At Propine Technologies Pte. Ltd. (UEN: 201810177K), a company incorporated under the laws of Singapore, and its subsidiaries, affiliates and related corporations (“Propine”, “we”, “us”, or “our”), we recognise the importance of safeguarding your personal data and take our responsibility to properly manage, protect and process your personal data under the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (the “PDPA”) seriously.
This Privacy & Data Protection Notice (the “Privacy Notice”) explains how we collect, use, disclose or process your personal data through your interactions with our services, websites, applications, programmes, servers, software including the following properties which are owned and operated by us: (i) any websites owned and operated by us, including https://www.propine.com/ and the associated applications and services (the “Website”); (ii) any official social media channels created by us on any social media platforms (including but not limited to Facebook, LinkedIn, YouTube and Twitter) (the “Channels”); and (iii) all other properties which reference this Privacy Notice in a link or otherwise (collectively, the “Services”). This Privacy Notice applies to all our interactions with you as well as other of the Services that has a reference or link to this Privacy Notice.
Please read this Privacy Notice carefully and should you have any queries about how we may manage, protect or process your personal data, please do not hesitate to contact our Data Protection Officer at email@example.com. This Privacy Notice is governed by the laws of Singapore. By continuing to use our Services, you are deemed to have consented to the terms of this Privacy Notice and our Terms & Conditions (accessible at here and this agreement supersedes any other agreement that we might have with you concerning the use of your personal data. Certain features of the Website and Channels require the provision of your personal data, and where you do not provide such requested information, we may not be able to provide you with the Services.
While we do not intend to collect any personal data about individuals under the age of 18 we cannot stop such individuals from accessing and visiting the Website and Channels. Where you are below 18 years of age (or the applicable age required for you to legally access or use the Services), the rights to consent, access and correction can only be granted by your parents or guardians. Where you are a parent or guardian of such individual, by providing us with personal data of the individual under the age of 18, you hereby consent to the processing of his/her personal data in accordance with applicable laws, and agree to be personally bound by the terms of this Privacy Notice and take full responsibility for his/her actions in relation to the Website and Channels.
We will comply with the PDPA and other applicable data protection and privacy laws, such as the Regulation
(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (the “GDPR”).
Propine is a controller of the personal data collected from you through the Website and/or during the process of the registration as a User of the Services.
Unless otherwise defined herein, capitalised terms used in this Privacy Notice shall have the same meanings as those defined in the Terms & Conditions.
Please notify us and stop using our Services immediately if you do not consent to this Privacy Notice.
a. PERSONAL DATA COLLECTED BY US
- We provide our Users with the safekeeping and custodial services in respect of their Digital Assets.
- Whose personal data is collected?: In this Privacy Notice, “personal data” means personally identifiable information that you provide us, or we collect about or from you, through your use of any of the Services. By using our Services, whether as a: (i) visitor of the Website or Channels; (ii) User of the Services; (iii) regulated third parties duly authorised by the Users, we may collect your personal data.
- What personal data is collected?: Therefore, in using the Services, you may be asked to provide us with personal data such as your name, passport or ID number, email address, residential or business address, contact phone number, any information you choose to provide when filling in a contact form on our Website, IP address or any other technical information that tells us how you use the Website, and we may collect your personal data either directly from you, your authorised representatives, and/or through our third-party service providers (e.g. partners or third-party applications) to personalise your experiences and improve our Services. In addition, during the onboarding process and for the purposes of our Know-Your-Customer (“KYC”) checks, we may have obtained information about your race and ethnicity (which are defined as special categories of personal data under the GDPR), as well as other details that may have been contained in the KYC documents you had provided to us, such as the copy of your passport.
- Consent: By accessing or using our Services or otherwise providing us with your personal data, we shall be entitled to assume that you understand and agree to the terms of this Privacy Notice and consent to the collection, use and disclosure of your personal data by us. If you do not consent to any of these terms, please do not access or use any of our Services, or provide us with any of your personal data.
b. PURPOSES FOR COLLECTION, USE, DISCLOSURE & PROCESSING OF PERSONAL DATA
- We use your personal data to provide you with relevant Services and to operate our business. We may also use the data collected to communicate with you, for instance, to inform you about new features of the Services, security updates, or to inform you about your account. Your personal data may also be used to show you more relevant information, content, advertisements, whether through the Services or third-party applications and in combination with information from other sources.
- Please see examples of how we generally use your personal data collected in accordance with this Privacy Notice:
- to conduct anti-fraud, anti-money laundering and countering of terrorist financing (“AML/CFT”), and identity verification and authentication KYC checks;
- to process, record, monitor and fulfil your transactions or your requests;
- to facilitate our provision of the Services; including but not limited to custody services, asset servicing, reporting, reconciliations etc.
- to communicate with you for research, marketing, advertising and promotional purposes;
- for administrative matters on your registration to the Services, managing your accounts, processing your sign-ups/registrations for mailing lists;
- diagnosis and maintenance of the Services;
- to maintain the security of the Services;
- to protect you and other Users of the Services and Visitors;
- to enforce of our policies and procedures;
- to permit you to submit questions, feedback or complaints; and/or
- such other purposes notified to you from time to time. When we notify you on these purposes separately, we will also provide you with the legal basis for processing of your personal data and, if necessary, will obtain your consent for such processing.
- We process your personal data for these purposes listed above on the following legal basis:
- it is necessary for the performance of the contract of providing the Services to you or in order to take steps at your request prior to entering into the contract;
- to comply with our legal and regulatory obligations;
- to protect our legitimate interest in: (i) responding to your queries; (ii) providing services and / or information to you. You can object to processing based on our legitimate interest at any time by contacting us at: [firstname.lastname@example.org]. Please also check paragraph 5.17 for the details.
- The manner in which your personal data is used will depend on the circumstances at hand, and it will be used in compliance with applicable laws and regulations.
- We may process and use your personal information to facilitate a change of control or sale of Propine or to facilitate a restructuring or other corporate rearrangement.
c. SHARING YOUR PERSONAL DATA WITH THIRD PARTIES. INTERNATIONAL TRANSFERS
- It may also be necessary in certain circumstances for us to share your personal data with third parties such as our subsidiaries, affiliates, related corporations, service providers, or regulatory authorities or other third parties. Such third parties processing your personal data either on our behalf or otherwise may be located in a different country from the point of collection of your personal data (e.g. transfer to servers located outside of the country you are accessing the Services from), or may have multiple physical locations and backups (e.g. cloud based services). We have carefully selected these third parties and taken steps to ensure that when we share your personal data with them, it is adequately protected. All of our service providers are bound by written contract to process personal data provided to them only for the purpose of providing the specific service to us and to maintain appropriate security measures to protect your personal data.
- Where your personal data must be shared with third parties in circumstances that are not reasonably contemplated within the normal course of our dealings with you, we would usually first seek your consent unless the disclosure:
- is required or authorised based on the applicable laws and/or regulations;
- is clearly in your interests, and if consent cannot be obtained in a timely way;
- is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
- is necessary for any investigation or proceedings;
- is required by a law enforcement agency;
- is to a public agency and necessary in the public interest; and/or
- where such disclosure without your consent is permitted by law.
- Where we disclose your personal data to third parties, we will employ our best efforts to require such third parties to protect your personal data.
- By using our Services, you agree that the transfer of your personal data to various countries is reasonably necessary for us to provide you with these Services.
- If you resident of the European Union (“EU”), and if we do store any of your data in the European Economic Area (“EEA”), when we transfer the data outside the EEA under this paragraph 3, this is done either on the basis that it is necessary for the performance of the agreement with you, or that the transfer is subject to the applicable laws in the EU or under the GDPR.
- However, we will only transfer your personal data outside of the EEA:
- where the transfer is to a place that is regarded by the European Commission as providing adequate protection for your personal data; or
- where we have put in place appropriate safeguards to ensure that your personal data is protected (for example where both parties involved in the transfer have signed standard data protection clauses adopted by the European Commission);or
- the above does not apply but we are still legally permitted to do so, for example if the transfer is necessary for (i) for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request, or (ii) the establishment, exercise or defence of legal claims.
- You can request further detail about the safeguards that we have in place in respect of transfers of personal data outside of the EEA and where applicable a copy of the standard data protection clauses that we have in place, by contacting us at: [email@example.com].
d. THIRD PARTY LINKS
- We have no control over and assume no responsibility for the content, privacy policies or practices of any third party websites or services.
e. RIGHTS IN RELATION TO YOUR PERSONAL DATA
- Under the PDPA, you may, by a written request to us, ascertain whether the information we hold about you is accurate and current, and you may also access and correct your personal data. Details of such rights are set out as follows.
- Right to access and/or to correction of personal data. You may request access to or correct the personal data held by us by submitting a written request at any time to firstname.lastname@example.org.
- We may require further information from you to verify your identity as well as the nature of your request, to deal with your request. Handling and processing fees may be payable before we can proceed with your request.
- Once we have sufficient information to deal with your request, we will seek to provide you with the relevant personal data or information within thirty (30) days of your request, unless otherwise stated.
- There are certain circumstances in which we will decline to comply with your request under paragraph 5.2 these include (to the extent allowable under applicable law) situations where:
- a government agency in Singapore or regulator with jurisdiction over us direct us not to comply with a customer’s request
- the information may, in our discretion, affect the safety of any person or persons; and
- the data may be relevant to a regulator or official investigators as part of an investigation into criminal conduct or breach of applicable laws.
- Withdrawal of consent to use your personal data. Should you wish to withdraw your consent to our use of your personal data, please stop using the Services immediately and notify us in writing at email@example.com to inform us that you wish for us to stop collecting, using or sharing your personal data and we will process your request within a reasonable time from such a request. You may also elect to withdraw your consent to the use of your personal data for a specific purpose, so please ensure that your notification contains sufficient and specific information to enable us to comply with your request.
- However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us.
- Rights for residents of the EU – If you are a resident in the EU, you may have the following rights under the GDPR in relation to your personal data, that is, (i) the right to be informed about how we use the Users’ Information what is what we are doing in this Notice; (ii) the right of data portability, (iii) the right of erasure (or deletion, which term we are using in this Notice), (iv) the right to restrict processing, (v) the right to object, and (vi) the rights in relation to automated decision making and profiling. These rights will be subject to ongoing obligations imposed on Propine under any applicable laws or regulation and Propine’s legitimate and legal rights to continue processing your information or to refuse that request. More details on these rights are set out below.
- The right of data portability: You may request to receive the data we collect from you in a structured, commonly used and machine-readable format if processing of the data had been carried out by automatic means, and a right to request that we transfer such data to another party. The relevant subset of your data is data you provide us with your consent and will not include any data of any other person.
- If you wish for us to transfer your personal data to another party, you must give us the details we need about that party. You acknowledge that the exercise of your rights is subject to such transfer being technically feasible. We are not responsible for the security of the data or its processing once received by the third party. We also may not provide you with certain data if providing the data would reveal information about another person, or otherwise infringe on his or her right to privacy.
- The right of erasure or deletion: You may request that we delete the data we hold about you in the following circumstances:
- our continued holding of your personal data is no longer necessary for the purposes for which such data had been collected;
- having provided your consent earlier, you now wish to withdraw your consent to our processing your data, and there is no other legal ground under which we can process the data;
- you do not wish to receive updates, news about promotions or marketing materials from us that have been customised using data we have about you; or
- the data we hold about you have been unlawfully processed in a manner not in accordance with applicable laws.
- You may exercise your right to restrict our processing of the data while we consider your request.
- Notwithstanding your requests, we may retain the data if there is a legal basis under applicable laws for us to do so although we will notify you of such a legal basis. You agree and acknowledge that if we do delete your data, you will be forgotten, and we will not be able to provide you services that are customised to your preferences.
- If we have made your personal data public, and there are grounds for deletion, we will take reasonable steps to tell others to whom we had earlier transferred your data to also delete the data.
- The right to restrict processing to storage: You have a right to require us to stop processing the data we hold about you other than for storage purposes in certain circumstances. However, if we stop processing the data, we may use it again if there are valid grounds under applicable laws for us to do so, including laws relating to AML/CFT.
- You may request that we stop processing and only store the data we hold about you if:
- You contest the accuracy of the data, for the period it takes for us to verify whether the data is accurate;
- You are of the view that the processing of your data is unlawful, and you only want us to restrict its use;
- We wish to erase the data as it is no longer necessary for our purposes, but you require it to be stored for the establishment, exercise or defence of legal claims; or
- You have objected to us processing the data we hold about you, pending verification whether our legitimate grounds override yours.
- The right to object: You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party. We will be allowed to continue to process your personal data if we can demonstrate “compelling legitimate grounds for the processing which override your interests, rights and freedoms” or we need this for the establishment, exercise or defence of legal claims.
- The right in relation to automated decision making and profiling: You have the right not to be subject to a decision by us based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you unless you have given your explicit consent or unless otherwise permitted under the GDPR.
To exercise any of your rights set out in this paragraph 5 or under the GDPR, please write to us at the email address set out in paragraph 7 below. We will need to know the specific rights that you want to exercise, or the reasons for your objections, so that we can assess whether there are compelling legitimate grounds which override your interests, rights and freedoms, or so that we can determine if you have a valid basis to restrict our processing of your data. You must also provide us with proof of identity before we will respond to any requests to exercise your rights. We will respond to a request by you to exercise those rights without undue delay and at least within one (1) month (although this may be extended by a further two (2) months in certain circumstances).
f. RETENTION, ADMINISTRATION & MANAGEMENT OF PERSONAL DATA
- We will take reasonable efforts to ensure that your personal data is accurate and complete, based on the information that you have provided us with. Please ensure that all information provided to us is up to date and keep us informed of any relevant changes.
- We value your privacy and have security arrangements to ensure that your personal data is adequately protected and secured. We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that: (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes. Otherwise, personal data collected by us is generally only retained for as long as it is reasonably necessary for the purpose for which the data provided and we may destroy or delete any information or personal data provided by you thereafter, unless required by law, regulation or other business or audit requirements. For the EU residents, we will endeavour to delete data within 30 days of a request for deletion or contact you if it will take longer.
- Where your personal data is to be transferred out of Singapore or such other jurisdiction in which it is collected, we shall take reasonable steps to ascertain that the recipient of the personal data is bound by legally enforceable obligations to protect your personal data in accordance with this Privacy Notice and the PDPA. If you are the EU resident, please refer to paragraphs 3.5 and 3.6 on how we fulfil our obligations to safeguard your personal data when we transfer it outside of the EEA.
g. COMPLAINTS PROCESS
If you do not consent to any of the terms of this Privacy Notice, our use of your personal data or have any complaint or grievance regarding about how we handle your personal data, we welcome you to contact us with further details at:
E-mail address: [firstname.lastname@example.org] (please attention it to the ‘Data Protection Officer’)
Office address: 80 Robinson Road #08-01 Singapore 068898 (please attention it to the ‘Data Protection Officer’)
h. UPDATES ON DATA PROTECTION NOTICE
- As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes and may update, at our absolute discretion, update the terms of this Privacy Notice from time to time. Any revised Privacy Notice will be posted on our Website and can be accessed at “https://www.propine.com/“.
- You are encouraged to visit the above Website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
- We may collect information from you (or others on your behalf) de-identified information to help us in our business and provide you with the relevant Services. Such anonymised and de-identified information may be transferred, disclosed, assigned, leased, licensed, sold and otherwise shared with and by our partners, service providers, advertisers and/or other third parties for purposes permitted under law. The anonymised and de-identified information that we collect about you will not be combined and stored together with your personal data collected from you.
- Cookies (small text files placed on your device that record information about your preferences and enable log-ins, provide interest-based advertising, analyse how our Services are performing) are an example of such anonymised data which we collect. While compiling information about your browsing habits, cookies can also enhance your user experience. There may also be third party cookies on our Websites and Channels. For more information on cookies, please refer to www.allaboutcookies.org/manage-cookies/.