Policy
We are IC SG PTE LTD. (UEN-201300459N), a company incorporated in Singapore (“InvestaX”, we, us, or our ) and licensed by the Monetary Authority of Singapore, to deal in digital securities and operate an organized market for digital securities. InvestaX alongwith its subsidiaries and affiliates is referred to as the Group. At InvestaX, we are committed to protecting your privacy and ensuring the security of your personal information in accordance with the Personal Data Protection Act, 2012 of Singapore (“PDPA”) and any other applicable laws. Our privacy policy (“Privacy Policy”) describes how we collect, use, store and protect personal data. The Privacy Policy also describes how you can control the personal data that we hold on you, and your rights on your personal data, where applicable.
01. Changes To The Privacy Policy
We may from time to time update the Privacy Policy to ensure that it is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements or as we deem appropriate. Such changes will be published here and effective upon publication. Please check the Privacy Policy regularly for updated information/version. Your continued access and/or use of our website, our products and/or our services and your submission of any contact details to us through any channel whatsoever will constitute your agreement to the Privacy Policy and any revisions thereto.
02. Personal Data Collection
A. How we collect and receive Personal Data
We may collect and receive personal data from you when:
- You access/use our website, register an account with us or use our products and services;
- You contact us through telephone, e-mail, customer support, our social media channels and/ or our website;
- You fill forms on our website requesting demonstration of our services or for joining our mailing lists;
- You post, publish, transmit, or upload content on our social media channels or through our services;
- You register to attend any webinars, podcasts and/or any other events hosted by us;
- You respond to any mails, letters, surveys that we may send or conduct;
- You conduct a transaction or fundraise or issue security tokens while using our products and/services;
- You interact with our personnels such as customer service officers, marketing representatives and agents;
- You respond to our promotions and other initiatives;
- You enter into agreements with us or are referred by any of our business partners and third parties;
- You submit personal data to us for any other reason.
B. Types of Personal Data we collect from you
We collect personal, financial, technical, legal and other data relating you, including but not limited to the following-:
- Personal data required to verify your identity, such as your name, home address, telephone number, country of citizenship, date of birth, and gender
- Identity documents such as a passport, NRIC, driving license, utility bill etc.
- Personal and financial data necessary to assess your eligibility to invest in the projects. Specifically,users who are accredited investors will need to provide financial information supporting their accredited investor status
- Information about your investment preferences
- Information from sponsors or issuers with regard to their project, purpose of fundraising etc.
- Information regarding execution of contracts, consents or agreements with regards to use of our services
- Payment related information such as bank account, credit card or other payment details
- Personal data relating to wallets, keys and blockchain addresses
- Technical data which includes details about the devices and technology you use including internet protocol address, your login data, and other technology on the devices you use to access our website, mobile application, products and/or services
- Information with regard to source of funds
- Information about your visits to and use of our website to help us maintain the appropriate features, functionality and user experience
- In addition, we gather names and email addresses of users who contact us through our website with questions. We collect this information for the sole purpose of responding to such inquiries and do not store the contact information unless requested by these people (e.g. applicants who submit resumes).
To create an account on our website, you must provide us with your name and a valid email address. Users may also create an account using social media credentials or MyInfo as provided for on our website. These services will verify your identity, and you may choose to provide certain personal data to us to pre-populate our sign-up form. In doing so, you expressly consent to us collecting your personal data that may be available through such social media networks. We do not collect more personal data than is necessary for the purposes for which they are collected.
03. Personal Data Storage
We shall implement the necessary safeguards to securely store Personal Data, using our offline and online technological capabilities, as appropriate. We will keep Personal Data for as long as necessary, in accordance with this Privacy Policy and as required by any applicable law, and once this time period has expired, we will delete such Personal Data accordingly.
04. Web-related Information Collection
When you visit our website, we may send one or more cookies to your computer. “Cookies” are small text files containing a string of alphanumeric characters that may be placed on your web browser when you visit our website that may convey anonymous information about your preferences and how you browse our website to us. However, it does not collect personal data about you.
We use cookies when you sign in, to keep track of your personal session, including some account identifiers so that we can ensure that you are the only person making changes to your account. We also use cookies to track your activity on our website as a unique person.
All of this information is stored in an encrypted form, and no personal information about you is stored. You can set your web browser to inform you when cookies are used or to prevent cookies from being used. Please note, however, that if you decline to use cookies, our website’s performance may be affected, or you may be prevented from using some of our services. Our website uses Google Analytics, a web traffic analysis service provided by Google Inc. (“Google”).
Please refer to http://www.google.com/policies/privacy/partners to find out more about how Google uses data when you use our website and how to control the information sent to Google. You may prevent Google’s collection and processing of data by using the Google Ads Settings page or downloading and installing their browser plug-in (https://tools.google.com/dlpage/gaoptout).
In addition, we (or our service providers, such as Google Analytics) may also collect technical information related to your use of our services. This may include (but is not limited to):
- information regarding which of our web pages you access;
- the frequency of such access;
- your product and service preferences;
- your Internet Protocol (IP) address;
- your browser type and version;
- your internet service provider (ISP);
- your operating system;
- referring or exit pages;
- the dates and times that you visit our website;
- the search terms you enter on our website.
Such technical data may be used for administrative purposes, to assess the usage, value and performance of our online products and services, and to improve your experience with our services. As with cookies, the web surfing information collected is aggregated, anonymous "click stream" and transactional data, and is not associated with any Users as individuals.
05. Purposes Of Collecting Personal Data
The personal data we collect is required for legal, compliance or security purposes. Where possible, we will inform you of the specific purpose for which such personal data is being collected.
The personal data collected on our website may be used by us for the following purposes:
- for the specific purpose for which the information was volunteered
- to provide you the services available on our website including but not limited to services related to security token offerings etc.
- To carry out any instructions in respect of issuance of security tokens
- To setup your digital wallets
- to establish your ability to view offering materials and to make investments
- to enable the service providers, legal and tax advisors, fund administrators to continue to fulfill their obligations/provide services including but not limited to processing the personal data for the purpose of legal, regulatory, audit and tax analysis of issuers project or for purposes of compliance, AML/CFT checks, due diligence etc.
- to provide you with alerts, newsletters, education materials or information that you have specifically requested
- promoting and marketing the Group”s services and products, subject to your exercise of the opt-out right
- to communicate with you and respond to your queries
- to process your application, inquiry or request
- to verify your identity, conduct know your customer and other due diligence check as may be required
- to guard against potential fraud and other illegal activities
- to maintain regular communications with you as may be necessary to inform you of upcoming investment opportunities and other company updates
- to conduct surveys, research and statistical analysis with the aim of helping us monitor or improve our services to you
- to comply with applicable laws, proceedings or inquiries from regulatory authorities and enforcement agencies in or outside of Singapore or similar purposes
- for any other purposes permitted by applicable law.
06. How Do You Use My Personal Data For Marketing?
If you sign up to our services, or you have contacted us or indicated your interest to receive informational materials/newsletter, or are connected with us on social media or have passed your business card to our team, we’ll assume you want us to contact you by post, push notification, email and text message with information about our Group’s products, services, offers and promotions..
We use your personal data to personalise marketing messages about our products and services so they are more relevant and interesting to you. This may include analyzing how you use our services and your transactions.
You can object to profiling for direct marketing purposes. You can also adjust your preferences or tell us you don't want to hear from us at any time. Just tap the unsubscribe links in any marketing message we send you.
If you do not want to receive personalised marketing messages, and opt out from receiving them, you will not receive any marketing communications. We won't pass your details on to any organizations outside the Group for their marketing purposes without your permission.
07. Why You Should Provide Us The Personal Data
In order to access/utilize our services, you need to voluntarily provide us your personal data. It may be absolutely impossible for us to provide you with certain products and services in the absence of certain key personal data about yourself, including your identity document, email, name, telephone number, etc. You acknowledge that if you withdraw your consent for the processing of your personal data by us/Group then we may not be able to provide you any or all of our services.
08. Third Party Data
In the course of utilizing our services, you may have to disclose personal data relating to third parties (such as a director or an employee etc.). In this regard, you represent to us that you have the authority to disclose such personal data for the purpose for which it may be required or any other purpose as mentioned in this Privacy Policy.
09. Minors
Our services are not directed at persons under the age of 16. If you are a parent or guardian and you become aware that your child has provided us with personal data without your consent, please contact us. We will only process personal data of a child under the age 16 only where consent is given or authorized by the child’s parent or guardian. If we become aware that a child under the age of 16 has provided us with personal data without consent, we will delete such information from our files, including any accounts that may have been created.
10. How We Share Your Information
We do not sell or rent personal information about our users to third parties. We do, however, work with a number of trusted partners who perform vital functions as part of our operations.
In addition to Hubspot, we work with (among others) providers of hosting services for our website, electronic signature providers, and electronic payment service providers, and other service providers who provide information technology and system administration services to us. We may engage third parties to help us to carry out certain other internal functions such as account processing, client services or other data collection relevant to our business; examples of such companies might include companies that perform data processing, compliance checks, reporting, tax or legal documentation, digital asset custody or escrow services. Personal data is shared with these third parties, including issuers, only to the extent necessary for us to process the transactions you initiate or perform other specific services, like collections. Our partners are legally required to keep your information private and secure.
If you use our blog or other public forums on our website, please note that any personal data you submit is available to other users. We are not responsible for the personal data you choose to submit.
We may share your personal data with law enforcement or other government agencies as required by law or for the purposes of limiting fraud. We reserve the right to disclose your personally identifiable information when we believe that disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order or legal process. We further reserve the right to disclose any of your personal information that we believe, in good faith, appropriate or necessary to take precautions against liability, to investigate and defend against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our website or our services, or to protect the rights, property or personal safety of the Group, users, offering companies, or any other person.
11. Notifications And Communications From Our Website
We will send you email notifications from time to time. These will typically relate to your activities on our website/web application. In other cases, these notifications involve changes to various legal agreements or user policies. By using our services, you consent to receiving such service-related emails.
From time to time, we may also send user surveys, requests for user feedback regarding user experience and our website operations or marketing offers from us or on behalf of the issuers, news letters relating to us. Completing these surveys or requests for feedback or acceptance of any offer is strictly voluntary. If you do not wish to receive these offers, surveys or user feedback emails, please opt out in any offer email you receive from us.
12. Links To Other Websites
Our website may contain links to other websites which are not maintained by us. If you follow any links that direct you away from our website, this Privacy Policy will not apply to your activity on the other websites you visit. We do not control the privacy policies or the privacy practices of any third parties. We encourage you to review each website’s privacy policy before disclosing any personal data.
13. Transferring Information Overseas
We operate worldwide and may transfer your personal information across national borders. Personal data collected through our website may be stored and processed outside of Singapore or any other country in which the Group or its agents maintain offices. By providing your personal data and using our website, you consent to any such transfer of information outside of your country.
We may also disclose and/or transfer or share your personal information (i) to our trusted third party service providers, related parties, partners and affiliates (for example, companies that provide systems, web hosting including microsites of our website and other IT services, internal and external advisors and auditors, companies providing services in the area of safekeeping/custody of digital assets, fraud monitoring and detection, KYC checks and due diligence, cybersecurity and technology risk management etc); (ii) if required by applicable law; (iii) in connection with a reorganization or combination of our Group, or any company within our Group, with another company, (iv) if we believe that such disclosure is necessary to enforce or apply our terms of use and other agreements or otherwise protect and defend our rights, property or safety or that of our clients and other users of our website; (vi) in order to comply with a judicial proceeding, court order or other legal obligation, or a regulatory or government inquiry; or (vi) with your consent.
We will not sell or release your personal information to third parties or allow them to direct market their products and services to you, except as otherwise stated in this Privacy Policy.
Where the third-party recipient of personal data is located in a country which has not been deemed by the European Commission to have adequate laws in place to protect it, we may transfer such personal data ensuring that it is compliant with or subject to appropriate safeguards as required by the EU General Data Protection Regulation 2016/679/EU (“GDPR”) or any other applicable laws.
If you submit any personal information relating to another person on or through our website to us and such personal information is protected by another state or country, you will be responsible for compliance with the applicable laws in so far as they relate to your right to use such personal information, your transfer of it to us, our storage of that personal information in electronic form on our website and collection, use, processing and transfer of that personal information in accordance with this Privacy Policy.
14. Security Policy
We limit access to your personal data to those employees or third parties who have a legitimate business need to access such information. We conform to industry standards and best practices and maintain appropriate physical, electronic and procedural safeguards and controls to protect your information.
We take the protection of your personal data seriously but, unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted through our website; any transmission is at your own risk.
If your personal data is compromised as a result of breach of our security measures, we will promptly notify you of such a breach.
We will never send you an email asking you for your login information. In general, you can protect yourself against phishing by never providing personal or login information via a link contained in an email; instead, go to our website directly.
15. Retention Of Your Personal Data
We keep the personal data you provide us for as long as you continue to use our services and to comply with the applicable laws.
16. Your Rights
For the residents of the European Economic Area or United Kingdom, we shall process their personal data in compliance with the GDPR. We will be the Data Controller as defined under GDPR and in certain circumstances you will have certain rights, including the following-:
A. Access to information
The GDPR gives you the right to find out whether we are processing your personal data and, where that is the case, to receive a copy of the personal data we process. We will endeavor to provide you with an account of your personal data in our possession or control within a reasonable time. Such an account shall be in respect of how your personal data has been or may have been generally used or disclosed.
We reserve the right to charge you a reasonable administrative fee for carrying out such request. Where your personal data is inseparable from the personal data of others, we reserve the right to withhold your personal data if permitted by applicable law.
B. Right to request rectification or erasure of personal data
You have the right to request the amendment of your personal data at any time if it is inaccurate. If it is incomplete, you have the right to have such personal data rectified. You also have the right to require us to delete your personal data as soon as possible by emailing us at privacy@investax.io where one of the following applies:
- the personal data is no longer necessary for which they were collected or otherwise processed;
- the personal data has been unlawfully processed;
- the personal data must be erased for compliance with a UK or EU legal obligation on us;
- the personal data relates to a child under the age of 16;
- you object to us processing the your Personal Data and we have no overriding legitimate grounds for the processing;
- you withdraw your consent to us processing your personal data and we have no other legal grounds for processing it.
Please note that it may take up to 30 working days for any request for consent withdrawal to be reflected in our systems. You must agree that while offering you our services we are making use of the blockchain/distributed ledger technology which works around creating an immutable ledger. In case you request us for a deletion/erasure of your personal data, we may not be able to provide you all or any services.
C. Right to restrict personal data
You have the right to request the restriction of processing of personal data if you object to us processing your Personal Data and we have no overriding legitimate grounds for the processing or you think that is inaccurate, that we are processing it unlawfully, or that we no longer need it for the purposes for which it was collected. While we consider your request, we will stop processing your personal data within a reasonable time from the date we receive your request. We will notify you of our decision and any justifications for continuing to process your personal data as soon as we can.
D. Right to withdraw your consent
If we process your personal data with your consent, you have the right to withdraw your consent at any time. This will not affect the legality of our processing of your personal data up until the point at which you withdraw your consent. Please also note that we may still need to process your personal data on other grounds, for example to fulfil a contract with you or as required by law.
E. Right to object
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data. If we cannot demonstrate compelling legitimate grounds to continue processing the personal data, processing of such data will cease.
F. Right to data portability
You have the right to request that we transfer your Personal Data that we have collected to another organization, or directly to you, under certain conditions
17. Data Protection Officer And Accessing Your Rights
We have appointed a Data Protection Officer in compliance with the PDPA and if you wish to withdraw your consent to any or all use of your personal data, or request amendment, restriction or erasure of such personal data, or exercise any other of your rights, please contact the Data Protection Officer:
- Name: Nishtha Pandey;
- Position name/title: Data Protection Officer;
- Business email address: privacy@investax.io.
Do note that if you withdraw your consent to any or all use of your personal data or request for erasure of your personal data, depending on the nature of your request, we may not be in a position to continue to provide services to you, or administer any contractual relationship already in place. Any withdrawal of consent or request to erase your personal data may also result in the termination of any agreements you have with us. Our legal rights and remedies in such an event are expressly reserved.
By giving or making available your personal data, you expressly agree and consent to the collection, use, processing and disclosure of your personal data in accordance with the terms of this Privacy Policy, including but not limited to, consenting and receiving communications and materials from us, from time to time.
18. Governing Law
This Privacy Policy shall be construed in accordance with the laws of Singapore.
Questions? Please email us at privacy@investax.io
Effective date: 24 July 2023
Previous Version: Available here.