Privacy Policy
Global Privacy Notice
We are committed to protecting the privacy and security of your Personal Data. This Global Privacy Notice (“Privacy Notice”) outlines our practices concerning the collection, use, and disclosure of your data in connection with our services by Rakkar Digital Pte. Ltd., Rakkar Digital (Hong Kong) Limited, and Rakkar Digital Co., Ltd (“Rakkar Digital”, “we”, “us”, “our”).
This Privacy Notice applies to the use or visit of any of our products, services, or platform under the Rakkar Digital brand.
Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. You may find the privacy terms for other jurisdictions where our business operates below:
Privacy Policy - Singapore
Privacy Policy - Hong Kong
Privacy Policy - Thailand
This Privacy Notice applies to the following individuals and entities: a) Our customers – Entities who have engaged in transactions or have an ongoing business relationship with us. b) Non-customers – Entities or individual who may not have engaged in transactions but may interact with or provide Personal information to us through various means, such as inquiries or participation in events.
c) Applicable Third Parties – Entities or individuals beyond our customers and non-customers who may be involved in transactions, collaborations, or interactions with us, where the handling of Personal information is relevant and applicable.
1. Personal Data we collect, use or disclose
“Personal Data” means any information relating to an identified or identifiable individual. The type of Personal Data, which we collect, use or disclose, varies on the scope of products and/or services that you may have used or had an interest in. We may collect the following categories of Personal Data:
- Personal details such as title, given name, middle name, surname, hidden name (if any), gender, date of birth, age, marital status, nationality
- Contact details such as physical address, email address, phone number/mobile number, facsimile number, name of representatives or authorised persons acting on behalf of our customers, business address, business phone number
- Identification and authentication details such as ID card photo, identification number, passport information, driving licence, signatures, tax identification number, house registration
- Employment details such as occupation, employer's details, position/job title, workplace
- Financial details and relationship information such as products and/or services you use, channels you use and ways you interact with us, your customer status, your payment history, transaction records, information about your transactions (e.g. asset name, volume, price, conditions (if any), payment transaction records, financial statements, taxes, revenue, default record and other information relating to your transactions), account number and account type, account history, current assets, payment details, information about your store (e.g. name, product listing, sales volume)
- Market research, marketing and sales information such as details of services you receive and your preferences, inferences about you based on your interactions with us, communication preferences and details or content of your communications with us
- Geographical information, your device, software and technical details such as your GPS location, IP address, technical specifications and uniquely identifying data (e.g. web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, login log, access times, time spent on our page, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, language preferences, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access the platform).
- Investigation data such as due diligence checks, including information related to Know Your Client (KYC) or Customer Due Diligence (CDD), Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) checks
- User log in, subscription data and profile details such as login information, for using our system and applications, account identifiers, username and password
- Usage details such as information on how you use the websites, platform, products and services, information on how you use and interact with our advertising (including content viewed, links clicked, and features used)
- Information concerning security such as visual images, personal appearance, detection of any suspicious and unusual activity, CCTV images or recordings, video recordings
- Sensitive personal data such as religion as shown in the identification card, blood type as shown in the identification card
- Other information such as records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and social media communications, information that you provide to us through any channels
2. How we collect your Personal Data
We may collect Personal Data about you from various sources, depending on our relationship and interaction with you. Normally, we will collect your Personal Data directly from you (e.g. through our application form, platforms, your emails to us and customer support) and your computer or devices when you interact with our platforms, website, and applications or through other automatic technologies, such as when we us CCTV cameras in our facilities. We may also collect your data through our affiliates, service providers, business partners, counterparties, official authorities and third parties’ sources (e.g. social media, online platforms, and other publicly available sources).
In the event that we are legally obligated or contractually bound to collect Personal Data, and you opt not to provide the requested information, it may impede our ability to execute or establish the existing or prospective contract with you. For instance, if obtaining essential data is imperative for delivering services, we may find it necessary to terminate a product or service you currently have with us. We will promptly communicate such circumstances should they arise.
3. How we use your Personal Data
We only use your Personal Data where it is necessary or there is a lawful basis to do so. The legal grounds are provided below:
3.1 Legal Obligation
We process your Personal Data to comply with legal obligations imposed on us which include but not limited to:
- Compliance with applicable laws and Personal Data laws (e.g. Anti-Money Laundering and Countering Terrorism Financing Laws), including conducting identity verification, background checks and credit checks, Know Your Client/Customer Due Diligence (KYC/CDD) processes, other checks and screenings (including screening against publicly available government law enforcement agency and/or official sanctions lists), ongoing monitoring obligation that may be required under any applicable law and any amendment thereof; and/or
- Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
3.2. Contractual Necessity
Processing Personal Data may be necessary for the performance of a contract with you or for taking pre-contractual steps, we process your data to fulfill our obligations and provide you with the agreed upon services, which include but not limited to:
- Process requests, approve transactions, and deliver products/services, ensuring smooth operations.
- Authenticate transactions, respond to inquiries, and resolve complaints.
- Provide product platforms, track transactions, and generate reports.
- Notify with transaction alerts and recover outstanding fees.
- Manage business relationship operations, process applications, and enforce legal rights.
- Offer customer helpdesk support, manage access to systems, and remove inactive relationships.
- Incorporate company information with regulators and government authorities for financial reporting, tax collection, or corporate services.
3.3. Legitimate Interests
We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights and interests to prevent any undue impact on your privacy. Some interests include but not limited to:
- Manage customer relationships, handle complaints, and enhance service standards.
- Ensure security by maintaining CCTV records, registering visitors, and monitoring network activity.
- Develop and improve products/services, including system enhancements.
- Handle claims, disputes, and legal matters.
- Manage infrastructure, internal control, and business operations in compliance with policies.
- Conduct research, planning, and statistical analysis.
- Organize promotional campaigns, events, and conferences.
- Disclose Personal Data in the event of sale, transfer, or merger.
- Maintain customer lists and comply with reasonable business requirements for management, training, auditing, reporting, and IT system maintenance.
3.4. Consent
When applicable, we obtain your explicit and informed consent for specific processing activities. This ensures that you have control over how your data is used, and you can revoke your consent at any time. Circumstances where we need your consent include but not limited to:
- Collect, use and disclose your sensitive Personal Data as necessary (e.g. to use your identification card photo and criminal record) for verification of your identity before continuing the transaction, Know Your Client (KYC) processes, due diligence and background check processes);
- Collect and use your Personal Data and any other data to conduct research and analyze for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;
- Send or transfer your Personal Data overseas, which may have inadequate Personal Data protection standards (unless the applicable Personal Data law specifies that we may rely on other legal basis or may proceed without obtaining consent);
- Obtain consent from a parent, guardian, or curator for minors or incompetents unless exempt by laws (as the case may be); and/or disclose your Personal Data and any other data to Rakkar Digital group companies and trusted business partners for the following purposes: (1) conducting research and analyzing your Personal Data and any other data for the greatest benefits in developing products and services to truly fulfil your needs; and (2) contacting you for offering products, services and benefits exclusively suitable to you.
3.5. Other Lawful Basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your Personal Data based on the following lawful basis:
- Prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
- Prevent or suppress a danger to a person’s life, body or health; and/or
- Necessary to carry out a public task, or for exercising official authority.
If the Personal Data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all of our products and services to you if you do not provide your Personal Data when requested.
4. How we disclose your Personal Data
We may disclose or share your personal data with:
- Rakkar Digital group companies, business partners, target companies and relevant legal relationships
- Governmental and regulatory authorities
- Suppliers, agents and entities for specific lawful prposes with appropriate security measures
- Relevant parties in transactions, sales, reorganization or acquisition activities
- Banks, financial institutions, and third parties for legal recovery or tracing of funds
- Debt collection agencies, lawyers, credit bureaus, fraud prevention agencies, courts and authorities
- Third-party service providers, including IT, market analysis, and security
- Social media service providers and third-party advertisers for relevant messaging
- Other entities providing benefits or services associated with your products or services
- Other customers, corporate customers and individuals authorized by you legally
The global nature of business necessitating the occasional international transfer of your Personal Data. When conducting such transfers, we are committed to employing the utmost care to ensure that your Personal Data is transmitted to our reliable business partners, service providers, or other recipients through the most secure means, aiming to safeguard and uphold the security of your Personal information. This commitment is especially relevant in the following situations:
a) Fulfilling a legal obligation; b) Informing you of inadequate Personal Data protection standards in the destination country and securing your consent; c) Executing an agreement made by you with us or fulfilling your pre-agreement requests; d) Complying with agreements involving your interests between us and other parties; e) Preventing or mitigating a threat to your or others' life, body, or health when you are incapable of providing consent; or f) Engaging in activities related to substantial public interest.
5. Your legal rights
You can assert your rights set out below under the applicable Personal Data laws: some text
5.1. Rights to access and obtain copy: You retain the right to access and procure a copy of your
Personal Data held by us, unless legal provisions or court orders authorize us to deny your request or if such action would adversely affect the rights and freedoms of other individuals.
5.2. Right to rectification: You possess the right to rectify inaccuracies in your Personal Data and update incomplete information.
5.3. Right to erasure: You are entitled to request the deletion, destruction, or anonymization of your Personal Data, except in specific circumstances where legal grounds exist for rejecting your request.
5.4. Right to restrict: Under certain circumstances, you can request us to limit the use of your Personal Data (e.g., during an examination process related to your request for rectification or objection, or if you prefer restriction instead of deletion when the data is no longer necessary but you have a legitimate reason to retain it for establishment, compliance, exercise, or defence of legal claims).
5.5. Right to object: You have the right to object to the collection, use, or disclosure of your Personal Data when undertaken for legitimate interests, direct marketing, or scientific, historical, or statistical research. However, we may reject your request if there are compelling legitimate grounds or for reasons of public interest, legal claims, or other justifiable grounds.
5.6. Right to data portability: You have the right to receive your Personal Data in a readable format commonly used by automated tools. You can also request us to send or transfer your Personal Data to a third party, unless technical circumstances prevent it, or legal grounds allow us to reject your request.
5.7. Right to withdraw consent: You can withdraw your consent at any time through the prescribed methods, unless the nature of consent prohibits such withdrawal. The withdrawal does not impact the legality of prior collection, use, and disclosure of your Personal Data based on your consent.
5.8. Right to lodge a complaint: You are entitled to lodge a complaint with the relevant authority, if we fail to comply with the applicable laws.
6. Retention Period of Personal Data
We will maintain and keep your Personal Data for a period of time that is appropriate and necessary by evaluating factors such as the nature and sensitivity of the Personal Data. We also assess the potential risks associated with unauthorized use or disclosure of your Personal information and the purposes for processing the data. The period we keep your Personal Data will be linked to the prescribed period or the period under the relevant laws and regulations.
7. Use of Cookies
We may use cookies and similar technologies to enhance your experience on our platforms. You can manage your preferences through our browser settings.
8. Security Measures
We implement robust security measures and strict policy enforcement to safeguard your Personal information. This includes encryption, access controls, confidentiality obligations and regular security audits.
9. Changes to this Privacy Notice
We may update this Privacy Notice periodically. Any material changes will be communicated to you through our platform or other means.
10. Contact Information
If you have any questions or concerns about our privacy practices, please contact our Data Protection Officer at DPO@rakkardigital.com.
Version: February 2024
Privacy Notice - Singapore
Rakkar Digital Pte. Ltd.
Introduction
We, Rakkar Digital Pte. Ltd., care about the privacy of our customers, thus, we provide this privacy notice to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individual(“you”) in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.
This privacy notice applies to:
(1) Our customers
- Individual customers: Our past and present customers who are individual.
- Corporate customers: Directors, shareholders, promoters, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present corporate customers and other individuals authorised to act on their behalf. Our corporate customer shall ensure that the authorised persons and any of relevant individuals have acknowledged our privacy notice.
(2) Non-customers
These include individuals who have no product or service holding with us, but we may need to collect, use or disclose your personal data (e.g. investors, prospect or target companies and their individuals, contact persons, authorized persons, representatives, persons who were ultimately given power of attorney to establish business relationship or conduct occasional transaction, shareholders, directors, agents, employees, personnel and other persons in similar capacity; anyone that visits our website or our applications; ultimate beneficial owner; directors or legal representatives of a company that uses our services or is or may be our business partner; professional advisors, including our directors, investors, shareholders and their legal representatives, and anyone involved in other transactions with us or our customers).
Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect, use or disclose you rpersonal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. Reasons for collecting, using or disclosing are provided below:
1.1. Our legal obligation
We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to:
a) Compliance with the PDPA and any amendment thereof;
b) Compliance with laws (e.g. Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, and other laws to which we are subject both in Singapore and in other countries) ), including conducting identity verification, background checks and credit checks, KnowYour Client/Customer DueDiligence (KYC/CDD) processes, other checks and screenings(including screening against publicly available government law enforcement agency and/or official sanctions lists), and ongoing monitoring that may be required under any applicable law; and/or
c) Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
1.2. Contract made by you with us
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:
a) process your request prior to entering into an agreement, consider for approval in relation to the investment (including conducting due diligence) or the provision of services, support, deliver our products and/or services to you, and deal with all matters relating to the products and/or services including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;
b) authenticate when entering into, doing or executing any transactions;
c) carry out your instructions (e.g. respond to your enquiries or feedback, or to resolve your complaints);
d) provide mobile applications and other online product platforms;
e) track or record your transactions;
f) produce reports (e.g. transaction reports requested by you or our internal reports);
g) notify you with transaction alerts;
h) recover the money which you owe (e.g. when you have not paid for your outstanding fees);
i) carry out relationship maintenance and operations relating to your business relationship with us, including without limitation, processing your applications or requests for services, processing your transactions, and operating, administering, managing and terminating your business relationship with us;
j) carry out or make transactions and/or payments, such as processing payments or transactions, fulfilling transactions, conducting settlement, billing and processing activities;
k) enforce our legal or contractual rights;
l) provide IT and help desk supports, create and maintain code and profile for you, manage your access to any systems to which we have granted you access, remove inactive relationship; and/or
m) incorporate and register a new company with the Accounting and CorporateRegulatory Authority or other government authorities.
1.3. Our legitimate interests
We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:
a) conduct our business operation and Rakkar Digital group companies’ business operation (e.g. to audit, to conduct due diligence, risk analysis and managements, to monitor, prevent, detect and investigate fraud, money laundering, terrorism, misconduct, or other crimes, and to identify and analyze the risks associated with acquisition and/or investment and divestment in any investment and partnership, which may not be required by any governmental or regulatory authorities, and authenticate your identity to prevent such crimes);
b) conduct our relationship managements(e.g. to serve customers, to conduct customer survey, to handle complaints);
c) ensure security (e.g. to maintain CCTV records, to register, exchange identification card and/or take photo of visitors before entering into our building);
d) develop and improve our products and/or services, including systems to enhance our services standard and/or for the greatest benefits in fulfilling your needs;
e) record images and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities;
f) in case of our corporate customer, we will collect, use and disclose personal data of directors, promoters, authorized persons or attorneys.
g) ensure business continuity;
h) handle claims and disputes, including solving disputes, initiating, exercising or defending legal claims;
i) contact you prior to your entering into a contract with us;
j) evaluate suitability and qualifications, issuance of request for quotation and bidding, and execution of contract with you;
k) protect against security risks, such as monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity;
l) comply with foreign laws;
m) manage our infrastructure, internal control, and business operations and comply with our policies and procedures including those relating to risk control, security, audit, finance and accounting, systems and business continuity;
n) carry out research, planning and statistical analysis(e.g. on data analytics, assessments, surveys and reports on our products, services and your performance);
o) organize our promotional campaign or events, conferences, seminars, and company visits;
p) facilitate financial audits to be performed by an auditor, or receive legal advisory services from legal counsel appointed by you or us;
q) in the event of sale, transfer, merger, reorganization, or similar event, disclose and transfer your personal data to one or more third parties as part of that transaction;
r) maintain and update lists or directories of the customers (including your personal data), and keep contracts and associated documents in which you may be referred to; and/or
s) comply with reasonable business requirements (e.g. management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning or other related or similar activities, implementing business controls to enable our business to operate, and enabling us to identify and resolve issues in our IT systems, and keeping our systems secure, performing our IT systems development, implementation, operation and maintenance, including improving user experience).
1.4. Your consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximise your benefits and/or to enable us to provide services to fulfil your needs for the following purposes, which include but not limited to:
a) collect, use and disclose your sensitive personal data as necessary (e.g. to use your identification card photo and criminal record) for verification of your identity before continuing the transaction, Know Your Client (KYC) processes, due diligence and background check processes);
b) collect and use your personal data and any other data to conduct research and analyze for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;
c) send or transfer your personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may rely on other legal basis or may proceed without obtaining consent);
d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent); and/or
disclose your personal data and any other data to Rakkar Digital group companies and trusted business partners for the following purposes: (1)conducting research and analyzing your personal data and any other data for the greatest benefits in developing products and services to truly fulfil your needs; and (2) contacting you for offering products, services and benefits exclusively suitable to you.
1.5. Other lawful basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
b) prevent or suppress a danger to a person’s life, body or health; and/or
c) necessary to carry out a public task, or for exercising official authority.
If the personal data we collect from youis required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all of our products and services to you if you do not provide your personal data when requested.
2. What personal data we collect, use or disclose
The type of personal data, namely personal data and sensitive personal data, which we collect, use or disclose, varies on the scope of products and/or services that you may have used or had an interest in. The type of personal data shall include but not limited to:
a) Personal details such as title, given name, middle name, surname, hidden name (if any), gender, date of birth, age, educational background, marital status, nationality
b) Contact details such as mailing address, e-mail address, phone number, mobile number, facsimile Number, name of representatives or authorised persons acting on behalf of our customers, social media accounts/ID/profile and other electronic communication ID, business address, business phone number
c) Identification and authentication details such as ID card photo, identification number, passport information, driving licence, signatures tax identification number, house registration
d) Employment details such as occupation, employer’s details, position, salary or income, remuneration, job title, bonus, work place
e) Financial details and information about your relationship with us such as products and/or services you use, channels you use and ways you interact with us, your customer status, your ability to get and manage credit, your payment history, transaction records, information about your transactions (e.g. type, number, price and quantity, conditions (if any), payment transaction records, financial statements, taxes, revenue, default record and other information relating to your transactions), credit card and debit card information, account number and account type, account history, current assets, income and expenses, payment details, bank account number, information about your store (e.g. name, product listing, sales volume)
f) Market research, marketing and sales information such as customer survey, information and opinions expressed when participating in market research e.g. responses to questionnaires, surveys, requests for feedback, and research activities, details of services you receive and your preferences, inferences about you based on your interactions with us, communication preferences and details or content of your communications with us
g) Geographic information, information about your device and your software, and technical details such as your GPS location, IP address, technical specifications and uniquely identifying data (e.g. web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, login log, access times, time spent on our page, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, language preferences, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access the platform)
h) Investigation data such as due diligence checks, including information related to Know Your Client (KYC) or Customer Due Diligence (CDD), Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) checks
i) User login, subscription data, and profile details such as login information for using our system and applications, account identifiers, username and password, interests, preferences and activities
j) Usage details such as information on how you use the websites, platform, products and services, information on how you use and interact with our advertising (including content viewed, links clicked, and features used)
k) Information concerning security such as visual images, personal appearance, detection of any suspicious and unusual activity, CCTV images or recordings, video recordings
l) Sensitive personal data such as religion as shown in the identification card, blood type as shown in the identification card, criminal records
m) Other information such as records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and social media communications, information that you provide to us through any channels
3. Sources of your personal data
Normally, we will collect your personal data directly from you (e.g. through our web applications, mobile applications, your emails to us and customer support), but sometimes we may get it indirectly from other sources (e.g. social media, third party’s online platforms, and other publicly available sources) and through Rakkar Digital group companies), our affiliates, service providers, business partners, counterparties, target companies, official authorities, or third parties (e.g. your representative, employer, sponsor and third parties that have roles in delivering services to you or someone acting on their behalf may provide us with information about you), and from our corporate customers as you are director, promoters, authorised person, attorney, representative or contact person; in such case we will ensure the compliance with the PDPA.
4. Your rights
The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA upon the effectiveness if the provisions in relation to rights of data subjects, details are as follows:
4.1 Right to access and obtain copy
You have the right to access and obtain copy of your personal data holding by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals.
4.2 Right to rectification
You have the right to rectify your inaccurate personal data and to update your incomplete personal data.
4.3 Right to erasure
You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.
4.4 Right to restrict
You have the right to request us to restrict the use of your personal data under certain circumstances (e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary but you ask us to restrict it instead as you have necessity to retain it for the purposes of establishment, compliance, exercise or defense of legal claims).
4.5 Right to object
You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request (e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests).
4.6 Right to data portability
You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.
4.7 Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal.The withdrawal of consent will not affect the lawfulness of the collection, use, and disclosure of your personal data based on your consent before it was withdrawn.
4.8 Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Commission or their office if we do not comply with the PDPA.
5. How we share your personal data
We may disclose your personal data to the following parties under the provisions of the PDPA:
a) Our parent company, Rakkar Digital group companies, business partners, target companies and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;
b) governmental authorities and/or supervisory or regulatory authorities (e.g. the Monetary Authority ofSingapore, Accounting and Corporate Regulatory Authority, SuspiciousTransaction Reporting Office, Personal Data Protection Commission);
c) suppliers, agents and other entities (e.g. professional associations to which we are member, external auditors, depositories, document warehouses, overseas financial institutions and clearing houses, where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures);
d) any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer their rights to; any persons with whom we are required to share data for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
e) other banks, financial institutions and third parties where required by law to help recover funds that have entered your account due to misdirected payment(s) by such third parties or trace funds where you are a victim of suspected financial crime, or where suspect funds have entered your account asa result of financial crime;
f) debt collection agencies, lawyers, credit bureau, fraud prevention agencies, courts, authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data;
g) third parties providing services to us (e.g. IT service providers, market analysis and benchmarking, including but not limited to correspondent banking, agents and subcontractors acting on our behalf);
h) social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services. Third-party advertisers may also use information about your previous online activities to tailor adverts to you;
i) third-party security providers;
j) other persons that provide you with benefits or services associated with your products or services;
k) other customers so they can provide or deliver products and/or services to you;
l) our corporate customers as you are director, promoter, authorised person, attorney, representative or contact person; and/or
m) your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.
6. International transfer of personal data
The nature of the modern business is global and under certain circumstances it is necessary for us to send or transfer your personal data internationally. When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method in order to maintain and protect the security of your personal data, which includes the following circumstances:
a) comply with a legal obligation;
b) inform you the inadequate personal data protection standards of the destination country and obtain your consent;
c) perform the agreement made by you with us or your request before entering into an agreement;
d) comply with an agreement between us and other parties for your own interest;
e) prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time; or
f) carry out activities relating to the substantial public interest.
7. Retention period of personal data
We will maintain and keep your personal data while you are our customer and once you has ended the relationship with us (e.g. after you closed your account with us, or following a transaction with us, or incase of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.
The period we keep your personal data willbe linked to the prescription period or the period under the relevant laws andregulations (e.g. Anti-Money Laundering Laws, Prevention and Suppression ofFinancial Support to Terrorism and the Proliferation of Weapons of MassDestruction Laws, Accounting Law, Tax Laws, Labour Laws and other laws to whichwe are subject both in Singapore and in other countries. In addition, we mayneed to retain records of CCTV surveillance in our office and/or voice records fromour customer support activities to prevent fraud and to ensure security,including investigating suspicious transactions which you or related persons may inform us).
8. Use of Cookies
We may collect and use cookies and similar technologies when you use our products and/or services. This includes when you use our websites and application.
The collection of such cookies and similar technologies helps us recognise you, remember your preferences and customise how we provide our products and/or services to you. We may use cookies for a number of purposes (e.g.enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you, particularly, to ensure that online adverts displayed to you will be more relevant to you and of your interests).
9. Security
We endeavour to ensure the security of your personal data through our internal security measures and strict policy enforcement. We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.
10. How to contact us
If you have any questions or wouldlike more details about privacy notice or would like to exercise your rights, please contact ourData Protection Officer by writing to E-mail: DPO@rakkardigital.com.
11. Changes to this privacy notice
We may change or update this privacy notice from time to time and we will inform you of the updated privacy notice at our website www.rakkardigital.com.
Version: February 2024
Privacy Notice - Hong Kong
Rakkar Digital (Hong Kong) Limited
Introduction
We, Rakkar Digital (Hong Kong) Limited, care about the privacy of our customers, thus, we provide this privacy notice to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individual (“you”) in accordance with the Personal Data (Privacy) Ordinance Chapter 486 (“PDPO”), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.
This privacy notice applies to:
(1) Our customers
- Corporate customers: Directors, shareholders, promoters, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present corporate customers and other individuals authorised to act on their behalf. Our corporate customer shall ensure that the authorised persons and any of relevant individuals have acknowledged our privacy notice.
(2) Non-customers
These include individuals who have no product or service holding with us, but we may need to collect, use or disclose your personal data (e.g. investors, prospect or target companies and their individuals, contact persons, authorized persons, representatives, persons who were ultimately given power of attorney to establish business relationship or conduct occasional transaction, shareholders, directors, agents, employees, personnel and other persons in similar capacity; anyone that visits our website or our applications; ultimate beneficial owner; directors or legal representatives of a company that uses our services or is or may be our business partner; professional advisors, including our directors, investors, shareholders and their legal representatives, and anyone involved in other transactions with us or our customers).
Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect, use or disclose your personal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. Reasons for collecting, using or disclosing are provided below:
1.1. Our legal obligation
We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to:
a) Compliance with the PDPO and any amendment thereof;
b) Compliance with laws (e.g. Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, and other laws to which we are subject both in Hong Kong and in other countries) ), including conducting identity verification, background checks and credit checks, Know Your Client/Customer Due Diligence (KYC/CDD) processes, other checks and screenings (including screening against publicly available government law enforcement agency and/or official sanctions lists), and ongoing monitoring that may be required under any applicable law; and/or
c) Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
1.2. Contract made by you with us
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:
a) process your request prior to entering into an agreement, considering for approval in relation to the account opening (including conducting due diligence) or the provision of services, support, deliver our products and/or services to you, and deal with all matters relating to the products and/or services including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;
b) authenticate when entering into, doing or executing any transactions;
c) carry out your instructions (e.g. respond to your enquiries or feedback, or to resolve your complaints);
d) provide mobile applications and other online product platforms;
e) track or record your transactions;
f) produce reports (e.g. transaction reports requested by you or our internal reports);
g) notify you with transaction alerts;
h) recover the money which you owe (e.g. when you have not paid for your outstanding fees);
i) carry out relationship maintenance and operations relating to your business relationship with us, including without limitation, processing your applications or requests for services, processing your transactions, and operating, administering, managing and terminating your business relationship with us;
j) carry out or make transactions and/or payments, such as processing payments or transactions, fulfilling transactions, conducting settlement, billing and processing activities;
k) enforce our legal or contractual rights;
l) provide IT and help desk supports, create and maintain code and profile for you, manage your access to any systems to which we have granted you access, remove inactive relationship; and/or
m) incorporate and register a new company with the Accounting and Corporate Regulatory Authority or other government authorities.
1.3. Our legitimate interests
We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:
a) conduct our business operation and Rakkar Digital group companies’ business operation (e.g. to audit, to conduct due diligence, risk analysis and managements, to monitor, prevent, detect and investigate fraud, money laundering, terrorism, misconduct, or other crimes, and to identify and analyse the risks associated with acquisition and/or investment and divestment in any investment and partnership, which may not be required by any governmental or regulatory authorities, and authenticate your identity to prevent such crimes);
b) conduct our relationship managements (e.g. to serve customers, to conduct customer survey, to handle complaints);
c) ensure security (e.g. to maintain CCTV records, to register, exchange identification card and/or take photo of visitors before entering into our building);
d) develop and improve our products and/or services, including systems to enhance our services standard and/or for the greatest benefits in fulfilling your needs;
e) record images and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities;
f) in case of our corporate customer, we will collect, use and disclose personal data of directors, promoters, authorized persons or attorneys.
g) ensure business continuity;
h) handle claims and disputes, including solving disputes, initiating, exercising or defending legal claims;
i) contact you prior to your entering into a contract with us;
j) evaluate suitability and qualifications, issuance of request for quotation and bidding, and execution of contract with you;
k) protect against security risks, such as monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity;
l) comply with foreign laws;
m) manage our infrastructure, internal control, and business operations and comply with our policies and procedures including those relating to risk control, security, audit, finance and accounting, systems and business continuity;
n) carry out research, planning and statistical analysis (e.g. on data analytics, assessments, surveys and reports on our products, services and your performance);
o) organize our promotional campaign or events, conferences, seminars, and company visits;
p) facilitate financial audits to be performed by an auditor, or receive legal advisory services from legal counsel appointed by you or us;
q) in the event of sale, transfer, merger, reorganization, or similar event, disclose and transfer your personal data to one or more third parties as part of that transaction;
r) maintain and update lists or directories of the customers (including your personal data), and keep contracts and associated documents in which you may be referred to; and/or
s) comply with reasonable business requirements (e.g. management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning or other related or similar activities, implementing business controls to enable our business to operate, and enabling us to identify and resolve issues in our IT systems, and keeping our systems secure, performing our IT systems development, implementation, operation and maintenance, including improving user experience).
1.4. Your consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximise your benefits and/or to enable us to provide services to fulfil your needs for the following purposes, which include but not limited to:
a) collect, use and disclose your sensitive personal data as necessary (e.g. to use your identification card photo[PC1] and criminal record) for verification of your identity before continuing the transaction, Know Your Client (KYC) processes, due diligence and background check processes);
b) collect and use your personal data and any other data to conduct research and analyze for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;
c) send or transfer your personal data overseas, which may have inadequate personal data protection standards (unless the PDPO specifies that we may rely on other legal basis or may proceed without obtaining consent);
d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPO specifies that we may proceed without obtaining consent); and/or
disclose your personal data and any other data to Rakkar Digital group companies and trusted business partners for the following purposes: (1) conducting research and analyzing your personal data and any other data for the greatest benefits in developing products and services to truly fulfil your needs; and (2) contacting you for offering products, services and benefits exclusively suitable to you.
1.5. Other lawful basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
b) prevent or suppress a danger to a person’s life, body or health; and/or
c) necessary to carry out a public task, or for exercising official authority.
If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all of our products and services to you if you do not provide your personal data when requested.
2. What personal data we collect, use or disclose
The type of personal data, namely personal data and sensitive personal data, which we collect, use or disclose, varies on the scope of products and/or services that you may have used or had an interest in. The type of personal data shall include but not limited to:
a) Personal details such as title, given name, middle name, surname, hidden name (if any), gender, date of birth, age, educational background, marital status, nationality
b) Contact details such as mailing address, e-mail address, phone number, mobile number, facsimile Number, name of representatives or authorised persons acting on behalf of our customers, social media accounts/ID/profile and other electronic communication ID, business address, business phone number
c) Identification and authentication details such as ID card photo, identification number, passport information, driving licence, signatures tax identification number, house registration
d) Employment details such as occupation, employer’s details, position, salary or income, remuneration, job title, bonus, work place
e) Financial details and information about your relationship with us such as products and/or services you use, channels you use and ways you interact with us, your customer status, your ability to get and manage credit, your payment history, transaction records, information about your transactions (e.g. type, number, price and quantity, conditions (if any), payment transaction records, financial statements, taxes, revenue, default record and other information relating to your transactions), credit card and debit card information, account number and account type, account history, current assets, income and expenses, payment details, bank account number, information about your store (e.g. name, product listing, sales volume)
f) Market research, marketing and sales information such as customer survey, information and opinions expressed when participating in market research e.g. responses to questionnaires, surveys, requests for feedback, and research activities, details of services you receive and your preferences, inferences about you based on your interactions with us, communication preferences and details or content of your communications with us
g) Geographic information, information about your device and your software, and technical details such as your GPS location, IP address, technical specifications and uniquely identifying data (e.g. web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, login log, access times, time spent on our page, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, language preferences, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access the platform)
h) Investigation data such as due diligence checks, including information related to Know Your Client (KYC) or Customer Due Diligence (CDD), Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) checks
i) User login, subscription data, and profile details such as login information for using our system and applications, account identifiers, username and password, interests, preferences and activities
j) Usage details such as information on how you use the websites, platform, products and services, information on how you use and interact with our advertising (including content viewed, links clicked, and features used)
k) Information concerning security such as visual images, personal appearance, detection of any suspicious and unusual activity, CCTV images or recordings, video recordings
l) Sensitive personal data such as religion as shown in the identification card, blood type as shown in the identification card, criminal records
m) Other information such as records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and social media communications, information that you provide to us through any channels
3. Sources of your personal data
Normally, we will collect your personal data directly from you (e.g. through our web applications, mobile applications, your emails to us and customer support), but sometimes we may get it indirectly from other sources (e.g. social media, third party’s online platforms, and other publicly available sources) and through Rakkar Digital group companies), our affiliates, service providers, business partners, counterparties, target companies, official authorities, or third parties (e.g. your representative, employer, sponsor and third parties that have roles in delivering services to you or someone acting on their behalf may provide us with information about you), and from our corporate customers as you are director, promoters, authorised person, attorney, representative or contact person; in such case we will ensure the compliance with the PDPO.
4. Your rights
The PDPO aims to give you more control of your personal data. You can exercise your rights under the PDPO the effectiveness if the provisions in relation to rights of data subjects, details are as follows:
4.1 Right to access and obtain copy
You have the right to access and obtain a copy of your personal data holding by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals.
4.2 Right to rectification
You have the right to rectify your inaccurate personal data and to update your incomplete personal data.
4.3 Right to erasure
You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.
4.4 Right to restrict
You have the right to request us to restrict the use of your personal data under certain circumstances (e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary but you ask us to restrict it instead as you have necessity to retain it for the purposes of establishment, compliance, exercise or defense of legal claims).
4.5 Right to object
You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request (e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests).
4.6 Right to data portability
You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.
4.7 Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal. The withdrawal of consent will not affect the lawfulness of the collection, use, and disclosure of your personal data based on your consent before it was withdrawn.
4.8 Right to lodge a complaint
You have the right to make a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD), in the event that we do not comply with the PDPO.
5. How we share your personal data
We may disclose your personal data to the following parties under the provisions of the PDPO:
a) Our parent company, Rakkar Digital group companies, business partners, target companies and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;
b) governmental authorities and/or supervisory or regulatory authorities ;
c) suppliers, agents and other entities (e.g., professional associations to which we are member, external auditors, depositories, document warehouses, overseas financial institutions and clearing houses, where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures);
d) any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer their rights to; any persons with whom we are required to share data for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
e) other banks, financial institutions and third parties where required by law to help recover funds that have entered your account due to misdirected payment(s) by such third parties or trace funds where you are a victim of suspected financial crime, or where suspect funds have entered your account as a result of financial crime;
f) debt collection agencies, lawyers, credit bureau, fraud prevention agencies, courts, authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data;
g) third parties providing services to us (e.g., IT service providers, market analysis and benchmarking, including but not limited to correspondent banking, agents and subcontractors acting on our behalf);
h) social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services. Third-party advertisers may also use information about your previous online activities to tailor adverts to you;
i) third-party security providers;
j) other persons that provide you with benefits or services associated with your products or services;
k) other customers so they can provide or deliver products and/or services to you;
l) our corporate customers as you are director, promoter, authorised person, attorney, representative or contact person; and/or
m) your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.
6. International transfer of personal data
The nature of the modern business is global and under certain circumstances it is necessary for us to send or transfer your personal data internationally. When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method in order to maintain and protect the security of your personal data, which includes the following circumstances:
a) comply with a legal obligation;
b) inform you the inadequate personal data protection standards of the destination country and obtain your consent;
c) perform the agreement made by you with us or your request before entering into an agreement;
d) comply with an agreement between us and other parties for your own interest;
e) prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time; or
f) carry out activities relating to the substantial public interest.
7. Retention period of personal data
We will maintain and keep your personal data while you are our customer and once you has ended the relationship with us (e.g. after you closed your account with us, or following a transaction with us, or in case of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPO.
The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, Accounting Law, Tax Laws, Labour Laws and other laws to which we are subject both in Hong Kong and in other countries. In addition, we may need to retain records of CCTV surveillance in our office and/or voice records from our customer support activities to prevent fraud and to ensure security, including investigating suspicious transactions which you or related persons may inform us).
8. Use of Cookies
We may collect and use cookies and similar technologies when you use our products and/or services. This includes when you use our websites and application.
The collection of such cookies and similar technologies helps us recognise you, remember your preferences and customise how we provide our products and/or services to you. We may use cookies for a number of purposes (e.g. enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you, particularly, to ensure that online adverts displayed to you will be more relevant to you and of your interests).
9. Security
We endeavour to ensure the security of your personal data through our internal security measures and strict policy enforcement. We also require our staff and third-party contractors to follow our applicable privacy standards and policies [PC3] and to exercise due care and measures when using, sending or transferring your personal data.
10. How to contact us
If you have any questions or would like more details about our privacy notice or would like to exercise your rights, please contact our Data Protection Officer by writing to E-mail: DPO@rakkardigital.com.
11. Changes to this privacy notice
We may change or update this privacy notice from time to time and we will inform you of the updated privacy notice at our website www.rakkardigital.com.
Version: February 2024
Privacy Notice - Thailand
Rakkar Digital Co., Ltd.
Introduction
We, Rakkar Digital Co., Ltd. care about the privacy of our customers, thus, we provide this privacy notice to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individual (“you”) in accordance with the Personal Data Protection Act BE 2562 (“PDPA”), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.
This privacy notice applies to:
(1) Our customers
- Corporate customers: Directors, shareholders, promoters, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present corporate customers and other individuals authorised to act on their behalf. Our corporate customer shall ensure that the authorised persons and any of relevant individuals have acknowledged our privacy notice.
(2) Non-customers
These include individuals who have no product or service holding with us, but we may need to collect, use or disclose your personal data (e.g. investors, prospect or target companies and their individuals, contact persons, authorized persons, representatives, persons who were ultimately given power of attorney to establish business relationship or conduct occasional transaction, shareholders, directors, agents, employees, personnel and other persons in similar capacity; anyone that visits our website or our applications; ultimate beneficial owner; directors or legal representatives of a company that uses our services or is or may be our business partner; professional advisors, including our directors, investors, shareholders and their legal representatives, and anyone involved in other transactions with us or our customers).
Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect, use or disclose your personal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. Reasons for collecting, using or disclosing are provided below:
1.1. Our legal obligation
We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to:
a) Compliance with the PDPA and any amendment thereof;
b) Compliance with laws (e.g. Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, and other laws to which we are subject both in Thailand and in other countries) ), including conducting identity verification, background checks and credit checks, Know Your Client/Customer Due Diligence (KYC/CDD) processes, other checks and screenings (including screening against publicly available government law enforcement agency and/or official sanctions lists), and ongoing monitoring that may be required under any applicable law; and/or
c) Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
1.2. Contract made by you with us
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:
a) process your request prior to entering into an agreement, considering for approval in relation to the account opening (including conducting due diligence) or the provision of services, support, deliver our products and/or services to you, and deal with all matters relating to the products and/or services including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;
b) authenticate when entering into, doing or executing any transactions;
c) carry out your instructions (e.g. respond to your enquiries or feedback, or to resolve your complaints);
d) provide mobile applications and other online product platforms;
e) track or record your transactions;
f) produce reports (e.g. transaction reports requested by you or our internal reports);
g) notify you with transaction alerts;
h) recover the money which you owe (e.g. when you have not paid for your outstanding fees);
i) carry out relationship maintenance and operations relating to your business relationship with us, including without limitation, processing your applications or requests for services, processing your transactions, and operating, administering, managing and terminating your business relationship with us;
j) carry out or make transactions and/or payments, such as processing payments or transactions, fulfilling transactions, conducting settlement, billing and processing activities;
k) enforce our legal or contractual rights;
l) provide IT and helpdesk supports, create and maintain code and profile for you, manage your access to any systems to which we have granted you access, remove inactive relationship; and/or
m) incorporate and register a new company with the Accounting and Corporate Regulatory Authority or other government authorities.
1.3. Our legitimate interests
We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:
a) conduct our business operation and Rakkar Digital group companies’ business operation (e.g. to audit, to conduct due diligence, risk analysis and managements, to monitor, prevent, detect and investigate fraud, money laundering, terrorism, misconduct, or other crimes, and to identify and analyse the risks associated with acquisition and/or investment and divestment in any investment and partnership, which may not be required by any governmental or regulatory authorities, and authenticate your identity to prevent such crimes);
b) conduct our relationship managements (e.g. to serve customers, to conduct customer survey, to handle complaints);
c) ensure security (e.g. to maintain CCTV records, to register, exchange identification card and/or take photo of visitors before entering into our building);
d) develop and improve our products and/or services, including systems to enhance our services standard and/or for the greatest benefits in fulfilling your needs;
e) record images and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities;
f) in case of our corporate customer, we will collect, use and disclose personal data of directors, promoters, authorized persons or attorneys.
g) ensure business continuity;
h) handle claims and disputes, including solving disputes, initiating, exercising or defending legal claims;
i) contact you prior to your entering into a contract with us;
j) evaluate suitability and qualifications, issuance of request for quotation and bidding, and execution of contract with you;
k) protect against security risks, such as monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity;
l) comply with foreign laws;
m) manage our infrastructure, internal control, and business operations and comply with our policies and procedures including those relating to risk control, security, audit, finance and accounting, systems and business continuity;
n) carry out research, planning and statistical analysis (e.g. on data analytics, assessments, surveys and reports on our products, services and your performance);
o) organize our promotional campaign or events, conferences, seminars, and company visits;
p) facilitate financial audits to be performed by an auditor, or receive legal advisory services from legal counsel appointed by you or us;
q) in the event of sale, transfer, merger, reorganization, or similar event, disclose and transfer your personal data to one or more third parties as part of that transaction;
r) maintain and update lists or directories of the customers (including your personal data), and keep contracts and associated documents in which you may be referred to; and/or
s) comply with reasonable business requirements (e.g. management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning or other related or similar activities, implementing business controls to enable our business to operate, and enabling us to identify and resolve issues in our IT systems, and keeping our systems secure, performing our IT systems development, implementation, operation and maintenance, including improving user experience).
1.4. Your consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximise your benefits and/or to enable us to provide services to fulfil your needs for the following purposes, which include but not limited to:
a) collect, use and disclose your sensitive personal data as necessary (e.g. to use your identification card photo and criminal record) for verification of your identity before continuing the transaction, Know Your Client (KYC) processes, due diligence and background check processes);
b) collect and use your personal data and any other data to conduct research and analyze for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;
c) send or transfer your personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may rely on other legal basis or may proceed without obtaining consent);
d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent); and/or
disclose your personal data and any other data to Rakkar Digital group companies and trusted business partners for the following purposes: (1) conducting research and analyzing your personal data and any other data for the greatest benefits in developing products and services to truly fulfil your needs; and (2) contacting you for offering products, services and benefits exclusively suitable to you.
1.5. Other lawful basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
b) prevent or suppress a danger to a person’s life, body or health; and/or
c) necessary to carry out a public task, or for exercising official authority.
If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all of our products and services to you if you do not provide your personal data when requested.
2. What personal data we collect, use or disclose
The type of personal data, namely personal data and sensitive personal data, which we collect, use or disclose, varies on the scope of products and/or services that you may have used or had an interest in. The type of personal data shall include but not limited to:
a) Personal details such as title, given name, middle name, surname, hidden name (if any), gender, date of birth, age, educational background, marital status, nationality
b) Contact details such as mailing address, e-mail address, phone number, mobile number, facsimile Number, name of representatives or authorised persons acting on behalf of our customers, social media accounts/ID/profile and other electronic communication ID, business address, business phone number
c) Identification and authentication details such as ID card photo, identification number, passport information, driving licence, signatures tax identification number, house registration
d) Employment details such as occupation, employer’s details, position, salary or income, remuneration, job title, bonus, work place
e) Financial details and information about your relationship with us such as products and/or services you use, channels you use and ways you interact with us, your customer status, your ability to get and manage credit, your payment history, transaction records, information about your transactions (e.g. type, number, price and quantity, conditions (if any), payment transaction records, financial statements, taxes, revenue, default record and other information relating to your transactions), credit card and debit card information, account number and account type, account history, current assets, income and expenses, payment details, bank account number, information about your store (e.g. name, product listing, sales volume)
f) Market research, marketing and sales information such as customer survey, information and opinions expressed when participating in market research e.g. responses to questionnaires, surveys, requests for feedback, and research activities, details of services you receive and your preferences, inferences about you based on your interactions with us, communication preferences and details or content of your communications with us
g) Geographic information, information about your device and your software, and technical details such as your GPS location, IP address, technical specifications and uniquely identifying data (e.g. web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, login log, access times, time spent on our page, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, language preferences, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access the platform)
h) Investigation data such as due diligence checks, including information related to Know Your Client (KYC) or Customer Due Diligence (CDD), Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) checks
i) User login, subscription data, and profile details such as login information for using our system and applications, account identifiers, username and password, interests, preferences and activities
j) Usage details such as information on how you use the websites, platform, products and services, information on how you use and interact with our advertising (including content viewed, links clicked, and features used)
k) Information concerning security such as visual images, personal appearance, detection of any suspicious and unusual activity, CCTV images or recordings, video recordings
l) Sensitive personal data such as religion as shown in the identification card, blood type as shown in the identification card, criminal records
m) Other information such as records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and social media communications, information that you provide to us through any channels.
3. Sources of your personal data
Normally, we will collect your personal data directly from you (e.g. through our web applications, mobile applications, your emails to us and customer support), but sometimes we may get it indirectly from other sources (e.g. social media, third party’s online platforms, and other publicly available sources) and through Rakkar Digital group companies), our affiliates, service providers, business partners, counterparties, target companies, official authorities, or third parties (e.g. your representative, employer, sponsor and third parties that have roles in delivering services to you or someone acting on their behalf may provide us with information about you), and from our corporate customers as you are director, promoters, authorised person, attorney, representative or contact person; in such case we will ensure the compliance with the PDPA.
4. Your rights
The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA the effectiveness if the provisions in relation to rights of data subjects, details are as follows:
4.1 Right to access and obtain copy
You have the right to access and obtain a copy of your personal data holding by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals.
4.2 Right to rectification
You have the right to rectify your inaccurate personal data and to update your incomplete personal data.
4.3 Right to erasure
You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.
4.4 Right to restrict
You have the right to request us to restrict the use of your personal data under certain circumstances (e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary but you ask us to restrict it instead as you have necessity to retain it for the purposes of establishment, compliance, exercise or defense of legal claims).
4.5 Right to object
You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request (e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests).
4.6 Right to data portability
You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.
4.7 Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal. The withdrawal of consent will not affect the lawfulness of the collection, use, and disclosure of your personal data based on your consent before it was withdrawn.
4.8 Right to lodge a complaint
You have the right to make a complaint with the Office of the Personal Data Protection Committee (PDPC), in the event that we do not comply with the PDPA.
5. How we share your personal data
We may disclose your personal data to the following parties under the provisions of the PDPA:
a) Our parent company, Rakkar Digital group companies, business partners, target companies and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;
b) governmental authorities and/or supervisory or regulatory authorities ;
c) suppliers, agents and other entities (e.g., professional associations to which we are member, external auditors, depositories, document warehouses, overseas financial institutions and clearing houses, where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures);
d) any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer their rights to; any persons with whom we are required to share data for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
e) other banks, financial institutions and third parties where required by law to help recover funds that have entered your account due to misdirected payment(s) by such third parties or trace funds where you are a victim of suspected financial crime, or where suspect funds have entered your account as a result of financial crime;
f) debt collection agencies, lawyers, credit bureau, fraud prevention agencies, courts, authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data;
g) third parties providing services to us (e.g., IT service providers, market analysis and benchmarking, including but not limited to correspondent banking, agents and subcontractors acting on our behalf);
h) social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services. Third-party advertisers may also use information about your previous online activities to tailor adverts to you;
i) third-party security providers;
j) other persons that provide you with benefits or services associated with your products or services;
k) other customers so they can provide or deliver products and/or services to you;
l) our corporate customers as you are director, promoter, authorised person, attorney, representative or contact person; and/or
m) your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.
6. International transfer of personal data
The nature of the modern business is global and under certain circumstances it is necessary for us to send or transfer your personal data internationally. When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method in order to maintain and protect the security of your personal data, which includes the following circumstances:
a) comply with a legal obligation;
b) inform you the inadequate personal data protection standards of the destination country and obtain your consent;
c) perform the agreement made by you with us or your request before entering into an agreement;
d) comply with an agreement between us and other parties for your own interest;
e) prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time; or
f) carry out activities relating to the substantial public interest.
7. Retention period of personal data
We will maintain and keep your personal data while you are our customer and once you has ended the relationship with us (e.g. after you closed your account with us, or following a transaction with us, or in case of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.
The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, Accounting Law, Tax Laws, Labour Laws and other laws to which we are subject both in Thailand and in other countries. In addition, we may need to retain records of CCTV surveillance in our office and/or voice records from our customer support activities to prevent fraud and to ensure security, including investigating suspicious transactions which you or related persons may inform us).
8. Use of Cookies
We may collect and use cookies and similar technologies when you use our products and/or services. This includes when you use our websites and application.
The collection of such cookies and similar technologies helps us recognise you, remember your preferences and customise how we provide our products and/or services to you. We may use cookies for a number of purposes (e.g. enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you, particularly, to ensure that online adverts displayed to you will be more relevant to you and of your interests).
9. Security
We endeavour to ensure the security of your personal data through our internal security measures and strict policy enforcement. We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.
10. How to contact us
If you have any questions or would like more details about our privacy notice or would like to exercise your rights, please contact our Data Protection Officer by writing to E-mail: DPO@rakkardigital.com
11. Changes to this privacy notice
We may change or update this privacy notice from time to time and we will inform you of the updated privacy notice at our website www.rakkardigital.com.
Version: February 2024