PRIVACY POLICY

This policy sets out:

(1) the information we collect about you when you visit our website, use our products or services, or otherwise interact with us;

(2) how we use, share, store, and secure the information; and

(3) how you may access and control the information.

In this policy, “Noble Sky International” or “we” refers to Noble Sky Apac Pte Ltd of 3 Fraser St, #08-21, DUO Tower, Singapore 189352 (together with our holding company) and “Platform” means our website at www.noblesky.co and our software, namely SkyAccess, SkyAccess Plus, SkyInvest and SkyFinance Membership Portal, Client Investment Management Portal (Appfolio).

In this policy, “personal information” refers to any data, information, or combination of data and information that is provided by you to us, or through your use of our products or services, that relates to an identifiable individual.

1 WHAT INFORMATION WE COLLECT ABOUT YOU

1.1 We collect the following types of information about you:

(a) account and profile information that you provide when you register for an account or sign up for our products or services, for example Full name, username or similar identifier, other personal description, job title, date of birth and gender (where relevant), physical address including billing and/or delivery, email address, telephone number(s), payment information, such as credit card details or bank account information, social media handles, IP address, and device information. (collectively, “Account Data”);

(b) information you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, “Support Data”);

(c) communication, marketing, and other preferences that you provide us when you participate in a survey or a questionnaire that we send you (collectively, “Preference Data”);

(d) details of any transactions, purchases, or orders that you’ve made with us (collectively, “Transaction Data”);

(e) payment information, for example Payment card information, bank account details, and other relevant financial information. (collectively, “Financial Data”);

(f) information about your device or connection, for example Internet protocol (IP) address, log-in data, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform, the type of device you are using, unique device identifiers, mobile network information, and other technology on the devices you use to access our products or services. and information we collect through cookies and other data collection technologies (please read our Cookies Policy for details) (collectively, “Technical Data”); and

(g) Information about your use of or visit to our Platform, for example Clickstream to, through, and from our platform, products you viewed, used, or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods to browse away from the page, referring URL, search keywords, ads that you clicked on, and other information about your use of our platform. (collectively, “Usage Data”).

1.2 We collect the above information when you provide it to us or when you use or visit our Platform. We may also receive information about you from other sources, including:

(a) our personnel, agents, advisors, consultants, and contractors based in Singapore, Malaysia, Indonesia, Philippines, India, Pakistan, United States of America in connection with our operations or services, for example our staff engaged in the fulfilment of your order, processing of your payment, and provision of support services;

(b) other users of our products or services, for example User-generated content, such as comments, posts, or messages that contain personal data about other users. Social features, such as chat rooms, forums, or messaging systems that enable users to interact with each other and exchange personal data. User referrals, where one user refers another user to your platform and provides personal data about that user in the referral process. Direct communication between users, such as when one user contacts another user to arrange a transaction or request a service. Shared profiles or account information, where multiple users share access to a single account or profile, and personal data is shared among them. User reviews or ratings, which may contain personal data about the user being reviewed or rated. User behavior or interactions, which may be visible to other users and contain personal data about those users, such as their activity history, preferences, or location data.;

(c) other services linked to your account, for example Social media platforms, if users register or log in using their social media account, such as Facebook, Twitter, or LinkedIn. Payment processors or digital wallets, which may be linked to users’ accounts to facilitate transactions. Cloud storage services, which may be linked to users’ accounts to store and access files or data. Customer relationship management (CRM) systems, which may be linked to users’ accounts to manage customer interactions and information. Marketing or analytics platforms, which may be linked to users’ accounts to analyze user behavior or preferences. Email or messaging services, which may be linked to users’ accounts to send notifications, newsletters, or other communications. Other third-party services or platforms, which may be linked to users’ accounts to provide additional features or functionality.;

(d) our group companies or overseas offices that provide Our group of companies and overseas offices may provide us with user personal data in the course of providing our investment services, such as for updating clients about their investments, resolving customer inquiries or support requests, marketing and sales activities, data processing or analytics, legal and regulatory compliance, or joint ventures and partnerships, and we take appropriate measures to ensure that this data is collected and processed in accordance with applicable data protection laws, used only for the purpose of providing our investment services, and protected against unauthorized access or disclosure.; and

(e) our business partners and service providers based in Singapore, Malaysia, Indonesia, Philippines, India, Pakistan, United States of America who provide teleservices, cloud storage and hosting services, social media and messaging platforms, customer service and support providers, co-marketing and joint venture partners, referral and affiliate partners, identity verification and background check providers, and data enrichment providers.

1.3 We do not collect sensitive data or special category data about you. This includes details about your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, or sexual orientation.

2 HOW WE USE INFORMATION WE COLLECT

2.1 We only use your personal information where the law allows us to. We use your personal information only where:

(a) we need to perform the contract we have entered into (or are about to enter into) with you, including to operate our products or services, to provide customer support and personalised features, and to protect the safety and security of our Platform;

(b) it satisfies a legitimate interest which is not overridden by your fundamental rights or data protection interests, for example for research and development, and in order to protect our legal rights and interests;

(c) you’ve given us consent to do so for a specific purpose, for example we may send you direct marketing materials or publish your information as part of our testimonials or customer stories to promote our products or services with your permission; or

(d) we need to comply with a legal or regulatory obligation.

2.2 If you have given us consent to use your personal information for a specific purpose, you have the right to withdraw your consent any time by contacting us (please refer to paragraph 9. for contact information), but please note this will not affect any use of your information that has already taken place.

2.3 We do not share your personal information with any company outside our group for marketing purposes, unless with your express specific consent to do so.

2.4 For visitors to or users of our Platform who are located in the European Union, we have set out our legal bases for processing your information in the Legal Bases Table at the end of this policy.

3 HOW WE SHARE INFORMATION WE COLLECT

3.1 We share information with other companies in our group in order to operate our Platform and to offer and improve our products and services.

3.2 We may share personal information on an aggregated or de-identified basis with third parties for research and analysis, profiling, and similar purposes to help us improve our products and services.

3.3 If you use any third-party software in connection with our products or services, for example any third-party software that our Platform integrates with, you might give the third-party software provider access to your account and information. Policies and procedures of third-party software providers are not controlled by us, and this policy does not cover how your information is collected or used by third-party software providers. We encourage you to review the privacy policies of third-party software providers before you use the third-party software.

3.4 Our Platform may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.

3.5 We may share your information with government and law enforcement officials to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement, or national security requests.

3.6 If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such a transaction. We will notify you if such a transaction takes place and inform you of any choices you may have regarding your information.

4 HOW WE STORE AND SECURE INFORMATION WE COLLECT

4.1 We use data hosting service providers based in Singapore and the United States of America to host the information we collect.

4.2 We have adopted the following measures to protect the security and integrity of your personal information:

(a) information is encrypted using TLS/SSL technology;

(b) your account is password-protected, with the requirement(s) that Passwords must be at least 8 characters long, with a combination of letters and numbers”;

(c) access to your personal information is restricted to personnel or service providers on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality; and

(d) our information collection, storage, and processing practices are reviewed regularly.

4.3 We have put in place procedures to deal with any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

4.4 While we implement safeguards designed to protect your information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure.

4.5 We only retain personal information for so long as it is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Which it was collected, including for the provision of our services, to comply with legal or regulatory obligations, or for legitimate business purposes. We regularly review and delete personal data that is no longer necessary or relevant to our business activities, or that is no longer required by law. We take appropriate measures to protect personal data against unauthorized access or disclosure during the retention period, and we delete or anonymize personal data in a secure manner once it is no longer needed. The specific retention periods for different types of personal data may vary depending on factors such as the nature of the data, the purposes for which it was collected, and the applicable legal or regulatory requirements. We will inform users of any specific retention periods that apply to their personal data at the time of collection, or as required by law. We periodically review the basis and appropriateness of our data retention policy.

5 HOW WE TRANSFER INFORMATION INTERNATIONALLY

5.1 We collect information globally and primarily store that information in Singapore and the United States of America. We transfer, process, and store your information outside your country of residence where we or our service providers operate for the purpose of providing our products and services to you.

5.2 Some of the countries in which our companies or service providers are located may not have the privacy and data protection laws that are equivalent to those in your country of residence. When we share information with these companies or service providers, we make use of contractual clauses, corporate rules, and other appropriate mechanisms to safeguard the transfer of information.

6 YOUR RIGHTS

6.1 You have the right to:

(a) be informed of what we do with your personal information;

(b) request a copy of personal information we hold about you;

(c) require us to correct any inaccuracy or error in any personal information we hold about you;

(d) request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure for record keeping purposes, to complete transactions, or to comply with our legal obligations);

(e) object to or restrict the processing by us of your personal information (including for marketing purposes);

(f) request to receive some of your personal information in a structured, commonly used, and machine readable format, and request that we transfer such information to another party; and

(g) withdraw your consent at any time where we are relying on consent to process your personal information (although this will not affect the lawfulness of any processing carried out before you withdraw your consent).

6.2 Our Platform enables you to update certain information about yourself, for example SkyAccess, SkyAccess Plus, SkyInvest and SkyFinance Online Membership Portal and Client Investment Management Portal (Appfolio).

6.3 You may opt out of receiving marketing materials from us. We provide users with the ability to opt out of receiving marketing materials from us by following the unsubscribe instructions included in each marketing communication. Alternatively, users may contact us directly using the contact details provided in our privacy policy to request that their information be removed from our marketing lists. Once we receive an opt-out request, we take appropriate measures to ensure that the user’s information is promptly removed from our marketing lists and that no further marketing materials are sent to that user, except where required by law or for the limited purpose of providing service-related communications. Users may also have additional rights under applicable data protection laws, such as the right to object to the processing of their personal data for direct marketing purposes. We will comply with such requests in accordance with applicable law and our privacy policy. Please note, however, that even if you opt out from receiving marketing materials from us, you will continue to receive notifications or information from us that are necessary for the use of our products or services.

6.4 As a security measure, we may need specific information from you to help us confirm your identity when processing your privacy requests or when you exercise your rights.

6.5 Any request under paragraph 6.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive, or excessive.

6.6 We will respond to all legitimate requests within one (1) month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests.

7 CHANGES TO THIS POLICY

We may amend this policy from time to time by posting the updated policy on our Platform. By continuing to use our Platform after the changes come into effect, you agree to be bound by the revised policy.

8 POLICY TOWARDS CHILDREN

Our products and services are not directed to individuals under 18. We do not knowingly collect personal information from individuals under 18. If we become aware that an individual under 18 has provided us with personal information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 18.

9 CONTACT US

9.1 Please contact us at privacy@noblesky.co or submit any written request to:

Noble Sky Apac Pte Ltd

3 Fraser St, #08-21, DUO Tower, Singapore 189352

Attn: Data Protection Officer

9.2 Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.

Last updated: 16th February 2023

10 COOKIES POLICY

Cookies are small text files that are placed on your device by a web server when you access our Platform. We use cookies to identify your access and monitor usage and web traffic on our Platform to customise and improve our products and services.

We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our Site or a partner site that uses our services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).

We use the following types of cookies:

(a) Strictly necessary cookies – these are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our website.

You can block cookies by activating the setting on your browser that allows you to refuse the use of all or some cookies. However, if you do so, you may not be able to access all or parts of our site.

LEGAL BASES TABLE