- Who is data controller of your personal data?
- What personal data do we collect?
In the context of rendering our Services, we may collect personal data about you. On a more general level, the personal data we collect can include the following:
- If you set up a customer account. Name, e-mail address, mailing address, birth date, gender, shipping addresses, information on past and current orders and other information you provide.
- If you buy Singapore Marathon merchandise online. Name, e-mail address, billing details, shipping address and information on your purchase. Please note that any bank account information is directly collected by a payment service provider and we do not have access to such information.
- If you contact us via e-mail, phone or mail. Name, e-mail address, phone number, address and other information you provide.
- If you merely use our website. IP address, network file system, access times, domain name, browser data, browser type and language, device type, device ID, Uniform Resource Locators (URL), operating system, language preferences, information on your usage of our website and online activities.
- How do we collect your personal data?
Personal data is collected in many ways and may include:
- Personal data you provide to us. Most of the personal data we receive comes to us voluntarily from our users in the course of using our Services, such as when visiting our website, ordering our merchandise, setting up or using accounts, subscribing to our e-mail newsletters or communicating with us.
You are free to choose which information you want to provide to us or whether you want to provide us with personal data at all. However, some information, such as information on your order or for setting up your account, may be necessary for the performance of our contractual obligations in the context of your purchase or account registration. Without providing this personal data, you will not be able to buy our merchandise online or set up an account.
- Personal data we receive from others. We may receive personal data about users from third parties such as our vendors and law enforcement agencies.
- Why and on which legal basis do we collect and use your personal data?
The reasons for using your personal data may differ depending on the purpose of the processing. On a more general level, we regularly use your data for the following purposes and on the following legal grounds:
- We use your personal data for the performance of our contractual services or for the preparation of a contract with you. If you order our merchandise or set up an account with us, we use your personal data to provide you with the requested contractual services.
- We use your personal data if justified by our legitimate interests. The usage of your personal data may be necessary for our own business interests and for providing our Services. For example, we use some of your personal data to enable you to visit and use our website (see also Section 9 on cookies and similar technologies). We may use some of your personal data to evaluate and review our sales and business performance, create financial statements, improve and individualize your experience and enjoyment of our Services, and identify potential cybersecurity threats. If necessary, we may also use your personal data to pursue or defend ourselves against legal claims.
- We use your personal data after obtaining your consent. In some cases, we may ask you to grant us separate consent to use your personal data. Where we ask you for your consent, you are free to deny your consent and the denial will have no negative consequences for you. You are also free to withdraw your consent at any time with effect for the future. If you have granted us consent to use your personal data, we will use it only for the purposes specified in the consent form.
This also includes any e-mail marketing activities. If you sign up for our e-mail newsletter on our website, we will use your personal data in our e-mail marketing campaigns. You may unsubscribe from our e-mail newsletter at any time [unsubscribe from this list]. You may also contact us via e-mail, phone or mail at the address provided at the end of this document to request that we remove you from our e-mail list.
Depending on regional legal requirements, such as in the European Union, we also ask for your consent when setting certain Cookies (see Section 9 for further information).
- We use your personal data to comply with legal obligations. We are legally obligated to retain certain personal data for tax reasons and commercial law requirements and we might be required to provide data to law enforcement on request.
We will only use your personal data for the purposes for which we have collected them. We do not use your personal data for automated individual decision-making.
- With whom do we share your personal data?
As required in accordance with how we use it, we will share your personal data with third parties. Please see Annex 1 for a detailed description of the third parties and the personal data we might share with them. On a more general level, we may share your personal data with the following third parties:
- Service providers and advisors. Third-party vendors and other service providers that perform services for us and on our behalf, which may include marketing campaign services, providing mailing or e-mail services, services related to our e-commerce and merchandising activities, warehousing, payment processing, data enhancement services, fraud prevention, web hosting, or providing analytic services. If applicable, such service providers will, by appropriate data processing agreements, be bound to process personal data only on our behalf and under our instructions.
- Purchasers and third parties in connection with a business transaction. Personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of our assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or similar proceedings.
- Law enforcement, regulators and other parties for legal reasons. Personal data may be disclosed to third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our legal claims or to protect the security or integrity of our Services; and/or (c) to exercise or protect the rights, property, or personal safety of Ironman, our partners, employees or others.
- How long do we keep your data?
We will store personal data for as long as necessary to fulfill the purposes for which we collect the personal data, in accordance with our legal obligations and legitimate business interests. Afterwards, or at the end of the statutory retention times, the personal data will be deleted, as applicable. For example, national commercial or financial codes may require retaining certain information for up to 10 years.
- How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal data. However, no system of security can be 100% secure and so we cannot guarantee in all cases the security of the information that we process. In the event we learn that personal data is compromised as a result of a breach of security, we will take steps to investigate and comply with notification obligations and take other steps, in accordance with applicable laws and regulations.
- How do we safeguard your personal data when there is an international transfer?
By using our Services, you fully understand and unambiguously consent that we may transfer your personal data to any country (including to third parties where necessary) for the purposes set out in this Policy or as notified to you.
We ensure that your personal data receives an adequate level of protection regardless of the jurisdiction to which it is transferred. We will enter into contracts with recipients to protect your personal data in a manner that is consistent with all applicable laws. You may obtain details of these safeguards by contacting us.
In order to better safeguard the direct collection of personal data from data subjects located in the EU to third parties outside the EU and the European Economic Area, we have entered into contracts which are based on the EU Standard Contractual Clauses with our European affiliates for the benefit of the affected data subjects. Please contact email@example.com for more EU-specific information.
- What rights and choices do you have?
Individual Rights. We want you to understand your rights and choices regarding how we may use your personal data. You have specific rights under applicable privacy laws in respect to your personal data that we hold, including a right of access and correction (in the case of Singapore’s Personal Data Protection Act 2012).
- a) Your European Union Rights
If you are located in the EU, you have the following rights in respect to your personal data that we hold:
- Right of access. The right to obtain access to your personal data.
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of our data processing in certain circumstances, such as, where you contest the accuracy of your personal data, for a period of time enabling us to verify the accuracy of that personal data.
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another. It only applies to personal data that you have directly provided to us.
- RIGHT TO OBJECT. YOU HAVE A RIGHT TO OBJECT TO ANY PROCESSING BASED ON OUR LEGITIMATE INTERESTS WHERE THERE ARE GROUNDS RELATING TO YOUR PARTICULAR SITUATION. YOU CAN OBJECT TO THE USE OF YOUR PERSONAL DATA FOR MARKETING ACTIVITIES FOR ANY REASON WHATSOEVER.
If you wish to exercise one of these rights, please contact us using the contact details below. For Cookies or e-mail marketing, we provide the following easily usable option:
- Cookies Settings and Preferences. You may disable cookies and similar technologies through the settings in your browser.
- E-Mail Settings and Preferences. If you no longer want to receive marketing e-mails from us, you may choose to unsubscribe at any time [unsubscribe from this list].
In addition to the foregoing listed rights, if you are located in the EU, you also have the right to lodge a complaint with a data protection authority.
Further information about how to contact your local data protection authority is available at
- How to contact us?
IRONMAN (Asia) Pte. Ltd.
221 Henderson Road,
#08-02 Henderson Building
- Data Protection Officer
For all enquiries regarding Ironman’s activities, you may also want to contact the Ironman Data Protection Officer who can be reached at: firstname.lastname@example.org.