Hitpay Privacy Policy

Effective Date: April 2021

INTRODUCTION

1.1 Privacy Policy. This Privacy Policy is provided by HitPay Payment Solutions Pte. Ltd.,

including, where applicable, all of its subsidiaries, brands, related or associated companies/brands (collectively referred to as "HitPay", "we", "us", or "our"). HitPay takes its responsibilities under applicable privacy laws and regulations seriously and is committed to respecting and protecting your privacy online. This Privacy Policy applies to all personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes. Questions, comments and queries regarding this Privacy Policy are welcome and should be addressed to support@hitpay.com.

1.2 Scope of Application. This Privacy Policy applies to:

(a) individuals who access HitPay's Platforms and/or Services.

(b) individuals with whom HitPay has had contact, either for business purposes or otherwise, whether on their own account or on behalf of third parties or organisations;

(c) individuals who are employees or prospective employees of HitPay;

(d) individuals associated with HitPay's merchants, suppliers, vendors or professional advisors; and

(e) individuals who have opted to receive communications from HitPay.

1.3 Acknowledgement and Consent. By interacting with us, visiting our Platform, or accessing the Services, you acknowledge and agree that you accept the practices, requirements, and/or policies outlined in this Privacy Policy, and you hereby consent to us collecting, using, disclosing and/or processing your personal data as described herein.

1.4 Amendments. We may revise or update this Privacy Policy at any time by posting a revised version on our website.

1.5 Withdrawal of Consent. If you do not consent to the processing of your personal data as described in this Privacy Policy, please do not access and use our Platforms and our Services or interact with HitPay.

2. TERMS AND DEFINITIONS

2.1 Definitions. In this Privacy Policy, unless the subject or context otherwise requires, the following words and expressions shall have the following meanings:

"Act" means the Personal Data Protection Act 2012 (No. 26 of 2012 of Singapore) as amended from time to time;

"Authorised Representative" means the third parties who have been duly authorised by you to disclose your personal data;

"HitPay Account" means the virtual account maintained by HitPay on the Platforms in respect of the account holder;

"personal data" means refers to data about an individual who can be identified from that data; or from that data and any other information to which the organisation has or is likely to access, including sensitive personal information;

"Platforms" means our website (https://www.hitpayapp.com/) and where applicable, our mobile application, application programming interfaces, software libraries and any other resources (whether online or offline) made available to you from time to time that are developed or owned by HitPay, through which you access and use our Services;

"Purposes" has the meaning ascribed to it in Clause 5.1 (Purpose); and

"Services" means refers to the services provided by HitPay from time to time including but not limited to the e-commerce payment gateway services provided by HitPay, whether such services are provided online and/or offline; and

"Terms" means the terms of the relevant merchant agreement (where applicable), the HitPay's Terms of Service, the HitPay's Acceptable Use Policy, and this Privacy Policy.

3. PERSONAL DATA WE COLLECT

3.1 Collection of Personal Data. We may collect personal data from you when:

(a) you register for and create a HitPay Account;

(b) you use our Platforms (whether online or offline) and/or Services, or that of an

Authorised Representative;

(c) you contact HitPay for business purposes or otherwise, including via email or communication with a representative of HitPay;

(d) you respond to or submit any queries or feedback to HitPay, request to be on our mailing list, or submit personal data to us for any other reason;

(e) you accept our Platforms' use of cookies and other similar technologies that record information about your use of our Platforms;

(f) we need your personal data in order to perform our obligations under a contract that we are about to enter into or have entered into with you;

(g) we conduct due diligence checks, anti-money laundering checks, fraud monitoring, financial compliance activities and other activities in order to comply with the regulations that may be issued by the Monetary Authority of Singapore from time to time; or

(h) when it is necessary for our legitimate interests or where we need to comply with a legal or regulatory obligation.

3.2 Type of Data Collected. We may collect personal data (including sensitive personal data)

including but not limited to:

(a) your principal name;

(b) gender;

(c) date of birth;

(d) residential status;

(e) nationality;

(f) email address;

(g) registered address;

(h) identification number such as NRIC/FIN and/or

(i) information about your mobile phone, including where available your IP address, operating system and browser type.

4. PERSONAL DATA OF OTHER INDIVIDUALS

4.1 Provision of Personal Data of Other Individuals. To the extent that you have provided, or will provide, personal data about your family members, spouse, other dependents (if you are an individual), directors, shareholders, employees, representatives, agents (if you are a corporate, an entity or an organisation) and/or other individuals, you confirm that you have explained or will explain to them that their personal data will be provided to, and processed by, us and you represent and warrant that you have obtained their consent to the processing (including disclosure and transfer) of their personal data in accordance with this Privacy Policy.

4.2 Provision of Personal Data of Children. The Platforms and Services are not directed to individuals under the age of eighteen (18), and we request that they not provide personal data through access to or use of the Platforms and Services.

5. USE OF PERSONAL DATA

5.1 Purpose. We may use personal data held for legitimate purposes associated with our business, including but not limited to any or all of the following purposes (the "Purposes"):

(a) to ensure that your identity is verified, including distinguishing you from another person with the same or similar details as yourself;

(b) to process any payment or credit transactions and/or perform our Services;

(c) to execute our system administration and to report aggregate information to our merchants and advertisers. This relates to statistical data about our user's browsing actions and patterns, and does not specify any individual;

(d) to handle, process, and respond to any queries, requests, applications, complaints, or feedback from you;

(e) to carry out any reasonable business activities such as audits, risk management or business reporting;

(f) to comply with any internal policies, applicable laws, regulations, or to assist with any law enforcement or investigations conducted by any governmental and/or regulatory authority;

(g) to enforce or defend our rights, contractual or otherwise, including investigations and participating in potential or actual litigation, arbitration, or other legal processes;

(h) to ensure that content from our Platforms is presented in the most effective manner for you and for your device;

(i) to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;

(j) to carry out our obligations arising from any contracts entered into between you and us;

(k) to allow you to participate in interactive features of our service, when you choose to do so; and

(l) to notify you about changes to our Services.

5.2 Non-Exhaustive List. You acknowledge, agree and consent to the processing of your personal data depending on the circumstances at hand for such purpose that may not appear as a Purpose. However, we will notify you of any such other purpose at the time of obtaining your consent, unless processing of the applicable data without your consent is permitted by the applicable laws.

5.3 Third-Party Use. We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by email, post or telephone.

5.4 Aggregate Data. We may provide our business associates, partners or advertisers with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want t o target (for example, graduate women). We may make use of the personal data we have collected from you to enable us to comply with our business associates’, partners’ or advertisers' wishes by displaying their advertisement to that target audience.

5.5 Continuation. We may continue to use your personal data even in a situation where the use of Services, our Platforms or any contractual obligations you may have with us have ceased, been terminated or altered in any way, for a reasonable period thereafter. This may include, where applicable, a period to enable us to enforce our rights under any contract with you.

6. DISCLOSURE AND TRANSFER OF DATA

6.1 Instances of Disclosure. We may disclose or transfer your data both within and outside of Singapore for the Purposes and to the extent permitted by applicable laws and regulations, including the Act. This includes disclosing your personal data:

(a) where we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of contract;

(b) where such disclosure is required for performing obligations in the course of or in connection with the provision of our Services or proper use of the Platforms;

(c) to any member of our HitPay group ie. our subsidiaries, our ultimate holding company and its subsidiaries;

(d) to third party service providers, agents and other organisations we have engaged to perform any of the Purposes for us, who are involved in the provision of Services to you or to provide you with information about goods and services which may be of interest to you;

(e) to our business associates, partners or advertisers with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, graduate women). We may make use of the personal data we have collected from you to enable us to comply with our business associates', partners' or advertisers' wishes by displaying their advertisement to that target audience; and/or

(f) to any third party where we consider that disclosure of your data to such third parties will be necessary to fulfil legitimate business interests.

6.2 Data Protection in Countries Not Including Singapore. The personal data that we collect from you may be transferred to, and stored at, a destination outside Singapore. It may also be processed by staff operating outside Singapore who work for us or one of our suppliers. Such staff may be engaged in, among others, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy.

6.3 Storage of Personal Data. All information you provide to us is stored on our secure servers.

Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platforms. It is your responsibility to ensure that the password is kept confidential and that you do not share the password with any third party.

6.4 Transmission of Information via Internet. Please note that the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Platforms and any transmission is made at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access to your personal data.

7. YOUR RIGHTS

7.1 Request for Access. To the extent that the prevailing personal data protection and privacy laws allow, you have the right to request for access to, request for a copy of, request to update or correct, your personal data held by us. Please note that a reasonable fee may be charged for an access request and if so, we will inform you of the fee before processing your request. You may submit your request in writing or via email to our Data Protection Officer at support@hit-pay.com. Any access request may be subject to a fee of S$10.00 to meet our costs in providing you with details of the information we hold about you.

7.2 Withdrawal of Consent. You have the right, by notice in writing to support@hitpay.com, to inform us of your withdrawal (in full or in part) of your consent previously given to use your personal data, subject to any applicable legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal of consent to be effected. However, depending

on the extent of your withdrawal of consent for us to process your personal data, you may not be able to access our Services and/or use our Platforms.

7.3 Links To Other Platforms. Our Platforms may, from time to time, contain links to and from the platforms of our partner networks, advertisers and affiliates. If you follow a link to any of these platforms, please note that these platforms have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these platforms.

8. RETENTION OF PERSONAL DATA

8.1 Duration of Retention. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your personal data or remove the means by which the data can be associated with you as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

9. DATA SECURITY

9.1 Data Security. We will take reasonable steps to keep your personal information safe from loss, unauthorised activity or other misuse.

9.2 Data Breach. In the event of a data breach, the Data Protection Officer will, as soon as reasonably practical, notify all affected parties of the breach.

10. COOKIES

10.1 Implementation of Cookies. We may from time to time implement "cookies" or other features to allow us or third parties to collect or share information that will help us improve our Platforms and the Services we offer or help us offer new services and features.

10.2 What are Cookies. Cookies are small files which are placed on your computer when a website is accessed by you. Cookies help the website user to navigate efficiently between pages and the website operator to track usage of the site. We may link cookie information to personal data.

10.3 What we use Cookies For. Cookies allow us to recognise your computer or device and tell us how and when the Services or Platforms are used or visited, by how many people and to track activity within our Platforms. Cookies are also used to deliver content specific to your interest and to monitor usage of the Platforms and Services.

10.4 What are my Options in relation to the Use of Cookies. By using our Platforms, you agree to the use of cookies and other technologies as set out in this Privacy Policy. If you do not agree to such use please either refrain from using the Platforms, or refuse the use of cookies by selecting the appropriate settings on your browser. However, you may not be able to access the full functionality of our Platforms or Services if you choose to do so.