In this Privacy Policy, unless the context otherwise requires, “Personal Data” means (a) data, whether true or not, about an individual who can be identified (i) from that data; or (ii) from that data and other information to which we have or are likely to have access, and (b) any other similar definition under any applicable Personal Data protection laws.

1. 1. We may collect and process the following Personal Data about you:
      • Information you give us - information that you provide us (which may include your name, address, e-mail address, wallet address, and other personal descriptions) by filling in forms on our Website, or by corresponding with us (by email or otherwise), for example when you:
        • register for an account with us on our Website;
        • connect a wallet to the Website;
        • use certain features on our Website;
        • request any support from us, including reporting any problem to us;
        • provide us with information via e-mail;
        • complete any survey or questionnaire we send you;
        • subscribe to our newsletters or mailing lists (if any);
        • provide us with comments or suggestions;
        • request for information about our platform or services; or
        • contact us by email.
      • Information collected by Sum and Substance Ltd. - to process participation on the Website, detailed personal information may be requested by a third-party service provider engaged by the Ecosystem Operator (currently Sum and Substance Ltd) to prevent or detect crime, including fraud and financial crime, financing for terrorism and human trafficking and to comply with anti-money laundering requirements. All such personal information will be collected under the privacy policy of Sum and Substance Ltd, and the Ecosystem Operator will not have any access to this Personal Information.
      • Information we collect about you - information automatically collected when you visit our Website, for example:
        • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet and your log-in information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;
        • details of any transactions, purchases and payments you made on our Website; and
        • information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
   2. By visiting or using our Website/platform or our services, you acknowledge that we collect and process the above types of Personal Data and information.

1. 1. Our Website uses cookies to distinguish you from other users of the Website. This helps us to provide you with a good experience when you browse our site and also allows us to improve our Website.
   2. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree to the use of cookies. Cookies contain information that is transferred to your computer's hard drive.
   3. By continuing to browse the Website, you are agreeing to our use of cookies.
   4. We use persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our Website or a partner website that uses our services. Session cookies only last for as long as the session (usually the current visit to a website or a browser session).
   5. We use the following cookies :
      • Strictly necessary cookies - These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.
      • Analytical/performance cookies - They allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
      • Functionality cookies - These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
      • Targeting cookies - These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the information displayed on it more relevant to your interests.
   6. Cookies may be erased when you exit the Website or close the browser. Others are saved on your device for your next visit. You can delete all cookies placed by our Website on your device at any time. You can also set your browser to prevent all cookies from being placed by our platform or to provide you with a warning before a cookie is placed. However, please note that some functionalities of the platform may not work if all cookies are rejected. Please check your browser’s instructions or help screen to learn more about these functions.
   7. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, which we do not have any control over. These cookies are likely to be analytical/performance cookies or targeting cookies.

1. 1. We may use your Personal Data for the following purposes:
      • providing, operating and administering the Website, Ecosystem, platform and/or services, which shall include the maintenance, servicing and termination of any accounts registered with the platform;
      • processing applications for the use of the Website, Ecosystem, platform and/or services, including facilitated execution or administration of any transaction(s) requested and/or authorized by you; managing project allocations and token distributions; generating Propellor tickets and keeping you updated about Propellor and its services and updates. If you contact us via email to the contacts set out on the Website, we will keep a record of that correspondence.
      • improving, enhancing and developing our Website, Ecosystem, platform and/or services;
      • researching, designing and launching new features or products;
      • managing, administering or presenting content and information on our Website, Ecosystem, platform and/or services in the most effective manner for you and for the device you use;
      • providing you with alerts, updates, materials or information about our services or other types of information that you requested or signed up to;
      • carrying out our contractual obligations arising from contracts entered into between you and us and for the enforcement of our legal or contractual rights;
      • to verify your identity so as to ensure the safety and integrity of the transactions made through our platform (including through any payment processor);
      • to monitor electronic communications and calls for management quality control and training;
      • where applicable, for complying with applicable local and foreign laws and regulations applicable to us in or outside of Singapore that may include the conduct of due diligence procedures for opening of accounts and ongoing monitoring purposes;
      • where applicable, for legal and compliance purposes under applicable local and foreign laws that include the monitoring and compliance procedures that is in line with the internal risk management procedures, audit/financial accounting and for management reporting purposes;
      • to comply with any applicable legislation, law, regulations, codes of practice, rules, including where information is to be disclosed to law enforcement agencies and other relevant authorities for investigations, crime prevention and detection purposes;
      • to prevent and/or detect fraudulent behaviour or transactions or potential illegal or criminal activity as part of our efforts to keep our platform safe and secure;
      • responding or taking part in legal proceedings, including seeking professional advice;
      • for direct marketing purposes (please see further details in Clause 4.2 below);
      • communicating with you and responding to your questions or requests;
      • for internal operations, including troubleshooting and data analysis to learn about and understand the behaviour and preferences of users, testing, research, statistical and survey purposes to identify products or services which we might offer to existing and future users; and
      • purposes directly related or incidental to the above.
   2. We may use your Personal Data in direct marketing (i.e. offering or advertising products or services by sending the relevant information directly to you). In relation to direct marketing, where we are required to do so, we will obtain your consent before using your Personal Data for this purpose. If you prefer not to receive our direct marketing communications and/or not have your Personal Data shared among the members of our group for the purpose of marketing, you can have your name deleted from our direct marketing and/or shared information lists by clicking ‘unsubscribe’ at the footer of our emails or submit a request to us at dpo@propellorpad.com.
   3. By visiting or using our Website/platform or our services, you acknowledge that we collect, use, and/or disclose the Personal Data we collect in the ways listed above.
   4. If we need to collect, use and/or disclose your Personal Data for additional purposes, unless excepted by law, we will seek prior consent from you where you will be informed of the new purposes, and we will obtain your consent before such Personal Data will be collected, used and/or disclosed by us.

1. 1. We will keep your Personal Data we hold confidential, but you agree we may provide your Personal Data to:
      • personnel, agents, advisers, auditors, contractors, and third-party service providers in connection with our operations or services;
      • our business partners and counterparts (on a need-to-know basis only);
      • the project partners where you have successfully purchased utility tokens using the Website in accordance with Propellor’s Terms & Conditions;
      • persons to whom we are required to make disclosure under applicable laws and regulations; or
      • actual or proposed transferees of our operations (or a substantial part thereof).
   2. We will also need to share your Personal Data if we are under a duty to disclose or share it to comply with legal obligations, in which case we will share your information with law enforcement agencies in connection with any investigation to help prevent unlawful activity.
   3. We will also share your information with third parties in the event that:
      • we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets (but only to the extent we need to, and always in accordance with data protection legislation) and/or
      • if we or substantially all of our assets are acquired by a third party, in which case Personal Data held by us about our customers will be part of the assets transferred to such third party.
   4. We process your Personal Data for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your Personal Data in this way, the relevant buyer of our business may not be able to provide services to you.
   5. Where applicable, we will ensure that the Personal Data enjoys the same standards of protection as set out in this Privacy Policy.
   6. If we transfer any of your Personal Data to a country or territory outside Singapore, or to a permitted third party located outside of Singapore, we will only do so if we ensure that the overseas receiving party is bound by legally enforceable obligations to afford the transferred data a standard of protection that is comparable to that under Singapore law. We will also ensure that any overseas recipient is able to provide appropriate technical and organisational measures to protect your Personal Data and its confidentiality.
   7. If you are in the United Kingdom or the EEA you should refer to the section below headed “Additional information for users of our Website/platform who are located in the United Kingdom or the European Economic Area”.

1. 1. We will use technical and organisational measures to safeguard your Personal Data, for example:
      • we restrict access to Personal Data to our employees, service providers and contractors on a strictly need-to-know basis and ensure that those persons are subject to contractual confidentiality obligations; and
      • we review our Personal Data collection, storage and processing practices from time to time to guard against unauthorised access, processing or use.
   2. While we will use all reasonable efforts to safeguard your Personal Data, you acknowledge that the transmission of information via the Internet is not completely secure and for this reason we cannot guarantee the security or integrity of any Personal Data that is transferred from you or to you via the internet; any transmission is at your own risk.
   3. In the event that there is a security breach involving your Personal Data, we will inform you of the incident in accordance with the relevant data protection laws.

1. 1. We may store the Personal Data that we collect from you on internal servers that belong to us and/or our affiliated companies, and/or with commercial cloud storage providers engaged by us and/or our affiliated companies. These servers may be located in or outside of Singapore. Therefore, your data may be transferred to and stored in different jurisdictions and may also be processed by staff operating within the various countries who work for us or for one of our contractors and/or our affiliated companies.
   2. By submitting your Personal Data, you agree to such transfer, storage or processing of your data. In such a case, we will ensure that the receiving organisations will provide a minimum standard of protection to your data that is comparable to the required protection under Singapore law.
   3. Unfortunately, the transmission of information via the internet is not completely secure. We will take commercially reasonable steps to ensure that your Personal Data is handled securely and in accordance with this Privacy Policy and the relevant privacy laws, but are unable to guarantee the secure transmission of information via the internet.
   4. You may have additional rights if you are located in the UK or the EEA (see the section below headed “Additional information for users of our Website/platform who are located in the United Kingdom or the European Economic Area”).

1. 1. You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the purposes listed above by submitting your request via email to our Data Protection Officer at the contact details provided below. We will endeavour to process your request within seven (7) business days from the day of receipt of your request, otherwise, we will provide you with the estimated time frame for us to carry out your request.
   2. If you have consented or signed up to receive marketing materials, you may withdraw your consent at any time and request us to stop sending you marketing materials or to stop using your Personal Data for any other marketing activities by submitting your request via email to our Data Protection Officer at the contact details provided below. We will endeavour to process your request within seven (7) business days from the day of receipt of your request.
   3. Please note that depending on the nature and scope of your request for withdrawal of consent, we may not be in a position to continue providing the platform or our services to you. In our acknowledgement email to you upon your request for withdrawal of consent, we will inform you of the likely consequences of withdrawing consent.
   4. If you do withdraw your consent, we will work with all relevant stakeholders such as data intermediaries and agents who have been authorised to collect, process or use your Personal Data to ensure that such relevant stakeholders also cease to collect, process or use your Personal Data.
   5. You may have additional rights if you are located in the UK or the EEA (see the section below headed “Additional information for users of our Website/platform who are located in the United Kingdom or the European Economic Area”).

1. 1. You may send our Data Protection Officer requests for:
      • access to Personal Data which we hold about you; and/or
      • access to information about the ways in which we use or disclose or may have used or disclosed your Personal Data for the year immediately preceding the date of your request.
   2. Subject to unforeseen circumstances, any access request may be subject to a fee of approximately S$50 to meet our costs in providing you with details of the information we hold about you.
   3. If we are unable to respond to your requests within thirty (30) days after receipt of your request, we will inform you within that time in writing the time by which we will be able to respond to the request.
   4. If you are in the United Kingdom or the EEA you should refer to the section below headed “Additional information for users of our Website/platform who are located in the United Kingdom or the European Economic Area”.

1. 1. We will make reasonable efforts to ensure the accuracy and completeness of the Personal Data you provide to us and/or update your Personal Data associated with your account on the platform. However, we also will require you to provide us with accurate, up-to-date and complete information. In order to ensure that the Personal Data that we maintain is accurate, you may send our Data Protection Officer at any time requests to update your information or for correction of errors or omissions in Personal Data which we hold about you.
   2. We will generally not charge for correction requests, although we reserve the right to do so under unforeseen circumstances. If we are unable to respond to your requests within thirty (30) days after receipt of your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to the request.

1. 1. To the extent applicable under the PDPA, as long as you have an existing direct contractual arrangement with us, you may send our Data Protection Officer a request for us to transmit your Personal Data, which was collected or created by us prior to the date of your request, which is in our possession or under our control, to another organisation in Singapore.
   2. If we are unable to respond to your requests within thirty (30) days after receipt of your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to the request.

1. 1. We will only retain and use Personal Data for as long as is required by law or for other legitimate business purposes including complying with our legal obligations, resolving disputes and enforcing our agreements.
   2. We will ensure that your Personal Data is destroyed, remove them from our records, and/or ensure that it no longer contains personally identifiable information, as soon as it is reasonable to assume that:
      • the purpose for which the Personal Data was collected is no longer relevant; or
      • where you have deleted your account with us, whichever is later.
   3. To determine the appropriate retention period for the Personal Data we hold, we will consider the amount, nature and sensitivity of the Personal Data, the risk of harm from unauthorised use or disclosure of your Personal Data, the reasons why we handle your Personal Data, whether we can achieve those purposes through other means, and the applicable legal requirements.
   4. We may also anonymise your Personal Data so that it can no longer be associated with you, in which case we may retain and use this information indefinitely without further notice to you.

1. 1. Our platform/Website or our communication with you may, from time to time, contain links to third-party websites and/or websites of our partner networks, advertisers, affiliates and third party service providers, over which we have no control.
   2. If you follow a link to any of these websites, please note that they have their own practices and policies. We encourage you to read the privacy policies or statements of these websites to understand your rights. We accept no responsibility or liability for your access of third-party websites.

We may amend this policy from time to time by posting the updated policy on our Website and/or platform. Any changes that we make will be posted on this page and, where appropriate, notified to you by e-mail or post. You should check this policy frequently to ensure you are aware of the most recent version that will apply each time you access the Website/platform. By continuing to use our Website/platform after the changes come into effect means that you agree to be bound by the revised policy.

If you have any questions, comments or requests regarding this Privacy Policy or your Personal Data, please address them to: contact@propellorpad.com.

1. 1. If you are in the UK or EEA the GDPR will apply to our use of your Personal Data. The “GDPR” means the EU General Data Protection Regulation which applies to the EEA and the UK GDPR which applies in the UK.
   2. For the purposes of the GDPR, the Ecosystem Operator is the controller of the Personal Data about you that we process. Our contact details are found in Clause 15 above.
   3. We only process your Personal Data where applicable law permits or requires it, including where the processing is necessary for the performance of our contract to provide services to you, where the processing is necessary to comply with a legal obligation that applies to us, for our legitimate interests or the legitimate interests of third parties, or (in a few cases) with your consent. Our legitimate interests include to administer and market our business, improve, enhance and develop our Website and platform and provide customer support. Please contact our Data Protection Officer if you require more details of the lawful basis we use to process your Personal Data in the ways described in Clause 4 of this Privacy Policy.
   4. We do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
   5. If you are located in the UK or the EEA, it is sometimes necessary for us to transfer your Personal Data to countries outside the UK and EEA. Whenever we do so, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
      • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data
      • We will only transfer your Personal Data to a country outside the UK/EEA where there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you.
      • Where we use certain service providers, we may use specific contracts approved for use in the UK which give Personal Data the same protection it has in the UK.
   6. Please contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK/EEA.
   7. Subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
      • The right to request confirmation of whether we process Personal Data relating to you, and if so, to request a copy of that Personal Data;
      • The right to request that we rectify or update your Personal Data that is inaccurate, incomplete or outdated;
      • The right to request that we erase your Personal Data in certain circumstances provided by law;
      • The right to request that we restrict the use of your Personal Data in certain circumstances, such as while we consider another request that you have submitted (including a request that we make an update to your Personal Data);
      • The right to request that we export your Personal Data that we hold to another company, where technically feasible;
      • Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time; and/or
      • In some cases, you may also have the right to object to the processing of your Personal Data.
   8. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). We may however charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
   9. We may request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is to ensure that Personal Data is not disclosed to any person who has no right to receive it.
   10. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
   11. To exercise your rights, you may contact our Data Protection Officer. If you are a resident of the EEA you may direct your questions or complaints to the local data protection authority. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office (ico.org.uk or +44 (0) 303 123 1113).