Privacy Policy

This policy was last updated in December 2023.

This Privacy Policy (“Policy“) applies to the information and data that AND Solutions Pte. Ltd. collects when visitors and customers use looms.cloud or our social media sites (“Websites“).

The purpose of this Policy is to let you know how we collect, use, store, share, retain, transfer and process your Personal Information. This policy also describes your choices and rights with respect to your Personal Information and how to exercise those rights. “Personal Information” is any information relating to an identified or identifiable individual.

We may amend this policy from time to time. We encourage you to review this policy periodically, as changes will be posted on this page. If we make any material changes to this policy we will provide a prominent notice. If you do not agree with this policy, you should not use our Websites, products or services.

What Personal Information we collect

We collect various types of information depending on how you interact with us.

Personal Information you provide to us

If you fill out a contact form on our Websites that requires contact information such as submitting a request for information or products and services, we will collect and process that information to provide you with the communication, products or services. These types of Personal Information may include

- your name
- email address
- phone number
- company name, industry and country
- job title

Personal Information collected when you visit our Websites

When you use our Websites, we may automatically collect Personal Information such as IP address, user-agent information (which is automatically sent by your web browser and may include device type) and information collected by cookies and other similar technologies. Our cookie policy can be found at https://andsolutions.net/cookie-policy/.

How we collect information

We collect Personal Information from you when you visit our Websites or use our products and services. Some of this information is provided by you and some is collected automatically. We collect Personal Information in the following ways:

- directly from you when you inquire about our products and services,
- from your device when you access our Websites.

How we use your information

We process your Personal Information for the following purposes:
- To provide our services.
- To respond to your requests for information.
- To contact you with updates about our services.
- To market and advertise our services.
- To analyze and improve our Websites and services.

The legal basis for collecting and processing information

-
We use the following legal bases for collecting Personal Information:
- We may collect or process information with your consent, such as when you ask for information.
- We may collect or process information we need to provide our services or fulfill a contractual obligation.
- We may collect or process information to fulfill a legal obligation.
- We may collect information when we have a legitimate interest to do so, such as for marketing, as long as our legitimate interests are not outweighed by your rights.
- We may collect or process information if necessary to protect the vital interests of the user or another individual.

How we share information

We share Personal Information with our affiliates and partners, as needed to provide our services. We share Personal Information with service providers such as vendors we use to operate our Websites and provide our products and services. Our vendors and service providers are not permitted to use your Personal Information for any other purpose than to provide contracted services. Vendors are not permitted to use your Personal Information for their own marketing, and are not allowed to share your information for marketing purposes. We may share Personal Information in response to a legal summons or subpoena, or if required by law enforcement agencies.

How long we retain your information

How long we keep Personal Information that we have collected depends on the type of information and the purpose for which it was collected. After a reasonable period of time or the completion of the purpose for which it was collected, we will either delete or anonymize Personal Information.We retain Personal Information where we have an ongoing legitimate business purpose to do so, for example to resolve disputes or to comply with ongoing legal obligations.We retain your Personal Information for as long as it is needed to provide our services to you and to fulfill our legal obligations and for a reasonable period of time after such services are completed.

Cookies and Other Tracking Technologies

Cookies are small files stored on your web browser when you visit our Websites. Some cookies last only as long as you remain on the website. Others, called "persistent cookies" may be stored for longer periods of time.These cookies can make browsing easier by storing your password or your preferences regarding how you use the website. Cookies collect information such as the IP address of your computer, your browser settings, and information about how you use the website. Your general location may be estimated from your IP address. Some cookies track users’ activity on our Websites, apps, and services in order to deliver personalized advertising to you on this and other websites.

If you would like to opt out of cookies, you may change the settings on your web browser to reject or delete cookies. You may also find more information about cookies, including how to opt out of interest-based advertising, at cookiesandyou.com.

More information about how we use cookies may be found here: https://andsolutions.net/cookie-policy/

Your rights regarding access to and control over Personal Information

If you reside in the European Economic Area (EEA) or the United Kingdom (UK), you may have the following rights with regard to your Personal Information:

- Right of information and access: You have the right to access your Personal Information we have about you and to be provided with a copy of your Personal Information.
- Right to rectification: You have the right to correct or update your inaccurate or out of date Personal Information.
- Right of erasure: You have the right to request that your Personal Information be permanently erased/deleted.
- Right to restrict processing: You have the right to restrict the processing of your Personal Information.
- Right to object to processing: You have the right to object to specific types of processing of your Personal Information.
- Right to portability: You may ask to receive a portable copy of your Personal Information in a format that may be transferred to another organization.
- Right not to be subject to decisions based solely on Automated Decision Making: You have the right not to be subject to decisions based solely on automated processing.
- Right to complain to a data protection authority: You have the right to complain to a supervisory authority in the country in which you reside, details of which can be provided upon request or to our lead supervisory authority:

Data Protection Commission
21 Fitzwilliam Square
South Dublin 2 D02 RD28
Ireland

- Right to withdraw consent: If you have given us consent to collect or process your Personal Information, you may withdraw that consent at any time.
- Right to non-discrimination: We may not discriminate against you if you exercise your privacy rights.If you wish to exercise any of these rights, please refer to the "Contact us" section of this policy.

Data Protection Representative

We have appointed DataRep as our Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA), so that our customers can always raise the questions they want with them.If you wish to raise a question regarding your personal data or otherwise exercise your rights in respect of your personal data, please refer to the "Contact us" section of this policy.

International Data Transfers

We take appropriate safeguards to ensure that Personal Information remains protected wherever it is transferred.When Personal Information is transferred from users residing in the European Union to our servers, partners, or vendors located in non-EU countries where there may not be an adequacy opinion issued with respect to that country, we make use of the GDPR Standard Contractual Clauses, the UK Addendum or the ASEAN Model Contractual Clauses, as well as additional safeguards where appropriate.

Security

We take all reasonable steps to protect the information we receive from you from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, but no security measures are perfect. the risk of a data breach is possible.

- We obtained ISO/IEC 27001 Information Security Management certification.
- Personal data is encrypted during transmission.
- Personal Information is encrypted at rest at our data centers.
- Employees are given access to users’ Personal Information only on a "need to know" basis.
- All employees are required to receive training on information security.
- All employees with access to Personal Information are subject to background checks.
- All employees with access to Personal Information are required to sign a binding confidentiality agreement.
- Before sharing Personal Information with our vendors, we make sure they have implemented security procedures to protect your data. Our vendors and partners are not permitted to use or share your information for any purpose other than to provide the services for which they have been contracted.

Automated decision making and profiling

We do not perform any solely automated decision making or profiling.

Children’s privacy

We do not knowingly collect or solicit Personal Information from children under age 13 without parental consent, unless permitted by law. If we become aware that we have collected Personal Information from children under the age of 13 without parental consent (or as permitted by law), we will delete it. If you believe that a child may have provided us with Personal Information without such parental consent, please contact us.California consumers: We will not sell the information of California consumers who are 16 years old or younger unless we have prior parental authorization. If a California consumer is under the age of 13, a parent or guardian must consent to the sale of such minor’s Personal Information. If the California consumer is between the ages of 13 and 16 years old, the minor may consent on an opt-in basis to the sale of their Personal Information.EU residents: We do not collect or process Personal Information of data subjects in the EU under the age of 16 without explicit consent from a parent or guardian.

Sensitive information

Unless specifically requested, we ask that you not send us, and you not disclose on or through our Websites or otherwise to us sensitive Personal Information unless specifically requested by us or required by law.

How to contact our Data Protection Representative

If you wish to raise a question regarding your personal data or otherwise exercise your rights in respect of your personal data, you may contact our Data Protection Representative by
- sending an email to DataRep at datarequest@datarep.com quoting <AND Solutions Pte. Ltd.> in the subject line,
- contacting DataRep through the online form at https://www.datarep.com/data-request, or
- mailing your inquiry to DataRep at the most convenient of the addresses listed here: https://andsolutions.net/datarep-representative-contacts/.

If your request is not valid under applicable law, repetitive or excessive, we may charge you a reasonable fee. We may also request additional information from you in order to verify your identity before processing your request.

For other non-privacy related communications, please use our contact form at https://looms.cloud/.