PRIVACY POLICY
Version: November 12, 2022
1. PREAMBLE
1.1. Whereas KILDE PTE. LTD. (hereinafter referred to as Kilde) processes its clients’ personal data in the process of carrying out its business activities and:
1.2. is an organization in the meaning of the Personal Data Protection Act 2012 (hereinafter referred to as the Act);
1.3. is a controller of personal data in the meaning of the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the GDPR);
1.4. is governed by the principle of transparency, which suggests personal data processing on the basis and in accordance with the procedure prescribed by the current laws of the Republic of Singapore and, in certain cases, the GDPR; 1.5. intends to ensure a proper level of protection of processed personal data and compliance with applicable legislation, now therefore, it developed and approved this Privacy Policy for processing of personal data (hereinafter referred to as the Privacy Policy).
2. GENERAL PROVISIONS
2.1. The Privacy Policy prescribes the general requirements for processing and protection of clients’ personal data processed by Kilde by applying, fully or partially, automated facilities, as well as personal data contained in the website documents.
2.2. The Privacy Policy shall apply to processing of clients’ personal data by Kilde.
2.3. The Privacy Policy shall not apply to maintaining labor relations with natural persons (individuals) by Kilde.
2.4. The Privacy Policy shall not apply to processing legal entities’ data / information by Kilde, as well as data / information not constituting clients’ personal data.
2.5. The Privacy Policy is developed on the basis of the GDPR, Act, Personal Data Protection Regulations 2014, other laws and subordinate regulatory acts governing personal data processing etc.
2.6. Kilde accounted for the provisions of the GDPR in the process of development of the Privacy Policy.
2.7. The Privacy Policy shall constitute an integral part of the Terms of Use for investors (in the meaning provided by such document) and agreements with issuers (in the meaning provided by such document(s)), and the respective transactions concluded via the website.
3. DEFINITIONS OF TERMS
3.1. In the Privacy Policy, the following terms shall have the following meanings:
3.1.1. “Website” shall mean the body of data, electronic (digital) information, other objects of copyrights and (or) allied rights etc. interrelated between each other and structured within the website address accessed through the Internet address: https://www.kilde.sg/.
3.1.2. “Client” shall mean a personal data subject who/which becomes registered with the website and/or is a party to a transaction concluded via the website. In case a legal entity becomes registered and/or is a party to a transaction concluded via the website, the general manager or a duly authorized representative of this legal entity shall be acknowledged as the personal data subject (the client). Kilde processes personal data of personal data subjects categorized as the Kilde’s clients.
3.1.3. “Personal data processing” shall mean the carrying out of any operation or set of operations in relation to the personal data, and includes any of the following: recording, holding, organization, adaptation or alteration, retrieval, combination, transmission, erasure or destruction, including by applying information (automated) systems.
3.1.4. “Personal data” shall mean data, whether true or not, about a personal data subject who can be identified: - from that data; - from that data and other information to which Kilde has or is a likely to have access.
3.1.5. “Personal data subject” shall mean a natural person (individual) whose personal data are processed.
3.2. Other terms are used in the meanings given in the regulatory legal and subordinate acts, regulations and documents defined in clauses 2.5-2.7 of the Privacy Policy.
3.3. The terms used in plural shall have the same meanings as those used in singular.
4. PRINCIPLES OF PERSONAL DATA PROCESSING
4.1. Kilde processes personal data in compliance with the following principles:4.1.1. Legality and lawfulness: personal data shall be processed in a legal and lawful manner. Kilde shall obtain the consent of a client on or before collect, use or disclose the personal data.
4.1.2. Transparency: Kilde shall inform a client of the purposes for the collection, use or disclosure of the personal data on or before collecting the personal data.
4.1.3. Purpose limitation: personal data shall be processed with an identified, clear and legal goal(s). Kilde may collect, use or disclose the personal data about a client only for purposes that a reasonable person would consider appropriate in the circumstances and that the client has been informed of.
4.1.4. Minimization: only personal data required to achieve the declared goal(s) shall be processed.
4.1.5. Proportionality: personal data shall be processed in accordance with a standard if reasonableness.
4.1.6. Accuracy: all measures necessary to destroy or correct inaccurate personal data shall be taken. Kilde shall make a reasonable effort to ensure that the personal data processed by Kilde is accurate and complete.
4.1.7. Storage limitation: personal data shall not be stored in the form and within the terms that enable to identify personal data subjects longer than required by the goals of their processing; personal data may be stored during longer periods to fulfil the obligations prescribed by the current laws.
4.1.8. Transfer limitation: Kilde shall not transfer any personal data to the third party, country or territory outside Singapore except in accordance with prescribed requirements to ensure that such third parties provide a standard of protection to the transferred 3 personal data that is comparable to the protection under the current applicable legislation.
Integrity, confidentiality and security: personal data shall be processed in a manner ensuring their proper security. Kilde shall protect the personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
5. COMPOSITION OF PERSONAL DATA
5.1. To conclude and implement transactions with clients or to register clients with the website, Kilde may, in particular, process the following personal data:5.1.1. Surname, name;
5.1.2. A copy of personal identification documents;
5.1.3. Date of birth;
5.1.4. Gender;
5.1.5. Telephone number;
5.1.6. Electronic mail address (email);
5.1.7. Communication language;
5.1.8. The taxpayer’s number (if applicable);
5.1.9. Postal address (place of residence);
5.1.10. A scanned copy of the passport or other ID-document;
5.1.11. Professional information, for example, information about client’s occupation and activity area;
5.1.12. Data on the client’s tax residency;
5.1.13. Due diligence data, including the data on reliability and legality of the client’s assets and funds;
5.1.14. Communication data, including the client’s communication with Kilde via any tool;
5.1.15. Bank account/bank card details.
5.2. The scope of clients’ personal data processed by Kilde may vary depending on the status selected by a client and on the fact whether this client is the general manager or a duly authorized representative of the legal entity on whose behalf and in whose interests the client acts.
5.3. Kilde may only process personal data in the scope sufficient to achieve the declared goal(s) and to fulfil the obligations prescribed by the current applicable legislation.
5.4. The arrangement of or a client’s participation in transactions via the website may require the client’s provision of additional personal data to be processed (in particular, to be transferred to the third parties) by Kilde in accordance with the procedure and on the terms and conditions prescribed by the respective regulatory legal and subordinate acts, regulations and documents defined in clauses 2.5-2.7 of the Privacy Policy.
5.5. Kilde shall not process personal data constituting an especial risk for clients’ rights and freedoms.
5.6. A client shall bear exclusive responsibility for the reliability of personal data.
5.7. Kilde may automatically process information, in particular, about:
5.7.1. Service-related data, such as execution or non-execution of contracts, transactions performed, contracts concluded, applications and documents submitted etc.;
5.7.2. Frequency of a client’s connections to the website, or frequency of reviews of its webpages;
5.7.3. Frequency of a client’s use of online services / software placed in the website;
5.7.4. Software and hardware used by a client to become connected to the website;
5.7.5. Requests made by a client by using the website;
5.7.6. Arrangement of or a client’s participation in transactions via the website;
5.7.7. IP addresses of clients’ devices, date and hour of a client’s carrying actions by using the website, online services / software placed in the website;
5.7.8. Kilde’s web-site cookies;
5.7.9. Google Analytics cookies;
5.7.10. Language selection cookies.
5.8. Other information shall be processed and used by Kilde to carry out business activities, to analyze clients’ use of the website, online services / software placed in the website, to improve the Kilde’s services and in pursuance of the requirements prescribed by the current applicable legislation.
6. GROUNDS FOR PERSONAL DATA PROCESSING
6.1. Kilde shall process personal data in case at least one of the conditions specified in section 13 of the Act are met, in particular:
6.1.1. a client’s consent to personal data processing;
6.1.2. as a condition of providing services after a client’s registration with the website;
6.1.3. conclusion and implementation of a transaction to which a client and Kilde are the parties.
7. PROCEDURE FOR PERSONAL DATA PROCESSING
7.1. The methods for collection of clients’ personal data by Kilde shall be as follows:
7.1.1. by applying automated personal data processing facilities;
7.1.2. by applying non-automated personal data processing facilities;
7.1.3. receipt of clients’ personal data during clients’ registration with the website;
7.1.4. receipt of personal data during clients’ use of online services or software placed in the website;
7.1.5. receipt of personal data during the arrangement of or a client’s participation in transactions made via the website. Kilde shall accumulate personal data by applying automatic facilities (server equipment, cloud storage facilities etc.) and/or non-automated facilities (card catalogues, archives etc.).
8. TERMS AND CONDITIONS FOR STORAGE OF PERSONAL DATA
8.1. According to the general rule, unless another term prescribed by the current applicable legislation, Kilde shall process clients’ personal data and other information within the term necessary to achieve the goal(s) of their processing, except the cases when at least one of the following conditions are met:
8.1.1. a client’s revocation of the consent to personal data processing;
8.1.2. a client’s deletion of his/her/its personal account (profile) created as a result of registration with the website;
8.1.3. dissolution (termination) of the transaction between Kilde and a client.8.2. To store personal data, Kilde may use its own server equipment and cloud information storage services.
8.3. A client shall alter his/her/its personal data independently, by updating the data/information/document etc. that were provided by him/her/it during the registration with the website, or by introducing the respective amendments to the transactions concluded with Kilde in accordance with the procedure prescribed by these transactions.
8.4. Kilde shall be entitled to verify the reliability of personal data, in particular, by requesting additional information from a client.
8.5. Kilde shall destroy or delete personal data in accordance with the procedure prescribed by the current applicable legislation. Personal data shall be deleted or destroyed, in particular, in the following cases:
8.5.1. expiry of the term for their storage;
8.5.2. termination of legal relations between Kilde and a client;
8.5.3. other cases prescribed by the current applicable legislation.
9. TRANSFER OF PERSONAL DATA
9.1. The provision for the proper arrangement of or a client’s participation in transaction made via the website may require that the client’s certain personal data should be transferred to the third parties in accordance with the procedure and on the terms and conditions prescribed by the regulatory legal and subordinate acts, regulations and documents defined in clauses 2.52.7 of the Privacy Policy.
9.2. As provided by the applicable legislation, regulations and documents, personal data and other information may be transferred by Kilde to state authorities, judicial authorities, lawenforcement authorities or Kilde’s subcontractor that need such personal data for provisions the clients with the services via the website. Personal data and other information may only be transferred by Kilde on the grounds provided for by the current applicable legislation.
9.3. In the event that a client is a non-resident of Singapore, Kilde shall also be entitled to transfer his/her/its personal data upon the lawful demand of state authorities of the country of his/her/its residence.
9.4. When Kilde transfers the personal data to its subcontractors for reaching the goal(s) of provided services, Kilde shall take appropriate steps to ensure that a receiving organization continues to comply with the current applicable legislation in respect of the personal data being transferred so long as such personal data remains in their possession or under their control and shall take appropriate steps to ensure that the recipient is bound by legally enforceable obligations, to provide the personal data transferred with a standard of protection comparable to that provided for by the current applicable legislation. 6
9.5. A client is granted access to personal data on the basis of his/her/its written application, unless otherwise provided by the Privacy Policy.
9.6. To obtain access to personal data, a person shall make a written application to Kilde for access to personal data.
9.7. An application for access to personal data shall contain:
9.7.1. surname, name and patronymic (if applicable), place of residence (stay) and essential details of the identification document of a client who makes the application (for an individual-applicant);
9.7.2. name, location of a legal entity which makes the application, position, surname, name and patronymic (if applicable) of a person who certifies the application; confirmation that the contents of the application meets the powers of the legal entity (for a legal entityapplicant);
9.7.3. surname, name and patronymic (if applicable), as well as other information enabling to identify an individual in whose respect the application is made;
9.7.4. information about the organization or controller of personal data;
9.7.5. list of personal data requested;
9.7.6. purpose of and/or legal grounds for the application.
9.8. Kilde shall, as soon as reasonably possible, provide the client with the access to his/her/its personal data, except the cases provide by current applicable legislation.
10. PERSONAL DATA SECURITY FACILITIES
10.1. Kilde shall protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
10.2. Kilde shall design and organize its security arrangements to fit the nature of the personal data held by the organization and the possible harm that might result from a security breach.
10.3. To protect personal data and other information, Kilde shall use a number of advanced technical automated information protection facilities.
10.4. The comprehensive information protection system shall meet the requirements prescribed by the current applicable legislation.
10.5. Automated security facilities shall enable to secure a proper level of protection of personal data and other information from unsanctioned access.
10.6. Client’s personal data may only be accessed by Kilde’s representatives who require this access in view of performing their professional duties. Access to personal data is only given to these persons to the extent required by them to perform their duties.
10.7. All representatives of Kilde to whom access to personal data is given shall undertake in writing not to disclose personal data to which they are given access or of which they become aware in view of performance of their duties.
10.8. In case the Kilde’s representative who is given such access is not required to have access to personal data or can perform his/her duties without having access to personal data, Kilde shall take measures aimed at making this person’s access to personal data impossible and documents and other carriers containing clients’ personal data shall be transferred to another representative of Kilde.
10.9. If necessary, Kilde shall provide for testing and updating the personal data protection systems to guarantee security of data processing.
10.10. Kilde shall take other technical and organizational measures to secure proper protection of personal data.
10.11. In case personal data protection is violated, Kilde shall, as soon as possible, notify Personal Data Protection Commission about this violation and clients affected by such data breach.
11. CLIENTS’ RIGHTS
11.1. In accordance with the procedure prescribed by the current applicable legislation, a client shall be entitled:
11.1.1. to know about the sources of collection, the location of his/her/its personal data, the place of its processing, the location or the place of residence (stay) of the organization or controller of his/her/its personal data (in the meaning provided by the applicable legislation);
11.1.2. to receive information about the terms and conditions for giving access to his/her/its personal data, particularly, information about the third parties to whom his/her/its personal data are transferred;
11.1.3. to have access to his/her/its personal data;
11.1.4. to receive, as soon as reasonably possible, a reply of whether his/her/its personal data are processed, and to obtain the contents of these personal data and information about the ways in which the personal data has been or may have been used or disclosed by Kilde within the year before the date of the request;
11.1.5. to make a reasonable demand to the organization/controller of personal data (in the meaning provided by the applicable legislation) objecting to processing of his/her/its personal data. The demand shall be made in accordance with the procedure prescribed for the provision of access to personal data;
11.1.6. to make a reasonable demand for alteration (rectification) or destruction of his/her/its personal data by any organization/controller of personal data (in the meaning provided by the applicable legislation) if these data are processed unlawfully or are unreliable (has errors or omissions). Personal data shall be altered (corrected) and destroyed on a client’s demand in accordance with the procedure prescribed for the provision of access to personal data;
11.1.7. to have his/her/its personal data protected from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as to have protection from provision of information which is unreliable or damage a client’s credit, dignity and business reputation;
11.1.8. to file complaints against processing of his/her/its personal data to the Personal Data Protection Commission, other authorized authorities or court;
11.1.9. to apply legal measures in case of violations of the legislation on personal data protection;
11.1.10. to make objections relating to restrictions of the right to process his/her/its personal data in the process of giving the consent. Making objections may make it impossible for Kilde to provide the respective services;
11.1.11. to revoke (withdraw) the consent to personal data processing. The revocation of the consent to personal data processing or the exercise of the right to destroy personal data may result in limiting or making it impossible for Kilde to provide services to a client. In this case, Kilde will destroy the processed personal data, excluding the personal data that shall be kept by Kilde in accordance with the requirements of the current applicable legislation. The consent to personal data processing shall be revoked in accordance with the procedure prescribed for the provision of access to personal data;
11.1.12. to know the mechanism of automatic personal data processing;
11.2. In addition to the rights specified in clause 11.1. of the Privacy Policy, clients covered by the GDPR shall, in accordance with the procedure prescribed by the GDPR, have the right for:
11.2.1. access to personal data, by filing the respective application to Kilde. The detailed procedure for access to personal data is described in Articles 13-15 of the GDPR and the Privacy Policy;
11.2.2. for correction, by updating the data / information / documents provided by him/her/it in the process of registration with the website, or by introducing respective amendments to the transactions concluded with Kilde in accordance with the procedure prescribed by these transactions;
11.2.3. for revocation of the consent (deletion of the personal data, right to be forgotten), to personal data processing and for erasure. The revocation of the consent to personal data (deletion of the personal data, right to be forgotten) processing or the exercise of the right for erasure may result in limiting or making it impossible for Kilde to provide services to a client. In this case, Kilde will destroy the processed personal data, excluding the personal data that shall be kept by Kilde in accordance with the requirements of the current applicable legislation. The consent to personal data processing shall be revoked and the right for erasure (right to be forgotten) shall be exercised in accordance with the procedure prescribed for the provision of access to personal data.
11.2.4. a client shall have other rights granted by the GDPR.
11.3. Kilde shall only establish legal relations with clients who/which have full civil capacity. Kilde shall not process personal data of underage or minor persons. If Kilde identifies personal data of underage / minor persons, these personal data will be immediately deleted / destroyed.
12. CHILDREN’S PERSONAL DATA
12.1. Kilde shall not collect and process children’s personal data.
12.2. In case Kilde receives children’s personal data, these data shall be deleted as soon as practicable.
13. CONTACT PERSONS
13.1. KILDE PTE. LTD. (Unique Entity No.: 201929587K), a company incorporated and acts under the laws of the Republic of Singapore and having its registered address for the time being at 20 McCallum Street #19-01 Tokio Marine Centre Singapore 069046, is the organization/controller of personal data.
13.2. Kilde appoints a Data Protection Officer who shall secure the efficient communication on issues relating to personal data between Kilde and clients as well as ensure that Kilde complies with the current applicable legislation for personal data processing.
13.3. Clients may apply to the Data Protection Officer: Radek Jezbera; tel. number +65 6823 8340; email: radek@kilde.sg>; post address: 20 McCallum Street #19-01 Tokio Marine Centre Singapore 069046.
13.4. Should a client believe that his / her / its rights have been violated, he / she / it shall be entitled to apply for the protection of his / her / its rights to the empowered authorities or court.
13.5. All applications / complaints / proposals / statements may be filed to Kilde in the written or electronic form.
13.6. Kilde shall examine applications / complaints / proposals / statements and give replies to them within the term prescribed by the current applicable legislation.
13.7. Kilde shall have the right not to reply to anonymous applications / complaints / proposals / statements, or to applications / complaints / proposals / statements in which an applicant cannot be identified.
14. FINAL PROVISIONS
14.1. The Privacy Policy shall enter into force on the date of its placement in the website.
14.2. Kilde shall be entitled to amend the Privacy Policy if necessary. Any amendments to the Privacy Policy shall not require clients’ consent.
14.3. The Privacy Policy and the amendments shall enter into force on the date of placement of the restated version of the Privacy Policy on the website.
14.4. A client’s failure to provide or incomplete provision of the consent to processing of his/her/its personal data or other information by Kilde may make it impossible for Kilde to provide the respective services (online services) to the client. In this case, Kilde shall bear no responsibility for the improper provision of or the failure to provide the respective services.