Data Privacy Policy

The Good Finance affirms its commitment to prioritizing data privacy within its operations. We highly value the trust you place in us and are dedicated to safeguarding your Personal and Corporate data, ensuring its responsible utilization.

The present Data Privacy Policy ("Policy") delineates the procedures by which The Good Finance (referred to collectively as "the Platform," "we," "us," or "our") may acquire, utilize, process, and disclose your Personal and Corporate Data, in strict adherence to pertinent data protection legislation, including the Personal and Corporate Data Protection Act 2010 ("PDPA").

This Policy pertains to any individual whose Personal and Corporate data is within our possession or under our control, denoted collectively as "you," "your," or "yours."

"Personal and Corporate Data" is construed in accordance with the PDPA and generally denotes any information directly or indirectly associated with you, facilitating your identification, and encompassing sensitive Personal and Corporate data and expressions of opinion concerning you.

1. Personal and Corporate Data

‍

We reserve the right to directly or indirectly gather your Personal and Corporate Data, which you intentionally and voluntarily furnish during your engagement or interaction with us via our mobile application ("App"), websites, social media platforms, customer hotlines, products, features, and other services provided to you. This may also encompass information obtained from our business associates or other origins.

Examples of Personal and Corporate Data that we might collect comprise, but are not limited to, the subsequent:

a. Personal and Corporate particulars (e.g. name, salutation / title, age, government-issued identification numbers, contact details, email address, residential address, date of birth, gender, nationality, race, ethnic origin, marital status, citizenship, education);

b. biometric data (e.g. facial image, fingerprint, voice);

c. specimen signatures, as well as digital and/or electronic signatures as defined under the applicable laws and regulations;

d. information relating to your relationship with other third parties (e.g. your spouse, your children, or your immediate family members);

e. employment information (e.g. name of employer, occupation, employment history, job responsibilities, salary);

f. financial (e.g. assets and income, expenses, savings, liabilities, borrowing history, risk profile), tax (e.g. income tax number), insurance, investments (e.g. investment objectives, investment portfolio), business interests or Platforming information (e.g. Platform Corporate Vault numbers, Corporate Vault balances, payment history, Corporate Vault activity and transactions);

g. recorded footage from closed circuit television cameras ("CCTVs”) installed at our premises; and

h. information relating to your preferences, activities, habits, interests, views, opinions or feedback relating to the use of our products or services and/or that of our business partners, including electronic data such as IP addresses, cookies, activity logs, online identifiers, cellular network and location data.

Certain Personal and Corporate Data that we gather may comprise sensitive information. This encompasses details regarding an individual's physical or mental health, religious beliefs, and/or criminal records. We collect such information in adherence to relevant laws and regulations.

"Sensitive Personal and Corporate Data" pertains to any Personal and Corporate data capable of identifying an individual's physical or mental health, political opinions, religious beliefs, or similar beliefs, as well as the commission or alleged commission of any offense by the individual.

2. Data Collection Process

‍

We collect Personal and Corporate Data in ways including (but not limited to) the following:

a. when you submit any form, including but not limited to application forms, or other forms relating to any of our products or services;

b. when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;

c. when you verify your identity through various means;

d. when you use some of our services provided through online and other technology platforms, such as websites and Apps;

e. when you interact with our staff such as via telephone calls (which may be recorded),emails, letters, in-App notifications, Short Message Service (SMS), social media platforms or meetings (physical or virtual);

f. when your images are captured by us via closed circuit television cameras (“CCTVs”)while you are within our premises or via photographs or videos taken by us or our representatives when you attend events organized by us;

g. when you request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional Personal and Corporate Data, our promotions and other Initiatives;

h. when you are contacted by, and respond to, our marketing representatives, agents and other service providers; and

i. when you submit your Personal and Corporate Data to us for any other reason.

3. Personal and Corporate Data From Other Sources

‍

When we collect Personal and Corporate Data from other sources, we make sure that the Personal and Corporate Data is obtained in accordance with applicable laws. Such sources may include (but not limited to) the following:

a. Authorized Persons (as defined in the Corporate Vault Terms), your family members, friends, shareholders, beneficial owners, joint Corporate Vault holders, service providers (e.g. lawyers, Corporate Vaultants, contractors), representatives (e.g. employees, officers, directors, signatories), guarantors, security providers, indemnitors and other individuals;

b. referral programmes;

c. our business partners;

d. insurance and financial service providers;

e. registered credit bureaus, alternative credit scoring agencies and any other credit reporting organizations;

f. bureaus established or to be established by regulatory bodies;

g. publicly available sources of data;

h. regulatory, government, tax, law enforcement or other authorities;

i. users who add you as their emergency contact; and

j. marketing service providers or partners.

4. Personal and Corporate Data of Third Parties

On occasion, you may furnish us with Personal and Corporate Data belonging to third parties, such as your family members or friends. This may occur, for instance, when you designate them as your emergency contact or engage in the in-App chat feature. By providing us with such information, you affirm and assure us that you have secured prior consent from the respective third party to collect, use, process, or disclose their Personal and Corporate Data for the designated purposes.

5. Personal and Corporate Data of Children

Our services are not intended for children, and we will refrain from knowingly collecting Personal and Corporate Data from individuals under the age of 18. Should such circumstances arise, we will seek consent from the parent, guardian, or individual assuming parental responsibilities for the minor. If you are under the age of 18, we kindly request that you refrain from providing your Personal and Corporate Data to us.

6. Use of Personal and Corporate Data

We reserve the right to collect, use, process, or disclose Personal and Corporate Data for business, audit, regulatory, or legal purposes, as permissible under the PDPA and other relevant laws. By consenting to this Policy, you authorize the collection, use, processing, and disclosure of Personal and Corporate Data for the following purposes:

a. Verifying your identity and conducting screenings, credit, or due diligence checks to grant you access to our products or services.

b. Ensuring the accuracy and currency of the information we hold about you.

c. Delivering products and/or services to you.

d. Assessing and processing your applications, instructions, transactions, or requests, including evaluating your eligibility for our products or services.

e. Providing updates on changes to products, services, Platform facilities, terms and conditions, and our Data Privacy Policy.

f. Administering benefits or entitlements linked to our relationship with you or arising from your participation in events, competitions, marketing campaigns, and promotions.

g. Responding to queries, feedback, or requests.

h. Addressing, investigating, or resolving complaints, claims, disputes, breaches of law, or contract.

i. Developing customer acquisition strategies.

j. Monitoring our performance and service delivery.

k. Complying with internal policies and procedures.

l. Establishing and maintaining credit, fraud, and risk models, assessing creditworthiness, and managing Platform risks.

m. Facilitating wallet linking, payments, and rewards for Corporate Vault linking between the Platform and business partners.

n. Conducting research and analysis to understand your needs, preferences, and interactions with our services and/or the Platform group.

o. Fulfilling obligations, requirements, policies, procedures, or agreements for sharing Personal and Corporate Data within the Platform group and/or with business partners.

p. Soliciting feedback, participation in surveys, or conducting research and analysis for statistical or profiling purposes.

q. Managing the safety and security of staff, premises, and services.

r. Responding to emergencies threatening the health or safety of individuals.

s. Undertaking actions necessary in the public interest, such as contact tracing or managing public health crises.

t. Preventing, detecting, and prosecuting crime, including assisting other financial institutions with credit checks, disputes, fraud investigations, and debt collection.

u. Monitoring compliance with terms and conditions, policies, and code of conduct.

v. Determining indebtedness owed by or to customers and recovering or paying debts owed to the Platform.

w. Financial or regulatory reporting, management reporting, risk life management, audit, and record-keeping purposes.

x. Facilitating proposed or actual mergers, acquisitions, joint ventures, asset sales, restructuring, financing, or business transactions.

y. Defending against claims, investigations, or proceedings and enforcing contractual and legal rights and obligations.

z. Detecting, investigating, reporting, and preventing various unlawful activities, including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, and circumvention of laws and regulations.

aa. Compliance with applicable laws, regulations, rules, directives, codes of practice, guidelines, orders, instructions, and requests from authorities or regulatory bodies.

bb. Pursuing purposes agreed upon by you from time to time.

cc. Directly related purposes to those outlined in this Policy.

“Platform Group” refers to entities within the Platform’s group which are involved in the promotion, sale, delivery and distribution of financial products and services.

7. Use of Personal and Corporate Data (Without Consent)

We may collect, use, process, and/or disclose your Personal and Corporate Data without explicit consent as required or authorized under the PDPA and other applicable laws, adhering to their stipulations. This may encompass, but is not restricted to, the following scenarios:

a. Fulfilling our agreement(s), such as opening a Corporate Vault or executing money transfers using a money transfer service.

b. Disclosing documents or information expressly permitted in writing by you, your executor, administrator, or any other legal Personal and Corporate representative.

c. Disclosing information in connection with applications for probate grants, letters of administration, or distribution orders concerning a deceased customer's estate.

d. Disclosing information in cases where the customer is declared bankrupt, undergoing or has undergone winding-up, or dissolution in any jurisdiction.

e. Disclosing information related to criminal or civil proceedings involving the Platform and the customer, their surety or guarantor, or parties making adverse claims to funds in the customer's Corporate Vault.

f. Complying with orders or requests from enforcement agencies under written laws for investigation or prosecution purposes.

g. Complying with garnishee orders served on the Platform.

h. Complying with court orders.

i. Providing documents or information necessary for exchanging information under taxation arrangements or arrangements under different jurisdictions.

j. Disclosing information to consultants engaged by the Platform for professional advice or services in various fields.

k. Disclosing information for centralized functions such as audit, risk management, finance, or information technology within the Platform group.

l. Conducting internal audits or risk management activities.

m. Disclosing information as part of outsourced functions performed by the Platform.

n. Disclosing information for due diligence exercises approved by the Platform's board of directors in connection with mergers and acquisitions, capital raising exercises, or asset sales.

o. Providing credit information of a customer to a credit reporting agency registered under the Credit Reporting Agencies Act 2010 for credit reporting purposes.

p. Disclosing information where the Platform suspects, or has reasons to suspect, the commission of an offense under any written law.

We may link and combine the collected Personal and Corporate Data with other data in our possession. If you have multiple relationships with us, we may link your data collected across various verticals to facilitate your use of our products or services and for the aforementioned purposes.

8. Use of Personal and Corporate Data for Marketing Purpose

The Platform and the Platform group may use your Personal and Corporate Data to recommend you products or services, including special promotions, offers, contests, rewards or entitlements that may be of interest to you or for which you may be eligible unless you have chosen to unsubscribe or not to receive the recommendations.

You will not receive marketing materials for marketing and promotions conducted by third parties(e.g. our marketing partners, marketing service providers, business partners) unless you have consented to receiving these materials.

Such marketing messages may be sent to you via various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls and other mobile messaging services and Apps. In doing so, we will comply with the PDPA and other applicable laws.

If you wish to withdraw your consent, you may update your preferences in your App settings. Alternatively, you may notify us by emailing us or calling our customer hotline (see the section“ How To Contact Us” below).Notwithstanding any withdrawal of consent for marketing, we may continue to send you messages relating to our ongoing relationship with you, including updates to our products or services and terms and conditions that you are entitled to receive under the terms that you have agreed to enter into with us and nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.

9. Data Recipients

We may disclose Personal and Corporate Data to various parties, where necessary, and subject at all times of any applicable laws, for the purposes set out in this Policy. These parties include:

a. Authorized Persons, your legal representatives, family members or those who can validly act on your behalf or who may be empowered to act with the requisite power and authority(e.g. upon your death or mental incapacity);

b. our Related Entities (as defined in the Corporate Vault Terms);

c. service providers who perform identity verification services and payment processing services (including payment processors, payment intermediaries, payment networks, card associations, Platforms, and other financial institutions etc);

d. service providers who deliver our products or services to you;

e. debt collectors;

f. credit bureaus, alternative credit scoring agencies and any other credit reporting organizations;

g. background check and anti-money laundering service providers;

h. cloud storage providers;

i. data analytics providers;

j. marketing partners and marketing service providers;

k. business partners in accordance with the purpose(s) notified in this Policy;

l. research partners, including those performing surveys or research projects in partnership with the Platform or on the Platform’s behalf;

m. insurance and financing partners;

n. other Platforms, correspondent Platforms, providers of credit protection, financial institutions, financial market infrastructure, third party digital wallet providers and other third party intermediaries involved in the managed investment of funds, such as brokers, asset managers, and custodians; and

o. auditors, Corporate Vaultants, legal advisors, government authorities, regulators, enforcement agencies, tax authorities, courts, tribunals or judicial bodies; and

p. other third parties to fulfill the legal purposes mentioned in this Policy.

10. Data Sharing Arrangement

We may share Personal and Corporate Data with our business partners if you have requested a service through the Platform's or a business partner's platform. Our business partners may include those whose apps integrate with ours and marketing partners with whom we collaborate to deliver promotions, competitions, or other specialized services.

Under our data sharing arrangement ("Data Sharing Arrangement") with our business partners, your Personal and Corporate Data may be shared between the Platform and business partners, with your consent, for the following purposes:

a. Verifying your identity, onboarding you, and updating your records as a customer of the business partner (where applicable).

b. Facilitating seamless customer service handling across the Platform and business partners (where applicable).

c. Understanding your preferences through analytics so that the Platform and business partner (where applicable) may create a seamless customer experience for you, improve and personalize our products and/or services for you, and recommend products or services, special promotions, offers, contests, rewards, or entitlements relevant to you.

By giving consent to the sharing of your Personal and Corporate Data with our business partners, you also consent to us sending any corrections of Personal and Corporate Data that you may request to our business partners to update their records. We may modify, update, or amend this Policy to reflect any changes to the Data Sharing Arrangement at any time. You will be notified of any material changes or additions of new purposes in the Data Sharing Arrangement before we collect, use, process, or disclose your Personal and Corporate Data for those purposes.

11. Use of Cookies and Tracking Technologies

Our website and App utilize cookies, which are small text files placed on your computer or mobile device when you visit a website or use an App. These cookies may contain unique identifiers and can be stored on various platforms including your computer, mobile device, emails we send, and our web pages. Cookies may transmit Personal and Corporate Data regarding your usage of our services, such as browser type, search preferences, IP address, data related to displayed advertisements, clicks, and timestamps of your usage. Cookies can be persistent, stored across sessions, or temporary, lasting only during individual sessions.

We employ cookies and related technologies to enhance and streamline your experience with our website and App, monitor usage patterns, and compile statistical data on activities conducted through them.

We may permit our partnered third parties to utilize cookies on our website and App to collect Personal and Corporate Data for similar purposes. These third parties may correlate the collected data with information they possess about you from other sources. While we may not have direct access or control over their cookies, we may share non-Personal and Corporate identifiable data, such as advertising identifiers or cryptographic hash of a common Corporate Vault identifier, with third parties to facilitate targeted advertising.

Depending on your device and operating software, you may have the option to disable mobile identifiers (e.g., Apple's IDFA). You can also deactivate cookies by adjusting your internet browser settings to disable, block, or delete cookies, browsing history, and cache.

12. Protection of Personal and Corporate Data

We are committed to implementing reasonable legal, organizational, and technical measures to safeguard your Personal and Corporate Data in compliance with applicable laws. These measures are designed to mitigate risks such as loss, misuse, modification, unauthorized access, disclosure, alteration, or destruction of Personal and Corporate Data. We restrict access to your Personal and Corporate Data to employees and contractors on a need-to-know basis. Individuals handling your Personal and Corporate Data are only authorized to do so and are bound by confidentiality obligations.

While we endeavor to protect your Personal and Corporate Data to the best of our ability, it is important to note that the security of data transmitted online cannot be guaranteed. Therefore, any transmission of Personal and Corporate Data over the internet is undertaken at your own risk.

13. Retention of Personal and Corporate Data

We retain Personal and Corporate Data for the duration required to fulfill the purposes outlined in this Policy and until it is deemed no longer necessary for any legal, audit, regulatory, or business purposes. Once your Personal and Corporate Data ceases to be necessary for the products or services, or if we no longer have a legal, audit, regulatory, or business rationale for retaining it, we will undertake measures to destroy, permanently delete, or anonymize such Personal and Corporate Data.

14. Your Rights to Personal and Corporate Data

In accordance with applicable laws and regulations, you have the following entitlements:

a. You may inquire about the Personal and Corporate Data we hold about you, including requesting a copy of it.

b. You have the right to request the correction or update of your Personal and Corporate Data if it is inaccurate, incomplete, misleading, or not up-to-date.

c. You can withdraw your consent to the processing of your Personal and Corporate Data for a specific purpose (if we are processing your data based on your consent).

Withdrawals or changes to consent preferences made through your App settings generally take effect within 7 working days. However, withdrawals or changes communicated via email or our customer hotline may take up to 21 business days to come into effect.

If you choose not to provide your Personal and Corporate Data or withdraw consent, it may impact our ability to fulfill the purposes outlined in the "Use of Personal and Corporate Data" section or limit your access to our products or services. We may still be able to process your data to the extent permitted by law even after consent withdrawal.

To exercise your rights, make queries, or file complaints about your Personal and Corporate Data, you can contact us using the details provided in the "How to Contact Us" section below.

We will verify all requests to exercise your rights and may require supporting information or documentation to confirm your identity and authority. Requests will be processed promptly, subject to available information and legal constraints. We will inform you of the reasons if we are unable to fulfill your requests.

If you request a copy of your Personal and Corporate Data and we comply, a fee may be charged for providing the copy, and we will inform you of the applicable fee.

By requesting corrections to your Personal and Corporate Data with the Platform, you consent to the disclosure of corrected data to third-party organizations for purposes outlined in this Policy.

15. Amendments and Updates

Periodically, we may modify, update, or amend the terms outlined in this Policy. Any amendments will be communicated to you through our App or other appropriate channels before they take effect. It is your responsibility to regularly review this Policy. By continuing to use our Apps or services, or by continuing to communicate with us after modifications, updates, or amendments to this Policy, you agree to be bound by such changes, whether or not you have reviewed them.