Updated Date: [10/2/2026]

CLOUDSWAY PTE. LTD. and its affiliated companies (together, “we”, “us” or “our”) is committed to protecting your personal data and respecting your privacy. We appreciate your trust in us and are well aware of the importance of personal data to you. We will take strict security measures in accordance with applicable laws and regulations to protect your personal data.

This User Privacy Policy (hereinafter referred to as “Policy”), together with our Terms and Conditions of Service (the “Terms”), Cookies Policy and any other documents referred to in it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be collected, used, retained, processed, shared, disclosed or otherwise processed by us when you are using the website “https://www.cloudsway.ai” or other application programming interface (“API”) related to it and “model as services” (“MaaS”) or business searching services provided by us through it (hereinafter referred to as “Site”), and the data rights of you.

This Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations that we have engaged to collect, use, disclose or process personal data for our purposes, but not data, including aggregated or statistical data, that is not personal data.

By accessing and using the Services or contacting us through the Site or by email or other means indicated on the Site, you acknowledge that you have read and understood the terms of this Policy and consent to us collecting, using, disclosing and/or processing your personal data for the purposes described herein. Please read the following Policy carefully to understand our practices regarding your personal data and how we will treat it before using the products or services provided on this Site. If you do not agree with any content of this Policy, you may, where applicable, refuse the collection of certain information by selecting the appropriate settings on your browser or device (where collected by cookies or similar means), or cease your use of the Services on the Site.

You acknowledge that we may amend and/or update this Policy from time to time, and you agree that your continued use or access of or acceptance or acknowledgement of any terms or notices on or in connection with the Site constitutes your agreement to be bound by the prevailing terms of this Policy as updated on this page from time to time.

Any terms capitalized herein shall, unless otherwise specified or the context otherwise requires, have the same meaning in the Terms. This Policy will help you understand the following content:

1.      Personal data we process

2.      Cookies and other similar technologies

3.      Purpose of collecting and using personal data

4.      Sharing of personal data

5.      International transfer of personal data

6.      Retention and destruction of personal data

7.      Your legal rights

8.      Minors Protection

9.      Updates and amendments of this Policy

10.   Language

11.   Contact us

12.   Supplementary instructions for specific jurisdictions

1. Personal data we process

We collect personal data to the minimum scope which is necessary for using our Site. As used in this Privacy Policy, “Personal Data” means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which we have or are likely to have access.

1.1. The data we collect about you

Personal Data that we may collect, use, store, and transfer from you include, but is not limited to, the following:

• Identity Data. This includes information such as your first name, last name, usernames or similar identifiers, title, date of birth, gender, and IP address.
• Contact Data. This includes information such as your address, email address, and mobile phone number.
• Content Data. This includes information stored on your device such as login information, browse records, order information, photos, videos, and other digital content.
• Profile Data. This includes information such as your username and password, your interests, preferences, feedback, and survey responses, your date of birth, and your country of residence.
• Usage Data. This includes information such as details of your use of our Apps, visits to our Sites, traffic and communication data, your operation logs, your use time, and location data.

For special categories of data stipulated by applicable laws and regulations of your country or territory of origin, please refer to Section 12.

1.2. The specific scenarios where we collect your personal data

Specifically, we will collect your personal data in the following scenarios, amongst others:

The personal data we collect depends on the nature of your interaction with us. Such interactions may occur when you browse our website, make inquiries on our website, register an account, subscribe to our services, download content from us, complete payments, visit our premises, contact us for support, or engage in other activities. You may also interact with us in other ways, or indirectly provide personal data through our customers’ websites or third-party service providers.

Generally, we collect and process personal data related to the following business operations:

• Website content provision: When browsing our website, we may collect device and behavioral information.
• Service provision and improvement: Based on the services used and your preferences, you may be asked to provide account information, contact details, payment information, device and behavioral data, and service operation information.
• Promotions and marketing: In line with your preference settings, we may collect contact information, device and behavioral data.
• Procurement activities: To fulfill procurement contracts, you may be required to provide contact and payment information.
• Support requests: For inquiries, suggestions, or issues, we may collect account information, contact details, device and behavioral data, and service operation information.
• Legal obligations: We collect personal data as required by applicable laws and regulations.

In all cases, we collect personal data within the minimum necessary scope, processed manually or electronically. The specific types of personal data within each category include:

• Account information: Name, username, password, and other security information for authentication.
• Contact information: Phone number, email, postal address, company name, job title, and similar details.
• Device and behavioral data: Device type, OS, network identifier, IP address, location, ISP domain, browsing history, cookies, and interaction patterns.
• Service operation information: Log data, network traffic, and service delivery data (e.g., IP addresses, timestamped access records, mouse clicks, movement trajectories), with minimal personal data typically limited to IP addresses.

1.3. Customer service and after-sales functions

Our customer service and after-sales functions will use your account information and order information.

In order to ensure the security of your account, our customer service will use your account information to verify your identity with you. When you need us to provide customer service and after-sales service related to your order information, we will inquire about your order information. When you ask us to change the delivery address, contact person, or contact number, you may provide other information other than the above information when communicating with our customer service staff.

Please note that individual device information, browser type, or only search keywords are information that cannot identify a specific natural person, and do not belong to your personal data, and we have the right to use it. If we combine such non-personal data with other information to identify a specific natural person or use it in combination with personal data, during the combined use, such non-personal data will be regarded as personal data, unless authorized by you or unless otherwise stipulated by laws and regulations, we will anonymize and de-identify such personal data.

1.4. Identity verification & safeguard

• Login verification: The matching result of your mobile phone number and verification code or your email address and verification code will be used as a way for us to verify your identity.
• Verification of important operation behaviors: In order to ensure the security of your account, when you perform some important account operations (such as resetting your password), you are required to provide the matching result of your mobile phone number and verification code or email address and verification code to verify your identity.
• Service security guarantee: In order to ensure the security of your use of the Site (including forming risk control labels /portraits/models, judging whether the users belong to the IP blacklist), we will collect, use or integrate your member information, transaction information, related network logs and other information you agree to share with us from our related company and third party in according to applicable laws and regulations. The aforementioned information is used to comprehensively judge your account and transaction risks, conduct identity verification, detect and prevent security incidents, and take necessary recording, auditing, analysis, and disposal measures in accordance with the applicable law. We will protect this information through security measures, such as access minimization, access logging, and separate storage and authorization.

In order to bring you a better consumer experience, we continue to work hard to improve our service, and we may launch new or optimized functions from time to time. During this process, if you have any doubts about related matters, you can contact us through the methods provided in Section 11, and we will answer you as soon as possible.

2. Cookies and other similar technologies

When you visit the Site, we and other third parties may place Cookies in your web browsers to provide you with convenience.

A Cookie is a small data file sent to your browser to store and track information about you when you enter the Site. Cookies are widely used to operate the website or operate it in a more efficient manner and transmit information to the owner of the website. Cookies may be used to store items such as identifiers and user preferences. Websites may install Cookies in used browsers in cases where allowed by the browser’s preferences.

We do not use Cookies for any purpose other than those described in this Policy. Generally, we use Cookies to store your information so that you can log in or use our services or functions that rely on Cookies, and to provide you with more thoughtful personalized services and promotion services. For example, we may employ cookies to keep track of your preferences and choices, to make improvements and to help customise your experience when using the Site. We also use this information to verify that visitors meet the criteria required to process their requests. We may associate Personal Data with a cookie file in those instances.

You may refuse the use of Cookies by selecting the appropriate settings on your browser or device. Use the options in your web browser if you do not wish to receive a Cookie or if you wish to set your browser to notify you when you receive a Cookie. Click on the “Help” section of your browser to learn how to change your Cookie preferences. If you disable all Cookies, your experience and the full functionality of the Services may be affected.

In addition to Cookies, we will also use web beacons, pixel tags and other similar technologies on the Site. The emails we send to users may contain an address link to the content of the Site. If the link is clicked, we will track the click to help us understand users’ consumer preferences so that we can actively improve customer experience. A web beacon is usually a transparent image embedded in a Site or email. With the help of pixel tags in emails, we can know whether the emails are opened. If you do not want your activities to be tracked in this way, you can unsubscribe from our mail list at any time.

3. Purpose of collecting and using personal data

We will only process, use or disclose your personal data: (a) for the purposes of fulfilling our obligations and providing our Services hereunder, (b) where you have given us your consent, or (c) where applicable law allows us to do so. Specifically, we will use your personal data for the following purposes, amongst others:

• Where we need to perform a contract we are about to enter into or have entered into with you, such as to help you to subscribe to our services, to provide the services or functions requested by you (including product enhancement, product monitoring, trouble shooting and crash support), and others agreed between you and us.
• Where it is necessary for our legitimate interests (or those of a third party) where applicable and your interests and fundamental rights do not override those interests.
• Where required to provide customer care and support. This includes, amongst others, storing, hosting, backing up (whether for disaster recovery or otherwise) the Services or any data contained therein.
• Subject to your consent and agreement, to deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve you; make suggestions and recommendations to you about products or services that may be of interest to you and sending you other relevant information about our events, news, announcements and promotions
• Where we need to comply with any applicable laws, regulations, codes of practice, guidelines or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority.
• Where required in connection with our customer support, legal and record-keeping purposes. In this regard, to the extent permitted by applicable laws and with your consent, in order to facilitate your use of our Services, we may collect such other information from you, including amongst others, usage data relating to how you use our Services; marketing and communication data relating to your interest, feedback and survey responses; technical data such as your internet protocol address, internet device identity or media access control etc.
• Any incidental purposes related to or in connection with the above.
• Any other purposes you may agree to, which we may notify you of at the time of obtaining your consent to such other purposes.

Depending on our relationship with you and the products and services that we are providing, some specific purposes and activities for which we will use your personal data are, including but not limited to:

• To help you to subscribe to our Site;
• To provide the services or functions requested by you;
• To ensure the safe and normal operation of the Site;
• To improve and optimize the product experience and performance;
• In a case of collecting personal data of a minor, to confirm the consent of a legal representative and confirm the identity of the user in a case where the legal representative exercises legal rights as required by the applicable laws and regulations.
• To administer a customer survey.
• To provide promotions and deals as a way of direct marketing communications if you have given us your consent to do so (as permitted under applicable law).
• To prevent and take disciplinary actions on behaviors (including stealing an account, illegal usage of an account, etc.) that hinder smooth operation.
• To abide by laws and regulations.
• To protect the rights, assets, or safety of us and our related company, business partners, or customers.

For more information required under applicable laws and regulations of your country or territory of origin, please refer to Section 12.

The purposes listed in this Section 3, as well as Section 2 and 4 shall continue to apply even where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

We will only process, use or disclose your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If there is any change in the purpose for which we collect your Personal Data, we will inform you of such change by way of updating the Privacy Policy on this page. If you wish to get an explanation as to how the processing, use or disclosure of your Personal Data for the new purpose is compatible with the original purpose, please contact our Data Protection Officer at the contact details provided in Section 11 below. If we need to use your Personal Data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so as well as obtain your consent to the use of your Personal Data for such purpose where we are required to do so by law.

4. Sharing, transfer or disclosure of personal data

We are a multinational enterprise with affiliates in multiple countries worldwide. In certain circumstances, such as providing global services, conducting marketing activities, troubleshooting, offering remote support, and managing human resources, we may need to collaborate with its affiliates and share personal data within our group. In addition, we may share your order information, account information, device information, and precise location information with our partners and third parties to ensure the smooth completion of the services provided to you. We will only share your personal data for legal, legitimate, necessary, specific, and clear purposes, and will only share personal data necessary to provide services. In this regard, you understand and acknowledge that your personal data may be accessed and used by our partners to perform tasks on our behalf and are obligated not to disclose or use your Personal Data for any other purpose.

Our partners include the following types:

A. Third-Party Vendors

Some services may be directly provided by third-party vendors, whose names will generally be specified in the detailed description documents of specific products or services. Third-party vendors may have their own separate privacy policies, which are not governed by this privacy policy.

B. Subcontractors

In certain circumstances, such as for service provision, product optimization, request response, user experience enhancement, business expansion, or market development, we may use sub-processors to process your personal data on our behalf. In such cases, the purposes and methods of personal data processing are determined by us, and sub-processors will act only according to our instructions. When sharing your personal data with our subcontractors, we will seek reasonable and appropriate protective measures, and we will only share such data if the recipient agrees to comply with this privacy policy or has adopted substantially similar privacy policies for personal data processing.

C. Financial institutions and third-party payment institutions

When you place an order, apply for a refund, we will share specific order information with financial institutions or third-party payment institutions. Where required by applicable laws and regulations or to provide the Services to you, we will further share other necessary information, such as IP address, with relevant financial institutions. If you have any questions about the financial institution and third-party payment institution’s data processing practices, you can refer to their privacy policy.

D. Third-party SDK

Some of our functions and services, such as realizing image loading and caching, navigation and positioning, third-party login and payment, and information pushing, need to be realized through the partner’s software tool development kit (hereinafter referred to as “SDK”). In order to provide you with relevant service information, the SDK will call some permissions of your device to collect your personal data, and some SDKs will share your personal data to further optimize their service capabilities. We will conduct strict security testing on the SDK, and require partners to take strict data protection measures to effectively protect your legitimate rights and interests.

E. Related companies

In order to provide you with unified account management services, each associated version of our products and services uses a unified member account system. You can use your account to log in conveniently and use the associated version of our products and services to use the services or functions of the corresponding version. In order to provide a consistent service experience in each associated version, we will synchronize the account number and content in the Site and the associated version, which may include: your frequent traveler information, membership level, order information, and other information authorized by you.

In addition, we may process, use or disclose your personal data in the following cases:

• Where we are required to do so by a legal process (e.g. authority requests);
• Where we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual fraudulent or illegal activity;
• Where we sell or transfer all or part of our business or assets (including in the event of a reorganization, merger, dissolution, or liquidation).

For companies and organizations with which we share personal data, we will confirm that they have legal operating qualifications, comply with applicable information security requirements in terms of system development, equipment deployment, data storage and use, and personnel safety, and sign strict confidentiality agreements with them requiring them to process personal data in accordance with this Policy and our other relevant confidentiality and security practices. Our partners have no right to use the shared personal data for any other purpose. If they want to change the purpose of processing such personal data, they will ask for your authorization again according to the applicable laws and regulations.

Specifically, in relation to this Section 4, we will not disclose your Personal Data to unaffiliated third parties for their independent use unless we have obtained your express consent to do so and pursuant to executing confidentiality agreements with such unaffiliated third parties. We also require all third parties to respect the security of your Personal Data and to treat it in accordance with the law.

Separately, in the course of your access and use of the Site, our Site may contain links to other sites, whether placed by ourselves or other users, that are not operated by us. If you visit one of these linked websites, you should review their privacy and other policies. We are not responsible for the terms of use and policies and practices of other websites, and any information you submit to these websites is subject to their terms of use and privacy policies.

Any information submitted by you or obtained through any third party websites, including information obtained through your use of accounts maintained with third party websites to access our Services, is subject to their respective terms of use and privacy policies. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services. Accordingly, any questions or requests relating to Personal Data in the possession or control of such third party websites, including requests for withdrawal of consent or requests for access or correction of such Personal Data shall be directed to such third party websites.

5. International transfer of personal data

The data that we collect from you will be processed and stored in Singapore. However, as a multinational company, the personal data we collect may be processed or accessed in countries or regions where we or our parent company, related company, service providers, or business partners are located, for the maintaining of our business operations, fulfillment of your order, the processing of your payment details and the provision of support services. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in these other countries may be entitled to access your personal data. If you are located outside Singapore and choose to provide information to us, please note that we transfer the data, including Personal Data, to Singapore and process it there. In this regard, you acknowledge, understand and consent to such transfer of Personal Data.

The jurisdiction in which these global facilities are located may or may not protect personal data to the same standards as in your jurisdiction. Under these circumstances, we will take all necessary measures to protect your personal data in accordance with this Policy and applicable laws and regulations. For example, we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data or rely on approved data transfer mechanisms (such as Standard Contractual Clauses) or other conditions required by the applicable laws and regulations to ensure your data is subject to adequate safeguards in the recipient country. For more information required under applicable laws and regulations of your country or territory of origin, please refer to Section 12.

Save for the above, for any other international transfer, we will seek your consent prior to transferring your personal data.

6. Retention, destruction and security of personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

The data retention period may depend on the purpose for which your personal data is collected and the services you use. Your personal data will only be retained for as long as necessary to achieve the purposes set out in this Privacy Policy, unless required by law or as you request. When there is no longer a business necessity or legal basis for retaining your personal data, we will promptly delete, remove, or anonymize your personal data. We will make commercially reasonable efforts (such as inserting relevant contractual clauses) to ensure that any third parties to whom we disclose your personal data retain your data in accordance with this provision. After the above storage period is exceeded, or when you exercise your right to delete personal data or cancel your account as permitted by applicable laws and regulations, we will delete or anonymize your personal data. In some circumstances, we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case, we may use this information indefinitely without further notice to you.

Considering the existing technology, implementation costs, and the nature, scope, context, and purpose of processing, as well as the potential risks to your rights and freedoms in terms of likelihood and severity, we adopt appropriate physical, organizational, and technical measures (no less than industry standards) to protect the confidentiality and security of your personal data. These measures aim to prevent accidental or unlawful destruction, loss, alteration, misuse, or unauthorized access.

We attach great importance to information security and have established a dedicated data security team. The email address for the team is law@cloudsway.com. We strive to provide you with information protection, have adopted appropriate management, technical and physical security measures, and established an information security system compatible with business development with reference to applicable information security standards and best practices, for the purposes of, amongst others, (a) preventing any unauthorised or accidental access, collection, use, disclosure, copying, modification, disposal or destruction of your Personal Data, or other similar risks and (b) the loss of any storage medium or device on which such Personal Data is stored.

Specifically, we have implemented the following measures to protect your personal data:

• Internal system construction: We have established and implemented internal privacy management systems, including information security policies, risk assessment guidelines, data audit procedures, remote work policies, incident management plans, data processing appendices, etc.
• External contract management: In external collaborations, we ensure that relevant contracts (such as data processing agreements, confidentiality agreements) are signed with partners, or clauses related to personal data protection are inserted into contracts. These require third parties to fulfill data protection obligations, and we continuously monitor their performance.
• Access control: We deploy access control mechanisms based on the necessity of service provision and personnel levels, implementing hierarchical permission management to ensure that only authorized personnel can access personal data. Meanwhile, we clearly define and allocate roles and responsibilities for personal data protection, practicing separation of duties to reduce the risk of unauthorized access.
• Awareness and training: We have a dedicated privacy team responsible for regular and ongoing training to enhance employees’ awareness of personal data protection.
• Encryption and pseudonymization: We adopt appropriate encryption and pseudonymization measures to prevent data breaches and unauthorized access. For example, during data transmission, we use encryption technologies such as RSA and AES to mitigate security risks; for data storage and display, we use hashing algorithms, NCA algorithms, and console desensitization display to protect your personal data.
• Network security: We maintain network security capabilities no less than industry standards. For instance, we deploy firewalls to prevent unauthorized access, implement DDOS protection to ensure network stability, regularly run vulnerability scanning programs to detect potential security flaws and formulate vulnerability management strategies, adopt appropriate operational security and configuration management, and enable remote access to IT systems via VPN tunnels.
• Password control: We have formulated and documented specific password policies, covering password length, complexity, validity period, access attempts, password reset timeframes, password history, and reuse restrictions. All passwords are stored in a “hashed” form.
• Backups: Appropriate backup methods are implemented to ensure data integrity and timely recovery of core operational data.

Your personal data is stored in controlled facilities with strict access control. Within these facilities, we use access control systems and closed-circuit television (CCTV) to ensure the physical security of data centers and prevent unauthorized access.

Despite the aforementioned security measures, please also understand that there are no “perfect security measures” on the Internet. We will provide corresponding security measures according to existing technologies to protect your information and provide reasonable security protection, and we will try our best to prevent your information from being leaked, damaged, or lost. However, you are responsible for keeping your login information and passwords to your Account confidential. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information Security Measures.

Please save or back up your text and picture information in time. You need to understand and accept that the system and communication network you use to access our services may have problems due to factors beyond our control.

Risks such as leakage, damage, and loss of personal data are extremely serious security incidents at the company level. To prevent such security incidents from happening, we will be responsible for regularly organizing members of the working group to conduct security drills. In the event of an unfortunate event, we will activate the emergency plan according to the highest priority, form an emergency response team, trace the cause in the shortest possible time, reduce losses, and prevent the expansion of security incidents. At the same time, we will inform you in accordance with the requirements of applicable laws and regulations: the basic situation and possible impact of security incidents, the disposal measures we have taken or will take, suggestions for you to prevent and reduce risks independently, and remedial measures for you, etc. We will inform you about the event by email, letter, phone call, push notification, etc. When it is difficult to inform the personal data subject one by one, we will issue an announcement in a reasonable and effective manner. We will also report the handling of personal data security incidents in accordance with the requirements of the regulatory authorities.

The above measures are not an exhaustive list of all data protection measures we adopt. In fact, we will make every effort to implement the most reasonable and reliable protection measures based on the nature of the data. While we take the security of your personal data seriously, please note that no security measure is completely foolproof. In the event of any data security risk, we will promptly respond in accordance with any data breach requirements specified in applicable laws and regulations.

If we stop operating our products or services, we will stop collecting your personal data in a timely manner, notify you of the notice of cessation of operation by delivery or announcement one by one, and delete or anonymize personal data held.

7. Your legal rights

As permitted by applicable data protection laws, you may have various rights regarding your personal data, and the rights may vary by jurisdiction and with respect to the products and services you are using. Normally, your rights may include:

• Right of access: You have the right to receive information about your personal data processed by us upon request.
• Right to correct: You have the right to correct your personal data if it is incorrect.
• Right to erasure: You have the right to obtain from us, under the conditions specified by the applicable laws, the deletion of your personal data.
• Right to restriction of processing: You have the right to request us to process your personal data only to a restricted extent under the conditions specified by the applicable laws.
• Right to data portability: You have the right to receive from us personal data concerning you, which you have provided to us, as well as the right to request us to forward this personal data to another controller according to the applicable laws.
• Right to object: You have the right to object to the processing, use or disclosure of your personal data. If you object, we will no longer process, use or disclose your personal data unless we can prove compelling legitimate reasons for the processing, use or disclosure that outweigh your interests, rights and freedoms, or the processing, use or disclosure serves to assert, exercise or defend legal claims on our part.
• Right to withdraw your consent: You have the right to revoke consent given to us at any time. As a result, we are no longer allowed to continue the processing, use or disclosure based on this consent in the future. This does not affect the legality of the processing, use or disclosure of your Personal Data carried out on the basis of the consent up to the point of revocation.

For more information required under applicable laws and regulations of your country or territory of origin, please refer to Section 12. If you wish to exercise any of your rights, please send your request through the channels listed in Section 11. We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions. In some jurisdictions, applicable law may entitle you to request certain copies of your personal data about how we process, use or disclose your personal data, request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format, and/or request that we transmit this information to another service provider (where technically feasible).

If you have concerns that we have processed, used or disclosed your personal data in a manner which is unlawful or breaches your rights, you may also contact us using the contact details listed in Section 11, so that we can investigate, and hopefully resolve, your concerns. For further details, please contact your regional data protection authority.

8. Minors Protection

Our services are not intended for minors. Accordingly, we do not knowingly collect personally identifiable information from anyone under the age of 18 or any age to define a minor under the applicable laws. If you are under the age of 18, you may only use and access the Services with your parent’s or guardian’s consent. If this applies to you, please ask your parent or guardian to read the Terms and this Policy carefully, and only use or access the Services after obtaining your parent’s or guardian’s consent.

We will not directly collect personal data from minors while the parents or guardians of those minors may provide us with the personal data of minors when using our products and services.

• We may also automatically collect personal data of minors by using Cookies and other similar technologies. Please refer to Section 2 for details.

We will only collect, use, or disclose the personal data of minors when permitted by applicable laws and regulations, such as with the explicit consent of the guardian, or as necessary for the protection of the minor. If you are at least 18 years old, you may use or access the Services only if you have sufficient understanding of this Policy and the terms herein. In the event you are uncertain about any aspect of this Policy, please ask your parent or guardian to explain this Policy to you. If you are a parent or guardian of a child, you may make access and correction requests or withdraw your consent to the collection, use and/or disclosure of your child’s or ward’s Personal Data, where you have previously provided such consent, in accordance with this Policy and applicable laws on behalf of your child or ward.

In addition to the measures mentioned in Section 6, we take the following additional measures to protect minors’ personal data:

• Strictly control access: For staff who may have access to minors’ personal data, we adopt the principle of minimum necessary authorization, and take technical measures to record and control the staff’s handling of minors’ personal data, so as to avoid illegal copying and downloading of minors’ personal data.
• Formulate emergency plans for minors’ personal data security incidents: We will regularly organize relevant internal personnel to conduct emergency response training and emergency drills to enable them to master job responsibilities and emergency response strategies and procedures. After the unfortunate occurrence of a child’s personal data security incident, we will promptly inform the child and his guardian in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, recommendations for risk prevention and reduction that children and their guardians can take ownership of, remedial measures for children and their guardians, etc. We will promptly inform the children and their guardians of the incident by means of app push notifications, emails/short messages, etc. When it is difficult to notify one by one, we will take a reasonable and effective way to issue relevant warning information. At the same time, we will also actively report the handling of minors’ personal data security incidents in accordance with the requirements of the regulatory authorities. If the legitimate rights and interests of children and their guardians are damaged, we will bear corresponding legal responsibilities.

If you have any complaints, or opinions, or want to exercise the rights related to minors’ personal data, please contact us through the channels listed in Section 11. We will reply to your request after receiving the questions, opinions, or suggestions and verifying the identity and guardianship relationship between you and the minor in accordance with applicable laws and regulations.

9. Updates and amendments of this Policy

We keep our Policy under regular review. This Policy applies in conjunction with the Terms and any other notices, terms, policies and consents that apply to the collection, use and disclosure of your Personal Data by us.

We may revise this Policy according to the changes in laws, regulations, and our services. If the content of this Policy changes, we will inform you by updating this policy, pop-up windows, and page prompts, and obtain your consent again when applicable laws and regulations require so. Your continued use or access to our Services constitutes your acknowledgement and acceptance of such changes.

10. Language

This Privacy Policy can be translated into different languages, and in the event of conflicts or inconsistencies between versions of different languages, the English version shall prevail.

11. Contact us

You may contact us by using the details provided in the chart below should you have any enquiries regarding this Policy or if you wish to make any request. We will listen to your opinions and do its best to respond to the queries without delay according to the applicable laws and regulations.

12. Supplementary instructions for specific jurisdictions

12.1.   Singapore

Your legal rights

If you are located in Singapore, you have rights to protect your personal data in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”) as follows.

A.      Right to access and correction of Personal Data If you wish to make:

(a)  an access request for access to a copy of the Personal Data which we hold about you or information about the ways in which we use or disclose your Personal Data within a year before the date of your request (“access request”); or

(b)  a correction request to correct any errors or omissions in your Personal Data or update any of your Personal Data which we hold about you (“correction request”), you may submit your request in writing or via email to our Data Protection Officer at the contact details provided in paragraph 11 above. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your access request. We will respond to your access request or correction request as soon as reasonably possible from the time such request is received. Should we not be able to respond to your access request and/or correction request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with access or make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

B.      Right to withdraw consent

The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using, processing and/or disclosing your Personal Data for any or all of the purposes listed above in Sections 2 to 4 by submitting your request in writing or via email to our Data Protection Officer at the contact details provided in Section 11 above.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within seventy-two (72) hours of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing the Services or any products or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in this Section. You may, at any time during the period mentioned under this Section, withdraw your request by informing us in writing, failing which we shall proceed with the necessary actions.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required under applicable laws. Further, we may continue to retain some of the Personal Data provided by you prior to your withdrawal of consent as set out under Section 7 above.

C.     Transfer of Data

Where your Personal Data is transferred to countries or territories outside of Singapore (such as for business analytics purposes, etc.), we will:

(a)    take steps to ascertain and ensure that the recipient of the Personal Data is bound by legally enforceable obligations or specified certifications to provide the transferred Personal Data a standard of protection that is at least comparable to that provided under the PDPA; and

(b)     inform you of the name, contact information of such recipients, as well as the means and procedures for you to exercise your right as the subject of the Personal Data and we will obtain your consent of the same.

(c)     To this end, you understand, acknowledge and consent to the transfer of such Personal Data to a place outside Singapore.

D.     Data Breach

In the event of a notifiable data breach as defined under the PDPA, we will, unless otherwise directed by a prescribed law enforcement agency or authority, inform you as soon as practicable (but in any case, no later than three (3) calendar days after ascertaining that there has been a notifiable breach) of the basic information about and possible impact of the security incident, countermeasures we have taken or will take, suggestions for you to prevent and reduce the risks, remedies for you, etc. Such notification may be by way of an email, letter, telephone or push notification, etc. If it is difficult for us to inform all the subjects of Personal Data one by one, we will choose a reasonable and effective way to publish an announcement.

Cookies Policy

Overview

When you visit our Site, we and other third parties may place Cookies in your web browsers to provide you with convenience. A Cookie is a small data file sent to your browser to store and track information about you when you enter our Site. Cookies are widely used to operate the website or operate it in a more efficient manner and transmit information to the owner of the website. Cookies may be used to store items such as identifiers and user preferences. Website may install Cookies in used browsers in cases where allowed by the browser’s preferences. The emails we send to users may contain an address link to the content of our website. If the link is clicked, we will track the click to help us understand users’ product and service preferences by using web beacons, pixel and tags, so that we can actively improve customer service experience. A web beacon is usually a transparent image embedded in a website or email, which allows us to know if a certain page was visited. Pixels are small objects embedded into a web page that are not visible to the user, and Tags are small pieces of HTML code that tell your browser to request certain content generated by an ad server. With the help of pixel tags in emails, we can know whether the emails are opened. If you do not want your activities to be tracked in this way, you can unsubscribe from our mail list at any time. All of the technologies described above will be collectively referred to in this Cookies Policy as “Cookies”.

The Cookies we use and how we use them

We do not use Cookies for any purpose other than those described in this Policy. Generally, we use Cookies to store your information so that you can log in or use our services or functions that rely on Cookies, and to provide you with more thoughtful personalized services and promotion services.

Specifically, the following types of Cookies may be used when you visit our Site:

●        Strictly necessary/essential Cookies.

These Cookies are necessary for the website to function and cannot be switched off without affecting the use of the Site. They include, for example, Cookies that enable you to log into secure areas of our website and manage your order(s).

●        Functionality Cookies.

These Cookies enable our Site to remember your preferences (such as your preferred language), settings, and previous searches of our website to work properly so that to enhance your experience on our Site.

●        Analytical/Performance Cookies.

These Cookies help us understand how users like you use this Site. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

●        Targeting Cookies

These Cookies record your visit to our Site, the pages you have visited, and the links you have followed. We will use this information to make our website more relevant to your interests. We may also share this information with third parties for this purpose.

●        Manage the Cookies

You can choose to accept or decline some Cookies. Most devices and browsers also provide a way to set your Cookie preferences. These settings are usually found in the “options”, “preferences” or “settings” menu of your browser. You may find out more details on how to manage Cookie settings for your browser here: Internet Explorer > Google Chrome > Mozilla Firefox > Safari > Opera. Please note that if you choose to remove or reject Cookies or clear local storage, this could affect the features, availability, and functionality of our Site.

If you have any complaints, or opinions, or want to exercise your rights related to your personal data, please contact us using the details provided in the chart below. The company will listen to your opinions and do its best to respond to the queries without delay according to the applicable laws and regulations.