PRIVACY POLICY

INTRODUCTION TO THESE TERMS AND CONDITIONS 

This privacy notice (“Policy”) applies to your use of all the mobile applications, products, software, services, websites, publications, email subscription and the content thereof, other services, and your relationship with us (collectively, the “Service”) operated by Gotrade Securities Inc. (“we”, “us” or “our”). When we refer to the Service, we also mean any portion, aspect or feature of our services or the Service. The words “you”, “your” and “yours” refer to you  as the user of the Service. 

We are subject to the data protection requirements in various jurisdictions the Gotrade group  of companies are incorporated in, including the Malaysian Personal Data Protection Act 2010  and the Personal Data Protection Act 2012 of Singapore (“Applicable Laws”). We take your  privacy very seriously. This Policy is intended to inform you on what information we collect, how  we use, process, and disclose it, and what rights you have in relation to it. 

We hope you take some time to read through it carefully, as it is important. If there are any terms in this Policy that you do not agree with, please discontinue use of our Service, and we have the right not to provide you with access to our Service. 

You have the right to choose whether you will provide your information or personal data to us.  If you choose not to provide such information or limit our use of your information, you agree  that we will be unable to process your information and this may adversely affect your application  and / or our ability to establish or continue our Service provided to you. When you do so, you  acknowledge that we will not be liable for any losses which you suffer as a result of your own  choice. 

By accepting and consenting this privacy policy, you agree that we may collect, use and share  your Information in accordance with this Privacy Policy, as revised from time to time. You  consent to having your personal data transferred to and processed in the Federal Territory of  Labuan and in Singapore.  

This Notice is provided in both the English and Malay language, in the event of any inconsistency, the English version will prevail. 

TABLE OF CONTENTS  

1. WHAT INFORMATION DO WE COLLECT?  

2. HOW DO WE USE YOUR INFORMATION?  

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?  

4. WHO WILL YOUR INFORMATION BE SHARED WITH?

5. HOW LONG DO WE KEEP YOUR INFORMATION?  

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

7. WHAT ARE YOUR PRIVACY RIGHTS?  

8. DO WE MAKE UPDATES TO THIS POLICY?  

9. HOW CAN YOU CONTACT US ABOUT THIS POLICY?  

1. WHAT INFORMATION DO WE COLLECT?  

PERSONAL INFORMATION YOU DISCLOSE TO US  

In Short: We collect personal information that you provide to us such as name, address, contact  information, telephone number, occupation, assets and income and security data.  

We collect personal information that you voluntarily provide to us when registering for our  Service, expressing an interest in obtaining information about us or our products and services.  

Customer Due Diligence (“CDD”). We collect the following information for customer due  diligence and record-keeping purposes:  

(a) full name;  

(b) email address;  

(c) nationality;  

(d) phone number;  

(e) date of birth;  

(f) employment status;  

(g) source of wealth;  

(h) name of employer;  

(i) employer’s address;  

(j) occupation;  

(k) National Registration Identity Card (NRIC) number or passport number or reference  number of any other official documents bearing your photograph;  

(l) Photograph of document referenced in (k);  

(m) Selfie;  

(n) address;  

(o) tax identification number;  

(p) trusted contact and their first name, last name and email address; and (q) any supporting document relating to the above information (like proof of  address).

The above information collected for customer due diligence and record-keeping purposes may  also be used for other purposes as stated in this Privacy Policy.

Written communication. We collect written communication you have with us such as when  you send us an email or when there are documents provided to us prior to and during the  course of our business relationship.

Other information. We collect information which are required to provide our Service to you,  including account credentials such as username / display name, phone numbers of your  contacts for purposes of the Gotrade Gifting Program, and phone numbers of your nominated  person of the Gotrade Junior account.

INFORMATION AUTOMATICALLY COLLECTED THROUGH OUR SERVICE  

In Short: Some information — such as information regarding your transaction history, account  activity, mobile device, push notifications, IP address and/or browser and device  characteristics — is collected automatically when you use our Service.  

We automatically collect certain information when you visit, use or navigate the Service. This  information does not reveal your specific identity (like your name or contact information) but  may include device and usage information, such as your mobile device ID, model and  manufacturer), version information, IP address, device name, browser and device  characteristics, operating system, language preferences, referring URLs, country, location,  information about how and when you use our Service and other technical information. This  information is primarily needed to maintain the security and operation of our Service, and for  our internal analytics and reporting purposes.  

We may request to send you push notifications regarding your account or the mobile  application. If you wish to opt-out from receiving these types of communications, you may turn  them off in your device's settings.  

Like many businesses, we also collect information through cookies and similar technologies  (“Cookies”) (whether installed by us or by third parties we work with). You have the option to  permit installation of such Cookies or subsequently disable them. However, in the event of your  refusal to install cookies, the Service may be unable to operate as designed.  

INFORMATION COLLECTED FROM OTHER SOURCES  

In Short: We may collect limited data from public databases, marketing partners, and other  outside sources.  

We may obtain information about you from other sources, such as public databases, electronic  know-your-client (eKYC) providers as well as from other third parties. Examples of the  information we receive from other sources include: social media profile information, marketing  leads and search results and links, including paid listings (such as sponsored links). To make  sure the accuracy of the data, we may require verification of the data that you provided to us

from time to time.  

2. HOW DO WE USE YOUR INFORMATION?  

In Short: We process your information for purposes based on legitimate business interests, the  fulfillment of our contract with you, compliance with our legal obligations, and/or your  consent.  

We use personal information collected via our Service for a variety of business purposes  described below. We process your personal information for these purposes in reliance on our  legitimate business interests, in order to enter into or perform a contract with you, with your  consent, and/or for compliance with our legal obligations. We indicate the specific processing  grounds we rely on next to each purpose listed below.  

We use the information we collect or receive to:

• facilitate account creation and logon process in establishing our business relationship;
• managing and updating the account information for your account with us;
• administer the Service;  

• risk assessment;  

• evaluation of any actual or proposed assignment, transfer, and/or novation of our rights  and/or obligations;  

• carrying out our surveys and analysis as required for enhancement of our services;
• maintaining and protecting our offices, terminals, or other equipment;
• improve your usage experience by personalising the Service;  

• send you marketing and promotional communications. We and/or our third party  marketing partners may use the personal information you send to us for our marketing  purposes, if this is in accordance with your marketing preferences. You can opt-out of  our marketing emails at any time (see the "WHAT ARE YOUR PRIVACY RIGHTS " below);  

• send administrative information to you. We may use your personal information to  send you product, service and new feature information and/or information about  changes to our terms. conditions, and policies;  

• deal with enquiries and complaints made by or about you relating to the Apps and  Sites;  

• transmission of order information to our clearing broker;  

• transmission of instruction information to our currency exchange and remittance  provider;  

• deliver targeted advertising to you. We may use your information to develop and display  content and advertising (and work with third parties who do so) tailored to your interests

and/or location and to measure its effectiveness;  

• administer prizes and competitions. We may use your information to administer prizes  and competitions when you elect to participate in competitions;  

• request feedback. We may use your information to request feedback and to contact you  about your use of our Sites or Apps;  

• survey and research. We may use your information to request for your opinion and/or  answers or directly process them for survey and research purposes;  

• to protect our Service. We may use your information as part of our efforts to keep our  Service safe and secure (for example, for fraud monitoring and prevention);  
enforce our terms, conditions and policies;  

• respond to legal requests and prevent harm. If we receive a subpoena or other legal  request, we may need to inspect the data we hold to determine how to respond; and
• and for other business purposes or any other purposes incidental and associated with any  

of the above. We may use your information for other Business Purposes, such as data  analysis, identifying usage trends, determining the effectiveness of our promotional  campaigns and to evaluate and improve our Services or App, products, services,  marketing and your experience.  

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?  

In Short: We only share information with your consent, to comply with laws, to protect your  rights, or to fulfill business obligations.  

We may process or share data based on the following legal basis: -

Consent: We may process your data if you have given us specific consent to use your  personal information for a specific purpose.  

Legitimate Interests: We may process your data when it is reasonably necessary to  achieve our legitimate business interests.  

Performance of a Contract: Where we have entered into a contract with you, we may  process your personal information to fulfill the terms of our contract.  

Legal Obligations: We may disclose your information where we are legally required to do  so in order to comply with applicable laws and regulations, governmental requests,  judicial proceeding, court order, or legal process, such as in response to a court order or a  subpoena (including in response to public authorities to meet national security or law  enforcement requirements).  

Vital Interests: We may disclose your information where we believe it is necessary to  investigate, prevent, or take action regarding potential violations of our policies,

suspected fraud, situations involving potential threats to the safety of any person and  illegal activities, or as evidence in litigation in which we are involved.  

We may need to process your data or share your personal information in the  following situations:  

Vendors, Consultants and Other Third Party Service Providers. We may share your data  with third party vendors, service providers, contractors or agents who perform services for  us or on our behalf and require access to such information to do that work. Examples  include: funds processing, order routing, clearing, execution, data analysis. email delivery,  hosting services, customer service and marketing efforts.  

We may allow selected third parties to use tracking technology on the Service, which will  enable them to collect data about how you interact with the Service over time. This  information may be used to, among other things, analyze and track data, determine the  popularity of certain content and better understand online activity. Unless described in  this Policy, we do not share, sell, rent or trade any of your information with third parties  for their promotional purposes. These third parties may have their own privacy policy in  place, you are advised to be familiar with their privacy policies.

Business Transfers. We may share or transfer your information in connection with, or  during negotiations of, any merger, sale of company assets, financing, or acquisition of all  or a portion of our business to another company.  

Business Partners. We may share your information with our business partners to offer  you certain products, services or promotions.  

4. WHO WILL YOUR INFORMATION BE SHARED WITH AND WHERE ARE THEY  LOCATED?  

In Short: We only share information with our affiliates and the following third parties, which  may be located in countries outside the jurisdiction which we are incorporated in.  

We only share and disclose your information to departments within Gotrade Securities Inc, our  affiliates, and the following third parties (including their group companies). We have  categorized each party so that you may easily understand the purpose of our data collection  and processing practices. If we have processed your data based on your consent and you wish  to revoke your consent, please contact us. This list and any reference to specific parties are not  exhaustive and we will endeavor to update this list as soon as practicable.

• Communicate and Chat with Users: Facebook Customer Chat, Firebase Cloud Messaging,  MailChimp, Mandrill, Twilio, WhatsApp, Facebook Messenger and Intercom
• Functionality and Infrastructure Optimization: Amazon Web Services. DigitalOcean and  Google Cloud Storage, Alibaba Cloud

• Retargeting Platforms: Facebook Custom Audience, Facebook Remarketing, Google Ads  Remarketing, Google Analytics Remarketing and Linkedln Website Retargeting
• Social Media Sharing and Advertising: Facebook advertising, Instagram advertising and  Linkedln advertising, native sharing on your iOS or Android phone  

• Web and Mobile Analytics: Facebook Ads conversion tracking, Facebook Analytics,  Google Ads, Google Analytics, Google Analytics for Firebase, Google Tag Manager, Heap  Analytics, Hotjar, MixPanel and Segment, Branch Metrics  

• Website Performance Monitoring: Crashlytics and Firebase Crash Reporting
• Website Testing: Cloudflare, TestFlight and Google Play Console  

• Currency Exchange Services: Rapyd Holdings Pte Ltd  

• Payment collected via credit/debit card (optional for customers): Stripe Payments  Singapore Pte Ltd  

Remittance Services: Rapyd Holdings Pte Ltd, Wise Payments Ltd  Custody, Clearing & Execution: Alpaca Securities, LLC  

• Third party service provider which support any of the above or more services: PT Valbury  Asia Futures.

In using any Third-Party Services made available via the App, you may be required to agree to  comply with and be bound by the Terms of Service, Privacy Policy, or other terms and  conditions of the third-party service providers and our brokerage partners. We do not accept  any responsibility or liability for these policies. Your acceptance or consent to this Privacy Policy  does not cover your acceptance or consent to any other privacy policies.  

We may also disclose your information to:

auditors, lawyers, advisors, accountants, agents, or other representatives who are under  the duty of confidentiality with us;  

any relevant authorities, governmental or otherwise;  

any fraud prevention agencies;  

any central credit reference information systems;  

any other authorized person under the laws of the jurisdiction which are applicable to us.  

In sharing your personal data with such third parties, you also consent to your personal  data being transferred from Labuan to any other jurisdiction described above.  

5. HOW LONG DO WE KEEP YOUR INFORMATION?  

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in  this privacy policy unless otherwise required by law.  

We will only keep your personal information for as long as it is necessary for the purposes set

out in this privacy policy unless a longer retention period is required or permitted by law (such  as tax, accounting or other legal requirements). No purpose in this policy, other than purposes  required or permitted by law, will require us keeping your personal information for longer than  7 years past the termination of the user's account or longer, where there are legal proceedings  pending. When we have no ongoing legitimate business need to process your personal  information, we will either delete or anonymize it, or, if this is not possible (for example, because  your personal information has been stored in backup archives), then we will securely store your  personal information and isolate it from any further processing until deletion is possible.  

6. HOW DO WE KEEP YOUR INFORMATION SAFE?  

In Short: We aim to protect your personal information through a system of organizational  and technical security measures.  

We agree that we:  

will only process your information in accordance with the instructions given by you and  in accordance with Applicable Laws;  

will take appropriate measures in terms of management and technical services to protect  your information from (i) any processing or usage which is not authorized or (ii) the loss or  destruction caused by our negligence;  

will not keep your information longer than is reasonably necessary for the fulfillment of  the lawful purposes which are permitted by law.  

We have implemented appropriate technical and organizational security measures designed  to protect the security of any personal information we process. However, please also remember  that we cannot guarantee that the transmission of information via the internet itself is 100%  secure. Although we will do our best to protect your personal information, we cannot  guarantee the security of the information transmitted to our services. Transmission of

personal information to and from our Service is at your own risk and we do not assume any  responsibility for any transmission of your information. You should only access the Service  within a secure environment.  

In the event we fail to maintain the confidentiality of your personal information in the Service,  we will notify you through the contact information provided by you or via the Service, to the  extent required by local laws and regulations, at the latest 14 days since we acknowledge the  breach of confidentiality.  

7. WHAT ARE YOUR PRIVACY RIGHTS?  

In Short: You may review change, or terminate your account at any time.  Account Information  

If you would at any time like to review or change the information in your account or terminate  your account, you can:

Log into the Service, navigate to Profile and update or revise your user account and other  information related to your account or to delete your data. Upon your request to  terminate your account, we will deactivate or delete your account and information from  our active databases. However, some information may be retained in our files to prevent  fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use  and/or comply with legal requirements.  

Opting out of email marketing  

• You can unsubscribe from our marketing email list at any time by clicking on the  unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list — however, we will still  need to send you transactional emails that are necessary for the administration and use  of your account (eg: order confirmations).  

Opting out of targeted advertising

You may opt out of behavioural tracking and/or interest-based advertising. Please note that if you choose to “opt out” of targeted advertising, you will still see advertisements for  other reasons such as age, gender, and ads from third parties not delivered by us but  through your mobile / web activities. In addition, opting out from behavioural tracking  and/or interest-based advertising on one device or browser may only apply to that specific  device or browser only. To opt out of tracking on other devices or browsers, you must opt  out from those other devices or browsers.  

We also work with third parties who are members of self-regulatory associations such as  the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA), or the  European Interactive Digital Advertising Alliance (EDAA). You may wish to use the opt-out  tools offered by these associations, some of which are linked here: NAI opt-out page, DAA  opt-out page, EDAA opt-out page.

Violation of principles  

If you have reason to believe that we have violated the principles set out in this Policy, we  urge you to contact us. You can email us at support@heygotrade.com with your concerns.  Upon receipt of such an email, you will receive a response from us within 21 days. If we find  that the complaint is justified, we will resolve the matter.  

8. DO WE MAKE UPDATES TO THIS POLICY?  

In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.  We reserve the right to modify this Policy at any time at our sole discretion. Any changes to

this Policy become effective when we post them to the Service. If we change this Policy, we will  attempt to give you notice by posting a notice on the Service and/or informing you via e-mail.  Your continued use of the Service after we post the modified Policy to the Service constitutes  your agreement to the modified Policy.

9. HOW CAN YOU CONTACT US ABOUT THIS POLICY? You can email us at  support@heygotrade.com. 

V06 May 2022