You may contact us (please see Clause “How to contact us” below) to exercise any of the rights you are granted under applicable data protection laws, which includes the following:
Right to access - you may ask us whether or not we process any of your Personal Data and, if so, receive access to that Personal Data in the form of a copy. When complying with an access request, we will provide you with additional information necessary for you to exercise the essence of this right. You also have the right to request TOMO to disclose what Personal Data it collects, uses, discloses, and sells; and the right, at any time, to direct TOMO if it sells your Personal Data to third parties not to sell your Personal Data (“right to opt-out”).
Right to rectification - you may have your Personal Data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate Personal Data about you and, taking into account the purposes of the processing, complete incomplete Personal Data, which may include the provision of a supplementary statement.
Right to restriction of processing - you may obtain a restriction of the processing of your Personal Data, which means that we suspend the processing of your data for a certain period of time. Upon your request, the decision to restrict the processing of data upon the submission of the relevant request is valid until the decision to correct, update, add, delete and destroy the data by us. Circumstances which may give rise to this right include situations where the accuracy of your Personal Data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continuing storing your Personal Data. We will inform you before the restriction is lifted.
Right to erasure - you may have your Personal Data erased, which means the deletion of your data by us and, where possible, by any other controller to whom your data has previously been made public by us. Erasure of your Personal Data only finds a place in certain cases, prescribed by law and listed under article 17 of the GDPR. Due to the way we maintain certain services, it may take some time before backup copies are erased.
Right to data portability - you may request us to provide you with your Personal Data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible, we will transmit your Personal Data directly to the other controller.
Right to object - you may object to the processing of your Personal Data, which means you may request us to no longer process your Personal Data. This applies in case the ‘legitimate interests’ ground constitutes the legal basis for processing.
Right to object to profiling – when we process your Personal Data based on our legitimate interests or when the processing is necessary for the performance of a task carries out in the public interest, you can object to the processing that also includes to object to profiling.
Right to object to processing for direct marketing – when we process your Personal Data for Direct Marketing purposes, you can object to the processing, including profiling to the extent that it is related to Direct Marketing.
Opt-Out for Direct Marketing - you may opt out at any time from the use of your Personal Data for direct marketing purposes by contacting us. In such case, we will cease processing your Personal Data. With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
Refusal of consent - you may, at any time, without explanation, and without affecting the lawfulness of processing based on the consent before your withdrawal/refusal, to refuse the consent given by you to us and to request the termination of the processing and/or the destruction of the Personal Data collected by us based on your consent. We will stop the data processing and/or destroy the processed data in accordance with your request, if there is no other basis for data processing. The effect of the foregoing does not apply to the information processed about the fulfillment of your monetary obligations with your own consent.
Right to Know - if you are resident in California, you are at liberty to request the disclosure of the specific pieces and/or categories of personal information that the we have collected about you, the categories of sources for that personal information, the business or commercial purposes for collecting the information, the categories of personal information that we have disclosed, and the categories of third parties with which the information was shared.
Right to Opt-Out - to the extent that TOMO “sells” personal information and that term is defined under the CCPA, California residents have the right to opt-out of the “sale” of data at any time (see below for more information). We do not sell personal information to anyone for money or monetary value. However, the term “sale” is defined broadly under the California Consumer Privacy Act. To the extent that the CCPA interprets “sale” to include interest based advertising or other data uses, we will comply with the applicable law as to those activities. You can opt-out by doing so through your account privacy settings or the general privacy settings link at the foot of our homepage and most pages on our Website (the right to opt-out of interest-based advertising is available to every TOMO member).
General term for response - unless otherwise specified herein, request, TOMO will correct, update, add, block, erase or destroy the data or inform you of the reason for refusal without undue delay.
Right of appeal - you may apply to the Personal Data Protection Service or the court in case of violation of your rights provided by applicable law.
Request - To exercise any of the above rights, please make your request to us in writing or by telephone using the contact details set out herein.
Identification of the applicant - In order to properly route and manage your request, please identify yourself in as much detail as possible. If we have reasonable doubts about the applicant's identity, we will request additional information to confirm the claimed identity.
Response by us - We will provide you with the response and any requested information in electronic form, unless your request is to receive the response/information in another form.
In case of refusal - In case of refusal to meet your request, we will inform you of the reasons for this decision and inform you that you have the opportunity to submit a complaint to the Personal Data Protection Service or to the courts and demand the protection of your rights in court.
Payment - Your exercise of data subject rights is free of charge. However, in cases where your claims/demands are manifestly unfounded or excessive, especially in cases of repeated nature, we reserve the right to refuse to fulfill such requests.
You may exercise any of the above rights without fear of being discriminated against.
Under conditions, we are entitled to deny or restrict your rights as described above. In any case, we will carefully assess whether such an exemption applies and inform you accordingly.
We will use the information you provide to make your rights requests to verify your identity, identify the Personal Data we may hold about you and act upon your request. You are required to verify your email in order for us to proceed with your rights requests.
We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your Personal Data in case the processing of such data is necessary for compliance with legal obligations.