PRIVACY AND DATA PROTECTION POLICY

1. INTRODUCTION

1.1 Ematic Solutions Pte. Ltd. (160 Robinson Road, #14-04 Singapore Business Federation Centre, Singapore 068914) and its affiliates and related companies (individually and collectively, “Ematic”, “we”, “us” or “our”) takes its responsibilities under applicable privacy laws and regulations, including but not limited to the Singapore Personal Data Protection Act 2012 (No. 26 of 2012), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR), Personal Data Protection Act 2010 (Laws of Malaysia, Act 709), Thailand Personal Data Protection Act B.E. 2562 (2019) (“Privacy Laws”) seriously and is committed to respecting the privacy rights and concerns of all users of our Ematic website (the “Site”) and users of our products and/or services (we refer to the Site as well as the products and/or services we provide collectively as the “Services”). We recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process the personal data you have entrusted to us. This Privacy and Data Protection Policy (“Privacy Policy” or “Policy”) is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us and/or possess about you and/or your users (defined below under Section 1.2), whether now or in the future, as well as to assist you in making an informed decision before providing us with any personal data. Please read this Privacy Policy carefully. If you have any questions regarding this information or our privacy practices, please see the section entitled “Questions, Concerns or Complaints? Contact Us” at the end of this Privacy Policy.

1.2 “Personal Data” or “personal data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. This includes the personal data of your users, customers, clients, subscribers, prospects and/or leads (“your users”) you provide us. Common examples of personal data could include name, email address and phone number.

1.3 By using the Services, registering for an account with us, visiting our website, or accessing the Services, you acknowledge and agree that you accept the practices, requirements, and/or policies outlined in this Privacy Policy, and you hereby consent to us, and undertake to procure the consent of your users to us, collecting, using, disclosing and/or processing your personal data and the personal data of your users as described herein. IF YOU DO NOT CONSENT AND/OR DO NOT PROCURE THE CONSENT OF YOUR USERS TO THE COLLECTING, USING, DISCLOSING AND/OR PROCESSING OF YOUR PERSONAL DATA AND THE PERSONAL DATA OF YOUR USERS AS DESCRIBED IN THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICES OR ACCESS OUR WEBSITE. If we change our Privacy Policy, we will post those changes or the amended Privacy Policy on our website or via e-mail. We reserve the right to amend this Privacy Policy at any time.

1.4 We may from time to time update this Privacy Policy to reflect our current practice and ensure compliance with Data Protection Laws. If we update our Privacy Policy, we will notify you by posting those changes or the amended Privacy Policy on the Site or by sending an email. We reserve the right to amend this Privacy Policy at any time.

2. WHEN WILL EMATIC COLLECT PERSONAL DATA?

2.1 We may collect Personal Data about you and/or Your Users in the following situations:

(a) when you register and/or use our Services or Site, or create an account with us. This includes information such as visited route logs, session cookies, and other anonymized data collected during your registration, account creation, or use of our Site or Services;
(b) when you submit any form, including, but not limited to, order forms or other forms relating to you, Your Users and/or any of our Services, whether online or through physical forms;
(c) when you enter into any agreement or provide other documentation or information regarding your interactions with us, or when you use our Services;
(d) when you interact with us through telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;
(e) when you use our electronic services, or interact with us via the Site or use Services on the Site. This includes, but is not limited to, data collected through cookies deployed when you interact with our applications or the Site;
(f) when you carry out transactions through our Site or Services;
(g) when you provide us with feedback or complaints;
(h) when you submit your Personal Data and/or the Personal Data of Your Users to us for any other reason mentioned above.
 
The list above is not exhaustive and merely sets out some common instances when Personal Data about you and/or Your Users may be collected.
 

2.2 When you visit, use or interact with the Site or our Services, we may collect certain information by automated or passive means using a variety of technologies, which may be downloaded to your device and may set or modify settings on your device. The information we collect may include, without limitation, your Internet Protocol (IP) address, computer/mobile device operating system and browser type, type of mobile device, the characteristics of the mobile device, the unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, the address of a referring website (if any), and the pages you visit on our website and mobile applications and the times of visit. We may collect, use, disclose and/or process this information for the Purposes (as defined in Section 8 below).

2.3 Our mobile applications may collect precise information about the location of your mobile device using technologies such as GPS, Wi-Fi, etc. We collect, use, disclose and/or process this information for one or more Purposes including, but not limited to location-based services that you request or to deliver relevant content to you based on your location or to allow you to share your location to other users as part of the services under our mobile applications. For most mobile devices, you are able to withdraw your permission for us to acquire this information on your location through your device settings. If you have questions about how to disable your mobile device’s location services, please contact your mobile device service provider or the device manufacturer.

3. WHAT PERSONAL DATA WILL EMATIC COLLECT?

3.1 The Personal Data that we may collect includes but is not limited to: name; email address, billing address, phone number, bank account, payment information, information about you and/or Your Users in connection with your use of our Site and Services, information related to how you use our Site or Services, aggregate data on content engagement by you and/or Your Users, as well as the Personal Data of Your Users.

3.2 We may also request sensitive personal information, such as details about your health,nationality, birthday, marital status, gender, educational attainment, occupation, familybackground, government-issued data such as your driver’s license, social securitynumber, passport details and the like, to the extent that such information pertains toyour or Your User’s use of our Site or Services.

3.3 There may be instances when we request for data that is not enumerated above. However, we will specifically notify you of the information needed and the reasons for its necessity.

3.4 If you do not want us to collect the aforementioned Personal Data, you may opt out at any time by notifying our Data Protection Office (as stated in Section 17.4 below) in writing. Please note, however, that opting out of us collecting you and Your Users’ Personal Data or withdrawing your consent for us to collect, use and/or process you and Your Users’ Personal Data may affect your use of our Site or Services.

4. SETTING UP AN ACCOUNT

4.1. In order to use certain functionalities of the Services, you have to create a user account which requires you to submit certain Personal Data. When you register and create an account, we require you to provide us with your name and email address as well as a username that you select. We also ask for certain information about yourself, such as your phone number and email address. Upon activating an account, you will select a username and password. Your user name and password will be used so you can securely access and maintain your account.
 
4.2. There may be times where you will have the option to integrate your social media accounts, or any other accounts maintained by any other digital service providers (“Digital Services”) with us. If you choose to do so, your Personal Data with the Digital Services will be shared and can be used by us, and the Personal Data you have with us can be shared and used by the Digital Services.
 
4.3. When digital integration is carried out, the Personal Data that we receive and the Personal Data that we provide these Digital Services shall only be those Personal Data which you allow us or these other Digital Services to process and share.
 
4.4. Please take note that the Personal Data that you allow us to process and share may differ from what is collected for the Digital Services. Information provided to us may be used to the extent and for the purposes that are provided for under our Policy, and the extent that the other Digital Services collect, process and/or share your Personal Data will be in accordance with their policies.
 

5. COOKIES

5.1. When you visit the Site, we use cookies to identify user behaviours, continually enhance your browsing experience and improve our Site. “Cookies” are identifiers transferred to your computer or mobile device that allow us to recognize your device and gather information about how and when the Services or Site are used, the number of users, and to track movements within the Site. Cookies may convey information about your device, including, but not limited to, your IP address, operating system, browser name/version, the referring web page, and requested page, along with the date/time of your visit. You have the option to enable or disable all cookies directly through your web browser, allowing you to customize your cookies preferences. However, certain Site features may not operate optimally if cookies are disabled.
5.2. Our Site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help analyse how users use the Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Google on servers in the United States.
5.3. Google will use this information to evaluate your use of the Site, compile reports on website activity for website operators and provide other services relating to Site activity and Internet usage. Google may also transfer this information to third parties where required by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may learn about Google’s practices by referring to Google’s Privacy Policy.
 

6. CUSTOMER SERVICE AND SUPPORT

6.1. We provide customer service and support via multiple channels, including the Site, email and feedback forms. To deliver effective customer service and support, we may collect and utilize the information provided, including but not limited to your full name and email address.
6.2. If the situation necessitates, we may collaborate with third-party service providers to assist us in providing customer service and support. Any Personal Data shared will strictly adhere to the principles outlined in this Privacy Policy and applicable laws, and will only be used to the extent necessary for the purpose of delivering customer service and support.
 

7. SURVEYS

From time-to-time, we may ask you to participate in surveys designed to improve our Services or Site. Your participation in these surveys is entirely voluntary, granting you the freedom to decide whether or not to share your information with us. The information we may request includes, but is not limited to, contact details (such as your email address) and demographic information. Survey responses will be strictly utilized for the purpose of monitoring and enhancing the use and satisfaction of our Services. This information will remain confidential and will not be shared with third parties, except to our trusted contractors who assist in survey administration and analysis.
 

8. HOW DO WE USE THE INFORMATION YOU PROVIDE US?

8.1. We may collect, use, disclose and/or process your and Your Users’ Personal Data for
one or more of the following purposes:
 
(a) to consider and/or process your transactions with us or your transactions or communications with Your Users or third parties via the Services; to manage, operate, provide and/or administer your use of and/or access to our Site or Services, as well as your relationship and user account with us; to manage, operate, administer and provide you with our Services, including, but not limited to, remembering your preferences;
(b) to tailor your experience through the Services by displaying content according to your interests and preferences, providing a faster method for you to access your account and submit information to us to contact you when necessary; to respond to, process, deal with or complete a transaction and/or to fulfil your requests for certain Services and notify you of service issues and unusual account actions; to enforce our Terms of Service or any applicable end-user-license agreements; protect personal safety and the rights, property or safety of others; and for identification and/or verification;
(c) to maintain and administer any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of our Services;
(d) to deal with or facilitate customer service, carry out your instructions, and respond to any enquiries given by (or purported to be given by) you or on your behalf;
(e) to contact you or communicate with you via call, text message and/or fax message, email and/or postal mail or otherwise for the purposes of administering and/or managing your relationship with us or your use of our Services, such as communicating administrative information to you related to our Services. You acknowledge and agree that such communication by us could involve the mailing of correspondence, documents or notices to you, which may involve the disclosure of certain Personal Data about you and/or Your Users on the external cover of envelopes/mail packages;
(f) to conduct research, analysis and development activities, including, but not limited to, data analytics, surveys, development of Services to analyse how you use our Services, improve our Services and/or enhance your customer experience;
(g) to allow for advertising and other audits and surveys to, among other things, validate the size and composition of our target audience, and understand their experience with our Services. Where you give us your prior consent to use your data for marketing purposes and to send you promotional information and materials related to our Services, we may do so through various modes of communication, such as postal mail, email, location-based services, or otherwise. This may also include promotional information and materials related to services of third parties we may collaborate or tie up with, whether such services exist now or are created in the future;
(h) to respond to legal processes or comply with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including, but not limited to, meet the requirements to make disclosure under the requirements of any law binding on us;
(i) to produce data for internal and statutory reporting and/or record-keeping
requirements;
(j) to carry out due diligence or other screening activities, including, background checks, in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or put in place by us;
(k) to audit our Services or business;
(l) to prevent or investigate any fraud, unlawful activity, omission or misconduct, whether related to your use of our Services or any other matter arising from your relationship with us, whether or not there is any suspicion of the aforementioned;
(m) to store, host and/or back up (whether for disaster recovery or otherwise) your Personal Data and/or the Personal Data of Your Users, whether within or outside of your or Your Users’ jurisdiction;
(n) to deal with and/or facilitate a business asset transaction or a potential business asset transaction, where such transaction involves us as a participant or involves only our related company or affiliate as a participant or involves us and/or any one or more of our related companies or affiliates as participant(s), and there may be other third-party organisations that are participants in such transaction. A “business asset transaction” refers to the purchase, sale, lease, merger, amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation;
(o) to pass to third-party service providers that we engaged to handle certain aspects of our business operations and to other business entities that are or may become part of the same group of companies as Ematic;
(p) If Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests) forms the legal basis for processing, our legitimate interests include, in addition to the purposes listed above:-
i. protecting us against material and intangible damages;
ii. professionalism (of our products and services);
iii. cost optimization (control and minimization); or
iv. any other purposes which we notify you of at the time of obtaining your

consent.

(collectively referred to as “Purposes”).

8.2. As the purposes for which we may collect, use, disclose and/or process your and/or your Users’ Personal Data depend on the circumstances at hand, such purposes may not appear above. However, we will notify you of such other purposes at the time of obtaining your consent, unless collecting, using, disclosing and/or processing of the applicable data without your and/or Your Users’ consent is permitted by the Data Protection Laws.
 

9. SHARING OF INFORMATION FROM THE SERVICES

Our Services enable users to share personal information with each other without our involvement to complete transactions. In a typical transaction, users may have access to each other’s name, User ID, email address and other contact information. Our Terms of Service require that users in possession of another user’s Personal Data (the “Receiving Party”) must (i) comply with all applicable Data Protection Laws; (ii) allow the other user (the “Disclosing Party”) to remove themselves from the Receiving Party’s database; and (iii) allow the Disclosing Party to review the information that has been collected about them by the Receiving Party.
 

10. HOW DOES EMATIC PROTECT PERSONAL DATA?

10.1. We implement a variety of security measures to ensure the security of you and Your Users’ Personal Data on our systems at different levels. You and Your Users’ Personal Data is contained behind a secured and private Virtual Private Network (VPN), which controls and encrypts all access to Google Cloud Platform (GCP) server and it is only accessible by a limited number of authorised employees who have special access rights to such systems who are required to keep the Personal Data confidential. We also use multiple security monitoring tools, firewalls, intrusion detection systems, monitor logs regularly and perform security patches and upgrades all the time.
10.2. When you place orders or access your Personal Data and/or the Personal Data of Your Users, we offer the use of a secure server. All Personal Data or sensitive information you supply is encrypted in our databases and can only be accessed as stated above.
10.3. For any applicable transfer of Personal Data supported by Third-Party Platforms, Personal Data is exported via Application Programming Interface (API) or manually to a secure cloud or SFTP storage protected by user identification, password, public/private key pairs, or other means of cloud IAM authentication.
10.4. We perform daily backups for you and Your Users’ Personal Data.
10.5. We retain Personal Data in accordance with the applicable Data Protection Laws. That is, we will destroy or delete you and Your Users’ Personal Data as soon as: (i) the Purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; (ii) retention is no longer necessary for any legal purposes; or (iii) upon your request, provided that we may charge reasonable fees incurred for the destruction of Your Personal Data. Subject to Data Protection Laws and/or other applicable laws, we reserve our rights to dispose of your Personal Data and/or the Personal Data of Your Users without prior notice to you.
10.6. In certain circumstances, Personal Data is kept for the period during which claims against us may be enforced. Personal Data is also saved to the extent that and for so long we are legally obliged to do so or required by law. We may also deny your request to destroy your Personal Data in our possession if we believe that the retention of such Personal Data is necessary for the protection or enforcement of our rights.
 

11. DOES EMATIC DISCLOSE THE PERSONAL DATA IT COLLECTS FROM ITS VISITORS TO OUTSIDE PARTIES?

11.1. In conducting our business, we may need to disclose your Personal Data and/or the Personal Data of Your Users to our third-party service providers, agents and/or our affiliates or related corporations, and/or other third parties, whether located in Singapore or outside of Singapore, for one or more of the above-stated Purposes or for the provision of and/or your use of our Services. Such third-party service providers, agents and/or affiliates or related corporations and/or other third parties would process your Personal Data and/or the Personal Data of Your Users, either on our behalf or otherwise, for one or more of the above-stated Purposes or for the provision of and/or your use of our Services. Such third parties include, but are not limited to:

 
(a) our subsidiaries, affiliates and related corporations;
(b) contractors, agents, service providers and other third parties we use to support our Services. These include, but are not limited to, entities that provide administrative or other services to us, such as telecommunication companies, information technology companies, cloud service providers and data centers;
(c) a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether there is a going concern or as part of bankruptcy, liquidation or a similar proceeding, in which Personal Data held by us about you and Your Users is among the assets transferred; or to a counterparty in a business asset transaction involving us or any of our affiliates or related corporations; and third parties to whom we disclose information for one or more of the Purposes or for our provision of and/or your use of our Services, and such third parties would in turn be collecting and processing your and Your Users’ Personal Data for one or more of the Purposes or for the provision of and/or your use of our Services;
(d) public authority when required, ordered, or mandated by such competent public authority to disclose your Personal Data, whether it be to comply with law, court order, subpoena, or any other legal process; or pursuant to a judicial, administrative, or any other official proceeding; and
(e) any third party when it becomes necessary or beneficial to protect our lawful rights and interests in any arbitration, administrative or court proceeding; or to commence or defend any and all legal claims.
11.2. For the avoidance of doubt, in the event that Data Protection Laws or other applicable laws permit us to collect, use, disclose and/or process your Personal Data and/or the Personal Data of Your Users without your consent and/or the consent of Your Users, such permission granted by the laws shall continue to apply.
11.3. Third parties may unlawfully intercept or access Personal Data transmitted to or contained on the Site; technological malfunctions or unexpected issues may occur; or someone might gain access to, abuse or misuse information, all without fault on our part. We will nevertheless deploy reasonable security measures to protect your Personal Data and the Personal Data of Your Users as required by the Data Protection Laws. However, it is important to acknowledge that there can be no guarantee of absolute security, including but not limited to situations where unauthorised disclosure arises due to malicious and sophisticated hacking, even when it is not our fault.
 

12. INFORMATION ON MINOR

12.1 Any minor child or children under the legal age of majority in their respective jurisdiction (“Minor”) can access various parts of the Site and utilize its features without the need to provide us with personal information. However, it is important to note that we employ cookies to automatically gather information from our users when they visit or use the Site. When dealing with Minors, we collect only the information that is reasonably necessary for them to participate in a specific activity, and we never make a Minor’s participation contingent on disclosing more personal information than is reasonably necessary. The information we automatically collect through technology and other non-Personal Data assists us in enhancing the functionality of our Site.
12.2 The Services are not intended for Minor. We do not knowingly collect or retain any Personal Data or non-personally-identifiable information from Minor, and no part of our Site or other Services is directed to Minor. If we learn that we have collected Personal Data from a Minor without verification of parental consent where this is required, we will promptly remove and/or delete any of the Personal Data. If you believe we might have any information from or about a Minor, please contact us at dataprotection@ematicsolutions.com.
 

13. DISCLAIMER REGARDING SECURITY AND THIRD-PARTY SITES

13.1. WE DO NOT GUARANTEE THE SECURITY OF PERSONAL DATA AND/OR OTHER INFORMATION THAT YOU PROVIDE ON THIRD-PARTY SITES.
13.2. In an effort to provide you with added value, we may choose various third-party websites to link to, and frame within the Site. We may also participate in co-branding and other relationships to offer e-commerce and other services and features to our visitors. These linked sites have separate and independent privacy policies, as well as security arrangements. Even if the third party is affiliated with us, we have no control over these linked sites, each of which maintains separate privacy and data collection practices independent of us. Data collected by our co-brand partners or third-party websites (even if offered on or through our Site) may not be received by us.
13.3. We therefore bear no responsibility or liability for the content, security arrangements (or lack thereof) and activities of these linked sites. These linked sites are provided solely for your convenience and you therefore access them at your own risk. Nonetheless, we are committed to protect the integrity of our Site and the links we place on it. Therefore, we welcome any feedback about these linked sites, including but not limited to, reports of broken links.
 
14. WILL EMATIC TRANSFER PERSONAL DATA OVERSEAS?
 
14.1. Your and/or Your Users’ Personal Data may be transferred to, stored or processed outside of your and/or Your Users’ country, including Singapore, Australia, Malaysia, Indonesia, Thailand, Philippines, Vietnam, Taiwan, Hong Kong and the United States of America and any other country in which our subsidiaries, affiliates, related corporations or cloud service providers maintain facilities or employ staff or contractors.
14.2. Ematic will only transfer your information overseas in accordance with applicable Data Protection Laws. If your Personal Data is transferred to destination countries where the standard of protection available is not sufficient under the applicable laws, we will inform you of the inadequate personal data protection standards of the destination country and strictly comply with all requirements under the applicable laws which are in effect at that time.
14.3. We consistently implement measures to ensure the safeguarding of Personal Data,regardless of where it is stored and processed, in compliance with Data ProtectionLaws and/or other applicable laws. Where applicable under the law, you consent to thetransfer of your Personal Data to countries where we or our subsidiaries, affiliates andrelated corporations operate or where cloud service providers maintain facilities, inaccordance with this Privacy Policy.
 
15. HOW CAN YOU OPT-OUT, REMOVE, REQUEST ACCESS TO, MODIFY PERSONAL DATA YOU HAVE PROVIDED TO US AND PERSONAL DATA PORTABILITY?
 
15.1. Opting Out and Withdrawing Consent
    15.1.1. To modify your email subscription preferences, please let us know by sending an email to our Data Protection Officer at the address listed below in Section 17.4. Please note that due to email production schedules, you may still receive emails that are already in production.
    15.1.2. You may withdraw your consent for the collection, use, disclosure and/or processing of your Personal Data and/or the Personal Data of Your Users in our possession or under our control by sending an email to our Data Protection Officer at the email address listed below in Section 17.4.
    15.1.3. Once we have your clear withdrawal instructions and verified your identity, we will process your request for withdrawal of consent and will thereafter not collect, use, disclose and/or process your Personal Data and/or the Personal Data of Your Users, whichever applicable, in the manner stated in your request, and thereafter, remove you and/or Your User’ Personal Data, whichever applicable. If we are unable to verify your identity or understand your instructions, we will liaise with you to understand your request.
    15.1.4. However, your withdrawal of consent could result in certain consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data and/or the Personal Data of Your Users, it may mean that we will not be able to continue providing the Services to you, we may need to terminate the existing relationship and/or the contract you have with us, etc., as the case may be, which we will inform you of.
    15.1.5. If we ask for your consent to process your data in a new manner, and you object to this new manner of processing, your objection is only related to the new purpose of processing, and it will not be considered as a revocation of consent previously given.
    15.1.6. If you withdraw your consent or object to our processing of your Personal Data for a particular purpose, you acknowledge that you only withdraw your consent or object to our processing as to that purpose, and we may still process your
Personal Data further to other purposes you have consented to.
    15.1.7. If you consent to our processing of your Personal Data, subsequent to your exercise of the right to object, you acknowledge that your previous written request shall be deemed abandoned.
15.2. Requesting Access and/or Correction of Personal Data
    15.2.1. If you have an account with us, you may personally access and/or correct your Personal Data currently in our possession or control through the Account Settings page on our Site. If you do not have an account with us, you may request to access and/or correct your Personal Data currently in our possession or control by submitting a written request to us. We will require sufficient information from you in order to ascertain your identity as well as the nature of your request so as to be able to deal with your request. Hence, please submit your written request by sending an email to our Data Protection Officer at the email address listed below in Section 17.4.
    15.2.2. For a request to access Personal Data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant Personal Data within fourteen (14) days. Where we are unable to respond to you within the said fourteen (14) days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that Data Protection Laws may exempt certain types of Personal Data from being subject to your access request.
    15.2.3. For a request to correct Personal Data, once we have sufficient information from you to deal with the request, we will correct your Personal Data within fourteen (14) days. Where we are unable to do so within the said period, we will notify you of the soonest practicable time within which we can make the correction. Note that Data Protection Laws may exempt certain types of Personal Data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request, and we will send the corrected Personal Data to every other organisation or to specific organisations requested by you, to which the Personal Data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected Personal Data for any legal or business purpose. We may deny your request to correct your Personal Data if the suggested corrections are not supported by or inconsistent with the documentary proof or evidence.
    15.2.4. We may also charge you a reasonable nominal fee for the handling and processing of your requests to access your Personal Data. If we so choose to charge, we will provide you with a written estimate of the fee we will be charging.
    15.2.5. We reserve the right to refuse to correct your Personal Data in accordance with the provisions as set out in Data Protection Laws, where they require and/or entitle an organisation to refuse to correct Personal Data in stated circumstances.
 
    15.2.6. The release of the data request will only be made to the person whose Personal Data is subject of the data request. A legalized authorization letter shall be required if the data request will be released to a third-party.
15.3. Data Portability
    15.3.1. Where your Personal Data and/or the Personal Data of Your Users is processed by us through electronic means and in a structured and commonly used format, you shall have the right to obtain a copy of such data in an electronic or structured format that is commonly used and allows for further use by you. The exercise of this right shall primarily take into account your right to have control over such data being processed based on consent or contract, for commercial purpose, or through automated means. This right may be limited if fulfilling your request would reveal Personal Data about another person.
 
    15.3.2. We may also be charging you a reasonable nominal fee for the handling and processing of your requests for data portability. If we choose to charge, we will provide you with a written estimate of the fee we will be charging.
 
    15.3.3. The release of the data request will only be made to the person whose Personal Data is subject to the data request. A legalized authorization letter shall be required if the release of the data request will be made to a third-party.
 
    15.3.4. All requests for copies of personal data will be complied with within thirty (30) days of the request. The period can be extended by up to two (2) months in the case of complex or numerous requests. We will inform you if such additional time is required.
 
15.4. Object Collection, Restrict Use, Erase, Destroy, or Anonymize Personal Data
    15.4.1. You have the right to object the collection, use, or disclosure of your Personal Data and/or the Personal Data of Your Users at any time. Furthermore, you may request us to restrict the use of your Personal Data and/or the Personal Data of Your Users and to erase, destroy, or anonymize Personal Data except when we are required to retain your Personal Data and/or the Personal Data of Your Users according to Data Protection Laws or when we have compelling legitimate interests in retaining the Personal Data. If you are resident in Vietnam, a request for the limitation of the use of your Personal Data shall be processed within seventy-two (72) hours, unless otherwise stated by law.
 
16. DATA BREACH MANAGEMENT AND NOTIFICATION
 
16.1. We maintain strict data breach management plans and procedures and shall notify you without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your Personal Data and/or the Personal Data of Your Users, transmitted, stored or otherwise processed by Ematic of which Ematic becomes aware (“Data Breach”).
16.2. We shall make reasonable efforts to identify the cause of such Data Breach and take those steps as we deem necessary and reasonable in order to remediate the cause of such Data Breach, to the extent the remediation is within our reasonable control. The obligations herein shall not apply to Data Breach incidents that are caused by you.
 
17. QUESTIONS, CONCERNS OR COMPLAINTS? CONTACT US

17.1. If you have any questions or concerns about our privacy practices or your dealings with the Services, please do not hesitate to contact: dataprotection@ematicsolutions.com.

 
17.2. If you have any questions, concerns or complaints regarding how we are handling your Personal Data and/or the Personal Data of Your Users or about how we are complying with Data Protection Laws, we welcome you to contact us with your questions, concerns or complaints. Please contact us through email with your questions, concerns or complaints: E-mail: dataprotection@ematicsolutions.com and Attention it to the “Data Protection Officer”.
 
17.3. If you are submitting a complaint via email or letter, the subject header “Data Privacy Complaint” would assist us in expediting the handling of your complaint by directing it to the relevant staff within our organisation.
 
17.4. If you wish to withdraw your consent to any use of your Personal Data and/or the Personal Data of Your Users as set out in this Privacy Policy or otherwise; or if you would like to request access or corrections to the records of your Personal Data and/or

the Personal Data of Your Users, please contact us as follows:

By email: dataprotection@ematicsolutions.com
By mail: Data Protection Officer – EMATIC SOLUTIONS PTE. LTD.
160 Robinson Road, #14-04 Singapore Business Federation
Center, Singapore 068914

By telephone: Data Protection Officer’s contact: +65 83140509

17.5. Ematic aims to respond to queries and requests within fourteen (14) days. There may be instances where a longer response time is necessary due to the complexity of the complaint. In such cases, we will address your complaint in a reasonable and practical timeframe. If you choose to withdraw your consent to any or all uses of your Personal Data and/or the Personal Data of Your Users, it may impact our ability to provide Services to you, depending on the nature of your request.
 
17.6. For information on the Singapore Personal Data Protection Act (PDPA), please refer to Personal Data Protection Commission’s website: www.pdpc.gov.sg
 
17.7. For information on the Australian Privacy Act, please refer to the Office of the Australian Information Commissioner’s website: www.oaic.gov.au.
 
17.8. For information on the Malaysian Personal Data Protection Act, please refer to Department of Personal Data Protection’s website: http://www.pdp.gov.my.
 
17.9. For information on the European Union General Data Protection Regulation (EU GDPR), please refer to the EU GDPR’s website: https://gdpr.eu/.
 
17.10.For information on the Thailand Data Protection Act (PDPA Thailand), please refer to the Ministry of Digital Economy and Society’s website, Office of the Personal Data Protection Committee: https://www.mdes.go.th.
 
17.11.For information on Vietnam Cybersecurity Law (2018) and Decree No.13/2023/ND-CP, please refer to: https://vietnam.gov.vn/ and https://vbpl.vn/pages/portal.aspx.
 
17.12.For information on the Philippine Data Privacy Act of 2012, its Implementing Rules and Regulations, and Issuances of the National Privacy Commission, please refer to: https://privacy.gov.ph/.
 
18. TERMS AND CONDITIONS
 
Please also read our website Terms of Service establishing the use, disclaimers, and limitations of liability governing the use of the Site and the Services and other related policies.
 
Last Updated: 5 October 2023