Privacy Policy

What is a privacy policy?

A privacy policy explains all the data collection on your website, the purpose of information collected, and the scope and limitations of data processing on the website.

💡
We take personal data obligations seriously and adhere to evolving privacy standards in processing, storing, and protecting your data.

About this privacy policy

Your privacy and protection of personal data is one of our top priorities. We have included privacy standards for residents of the EU, UK and California, US to reflect our main audience of readers.

This privacy policy is for RainbowAI Limited (collectively referred to as "us", "we" or "our" within this policy), this site davidtang.page, related and owned sites drdavidtang.page and associated apps.

Within this policy we detail out several topics relating to personal data including:

  • How and what data is collected, how it is shared
  • Personal rights to data
  • Information on how we facilitate your rights and respond

RainbowAI Limited, 10 Clifton Park Ave, London SW20 8BD is the data controller in respect of the personal data that you share with us. We are responsible for deciding how and why we use or hold perosnal data.

How and what data is collected

When signing up as a member we may collect and process the following information including:

  1. Name
  2. Email address
  3. Payment info
  4. Address

How we use personal data

We will use the information that we collect about you for the following purposes:

  1. Marketing/ Promotional
  2. Testimonals
  3. Customer feedback collection
  4. Enforce T&C
  5. Processing payment
  6. Support
  7. Administration info
  8. Targeted advertising
  9. Manage customer order
  10. Site protection
  11. User to user comments
  12. Dispute resolution

If we want to use your information for any other purpose, we will ask you for consent and will use your information only on receiving your consent and then, only for the purpose(s) for which grant consent unless we are required to do otherwise by law.

Children's personal data

We do not use or retain any information that is possibly linked to individuals under the age of 13, without parental consent. If you think that we may have inadvertently collected this information - then please refer to the contact us section for requests of removal of data.

Security and storage of personal data

This site uses Ghost.org as its content management system (CMS) - this means that content is organised and delivered via the web delivery framework that is set up by the Ghost Foundation. Additionally, we also engage Ghost as our data partner. This means that storage and processing occurs on Ghost servers.

Ghost Foundation 160 Robinson Road #14-04 SBF Center Singapore, 068914 is both our data processor and data controller. All data is stored within the EU, as with compliance to GPDR guidelines. Read more about how the data we collect is stored and processed here. Read our data processing agreement (DPA) that is with Ghost.

For customers form the EU - the Ghost Foundation stores all data physically in the EU. Unless necessary for support or maintenance purposes, data that is generated in the EU is processed within the EU. Only in special circumstances, data is transfered outside of EU in compliance with privacy rules. We aim to be compliant with General Data Protection Regulation (GDPR) standards.

We take security of personal data seriously. There are several levels of security measures taken to ensure this. Please refer to the Ghost Foundation's modern security and best practices document. We cannot however, guarantee absolute security or ensure or warrant the security of any information that you transmit to us and this is done so at your own risk.

GDPR Visitor Rights

Under the GDPR, if you are within the European Union, you are entitled to certain rights and information listed below.

  • We will retain any information you choose to provide to us
  • You have the right to ask us to delete the information by sending a request to the contacts / social media link. Please note that such requests may result in you no longer being able to access paid or free content previously provided to you.
  • If we decide to cease using our existing data providers, all collected personal data will be removed from the old provider.
  • The Company decides to no longer be in business or continue to offer the services then data will be wiped after necessary reporting and legal proceeds are completed.
  • If the data is no longer needed to provide you service, is too costly to maintain further retention, or the Company finds it outdated then it will be removed.
  • You have the right to request access to your data that the Company stores and the rights to either rectify or erase your personal data.
  • You have the right to seek restrictions on the processing of your data.
  • You have the right to object to the processing of your data and the right to the portability of your data.
  • If you have provided consent to the Company’s processing of your personal data, you have the right to withdraw that consent any time without affecting the lawfulness of processing based upon consent that occurred prior to your withdrawal of consent.
  • You have the right to lodge a complaint with a supervisory authority that has jurisdiction over issues related to the General Data Protection Regulation.
  • We require only the information that is reasonably necessary to enter into a contract with you. We will not require you to provide consent for any unnecessary processing as a condition of entering into a contract with us.

Rights under the California Consumer Privacy Act (CCPA)

If you reside in California, you are entitled to additional rights under California law and we ensure compliance with the CCPA. Here are your rights:

1) You have the right to know whether your personal information is sold or disclosed to third parties. 

2) You have the right to say no to the sale of your personal information. (WE NEVER SELL PERSONAL INFORMATION!) 

3) You also have the right to access your personal information, which we will provide within 30 days of such request.

4) You have the right to know what personal information is collected from you and how it is used, which we explained in this Privacy Policy

5) You have the right to have your personal information deleted

6) You have the right to equal service, price and no discrimination

7) You have the right to data portability and right to request your personal information and use it for your own purposes

Pursuant to California’s “Shine the Light Act,” you are permitted to request information about the manner in which we share certain categories of information with third parties for their marketing use. We may disclose your personal information to our affiliates or other related third parties such as service providers, vendors for their use in marketing to you, so we can provide the products and/or services offered on this website to you. When we disclose such information, your personal information is still kept confidential and between us and that third party. It is not used for any other purpose that’s not permitted under the laws.

Please be advised we DO NOT SELL YOUR PERSONAL INFORMATION to third parties and have never sold your personal information. We do not intend to sell your personal information in the future either. 

Under the CCPA, you have the right to opt-out of such sales and send us a “do not sell my information” request. If you would like to exercise any of your rights under California law, please submit a verifiable consumer request to us by sending us a message via the contact information below.

Only you as the person registered with the California Secretary of State can make such verifiable consumer requested related to your personal information or someone you authorize to act on your behalf. 

Your verifiable consumer request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person about whom we had collected personal information. You must describe your request with enough details such as your first and last name, address and your country that allow us to properly understand the request and respond to it. Please note we cannot respond to your request or provide you with personal information unless we first verify your identity or authority to make such a request and confirm that the personal information relates to you. We will make all attempts to respond to your request within 30 days of receipt. 

This privacy notice for California residents supplements the information included in the previous sections of this privacy policy. California and Delaware law also requires us to state whether we honor “Do Not Track” settings in your browser regarding targeted advertising and we do not monitor or respond to Do Not Track browser requests.

Cookies and similar technologies

When you visit our sites, personal data in form of cookies or related technologies may be collected.

Our privacy policy also includes our cookie policy. Read about how and what cookies are used on this website.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Comments

When visitors leave comments on the site we collect the data shown in the comments form. To leave a comment, one must be logged in as a newsletter subscriber. Any logged in user will be subject to our cookies policy as linked and mentioned in above named sctions.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

There are also affiliate links which direct visitors to external websites. External websites contain their own privacy policy, so please refer to the specific respective policy for more information.

Email marketing

You have the option of opting in or unsubscribing from our email list. By subscribing and opting in, you agree to receiving newsletters, updates, messages, promotional materials and any other content related to this website. When you send an email, your email message along with email address and responses are saved for communication purposes with you. This information is kept confidential and we do not share, sell or trade your email information with third parties except as otherwise stated in this privacy policy.

Who we share your data with & how long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We retain your personal information for 90 business days to up to 2 years after accounts are terminated, or for as long as it is required to fulfill the purposes of the initial collection of information. Should special requirements such as legal, fraud or security reasons necessitate the storage of data for longer then this will be communicated to you. For security or safety reasons only can there be a transfer of data to organisations external to the company.

Aggregated data, and anonymized data which has no identifiers or sensitive information may be stored indefinitely.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Contact us for information about how we use your personal data

If you have any concerns as outlined above, including requests to opt-out or remove personal information; Please contact us at dataprotection@davidtang.page - we aim to revert to your issue within 30 working days. If there is a Ghost CMS issue please contact support@ghost.org directly.

Effective: 12 Feb 2024

Last updated: 12 Feb 2024