This privacy policy (“Privacy Policy”) forms a part of the terms and conditions governing your relationship with Bluecell Intelligence Pte. Ltd. (a company incorporated in Singapore, and operating at 59 Mohamed Sultan Road #01-08/09 Sultan Link Singapore 238999 and its affiliated and/or related organisations (“Bluecell”) and should be read in conjunction with any of the terms and conditions entered into between you and Bluecell. Where this policy is in common use by separate organisations within Bluecell, each organisation is responsible to you only to the extent of their own collection and use of your personal data, and their own actions.

This policy sets out the manner in which we collect, use, disclose and process your personal data when you: access or use our websites, applications (including mobile and web-based applications) and services, or provide us with your personal data. In this policy, “we”, “us” or “our” refers to Bluecell.

By providing us with your personal data, you consent to our collection, use, disclosure and processing of your personal data in accordance with this policy. If you do not accept this policy, please DO NOT provide any personal data to us.

1. We may make changes to this Privacy Policy from time to time and post a revised version on our website (https://bluecell.sg/privacypolicy), which shall be effective immediately upon such posting. We are under no obligation to separately inform you of any such revision. Your continued access of this website after the revised Policy has taken effect will constitute your unconditional acceptance of such revised Policy. All communications, transactions and dealings with us will be subject to the latest version of this Privacy Policy in force at the relevant time.

2. “Personal Data” in this Privacy Policy means data which enables an individual or entity to be identified including, but not limited to, information such as names, addresses, identification numbers, contact information (such as email addresses and telephone numbers), date of birth, images, IP addresses and other transactional information, financial information, signatures, answers to security questions, emergency contact information, and/or call back details when you access or use:- our website (the “Website”); any of the services provided by us (the “Services”); or any of our online platforms or mobile applications (the “Platform”); or register an account with us on our Website or Platform; you participate in events and programmes organised by us; when you apply to be a member of any of our programmes; respond to our promotions; subscribe to our mailing lists; you contact us or request that we contact you through various communication channels, e.g. through social media platforms, messenger platforms and e-mails; or you submit your personal data to us for any other reason.

3. From time to time, we may collect Personal Data from (a) users, (b) third parties, including user’s beneficial owners, partners, directors, officers or authorised signatories, employees, customers, payors, payees, guarantors, other security providers and other natural persons related to that user (the “Relevant Individuals”) and/or (c) our business partners who provide services (such as due diligence and legal compliance) to us and from public agencies and other public sources. We may also collect Personal Data about users, Relevant Individuals and related parties in connection with the access and use of the Website, Platform or any of the Services.

4. Our Website and Platform may contain or involve certain technologies that collect data (including personal data) in the manner described below. Please do not use our websites and applications if you do not wish to have your data collected through such means. Alternatively, you may also disable the operation of these technologies on your devices where it is possible to do so.

   1. Cookies (including flash and browser cookies). Cookies allow your browser or device to be recognised. We may make use of cookies to store and track information such as the number of users, frequency of use, profiles of users and online preferences. Cookies do not capture information that personally identify you, but we may use information collected to analyse the usage of our websites and applications and to improve your user experience. You may disable cookies through your device or plug-in settings. However, this may affect your use of our websites and applications.

   2. Web Beacons and Tracking Links. We may make use of web beacons, tracking links and/or similar technologies. In conjunction with cookies, these are primarily used for statistical analysis purposes, including to track traffic patterns on our websites and applications, as well as finding out if an e-mail has been received and opened and to see if there has been any response.

   3. Web Analytics. We may collect and assess the behaviour of users of our websites and applications. This includes the analysis of traffic patterns in order, e.g. to determine the frequency of visits to certain parts of a website or mobile application, or to find out what information and services our visitors are most interested in.

   4. Third Party Technologies. Certain content or applications on our websites and applications, including advertisements, are served by third parties, such as advertisers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our websites and applications. The information they collect may include data about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content. We do not control these third parties, their technologies or how they may use information. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

5. Should you provide us with any Personal Data of yourself or others:

   1. you represent and warrant to us that (i) each individual (including yourself) whose Personal Data has been provided to us, has been notified of the purposes for which data will be collected, processed, used or disclosed; and (ii) such individual’s consent for the collection, processing, use and disclosure of such Personal Data by us has been obtained and authorised by such individual,

   2. you shall notify us immediately upon becoming aware of any withdrawal by any individual of his/her consent to the collection, processing, use and/or disclosure by us of his/her Personal Data provided to us. The withdrawal of such consent may affect the services which us is able to provide to you, such individual and/or the corporate you represent (including possible termination of your contractual relationship with us, subject to termination provisions relating to registered users and may be deemed a breach of your representation and undertakings to us), and

   3. you shall ensure at all times that any information provided (including any Personal Data) to us is correct, accurate and complete, and that any consent given in relation to Personal Data shall, subject to all applicable laws and regulations, survive death, incapacity, bankruptcy or insolvency of any such individual and the termination or expiration of any account in connection with the use of the Platform.

6. If you are a child, minor or not of legal age, you are not permitted to use our applications and/or services. Please do not provide any personal data to us. If you are a parent or guardian of a minor and you have reason to believe your child or ward has provided us with their personal data, please contact us to request for erasure of their personal data.

7. Personal Data submitted or collected by us may be used by us for any of its business purposes, including but not limited to the following listed below (the “Purposes”):

   1. for any purpose where you have given us consent;

   2. comply with our legal or regulatory obligations, e.g. anti-money laundering and “know your customer” checks or disclosure to law enforcement;

   3. perform a contract or transaction you have entered into with us, or provide a service that you have requested or require from us;

   4. facilitating your access and/or use of our Platform and/or Services, including but not limited to facilitating the transfer of funds or other digital assets or monetary assets, facilitating any third party insurance, facilitating any escrow services and/or facilitating any other Services and/or Platform related transactions;

   5. authenticating, operating and maintaining your user accounts;

   6. assisting you with your enquiries and feedback;

   7. our administrative purposes, e.g. accounting, risk management and record keeping, business research, data, planning and statistical analysis, and staff training;

   8. our security purposes, e.g. protecting our Website and Platform from unauthorised access or usage and to monitor for security threats;

   9. managing and engaging third parties or data processors that provide services to us, e.g. IT services, data analytics, messaging marketing, and other professional services;

   10. using data analytics and related technologies on data, to enable us to deliver relevant content and information to you, and to improve our Websites, Platform, Services and offerings;

   11. marketing, promoting or advertisement of products and services (including any co-branded products or services) which we think you may be interested in;

   12. supporting our business interests, such as managing our business and relationship with our customers and/or users, providing services to our customers and/or users, understanding and responding to inquiries and feedback from our customers and/or users, understanding how our customers and/or users use our Websites, Platform and Services, identifying what our customers and/or users want and improving our Websites, Platform, Services and offerings, enforcing obligations owed to us; and sharing data in connection with acquisitions and transfers of our business;

   13. to comply with the User’s / Customer’s Terms and Conditions and/or our Terms of Use as may be stipulated by us from time to time and at any time;

   14. to comply with any applicable laws, rules, or regulations in any country; and

   15. purposes reasonably related to the above.

8. We may retain Personal Data for so long as one or more of the purpose for which it was collected remains valid, where required by regulation or law (national or international), or as required by its own record retention policies or own business purposes.

9. We may from time to time also disclose Personal Data for any of the Purposes to our shareholders, directors, officers and employees, and the following parties (whether inside or outside of Singapore):

   1. any agent, contractor, or third party service provider who provides banking, remittance, administrative, mailing, telecommunications, call centres, business process, travel, visa, knowledge management, human resource, data processing, information technology, computer, payment, debt collection, credit reference checks or securities clearing or risk modelling or analysis or other services to us in connection with our business operations and/or the Website, Platform or any of the Services;

   2. any person or entity employed by us or on our behalf or is a part of or related to any group of companies of which we form part or is affiliated to;

   3. any party who provide services to us, e.g. IT services, data analytics, messaging marketing, and other professional services;

   4. any party that we conduct joint marketing and cross promotions with;

   5. any person or entity to whom we are under an obligation or otherwise required to make disclosure pursuant to any applicable laws and regulations, including disclosure to courts, tribunals, and/or legal, regulatory, tax and government authorities and stock exchanges;

   6. any party giving or proposing to give a guarantee or third party security to guarantee or secure the obligations of any user;

   7. any party for purposes of conducting checks with the Do Not Call Registry;

   8. any party for purposes of meeting or complying with our internal policies and procedures and any applicable rules, laws, regulations, codes of practice or guidelines, orders or requests issued by any court, legal or regulatory bodies (both national and international) (including but not limited to disclosures to regulatory bodies, conducting audit checks or any investigations);

   9. any of our actual or proposed assignees or transferees of our rights in respect of all or any part of our assets or business ; and/or

   10. any credit bureaus (including without limitation Credit Bureau (Singapore) Pte Ltd) as well as the members of such credit bureaus and other relevant third parties in connection with the use of the Platform and/or provision of the Services (e.g. banks, financial intermediaries, insurers, reinsurers, escrow agents and other P2P platforms).

10. Without prejudice to the foregoing, we may disclose Personal Data to any person or entity to whom we are under an obligation or otherwise required to make disclosure pursuant to any applicable laws and regulations, including disclosure to courts, tribunals, and/or legal, regulatory, tax and government authorities in Singapore or otherwise.

11. You may access or make corrections to any of your Personal Data held by us. To do so, please contact us (at [email protected] ). We reserves the right to charge such fees as it may, in its sole and absolute discretion, deem appropriate for the grant of such access and to correct any Personal Data.

12. We may from time to time send you and/or the Relevant Individuals email messages or short message service (“SMS”) to mobile phones based on Personal Data provided to us. We do not guarantee that these messages will be completely secure. Under no circumstance will we be liable for any damages incurred or sustained by you or the Relevant Individuals in connection with or arising from any such messages transmitted by us or to us.

13. While we take reasonable precautions to safeguard your Personal Data in our possession or under our control, we cannot be held responsible for unauthorised or unintended access that is beyond our control, such as hacking or cybercrimes. We do not guarantee that our Website and Platform are invulnerable to security breaches, nor do we make any warranty, guarantee, or representation that your use of our Website, Platform and Services is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.

14. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction.

15. This Privacy Policy does not derogate from any of the User’s / Customer’s Terms and Conditions and/or Bluecell’s Terms of Use. Our rights under this Privacy Policy shall be without prejudice to other rights of collection, use and disclosure available pursuant to such terms and conditions or under the law and nothing herein is to be construed as limiting any of these other rights.

This section applies ONLY if you are an EU Citizen/are located or residing in the EU and only in such a circumstance, this Section will supersede or replace any provisions above that are inconsistent with this section. This section explains how Bluecell Intelligence Pte. Ltd. (“BLUECELL”) collects, uses and discloses your personal data, and your rights in relation to the personal data it holds if you are an EU Citizen/ are located or residing in the EU.

Bluecell (in this Privacy Notice, “us”, “we” and “our”) is the data controller of your personal data and is committed to complying with the EU General Data Protection Regulation 2016/679 (the “GDPR”) and any locally Singapore applicable data protection laws.

Our Privacy and Data Compliance Officer is contactable by email at [email protected]

Your rights

1. Under the GDPR you have the following rights:

   • To obtain access to, and copies of, the personal data that we hold about you;

   • To require that we cease processing your personal data if the processing is causing you damage or distress;

   • To require us not to send you marketing communications;

   • To require us to erase your personal data;

   • To require us to restrict our data processing activities;

   • To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and

   • To require us to correct the personal data we hold about you if it is incorrect.

2. Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

3. If you are located in Europe, to find out more about your rights please refer to the EU regulator in the place where you are located (in the EU). If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact [email protected]

How we collect your data

4. We collect your personal data in a number of ways, for example:

   • From the information you provide to us when you meet us;

   • From information about you provided to us by your company or an intermediary;

   • When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;

   • When you complete (or we complete on your behalf) client on-boarding or application or other forms;

   • From your agents, advisers, intermediaries, and custodians of your assets;

   • From publicly available sources or from third parties, most commonly where we need to conduct background checks about you.

The categories of personal data we collect

5. We may collect the following categories of personal data about you:

   • Your name and contact information such as your home or business address, email address and telephone number;

   • Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;

   • Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;

   • Information about your knowledge and experience in the investment field;

   • An understanding of your goals and objectives in procuring our services;

   • Information about your employment, education, family or personal circumstances, and interests, where relevant; and

   • Information to assess whether you may represent a politically exposed person or money laundering risk.

The basis for processing your personal data (other than with your consent), how we use that personal data and whom we share it with.

Performance of a contract with you

6. We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

   In this respect, we use your personal data for the following:

   • To prepare a proposal for you regarding the services we offer;

   • To provide you with the services as set out in our agreement(s) with you or as otherwise agreed with you from time to time;

   • To deal with any complaints or feedback you may have;

   • For any other purpose for which you provide us with your personal data.

   In this respect, we may share your personal data with or transfer it to the following:

   • Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;

   • Third parties whom we engage to assist in delivering the services to you;

   • Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;

   • Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you;

   • Our data storage providers.

   Legitimate interests

7. We may also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person.

   In this respect, we use your personal data for the following:

   • For marketing to you. In this respect, see the separate section on Marketing below;

   • Training our staff or monitoring their performance;

   • For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis;

   • Seeking advice on our rights and obligations, such as where we require our own legal advice.

   In this respect we will share your personal data with the following:

   • Our advisers or agents where it is necessary for us to obtain their advice or assistance;

   • With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.

Legal obligations

8. We may also process your personal data for our compliance with a legal obligation which we are under.

   In this respect, we will use your personal data for the following:

   • To meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws;

   • As required by tax authorities or any competent court or legal authority.

   In this respect, we will share your personal data with the following:

   • Our advisers where it is necessary for us to obtain their advice or assistance;

   • Our auditors where it is necessary as part of their auditing functions;

   • With third parties who assist us in conducting background checks;

   • With relevant regulators or law enforcement agencies where we are required to do so.

Marketing

9. We will send you marketing about similar services we provide, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you.

10. We will communicate this to you in a number of ways including by post, telephone, email, SMS or other digital channels.

11. If you object to receiving marketing from us at any time, please contact [email protected]

Transfer and processing of your personal data outside the European Union

12. When processing your personal data as set out in this Privacy Notice and based on our location in Singapore, it will have been transferred outside the European Union. However, if your personal data is originally collected from within the EU it will only be transferred on one of the following bases:

    • the country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data; or

    • you have explicitly consented to the same.

13. To find out more about international transfers by us of your personal data and the countries concerned, please contact [email protected]

Retention of your data

14. We will only retain your personal data for as long as we have a lawful reason to do so. In particular:

    • where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for five years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or

    • otherwise, we will in most cases retain your personal data for a period of seven years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.