to third parties. However, this information will never identify any single user in particular.
Except as provided above, we will not knowingly or intentionally use or share the Personal Data you provide to use in ways unrelated to the aforementioned purposes without your prior consent.
Please note that your personal data may be transferred to and stored in countries which do not provide the same level of protection for personal data as under your local law. However, we will ensure that a similar degree of protection is afforded to it by ensuring that one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
As mentioned above, please note that the rights of governmental and law enforcement authorities to access your personal data may also differ depending on where your personal data is held. If you would like to find out more about this, please contact us using the details set out below. In addition, we may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of your jurisdiction) our subsidiaries, associated companies, business associates, service providers, and other persons who we consider appropriate, in connection with the services and products provided to or requested by you. We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 3, “Purposes for which the Personal Data are Collected and Used.”
The entities with whom we may share your Personal Data include but are not limited to:
Mycelium and the Emmanuel Stroobant Group and its subsidiaries and related companies;
Any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to Mycelium in connection with the operation of its business;
Other business associates such as loyalty programme operators and other companies involved in providing customer service or fulfilling customer requests;
Credit reference agencies;
Credit, debit and /or charge card companies and/or banks;
Government or non-government authorities, agencies and/or regulators;
Medical professionals, insurers and clinics/hospitals.
Where permitted by applicable local law, we may also disclose your Personal Data to third parties: (i) when required by law, by court order, or in response to a search warrant or other legally valid inquiry; (ii) to an investigative body; (iii) to enforce our agreements with you; (iv) when requested by other government or law enforcement authorities; (v) with your express consent, or, (vi) pursuant to our good faith belief that disclosure is required by law or otherwise necessary to the establishment of legal claims or defenses, to obtain legal advice, to exercise and defend our legal rights, to protect our rights or property and those of our subsidiaries or associated companies, or to protect the life, body or property of an individual. This also applies when we have reason to believe that disclosing the Personal Data is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Mycelium or as part of a corporate reorganisation or stock sale or other change in corporate control.
LINKS TO THIRD PARTY WEBSITE
SECURITY OF YOUR PERSONAL INFORMATION
We strive to maintain the safety of your Personal Information. Any payment transactions will be encrypted using SSL technology. And your financial information, such as credit card or bank account numbers; are processed and protected by our payment gateway Omise Payment SG Pte. Ltd. https://www.omise.co/privacy
Unfortunately, no internet-based service is completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
RETENTION OF PERSONAL DATA
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In addition, certain information may be stored indefinitely due to technical constraints, and will be blocked from further processing for purposes which are not mandatory by law.
HOW WE STORE AND SECURE YOUR PERSONAL DATA
We are committed to taking appropriate measures designed to keep your personal data secure. Our technical and organisational procedures are designed to protect your personal data from accidental, unlawful or unauthorised loss, access, disclosure, use, alteration, or destruction. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the Internet or any other public network can be guaranteed to be 100% secure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.
For example, we use Secure Socket Layer (SSL) protocol—an industry standard for encryption over the Internet—to protect in transmission the Personal Data we collect online. When you type in sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet. All electronic Personal Data that we maintain is securely stored and further protected through our use of appropriate access controls. When disposing of Personal Data, paper documents containing Personal Data are securely destroyed, and electronic files storing Personal Data are permanently deleted.
The personal data that we hold about you will be stored either on our servers or using third party data storage providers in Singapore or if elsewhere, in compliance with applicable data protection laws. We will notify you by email or contact you otherwise if a security breach occurs and such breach presents a high risk to your rights and freedoms.
YOUR LEGAL RIGHTS
You have the following rights with regard to your personal data:
You have the right to access data we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Rectification or erasure. You have the right to request that we rectify or delete any personal data that we hold about you (unless we have the legal right to retain it). This right does not extend to non-personal data. Please note that your rights to request erasure may be limited by applicable law.
You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful or we no longer need to your personal data for the purposes for which we hold it.
Data portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller if the legal basis for processing such personal data is consent.
Object /change of preferences. You have a right to request that we stop processing your personal data where we are relying on a legitimate interest (or those of a third party). You have the right to object where we are processing your personal data for direct marketing purposes. For example, if you have given your consent to receive updates or other marketing communications, but have changed your mind, you have the ability to opt out from receiving such communications going forward by contacting us using the details provided below or by clicking the relevant link in any communications you receive.
If for any reason you are not happy with the way that we have handled your personal data, please see below for further information and contact us. To exercise any of the rights mentioned above, please contact us using the contact details below.
We will comply with your request to exercise the above mentioned rights, to the extent required by applicable law. However, if you ask us to stop processing your personal data in certain ways or erase your personal data, and this type of processing or data is needed to facilitate your use of the Mycelium website or is required for us to provide you with a service (such as to manage your account), you may not be able to use the Mycelium website or the service as you did before.
This does not include your right to object to the processing of your personal data for the purposes of direct marketing. You can exercise this right at any time without restrictions. Please allow at least three (3) working days for your request to be actioned.
To protect your confidentiality and to comply with applicable data protection laws, we may need to confirm your identity before we can action your request (for example, we will respond to a request as long as the email address is identical to that you have registered with us or otherwise provided to us, we may ask for a scanned copy of your photo ID or for you to confirm details of your transaction history with us). When contacting the Data Privacy Office (details of which you can find below), please state your name and provide valid contact details. As mentioned above, protecting your confidentiality and complying with applicable data protection laws is important to us; Mycelium may therefore refuse to comply with any request unless it is supplied with such information as it may reasonably require to verify your identity. We will respond to your requests within a reasonable time and in accordance with the applicable data protection laws.
Where we need to seek updated, additional or different consents from you, we will, of course, do so.
QUERIES, COMMENTS, REQUESTS AND COMPLAINTS
380 Jalan Besar
You may also write to us via email at firstname.lastname@example.org