Privacy Notice

Effective Date: November 2023

1. 1. This notice

   This notice is issued in compliance with applicable law, including the General Data Protection Regulation or GDPR ((EU) 2016/679) (GDPR), the UK Data Protection Act 2018, the retained UK version of the GDPR (UK GDPR) and the Singapore Personal Data Protection Act 2012 (PDPA). We are issuing this notice as "controllers" of your personal data under the GDPR and UK GDPR and “organisations” under the PDPA. This notice explains how the companies in Conneto group named below use the personal data of visitors to our website (www.conneto.com), our clients or their representatives, our clients' customers or business partners /counterparts, and our suppliers or their representatives (you or your) that use our website, products, services, apps, or features, either online or offline (collectively, our Services). By "personal data", we mean any information about an identified or identifiable natural person.
   
   By using our Services, you acknowledge the terms of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not use our Services. If you do not understand, or if you have questions about, this Privacy Notice, please contact us before using, or continuing to use, our Services.
   
   Please note that we may change this notice from time to time. Please therefore check the date at the top to see if it has been updated since you last read it. You may obtain previous versions from us through the channels stated in Section 2. If we choose to amend this Privacy Notice, we will revise the Last Updated date at the top of this Privacy Notice when we post the updated version. We may also provide you with notice by prominently posting on our website, via email or both, if we make any significant changes to this Privacy Notice. We may also highlight those changes at the top of this Privacy Notice and provide a prominent link to it for a reasonable length of time following the change. Your use of our Services after we have informed you in one of these ways that we made changes to our Privacy Notice will mean that you have accepted those changes.

2. 2. Who we are; our contact details

   We are
   
   (1) Conneto Hub Pte. Ltd., established in Singapore with company number 202337146Z (Conneto)
   
   (together or separately, we, us or our).
   
   We may be contacted at: [email protected].

3. 3. The type of personal data we collect and the source of that information

   We collect the personal data (including special categories of personal data) set out in the table below from the sources also set out in the table below.

   Category of personal data

   Personal data collected

   Source

   Contact details of our clients, suppliers or their representatives

   Name; role; work address, email address, phone number(s).

   You The business which you represent Publicly available sources, e.g., directories, websites Third-party data lists

   On-boarding information of our clients or their directors or shareholders

   This includes:
   • your or the directors' or shareholders' full name, contact details (including postal and/or email address and telephone number), date of birth, source of funds, bank account details, solvency and litigation history;
   • passport or other relevant government-issued document identification number;
   • bank details;
   • information available through public sources. This may include information on whether you are a politically exposed person, sensitive categories of personal data (for example, about political opinions or religious or philosophical beliefs) and about any criminal offences that you have committed or been accused of and related information

   You Client's registration documents Internet publications, the press Government lists of sanctioned entities Providers of screening and verification services, including credit reference and fraud prevention agencies

   Personal data of our clients' customers or business partners /counterparts

   Names, addresses, contracts with our clients, payment history and financial transactions between our clients and their customers or business partners /counterparts, and information related to debt collection, including defaults, and related proceedings

   Our clients
   
   You

   Communications with you

   Any personal data contained in your email or other written correspondence with us, other clients, suppliers or their representatives or our call recordings. This may include information about your health, for example, what you provide in relation to difficulties in making payments

   You

   Financial information

   Bank account and payment or other transaction details if we deal with you as an individual.

   You

   Use of our website or online platform

   This includes:
   • your Internet service provider;
   • your browser type;
   • your operating system;
   • pages you access, log in, and usage history;
   • the date and time of your access;
   • your device type;
   • the IP address or unique identifier of
     your device;
   • feedback you provide to us;
   • your password and log-in credentials;
   • support communications

   You/your device
   Category of personal data

   Contact details of our clients, suppliers or their representatives

   Personal data collected

   Name; role; work address, email address, phone number(s).

   Source

   You The business which you represent Publicly available sources, e.g., directories, websites Third-party data lists

   Category of personal data

   On-boarding information of our clients or their directors or shareholders

   Personal data collected

   This includes:
   • your or the directors' or shareholders' full name, contact details (including postal and/or email address and telephone number), date of birth, source of funds, bank account details, solvency and litigation history;
   • passport or other relevant government-issued document identification number;
   • bank details;
   • information available through public sources. This may include information on whether you are a politically exposed person, sensitive categories of personal data (for example, about political opinions or religious or philosophical beliefs) and about any criminal offences that you have committed or been accused of and related information

   Source

   You Client's registration documents Internet publications, the press Government lists of sanctioned entities Providers of screening and verification services, including credit reference and fraud prevention agencies

   Category of personal data

   Personal data of our clients' customers or business partners /counterparts

   Personal data collected

   Names, addresses, contracts with our clients, payment history and financial transactions between our clients and their customers or business partners /counterparts, and information related to debt collection, including defaults, and related proceedings

   Source

   Our clients
   
   You

   Category of personal data

   Communications with you

   Personal data collected

   Any personal data contained in your email or other written correspondence with us, other clients, suppliers or their representatives or our call recordings. This may include information about your health, for example, what you provide in relation to difficulties in making payments

   Source

   You

   Category of personal data

   Financial information

   Personal data collected

   Bank account and payment or other transaction details if we deal with you as an individual.

   Source

   You

   Category of personal data

   Use of our website or online platform

   Personal data collected

   This includes:
   • your Internet service provider;
   • your browser type;
   • your operating system;
   • pages you access, log in, and usage history;
   • the date and time of your access;
   • your device type;
   • the IP address or unique identifier of
     your device;
   • feedback you provide to us;
   • your password and log-in credentials;
   • support communications

   Source

   You/your device

   • Click here [Hyperlink to the chart at the end of the document] to see all of the categories of personal data we collect under California privacy law.
   
   Non-personal data includes information that does not personally identify you or information that has been anonymized (collectively, non-personal data). When we combine non-personal data with personal data, we treat the combined information as personal data.
   
   You can always refuse to provide your personal data, but please note that some personal data is necessary to provide our Services.

   Online Analytics
   
   

   We also use various types of online analytics, including Google Analytics, a web analytics service provided by Google, Inc. (Google), on our website under the terms specified in the Cookies Policy. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the website, compile reports on the related activities, and provide other services related to website and app activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google click here. When we combine non-personal data with personal data, we treat the combined information as personal data. You can always refuse to provide your personal data, but please note that some personal data is necessary to provide our Services. When we combine non-personal data with personal data, we treat the combined information as personal data. You can always refuse to provide your personal data, but please note that some personal data is necessary to provide our Services.
   
   

   Offline Interactions and Other Sources
   
   We also may collect personal data from other sources, such as our partners or third-party service providers, or from our offline interactions with you for the purposes listed in the How we use your personal data section below, including to enable us to verify or update the information contained in our records and to better customize the Services for you.

   Social Media Integration
   
   Our Services may, from time to time, contain links to and from social media platforms. You may choose to connect to us through a social media platform, such as Facebook, LinkedIn or X Social Media, and when you do, we may collect additional information from you, including the information listed in the the type of personal data we collect and the source of that information section above. Please be advised that social media platforms may also collect information from you. When you click on a social plug-in, such as Facebook’s “Like” button, that particular social network’s plugin will be activated and your browser will directly connect to that provider’s servers. We encourage you to review the social media platforms’ usage and disclosure policies and practices, including the data security practices, before using them.

4. 4. How we use your personal data

   We use your personal data for the purposes of:
   • Entering into and performing our contract with our clients, and conducting our business relationship with them. This may include monitoring and recording telephone calls with our clients' representatives or their customers.
   • "Know Your Client" checks when deciding whether to enter a contract with you or the business you represent.
   • Assessing the business and financial risks carried by our clients, to determine whether or not to enter into a contract with them and to decide the commercial terms of the contract.
   • Collecting payments from our clients' customers or business partners /counterparts.
   • Operating and improving our websites, including through conducting or obtaining analyses of website usage. Where possible, we will anonymise or pseudonymise your information used for this purpose.
   • Developing and improving the technology, systems and processes used in the operation of our business. Where possible, we will anonymise or pseudonymise your information used for this purpose.
   • Communicating with regulators and law enforcement agencies in order to comply with reporting obligations, deal with their enquiries and cooperate with regulatory and law enforcement.
   • Defending or bringing legal proceedings.
   • Taking professional advice such as legal, auditors' or management consultancy advice. Marketing our services to you. Where legally required, we will obtain your consent specifically for such marketing.
   
   When we make checks with credit reference agencies, they will keep a record of this, which they may share with their third-party customers and other credit checking or fraud prevention agencies. They or we may also link that record with your spouse or financial associate whose onboarding information you supply to us or the credit reference agency holds. The credit checking agencies are separate controllers of your data. If we make checks with them, we will tell at the time where to read their information about their use of your personal data.
   
   We may also combine your personal data collected through various sources, including information collected through our Services, and develop a profile that will be used for the purposes above.
   
   We may use personal data to create non-personal data. We may use non-personal data for any legitimate business purpose.

5. 5. Legal bases for our use of your personal data
   We rely on the following bases for our use of your personal data, in accordance with the GDPR:
   

   • For clients who are individuals, necessary to take steps at your request prior to entering into a contract and performing the contract.

   • Necessity to our legitimate business interests in:

   • entering into and performing contracts with our clients and suppliers;
   • managing our assets, such as our portfolio of receivables;
   • preserving our reputation and the value of our business by conducting "Know Your Client" checks;
   • assessing our clients' businesses in order to negotiate terms with them;
   • developing and improving the technology, systems and processes used in the operation of our business;
   • operating and developing our website to on-board clients, communicate with the public, and promote our business;
   • marketing our services to you. Where legally required, we will obtain your consent for these purposes;
   • enforcing and defending our legal rights;
   • co-operating with regulators and law enforcement agencies.

   Where we have relied on "legitimate interest" as a legal basis, we have performed an analysis to ensure that your rights and interests are taken into account and do not outweigh our interests.
   
   

   • In the case of sensitive categories of personal data and criminal offences and allegations and related information, you have provided your consent or we are obliged to do so under applicable law, such as compliance with sanctions, or it is necessary in the public interest. This information in not the primary object of our checks but is collected so that we can protect the reputation of our business or to comply with the law and we do not use such information to discriminate against individuals based on their political opinions or religious or philosophical beliefs. We do not use information concerning criminal offences or allegations or related information unless relevant for anti-money laundering or crime detection or prevention purposes.

   If you do not provide the data requested for client onboarding or for communicating and performing contracts with our clients and suppliers, we will not be able to proceed with those contracts.
   
   We do not carry out any automated decision-making using your personal data.
6. 6. Consent

   Where our legal basis for using your personal data is consent, you may withdraw that consent at any time by writing to us or emailing us at the address given in Section 2 above. This will not affect the lawfulness of the processing that has been carried out based on your consent prior to the withdrawal.
   
   When making the request, please provide your full name and address and/or email address in exactly the form in which they were originally provided to us to avoid any possible confusion with a different individual. We may ask you for further information to verify your identity.

7. 7. Sharing your personal data

   We may share your personal data with:
   
   • Our lawyers, accountants and other professional advisers.
   • Agents and suppliers who assist us with "Know Your Client" checks, such as Lexis Nexis, and with credit checking and fraud prevention agencies.
   • Our service providers including banks, financial firms, and providers of IT systems.
   • Our clients, where you are their customer or representative or business partner /counterpart.
   • Our suppliers, where you are their customer or representative.
   • Our group companies.
   • In accordance with applicable law, we may also transfer or assign personal data to third parties as a result of, or in connection with, a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganization, or liquidation.
   • Regulators and government and law enforcement agencies.
   
   We do not sell or rent your personal data.
   
   Click here [Hyperlink to chart at the end of the document] to see all of the categories of personal data we share under California privacy law.

8. 8. Transfers outside the European Union, Singapore and the UK

   Your information is securely stored in:
   • The United Kingdom, the European Union and countries that have been determined to provide adequate protection under the GDPR and/or PDPA.
   
   • Other countries if we or our processors have entered into standard contractual clauses, approved under the GDPR or contractual clauses in accordance with the requirements of the PDPA, with the recipient and we have assessed that the protections of those clauses are effective in light of the legal regime in the recipient’s jurisdiction and, if necessary, adopted supplementary technical, organisational, or contractual measures. For more information please contact us through a channel mentioned in Section 2.

9. 9. How we protect personal data

   We are dedicated to ensuring the security of your personal data. We use physical, electronic, and administrative security measures appropriate to the risks and sensitivity of the personal data we collect. We aim to provide secure transmission of your personal data from your devices to our servers. We have processes to store personal data that we have collected in secure operating environments. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal data to you. We try our best to safeguard personal data once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your personal data, please contact us immediately.

10. 10. How long we keep your personal data

    We will keep your personal data for as long as necessary for the purposes of processing.
    
    In general, this will be the period of time for which we perform our contract with you or the business that you represent, plus a further eight years, in case of any claims. In the case of our clients' customers or business partners /counterparts, or the business they represent, this will be the period of the contract between your or that business and our client, plus a further eight years, in case of any claims
    
    If we collect your information with a view to entering into a contract, but do not enter into the contract, we retain your information for a reasonable period, in case you make a repeat application.
    
    We will keep information about visitors to our websites for a reasonable length of time which lets us understand how people use our website and any technical issues they have. Usually, this will not exceed 12 months.

11. 11. Your data protection rights

    Under applicable law, subject to certain exceptions, you may exercise the following rights in relation to the personal data we hold about you:
    
    Access - You have the right to obtain confirmation as to whether or not we are processing your personal data and, where this is the case, to ask us for copies of the data and information about the processing.
    Rectification - You have the right to ask us to correct your personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
    Erasure - You have the right to ask us to erase your personal data where we have no compelling reason to keep using it. This is not a general right; there are exceptions, e.g., if we have a legal obligation to keep the data.
    Restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances. However, please note that if we restrict the processing of your personal data per your request, we may not be able to provide you with certain Services.
    Objection to processing – Where we process your data for purposes of pursuing our legitimate interests, you have the right to object to the processing of your personal data unless we have strong and legitimate reasons to continue using the data.
    Portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, where we have used your information based on your consent or the need to perform a contract.
    You are not required to pay any charge for exercising your rights, save in exceptional circumstances. If you make a request, we have one month to respond to you. Please note that you also have the right to not receive discriminatory treatment for exercising your rights.
    
    Please contact us, or have your authorized agent contact us, through a channel mentioned in Section 2 if you wish to make a request. When making the request, please provide your full name and address and/or email address in exactly the form in which they were originally provided to us to avoid any possible confusion with a different individual. We may ask you for further information to verify your identity.

12. 12. Your California privacy rights

    We do not share personal data with third parties for their own direct marketing purposes without your consent. California residents under 18 years old, in certain circumstances, may request and obtain the removal of personal data or content that you have posted on our Services. Please be mindful that this would not ensure complete removal of the content posted by you on our Services. To make any request pursuant to California privacy law, please contact us.

13. 13. Children’s privacy

    Our Services are not for children or those under the age of 21. We do not knowingly collect personal data from children or other persons who are under 21 years of age. Individuals who are children or those under the age of 21 should not attempt to provide us with any personal data. If you think we have received personal data from children or those under the age of 21, please contact us immediately.

14. 14. Third-party websites and apps

    Our website and Services may contain links to other websites or apps operated by third parties. Please be advised that the practices described in this Privacy Notice do not apply to information gathered through these third-party websites and apps. We have no control over, and are not responsible for, the actions and privacy policies of third parties and other websites and apps.

15. 15. How to file a complaint

    If you have any concerns about our use of your personal data, you can make a complaint to us through a channel mentioned in Section 2.
    
    You can also complain to the regulator in your location or:
    
    For Singapore
    Conneto Hub Pte. Ltd.
    Contact to: Data Protection Officer
    E-mail address: [email protected]
    Address: 160 ROBINSON ROAD, #14-04, Singapore

    
    
    California Privacy Law Appendix
    
    

    This appendix seeks to provide additional information to residents of California and supplements the information provided in the Privacy Notice above.
    
    To learn more about the categories of personal data we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it, please see the chart below.