Contact us
EnglishTraditional ChineseBahasa Melayu

Privacy Policy - English

Version 1.0

Last revised on: March 2021

This privacy policy (the "Policy") is intended to inform you of the types of information KKT Technology Pte. Ltd. (UEN: 201504218R), a company incorporated under the laws of Singapore and trading as “Holmusk” or any of its affiliated companies ("we" or "us" or "Company"), collects, as well as our policies and practices regarding the collection, use, and disclosure of that information through the mHaven Application and Services in accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”), and other applicable laws.

Unless otherwise defined herein, capitalised terms used in this Policy shall have the same meanings as those defined in the mHaven Terms of Use (accessible at: http://mhaven.co/terms.html) (“Terms”).

Please read this Policy carefully, because by using the Application and Services, you are acknowledging that you understand and agree to the terms of this Policy, and consent to the types of information and the manner in which we may collect, use and disclose such information. If you do not agree to the terms of this Policy, please do not use the Application and Services.

We reserve the right to change the provisions of this Policy at any time. We will alert you that changes have been made by indicating on the Policy the date it was updated. We encourage you to review this Policy from time to time to make sure that you understand how any information you provide will be used. Each time you access the Application and Services, the most recent version of the Policy will apply. Your continued use of the Application and Services following the posting of changes to these terms will mean you accept those changes.

We will ensure that all Personal Information (as defined below) that we collect and maintain will be (i) processed lawfully, fairly, and in a transparent manner; (ii) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (iii) adequate, relevant, and limited to what is necessary; (iv) accurate and kept up to date; and (v) processed in a manner that ensures appropriate security of the Personal Information, including protection against unauthorised or lawful processing and against accidental loss, destruction or damage.

I. Information We Collect

Personal Information You Provide to Us

When you register for a User Account and access or use the Application and Services, depending on the nature of your interactions with us, we may collect information including but not limited to:

• your name, email address, username, password, demographic information (such as age range, gender, occupation);

• personally-identifiable medical and health related information which you provide to us and such information about you prepared by Coaches through your interactions with Coaches via the Application and Services information (including but not limited to information or records relating to your medical or health history, your mental health including past and current diagnoses, severity of depressive state, depressive symptoms, medical claims, health status, laboratory testing results, medication adherence, medication side effects, activity, and data (including data obtained by third party devices and applications) (as applicable));

• billing information which you provide us (e.g. credit card information), information about the Device(s) you are using, your geographical location; and

• any other information that you may provide while accessing or using the Application and Services, which comprises “personal data” within the meaning of the PDPA (i.e. data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access), and other applicable laws,

(collectively, "Personal Information").

We only have access to and collect Personal Information that:

• you voluntarily provide to us by filling out our online forms and surveys which are part of the Application and Services, granting us access to your health records, or via email or other direct contact with you.

• you voluntarily provide to us via a third party which you have authorised to disclose Personal Information to us (e.g. your employer or insurer if they process medical care claims) (“Authorised Representative”).

• we are permitted or required by the PDPA or other applicable laws without your consent.

We shall seek your consent before collecting any additional Personal Information and before using your Personal Information for a purpose which has not been notified to you (except where permitted or authorised by law).

If you do not want this information to be shared with our employees, service providers and subcontractors, upon your request, we will not share your information. However, your ability to access and use the Application and Services, and request services, may be limited or interrupted.

Information Collected by Automated Means

Whenever you use the Application and Services, we and/or our service providers, may use a variety of technologies that automatically collect information about how the Application and Services are accessed and used (“Usage Information”). Usage Information may include, in part, browser type, operating system, the page viewed, the time, how many users visited the Application and Services, and the website you visited immediately before the Application and Services. This statistical data provides us with information about the use of the Application and Services, such as how many visitors visit a specific page on the Application and Services, how long they stay on that page, which websites they are coming from and which hyperlinks, if any, they “click” on. Usage Information helps us to keep the Application and Services user friendly and to provide users with readily accessible and helpful information. We may also use your Usage Information to troubleshoot issues with access or use of our Application and Services. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we treat it as Personal Information.

We believe that such technology usage is fair, lawful, and proportional to the legitimate interest and needs of our business, and that our methodology fairly addresses each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected.

II. How Do We Use Your Information?

We will use your information to respond to you regarding the reason you contacted us.

We will also use your information as follows:

• onboarding you to the Application to utilise the Services by registering for a User Account and verifying your identity;

• performing obligations in the course of or in connection with our provision of the Application and (specific) Services to you (including the provision of any mental health and wellness coaching and information services by way of the Coaches, as applicable);

• contacting you about the products/services on our Application and Services in which you have expressed interest or subscribed to and allows you to easily update your contact information;

• managing your relationship with us, responding to, handling, and processing queries, requests, applications, complaints, and feedback from you, and notifying you about changes to our Application or this Policy;

• processing or facilitating the processing of your claims and payment transactions;

• improving the quality of our mental health and wellness coaching and information services through the performance of quality reviews and similar activities;

• creating Anonymised Information (e.g. aggregate statistics relating to the use of the Application and Services) for the purposes of analytics and market research;

• notifying you when updates to the Application are available;

• marketing and promoting the Application and Services, and the services and products offered on the Application and Services to you;

• conveying mental health and wellness information to you;

• complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

• for any other purposes for which you have provided the information;

• transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and/or

• any other incidental business purposes related to or in connection with the above.

You hereby explicitly consent for us to use your information for the purposes set out above. Where we do contact you in connection with any of the purposes set out above, you agree that we may contact you directly (by email, text messaging, calls, post) using the information provided to us by you or through your Authorised Representative. If at any time you wish that we cease communication with you, please notify us using the contact information provided below in the “Contact Us” section.

We may rely on the “legitimate interests” exception under the PDPA (and similar exceptions under other applicable laws) to collect, use and disclose personal data without your consent for the purposes of detecting and preventing fraud and misuse of our services. Such disclosures may be made to your insurer or your employer, where relevant for such purposes.

III. Do We Share Your Information?

Except as provided herein, we will not trade, rent, share or sell your Personal Information to third parties, unless you ask or provide your consent to do so, we will not share your Personal Information with any third party outside of our organisation, provided always that we may disclose your Personal Information to third parties (who process your Personal Information on our behalf or otherwise) where such disclosures are required for performing our obligations in connection with providing you with the Application and Services, in the following circumstances:

• to our subsidiaries, related companies, affiliates, or partners;

• to your Coaches, who will have generally have access to the information that you input into the Application or via the Services. Specifically, your Coaches will be able see personally-identifiable medical and health related data you input. Your Personal Information may be included by the Coach as part of your health records and use of such information by the Coach will be governed by the Coach’s professional obligations;

• to the relevant parties who may process your claims for your medical care (which may include your employer or your insurer if you are making claims under your employee or insurance benefits scheme or policy). In such circumstances, we may disclose your medical diagnosis/information to such parties for the purposes of claims processing and/or verification of utilisation, if required by such parties;

• to our service providers and subcontractors in order to troubleshoot issues you may have with the Application, the Services or your User Account, or to assist us in our provision of the Application and Services. Only employees, service providers (including data service providers) and subcontractors who need the Personal Information to perform a specific job are granted access to Personal Information. The computers/servers in which we store Personal Information are kept in a secure environment, and these third parties  are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them;

• when we believe in good faith that such disclosures (a) are required by law, including, for example, to comply with a court order or subpoena, or (b) will help to: enforce our policies; protect your safety or security, including the safety and security of property that belongs to you; and/or protect the safety and security of the Application and Services, us, our employees, our service providers, our subcontractors, other third parties, or equipment that belongs to us, our service providers, or our subcontractors. Disclosures in this limited scenario would be made to a court of law, law enforcement, or other public or government authority;

• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information maintained on the Application and Services is among the assets transferred; and/or

• to any other person or organisation disclosed by us when you provide the information.

International Transfers: By using our Application and Services, you agree that any transfer of your Personal Information to various countries is necessary and reasonable for us to provide you with the Application and Services, and acknowledge that such third parties processing your Personal Information either on our behalf or otherwise may be located in a different country from the point of collection of your Personal Information (including transfers to servers located in Hong Kong (or such other country as determined by the Company from time to time) which may be outside of the country you are accessing the Application and Services from), or may have multiple physical locations and backups (e.g. cloud based services).

Where we disclose your Personal Information to third parties, we will employ our best efforts to ensure such third parties protect your Personal Information and meet our data security standards, and process Personal Information provided to them only for the purpose of providing the specific service to us.

We may use non-identifiable anonymous data that is based on users’ access or use of the Application and Services that may be used by us to improve the Application and/or Services. We may also use anonymised data based on your use of the Application and Services, including de-identified health data and combine such de-identified data with data or other anonymous data (“Anonymised Information”). Anonymised Information may include information that describes the habits, usage patterns, survey responses and/or demographic information of users as a group, but does not identify any particular users. We may provide Anonymised Information to our third party collaborators and partners. Such Anonymised Information does not comprise of and does not constitute Personal Information protected by law. Such Anonymised Information is not subject to data privacy laws, and may be transferred, disclosed, assigned, leased, licensed, sold and otherwise shared with and by our partners, service providers, advertisers and/or other third parties for any purposes permitted under applicable law.

Your Access to and Control Over Your Information

We offer you choices regarding the collection, use, and sharing of your Personal Information. Our Application and Services do not currently respond to browser-based do-not-track signals. You can choose to have your computer warn you each time a cookie is being set, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is different, so look at your browser's Help menu to learn the proper way to modify your browser’s cookies setting.

If you disable cookies, some features may be disabled that make your user experience more efficient and some of our services may not function properly.

You may do the following at any time by contacting us via the email address provided on our Application and Services, or to our Data Protection Officer whose details are set out below:

• Accessing and updating your Personal Information

• Withdraw your consent

Accessing and Updating your Personal Information

You may access and correct your Personal Information that is in the possession or under the control of the Company at any time by way of the Application and Services. You may also request for a copy of such information. Please note that a reasonable fee may be charged for an access request or where a copy of your information is so requested. If so, we will inform you of the fee before processing your request. No fee is payable for any request to correct your Personal Information (including any incomplete or inaccurate information).

To access, review, correct, or remove your Personal Information or part thereof, please submit a request to our DPO via the contact information provided below. While we will try our best to accommodate your request, we reserve the right to reject or limit any such requests in accordance with the provisions of any applicable laws or regulations.

Unless the Company is satisfied on reasonable grounds that a correction should not be made, the Company shall correct the Personal Information as soon as practicable, and send the corrected information to every other organisation to which such information had been provided to within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within twenty-one (21) days after receiving your request, we will inform you in writing of the time by which we will be able to respond to your request. If we are unable to accede to any request for access to or to correct any of your information, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under any applicable law or regulations).

If you do not want your information to be shared with our employees, service providers and subcontractors, upon your request, we will not share your information. However, your ability to access and use the Application and Services may be limited or interrupted.

Withdrawing your consent

The consent that you provide for the collection, use and disclosure of your Personal Information will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Information for any or all of the purposes listed above at any time by submitting your request via email to our DPO via the contact information provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time to process your request and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing you with access to our Application and Services and we shall, in such circumstances, notify you of the same before completing the processing of your request. You may cancel your withdrawal of consent by submitting your request via email to our DPO via the contact information provided below. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Information where such collection, use and disclosure without consent is permitted or required under applicable laws (please see Section VII – Retention of Personal Information below).

IV. What Steps Do We Take to Protect Your Information?

We take measures designed to protect your Personal Information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We provide physical, electronic, and procedural safeguards to protect Personal Information we process and maintain. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other types of misuse. To protect the confidentiality of Personal Information maintained in your account, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Application and Services by any person using your password. Please advise us immediately if you believe your password has been misused. If you have reason to believe that your interaction with us is no longer secure, if you feel that the security of any account you might have with us might have been compromised, or if you suspect that someone else is using your account, please contact us immediately using the contact information provided below in the “Contact Us” Section.

V. Does This Policy Apply to Other Websites Linked to Or from the Application and Services?

The Application and Services may contain links to other websites. Any Personal Information you provide on linked pages or sites is provided directly to that third party and is subject to that third party’s privacy policy. This Policy does not apply to such linked sites, and we are not responsible for the content or privacy and security practices and policies of these websites or any other sites that are linked to or from the Application and/or Services. We encourage you to learn about their privacy and security practices and policies before providing them with Personal Information.

VI. Do We Collect Information from Persons Under the Age of 18?

The Application and Services are not intended for use by individuals under the age of 18 or the age that the law in the country you reside in requires for you to legally access and/or use the Application and Services (whichever is higher), and the Company does not knowingly collect or use any Personal Information from such persons. If we become aware that we have unknowingly collected Personal Information from a person under the age of 18 or the age that the law in the country you reside in requires for you to legally access and/or use the Application and Services (whichever is higher), we will make commercially reasonable efforts to delete such Personal Information from our database.

VII. Retention of Personal Information

We may allow you to delete some of the records that are stored on the Application or Services, by way of your User Account. However, please note that such deletion(s) shall only delete your records from the Application. A back-up copy shall be retained by our Company for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your Personal Information, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Information was collected, and is no longer necessary for legal or business purposes.

VIII. Miscellaneous

By using the Services, you are representing that you agree to the Terms and this Policy, and this agreement supersedes any other agreement that we might have with you concerning the use of your Personal Information. If you do not agree to any of these terms and conditions, you must stop using/accessing the Application and Services immediately. Except as otherwise specified in this Policy, this Policy shall be governed by and construed in accordance with the laws of Singapore.

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, the Application and Services, and your information as collected, processed and maintained through our Application and Services may be included in the assets sold or transferred to the acquirer. You agree that we may transfer or assign the information we have collected about you in connection with any such event. In the event of a bankruptcy, insolvency, reorganisation, receivership or assignment for the benefit of creditors, we may not be able to control how your Personal Information is treated, transferred, or used.

IX. Contact Us

If you have any questions about this Policy, please contact our Data Protection Officer (“DPO”) via email at: privacy@holmusk.com. To exercise any of your rights in this Privacy Policy please contact us in writing, via email as indicated above, so that we may consider your request under applicable law. Please be aware that to facilitate our review and processing of your request you will be required to provide the following details:

• The name, user ID, pseudonym, email address, or other identifier that you have used to use the Application and Services, or if you are not a registered user of the Application and Services, or have not otherwise previously interacted with us, your first and last name and an address where we can correspond with you.

• State or Country in which you are located.

• Clear description of the nature of your request and the action you wish to be taken.

• Sufficient information to allow us to assess and carry out your request (if applicable).

For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request.

In addition, please note that, depending on the nature of your inquiry, request or complaint, we may need to verify your identity before implementing your request and may require proof of identity, such as in the form of a government issued ID and proof of geographical address.

We will endeavour to respond to your request as soon as reasonably practicable.

Addendum – Additional terms relating to New Zealand

If you reside or are in New Zealand and register for a User Account and access or use the Application and Services, the terms of our standard privacy policy (the “Policy”) will apply to all Personal Information that we collect about you, except as indicated below:

1. References to the PDPA:

Throughout the Policy (e.g. in the first paragraph of the Policy), references to the “Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore” or “PDPA” shall be deleted and replaced with the “New Zealand Privacy Act 2020 (the “NZ Privacy Act”)”.

2. References to Data Protection Officer:

Throughout the Policy, references to “Data Protection Officer” shall be replaced by “Privacy Officer”.

3. In “I. Information We Collect”:

The final bullet point of the “Personal Information” paragraph is to be replaced with the following:

• any other information that you may provide while accessing or using the Application and Services, which comprises “personal information” within the meaning of the New Zealand Privacy Act 2020 (the “NZ Privacy Act”) (i.e. information about an identifiable individual), and other applicable laws.

4. In “II. How Do We Use Your Information?”:

The following is to be inserted as the new second last bullet point:

• the purposes of detecting and preventing fraud and misuse of our services (including, if necessary for such purposes, disclosure of your information to your insurer or employer)

The following words are deleted from the Policy, insofar as they relate to Personal Information about an individual located in New Zealand:

• “We may rely on the “legitimate interests” exception under the PDPA to collect, use and disclose personal data without your consent for the purposes of detecting and preventing fraud and misuse of our services. Such disclosures may be made to your insurer or your employer, where relevant for such purposes.”

5. In “III. Do We Share Your Information?”:

The following sentence is to be included at the end of the section:

• In this section, references to requests to withdraw consent shall mean the submission of a request to delete Personal Information.

These additional terms form part of the Policy. Except as expressly amended by these additional terms, the terms of the Policy shall remain in full force and effect. If there is a conflict with the terms set out in the Policy, these additional terms shall prevail to the extent of that conflict. If you do not agree to the terms of this Policy, please do not use the Application and Services.

Addendum - Additional terms relating to Australia

If you reside or are in Australia and register for a User Account and access or use the Application and Services, the terms of our standard privacy policy (the “Policy”) will apply to all Personal Information that we collect about you, except as indicated below:

1. References to PDPA:

Throughout the Policy (e.g. In the first paragraph of the Policy), references to the “Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore” or “PDPA” shall be deleted and replaced with the “Privacy Act 1988 (Cth) of Australia”.

2. In “I. Information we collect”:

The final bullet point of the “Personal Information” paragraph is to be replaced with the following:

• any other information that you may provide while accessing or using the Application and Services, which comprises “personal information” within the meaning of section 6 of the Privacy Act 1988 (Cth) of Australia (i.e. information or an opinion about an identified individual, or an individual who is reasonably identifiable, (a) whether the information or opinion is true or not, and (b) whether the information or opinion is recorded in a material form or not), and other applicable laws.

3. In “II. How Do We Use Your Information?”:

The following words are deleted from the Policy, insofar as they relate to Personal Information about an individual located in Australia:

• We may rely on the “legitimate interests” exception under the PDPA to collect, use and disclose personal data without your consent for the purposes of detecting and preventing fraud and misuse of our services. Such disclosures may be made to your insurer or your employer, where relevant for such purposes.

These additional terms form part of the Policy. Except as expressly amended by these additional terms, the terms of the Policy shall remain in full force and effect. If there is a conflict with the terms set out in the Policy, these additional terms shall prevail to the extent of that conflict. If you do not agree to the terms of this Policy, please do not use the Application and Services.

Addendum - Additional terms relating to Hong Kong

If you reside or are in Hong Kong and register for a User Account and access or use the Application and Services, the terms of our standard privacy policy (the “Policy”) will apply to all Personal Information that we collect about you, except as indicated below:

1. References to the Personal Data Protection Act 2012 of Singapore:

Throughout the Policy (e.g. In the first paragraph of the Policy), references to the “Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore” or “PDPA” shall be deleted and replaced with the “Personal Data (Privacy) Ordinance (Cap 486) of Hong Kong (“PDPO”)”.

2. In “I. Information We Collect”:

The final bullet point of the “Personal Information” paragraph is to be replaced with the following:

• any other information that you may provide while accessing or using the Application and Services, which comprises “personal data” within the meaning of the Personal Data (Privacy) Ordinance (Cap 486) of Hong Kong (“PDPO”), and other applicable laws.

The non-exhaustive list of information which we may collect shall be defined collectively, as “Personal Information” or “personal data”.

The following paragraph shall be inserted below the “Personal Information” definition:

• You are not required to provide your Personal Information to us but if you do not, we may not be able to provide you with our Services. We will indicate in the relevant forms or applications if the required Personal Information is for obligatory or voluntary purposes. If the Personal Information is to be used for an obligatory purpose, we will not be able to provide the service for which you are applying if you fail to supply such Personal Information to us. If Personal Information is only used for a voluntary purpose, you can choose not to supply such Personal Information to us.

3. In “II. How Do We Use Your Information?”:

The following sub-section is to be inserted after the last paragraph of this section:

Direct Marketing

We intend to use the following personal data:

• name; and

• e-mail address,

for direct marketing purposes to provide you with the following relating to the products/services on our Application and Services:

• newsletter;

• product or service promotion; and

• event invitations.

We cannot use your personal data in direct marketing unless we have your specific prescribed consent or indication of no objection to the intended use.

If you consent to our use of your personal data for the relevant direct marketing purposes, please indicate accordingly in the relevant forms and/or applications in the designated place by ticking the relevant box. If you tick the box, you agree that we may use your personal data for the relevant direct marketing purposes.

If you want to withdraw your consent for us to use your personal data for direct marketing purposes, you may, at any time without charge contact our Data Protection Officer by sending an email to privacy@holmusk.com.

4. In “III. Do We Share Your Information?”:

The first bullet point of the first paragraph shall be replaced with the following:

• to our subsidiaries, related companies, affiliates, or partners, which operate the business of providing services related to our Services to you;

The final bullet point of the first paragraph shall be replaced with the following:

• the purposes of detecting and preventing fraud and misuse of our services (including, if necessary for such purposes, disclosure of your information to your insurer or employer).

The following words are deleted from the Policy, insofar as they relate to Personal Information about an individual located in Hong Kong:

• “We may rely on the “legitimate interests” exception under the PDPA (and similar exceptions under applicable laws) to collect, use and disclose personal data without your consent for the purposes of detecting and preventing fraud and misuse of our services. Such disclosures may be made to your insurer or your employer, where relevant for such purposes.”

The “Accessing and Updating your Personal Information” sub-section shall be replaced with the following:

Accessing and Updating your Personal Information

Your Right to Access

You have the right to access your personal data, including requesting information on whether we processes your data, which data are processed, and you may also request a copy of the data that you or a third person provided to us and which data is being processed by us.

If you submit the completed Data Access Request Form (Form OPS003) (the “DAR Form”) specified by the Privacy Commissioner for Personal Data of Hong Kong to our Data Protection Officer to confirm whether or not we processes your personal data, then you have the right that obliges us to confirm that we process your personal data, or does not process your personal data.

Your right to obtain confirmation whether we process (or does not process) your personal data:

(a) does not include data that is anonymous;

(b) includes the personal data that concern you;

(c) does not include personal data that does not concern you; and

(d) includes pseudonymous data that can be clearly linked to you.

We shall provide you with a copy of your personal data if:

(a) you submit the DAR Form to us;

(b) we confirm that we process your personal data;

(c) there is no contrary evidence that you do not wish to obtain a copy; and

(d) you agree to and pay the fee imposed by us which is directly related to and necessary without being excessive to comply with the data access request.

Your Right to Rectification

You have the right to the correction of your personal data. This enables you to ask that any inaccurate data we hold about you be corrected without charge.

Your right to obtain rectification of your data that are inaccurate:

(a) does not include data that is anonymous;

(b) includes the personal data that concern you;

(c) does not include personal data that does not concern you; and

(d) includes pseudonymous data that can be clearly linked to you.

We shall rectify your personal data if:

(a) we process your personal data;

(b) we are satisfied that the personal data in question are inaccurate;

(c) you submit a data correction request (“DCR”) to us; and

(d) we are satisfied that the correction in the DCR is accurate.

We may verify any and all data provided to us. We shall taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to communicate the rectification of your personal data to recipients of such personal data (if any). However, we shall not communicate the rectification of personal data to recipients if the communication to such recipients is either impossible or involves a disproportionate effort.

5. In “VIII. Miscellaneous”:

The following shall be inserted as the last sentence of the section:

• The original of this Agreement is written in the English language. In the event of any conflict between the English and other language versions, the English version shall prevail.

These additional terms form part of the Policy. Except as expressly amended by these additional terms, the terms of the Policy shall remain in full force and effect. If there is a conflict with the terms set out in the Policy, these additional terms shall prevail to the extent of that conflict. If you do not agree to the terms of this Policy, please do not use the Application and Services.

Addendum - Additional terms relating to Malaysia

If you reside or are in Malaysia and register for a User Account and access or use the Application and Services, the terms of our standard privacy policy (the “Policy”) will apply to all Personal Information that we collect about you, except as indicated below:

1. References to the Personal Data Protection Act 2012 of Singapore:

Throughout the Policy (e.g. In the first paragraph of the Policy), references to the “Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore” shall be deleted and replaced with the “Personal Data Protection Act 2010 of Malaysia”.

2. In “I. Information We Collect”:

The final bullet point of the “Personal Information” paragraph is to be replaced with the following:

• any other information that you may provide while accessing or using the Application and Services, which comprises “personal data” within the meaning of the Personal Data Protection Act 2010 of Malaysia (“PDPA”), and other applicable laws

3. In “VIII. Miscellaneous”:

The following shall be inserted as the last sentence of the section:

• The original of this Agreement is written in the English language. In the event of any conflict between the English and other language versions, the English version shall prevail.

These additional terms form part of the Policy. Except as expressly amended by these additional terms, the terms of the Policy shall remain in full force and effect. If there is a conflict with the terms set out in the Policy, these additional terms shall prevail to the extent of that conflict. If you do not agree to the terms of this Policy, please do not use the Application and Services.