Your cart
Close Alternative Icon
110% LOW PRICE GUARANTEE 110% LOW PRICE GUARANTEE | SIGN UP FOR EMAIL SAVINGS SIGN UP FOR EMAIL SAVINGS
Close Icon

GDPR

Supplemental EU/EEA and UK Privacy Policy (“GDPR Policy”)

In conjunction with our Master Privacy Policy the following describes how Gumball.com collects and processes your Personal Information Gumball.com's data practices in accordance with:

(a) if you are located in the EU or EEA, the General Data Protection Regulation (EU) 2016/679) (EU GDPR); or
(b) if you are located in the United Kingdom (“UK”) the retained version of the EU GDPR in the UK and the Data Protection Act 2018, (together referred to in this GDPR Policy as the “GDPR").

If there is any inconsistency or conflict between this GDPR Policy and our Master Policy, this GDPR Policy shall prevail.

This GDPR Policy was updated on 5/22/23.

Controller

Gumball.com is the controller and responsible for your Personal Information (collectively referred to as "Gumball.com", we, us or our in this GDPR Policy).

Contact Details

If you have any questions about this GDPR Policy or our privacy practices, please contact our data privacy responsible person in the following ways:

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk), or the relevant EU member state supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO/supervisory authority so please contact us in the first instance.

Lawful Basis of Processing

We will only process the Personal Information subject to the GDPR as it is described in this GDPR Policy if we have a lawful basis for doing so. Most commonly, we will use your Personal Information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

  • Generally, we do not rely on consent as a lawful basis for processing your Personal Information.

    Purposes For Which We Will Use Your Personal Information

    In the table below, we outline all the ways we intend to utilize your Personal Information, and the legal foundations we rely upon to do so. We have also identified our legitimate interests, where applicable.

    Note that we may process your Personal Information for more than one lawful ground depending on the specific purpose for which we are using your Personal Information . Please contact us if you need details about the specific legal ground we are relying on to process your Personal Information where more than one ground has been set out in the table below.

    Categories of Data Subjects Categories of Personal Information Purpose of Processing Lawful Basis for Processing (and Lawful Basis for Processing Special Categories of Personal Information, if applicable)
    Gumball.com customers/consumers (including website users) Personal details including name and contact information.
    1. Maintaining and enhancing Gumball.com's products and services.
    2. Providing products and services and customer management.
    3. Account management.
    4. Supporting network and system security.
    5. Auditing.
    6. Detecting and preventing fraud.
    7. Complying with legal obligations.
    8. Conducting web analytics.
    1. Contract
    2. Legal Obligation
    3. Necessary for our Legitimate Interests (to enhance performance of our website; to keep our records updated and to study how customers use our products/services; for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
    Device details.
    1. Conducting web analytics.
    1. Necessary for our Legitimate Interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
    2. Consent
    User activity details and user preferences.
    1. Conducting web analytics.
    1. Necessary for our Legitimate Interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
    2. Consent
    Browser history details.
    1. Conducting web analytics.
    1. Necessary for our Legitimate Interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
    2. Consent
    Location details.
    1. Conducting web analytics.
    1. Necessary for our Legitimate Interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
    2. Consent
    Electronic identification data including IP address and information collected through cookies.
    1. Conducting web analytics.
    1. Necessary for our Legitimate Interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
    2. Consent
    Financial details.
    1. Providing products and services and customer management.
    2. Account management.
    1. Contract
    Credit card information and payment details.
    1. Providing products and services and customer management.
    2. Account management.
    1. Contract
    Contractual details including the goods and services provided.
    1. Maintaining and enhancing Gumball.com's products and services.
    2. Providing products and services and customer management.
    1. Contract
    2. Necessary for our Legitimate Interests (to keep our records updated and to study how customers use our products/services)
    Special categories of Personal Information including data relating to health, genetics, race, ethnicity and religious beliefs.
    1. Maintaining and enhancing Gumball.com's products and services.
    2. Providing products and services and customer management.
    3. Complying with legal obligations.
    1. Legal Obligation
    2. Necessary for the Purposes of Preventative or Occupational Medicine
    3. Explicit Consent
    Gumball.com suppliers and distributors Name and contact information.
    1. To obtain products and services.
    2. Evaluating potential suppliers and distributors.
    1. Contract
    Financial and payment details.
    1. Supplier administration, order management, and accounts payable.
    1. Contract

    Marketing

    We do not market directly to data subjects within the EU or UK. If we plan to change our approach to marketing to data subjects within the EU or UK we will update this GDPR Policy to reflect that.

    International Transfers

    We are a United States of America company, accordingly when you share your Personal Information with us, this will involve transferring your Personal Information outside the UK and the EU/EEA.

    Many of our external third parties are based outside the UK and EU/EEA so their processing of your Personal Information will involve a transfer of data outside the UK and EU/EEA.

    Gumball.com discloses Personal Information to the following categories of recipients, some of which are located in countries outside of the UK and EEA:

    • Gumball.com
    • Business partners
    • Auditors and professional advisors, such as lawyers and consultants
    • Law enforcement officials
    • Third-party service providers, such as providers of:

    (a) IT system management
    (b) information security
    (c) marketing agencies

    • Gumball.com transfers Personal Information (including Special Categories of Personal Information) to the following countries (some of which are known as "third countries" under the Data Protection Legislation):

    (a) United States of America
    (b) Canada

    Whenever we transfer your Personal Information out of the UK and EU/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    • We will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for Personal Information. For further details, see:
    • Where we use certain service providers, we may use specific contracts approved for use in the UK which give Personal Information the same protection it has in the UK and/or EU/EEA. For further details, see:

    Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information out of the UK or EU/EEA.

    Access to Information and Your Rights

    For United Kingdom and EU residents subject to the GDPR, you have certain rights relating to your Personal Information, subject to local data protection laws. These rights may include:

    • To access your Personal Information held by us (right to access)
    • To rectify inaccurate Personal Information and, taking into account the purpose of processing the Personal Information, ensure it is complete (right to rectification)
    • To erase/delete your Personal Information, to the extent permitted by applicable laws (right to erasure; right to be forgotten)
    • To restrict our processing of your Personal Information to the extent permitted by law (right to restriction of processing)
    • To transfer your Personal Information to another controller or processor, to the extent possible (right to data portability)
    • To object to any processing of your Personal Information carried out on the basis of our legitimate interests (right to object). Where we process your Personal Information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection. Please note that we do not currently market to data subjects within the UK and EU/EEA
    • To the extent we base the collection, processing, and sharing of your Personal Information on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

    Please submit your specific request by using the Information in the Contact section above to exercise these rights. 

    Timeframe for Responding to Requests

    Gumball.com will respond to your request within thirty (30) days of receipt. The response period may be extended if your request is particularly complex or you have made a number of requests. In that event, we will inform you of the reason and extension period in writing, and keep you updated.

    Required Information for Responding to Requests

    Gumball.com may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

    Fee

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded, in which case we will charge a reasonable fee. Alternatively, we could refuse to comply with your request in these circumstances.