Privacy Policy

Gingersnaps complies with the standards and requirements set forth by the Data Privacy Act (DPA) of 2012, its Implementing Rules and Regulations, and other data privacy guidelines issued by the National PrivacyCommission (NPC) or other relevant government agencies.

At Gingersnaps, we value your personal information and data privacy rights.

What Services are covered by this Privacy Notice? 

This Privacy Notice describes how we handle your personal information when you use this website and when you avail yourself of our services in any of our stores. Among others, the e-services may include the following:

• Customer service and marketing activities;
• E-commerce transactions;
• Order delivery and pick-up services; and
• Promotional activities for events

This also outlines the purposes for which we use your personal information and the measures we
implement to protect the privacy and security of your information.
References in this Privacy Notice to “we,” “us,” or “our” are references to Gingersnaps.

This Privacy Notice DOES NOT cover the processing for:

• Recruitment and employment purposes. The corresponding Privacy Notice on the applicable Careers Website(s) and in the respective employment contracts with our employees covers these.

• Identifiers. Personal identifiers and profile data, such as full name, email address, home or delivery address, signature, and loyalty account number.
• Contact Data. Contact data may include a mobile number or telephone number.

• Technical Data. Technical data such as cookies, web beacons, and other similar technologies for storing information may be used to collect your Internet Protocol (IP) address, computer / mobile device operating system information, type of web browser used, Unique Device Identifier (UDID) or mobile equipment identifier (MEID) and browsing behavior.

• User Profile Data. User profile data may include username (e.g., mobile number and email address) and nominated password.

• Payment Data. Payment data includes the name of the issuing bank, the name of the cardholder, the first six digits and last four digits of the credit or debit card used or masked card information, the e-wallet account number, and the amount involved. These details are used for payment verification and payment-related concerns, such as requests for refunds or similar complaints.

• Email Address. Subscription to our newsletter entails the submission of your email address

We will use your information only for the following legitimate purposes:

• Providing you with products, services, promos, or activities that you have availed;
• Processing your reservations, orders, payments, and completing your transactions with us;
• Contacting you in relation to your inquiries, requests, or complaints;
• Maintaining your accounts when you register in or use our digital platforms, including our mobile applications;
• Verifying your identity when you access your account;

• Performing data enrichment, data analytics, and profiling for statistical, marketing, analytical, and research purposes;
• Conducting business analyses to improve our goods and services;
• Sending out market surveys, campaigns, promotions, and other marketing activities;
• Communicating relevant products, services, and advisories to you;

• Complying with the requirements of the law and legal proceedings;
• Preventing, detecting, and investigating a crime;
• Pursuing or defending our legal claim;
• Security and General Business Operations:
• Ensuring the security of our website or mobile application; and
• Carrying out other legitimate business purposes.

• Ensuring the security of our website or mobile application; and
• Carrying out other legitimate business purposes.

Gingersnaps ensures that your personal information shall be shared only in a manner that respects your privacy and is in compliance with the requirements of the DPA. In certain circumstances, we may share your personal information with the following:

Our service group may access and use your personal information. These may include our marketing partners, consultants, technology partners, service providers, hosting providers, third-party logistics providers, courier service providers, administrators of our loyalty or point earning/redemption programs, and those that help us with our business activities. Through the execution of data privacy agreements or similar contracts, we require our service providers to keep your personal information secure, and we prohibit them from using or sharing your personal information for any purpose other than the Purposes declared in this Privacy Notice.

We may also share your personal data in compliance with applicable laws or when required by a competent court, relevant government office, or agency pursuant to DPA legislation and other applicable rules and regulations pertaining to data privacy.

We may process your personal information based on one or more of the following legal grounds:

• Consent: We may process your personal information and sensitive personal information based on your explicit consent. This means that you have provided clear and voluntary permission for us to use your data for specific purposes, which you can withdraw at any time. Please note, however, that should you opt to withdraw, modify, or limit the scope of consent provided, we may not be able to provide you with the services that you require. By continuously availing of our services or by your continued use of our website and mobile application, you reaffirm the consent you have provided and authorize us to process your personal data pursuant to this Policy.

• Contractual Obligation: If you have agreed with us, we may process your personal information to fulfill our obligations under that contract. This includes providing the services or products you’ve requested and managing the associated transactions.

• Legal or Regulatory Obligation: In certain situations, we may need to process your personal information and sensitive personal information to comply with legal or regulatory requirements, such as tax regulations, or to respond to lawful requests from government authorities.

• Legitimate Interests: We may process your personal information when it’s necessary for our legitimate interests, provided yourrights and interests do not override those interests. This could include improving our services, conducting marketing activities, or ensuring the security of our systems.

We will keep the personal information we collect about you for as long as necessary to carry out the Purposes set forth in this Privacy Notice or in accordance with prescribed retention periods under relevant regulations (e.g., BIR). We may also retain your personal data to enforce our legal rights whenever it is required under the DPA or upon lawful order of a competent court or relevant government agency.

Electronic files shall be erased, while physical records shall be shredded for disposal. When appropriate, anonymization techniques may be used to permanently remove identifiable information from our records. In all cases, we will ensure that personal information is destroyed in a way that prevents unauthorized people from accessing, processing, or retrieving it.

Risk is the chance that a harmful incident may happen. In the context of personal data, risk refers to the chance that someone might collect, use, disclose, or access your personal data in an unauthorized manner or in a way that may cause you harm. In order to ensure that the risks to your personal information are minimized, we employ various measures to safeguard your personal information. However, this does not guarantee protection against all threats, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority. In case a security incident occurs, we’re prepared to respond and manage such incidents in line with our policies and accordance with regulations.

We implement industry-standard security measures to protect the confidentiality, integrity, and availability of the personal data that we process. These security measures include the following:

• Appointing a Data Protection Officer;
• Conducting data privacy training and periodic refresher sessions across the organization;
• Instituting policies and procedures to safeguard personal data against any unauthorized or malicious access, alteration, and disclosure;

• Storing physical records of personal data in a locked and secure place accessible only to authorized personnel;
• Securely destroying records or files of personal data when such is no longer needed for any legal or business purpose;

• Implementing role-based access on our systems to ensure that only authorized personnel are granted access on a need-to-know basis;
• Performing periodic reviews of access rights;
• Deploying firewall equipment and similar network devices to protect our systems and network;
• Storing your electronic data in a secure IT infrastructure and utilizing up-to-date technology products to prevent unauthorized computer access
• Regularly running vulnerability scans on our systems and websites and performing other maintenance activities to ensure that your personal information is secure and
• Ensuring sensitive personal information is transmitted through secure channels and implementing encryption methods whenever suitable.

Our website collects device cookies to enable you to browse our website and to enable us to address your concerns and inquiries better. Cookies are small text files that are stored on your device when you visit our websites or use our apps. We utilize various cookies as described below.

• Necessary cookies: These cookies are essential for the website to function correctly. They allow you to browse our website and use its features, such as logging in and adding items to your shopping cart. Without these cookies, our site will not work the way it should.

• Analytics cookies: These cookies collect information about how you use our website, such as the pages you visit and the links you click. This information is used to improve our website and to make it more user-friendly.

• Functional cookies: These cookies remember your preferences, such as your language and font size. This allows us to provide you with a more personalized experience.

• Performance cookies: These cookies collect information about how our website is performing, such as how many visitors we have and which pages are the most popular. This information is used to improve the performance of our website.

• Advertisement cookies: These cookies are used to deliver relevant advertising content. The purpose is to provide you with customized ads based on your interests, searches, and browsing behavior.

• Third-Party Cookies: Third-party cookies, such as those from Google Analytics, Facebook Pixel, and TikTok, are also utilized for measurement, analytics, and ad personalization purposes. These cookies help us gain insights into user behavior and enhance our services. For more details, please refer to the respective third-party websites.

You may withdraw your consent by choosing the opt-out function in our cookie setting. However, your browsing experience may be affected by opting out of these third-party cookies. You may also later opt out of said third-party cookies after giving your consent by clearing your cookies and other site data in your browser settings.

Gingersnaps shall not knowingly collect the personal data of a person under 18 without any legal basis or consent of the minor’s parent or legal guardian. Should it come to our attention that the personal data of minors was provided without a legal basis or consent of the minor’s parent or legal guardian, such personal data shall be destroyed or deleted in a secure manner. Minors are advised not to provide any personal data, such as their name, age, gender, email address, or contact information, and should consult their parent(s) or guardian(s).

You are responsible for ensuring that the personal data you provide is accurate and up-to-date and that you are of legal age when you submit any data to us.

We encourage you to use the latest version of web browsers for your safety and security. Updated web browsers are typically equipped with security features that provide anti-phishing protection, improved parental controls, and tools to prevent malware and other privacy threats. We will not be liable for any damage, loss, injury, or claim that may result when you fail to comply with these obligations.

Please set and maintain your communication preferences so that we send communications to you in accordance with your preferences. You are not licensed or otherwise allowed to add other users to our mailing list (email or physical mail) without their express consent. You should not send any messages that contain spam, spyware, or viruses via the Website. If you would like to report any suspicious messages, please get in touch with us using our email address below.

• Right to be informed. You have the right to be informed of the collection and processing of your personal data and the purpose for which they will be processed, among others. Thus, you are required to read this privacy notice before giving your consent to the collection and processing of your personal data.

• Right to object. You have the right to object to the processing of your personal data. You will be given an option or opportunity to withhold your consent.
• Right to access your information. You have the right to obtain confirmation on whether or not data relating to you are being processed and other relevant information about the processing involved.

• Right to updating or rectification. You have the right to rectify or correct any inaccuracy or error in your personal data by submitting your request for rectification or correction.

• Right to erasure or blocking. You have the right to the erasure or blocking of your personal data in accordance with the DPA requirements, subject to restrictions imposed by other regulations.

• Right to damages. You have the right to be indemnified if you incur damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

• Right to data portability. You have the right to obtain a copy of your data in a structured and commonly used format by submitting a proper request.

• Right to file a complaint. If you have reason to believe that your personal information has been misused, maliciously disclosed, or improperly disposed of, or that your data privacy rights have been violated, you have the right to file a complaint.

If you intend to exercise any of your abovementioned data privacy rights, you may contact our Data
Protection Officer (DPO) using the contact details provided in the succeeding section.

For inquiries regarding the processing of personal data, as well as any concerns or complaints regarding data privacy, or should you want to exercise your rights as a Data Subject, you may contact the DPO using the information below:

We encourage you to submit your inquiry and concerns in writing for proper documentation and tracking. Upon receipt, we will respond within 15 days.

Gingersnaps may change this Privacy Notice from time to time without prior notice. Revised versions will be posted on this page, along with an updated effective date.

Last updated on July 31, 2024