YOYA’S COMMITMENT TO USER DATA PROTECTION (2024 Update)
At YOYA, we are committed to safeguarding your personal information and ensuring compliance with global data protection standards. Our privacy practices align with the specific legal frameworks across multiple regions, including Asia, Southeast Asia, the European Union (EU), and North America. This policy outlines the information we collect, how we use it, and your rights under various regional regulations.
We continuously monitor changes in privacy legislation and update our practices to ensure that the data we handle is:
- Processed lawfully, fairly, and transparently;
- Collected for specific, explicit, and legitimate purposes;
- Adequate, relevant, and limited to what is necessary;
- Accurate and kept up to date;
- Retained only for as long as necessary;
- Protected by appropriate security measures.
1. Privacy Policy
YOYA respects your privacy and is committed to protecting personal information across all jurisdictions in which we operate. This Privacy Policy covers the data protection laws in key regions where our users reside, including the European Union (GDPR), North America (CCPA, PIPEDA), Asia, and Southeast Asia.
Personal Information refers to any data related to an identifiable individual. This may include your name, address, identification numbers, or financial details. YOYA ensures compliance with varying regional requirements concerning the types of data collected, how it is processed, and your rights.
Our websites may contain links to third-party sites, which may have their own privacy policies. YOYA disclaims responsibility for the data handling practices of these external websites. We recommend reviewing third-party privacy policies before providing personal data on their platforms.
2. Information We May Collect About You
We may collect and process the following categories of personal information:
(a) Information you provide: When filling out forms, subscribing to services, or registering for events;
(b) Communications: Correspondence with us via email, chat, or other channels;
(c) Service usage: Data about your interaction with our services, such as pages visited and other activity;
(d) Survey data: Feedback provided via research or marketing surveys;
(e) Promotions: Participation in contests, sweepstakes, or promotions;
(f) Device data: Information on operating systems, browsers, geolocation, and IP addresses;
(g) Marketing preferences: How you opt to receive communications from us (e.g., email, SMS);
(h) Social media interactions: Publicly shared data on YOYA’s profiles, including “likes” or comments.
Regional Considerations:
- European Union (GDPR): YOYA complies with the General Data Protection Regulation (GDPR), ensuring data is processed lawfully with consent, and users have the right to access, correct, or delete their data.
- North America: In the U.S., YOYA adheres to the California Consumer Privacy Act (CCPA) and similar state-level laws. In Canada, we comply with PIPEDA (Personal Information Protection and Electronic Documents Act), which grants transparency, access, and correction rights.
- Asia and Southeast Asia: Countries such as Singapore (PDPA), Malaysia (PDPA), Japan (APPI), and India (DPDP Bill) have enacted data privacy laws, and YOYA complies with these regulations by obtaining explicit consent where necessary and respecting local data protection principles.
3. Uses Made of Your Personal Information
We process personal information for the following purposes:
- Contract performance: To fulfill our contractual obligations and provide services;
- Consent: Where legally required, we rely on your consent for specific processing activities, such as marketing;
- Legal obligations: To comply with regulatory requirements, including responding to legal requests;
- Legitimate interests: To improve products and services, perform analytics, detect fraud, and manage risk.
Regional Considerations:
- European Union (GDPR): Under GDPR, we rely on legitimate interests or consent for processing activities and ensure transparency in profiling or data analysis activities.
- North America: We comply with state laws like CCPA, offering Californian residents the right to access and delete personal data. Under PIPEDA (Canada), we ensure meaningful consent for data collection and handling.
- Asia and Southeast Asia: We respect Singapore’s PDPA, Malaysia’s PDPA, and other regional laws, ensuring that personal data is collected only for lawful purposes and used responsibly. In Japan (APPI), we ensure transparency in data transfers, and in India, we prepare for compliance with the Data Protection Bill 2023.
4. Profiling and Automated Decision Making
YOYA may use profiling and automated decision-making tools for purposes such as fraud prevention, marketing personalization, and risk management. In regions like the EU (under GDPR) and California (under CCPA), we ensure transparency, and users have the right to object to or contest such automated decisions.
5. Sharing Your Personal Information (and transfers outside of the EEA)
We may share personal information with trusted third parties, such as service providers and partners, for legitimate business purposes. When transferring data outside your region (e.g., from the EU to the U.S.), we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) and other mechanisms required by law.
Regional Considerations:
- European Union: YOYA complies with GDPR requirements for data transfers outside the European Economic Area (EEA) and ensures that appropriate safeguards are in place.
- North America: Data shared in the U.S. adheres to the CCPA, and PIPEDA governs cross-border data transfers in Canada. We comply with international standards for data privacy and protection when transferring data globally.
- Asia and Southeast Asia: YOYA ensures compliance with regional laws such as Singapore’s PDPA, which mandates safeguards for data transfers outside the jurisdiction. In Japan, we comply with APPI when transferring personal information to third parties or internationally.
6. Security of Your Personal Information
We use industry-standard security measures to protect your personal information from unauthorized access, loss, or misuse. This includes encryption, secure servers, and strict access controls to safeguard your data.
7. Your Rights and Contacting Us
Depending on your location, you may have specific rights regarding your personal data:
- The right to access your personal information;
- The right to request corrections to inaccurate data;
- The right to object to processing in certain cases (e.g., for marketing purposes);
- The right to request the deletion of your data in some situations;
- The right to request restrictions on data processing.
Regional Considerations:
- European Union (GDPR): Individuals have extensive rights under GDPR, including the right to data portability and the right to erasure (“right to be forgotten”).
- North America: Under CCPA, Californian residents can request to know what data is being collected and opt-out of data sales. In Canada, PIPEDA grants rights to access and correct personal data.
- Asia and Southeast Asia: In Singapore (PDPA) and Malaysia (PDPA), individuals can request access to personal data and corrections. In Japan (APPI), data subjects can request disclosure or correction of personal data, and India’s DPDP Bill provides similar protections.
For inquiries or to exercise your rights, please contact us here.
8. Cookies Policy
Our website uses cookies to improve your browsing experience and for analytics. You can control your cookie preferences in your browser settings. Disabling cookies may affect the functionality of our website.
9. Changes to Our Privacy Policy and/or Cookies Policy
We may update this Privacy Policy to reflect changes in laws or industry standards. Significant updates will be communicated on our website.
Last updated: October 2024