DATA PRIVACY POLICY

DATA PRIVACY POLICY

Effective date : 2018.09.28

Version number : 1.0



1.General Provisions


1.(Basic Principles)

  1. SEI Tech Pte. Ltd. ("REDi") seeks to comply with the applicable laws and regulations relating to personal data, including but not limited to the Personal Data Protection Act 2012 (Act No. 26 of 2012) of Singapore (collectively, the "Data Protection Legislation").
  2. This data privacy policy ("Data Privacy Policy") sets out the basis for collection, use, disclosure and processing of personal data by REDi. This policy will apply to the use of the website features, products and services provided by REDi (collectively, "Services") on [https://redi.io] ("Website"), excluding Services which may be subject to separate privacy policies which do not incorporate this Data Privacy Policy.
  3. In this Data Privacy Policy, (i) "personal data" means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organisation has or is likely to have access, and (ii) "User" means you, the person using the Website or the Services, and if you are using the Website or the Services on behalf of an entity, references to "User" means you, that entity or both, as appropriate.
  4. Please read this Data Privacy Policy carefully. If there are any queries or feedback concerning this Data Privacy Policy, please contact REDi's Data Protection Officer  at the email address set out at Article 20 below.



2.Collection OF PERSONAL DATA


1.(Collection of Personal Data)

  1. Personal data which REDi may collect include, without limitation, a User's name, address, nationality, email address, phone number, gender, birth date, ID card, online identifier (such as username), device unique identity, operating system or version, hardware information, cookie, browser information, date and time spent on the Services, history log and financial information (such as credit card numbers, bank account information and digital or crypto wallet address).
  2. REDi does not collect sensitive personal data (race, thoughts and beliefs, political beliefs, criminal records or medical records) which collection may constitute a violation of the fundamental human rights of the User.
  3. REDi collects personal data in a number of different ways. For example:
    1. where a User signs up for a membership on the Website, REDi will collect such User's e-mail address and password;
    2. as part of the know-your-customer ("KYC") process by REDi, REDi may collect a User's name, nationality, contact details, country of residence, date of birth, sex, photo, identity documents (such as national identification card, driver's license, passport, etc) and wallet address. Where required by the applicable law, REDi will redact or delete personally identifiable numbers such as the national identification number, the driver’s license number and the passport number;
    3. during a User's interaction with the Website or use of any of the Services, REDi may collect technical information relating to such User's device and browser, such as: (1) device make and model, and Internet Protocol address; (2) operating system version, browser type and browser language; and (3) browsing actions and patterns etc.; and
    4. when a User contacts REDi (such as to report a problem with the Website or to provide feedback), REDi may keep a copy of the correspondence and any further information provided by such User.


2.(Method of Collection of Personal Data)

(a) In relation to any User, REDi may collect personal data either :

  1. when such User (or its authorized representative) voluntarily provides such personal data to REDi, for example, when completing the KYC process or when subscribing for the use of, or in the course of using, the Services; or
  2. automatically, during such User's interaction with the Website and use of the Services.

(b) Where a User voluntarily provides any personal data or information, such User represents and warrants that:

  1. such personal data or information is accurate and complete; and
  2. if such personal data or information relates to a third party, such User has obtained the consent of the said third party to the collection, use, disclosure and processing of such third party's personal data or information on the terms set forth in this Data Privacy Policy, and is duly authorised by the third party to provide such third party's personal data or information.


3.(Consent)

(a) By using the Services to which this Data Privacy Policy applies, or by submitting any personal data to REDi, the relevant User agrees that REDi may collect, use, disclose or otherwise process the personal data in accordance with this Data Privacy Policy.

(b) A User is deemed to have consented to the collection, use, disclosure and processing of the personal data in accordance with this Data Privacy Policy:

  1. when such User (or its duly authorized representative) voluntarily provides the personal data;
  2. when such User (or its duly authorized representative) is aware of the purpose for which the personal data is provided;
  3. it is reasonable for such User (or its duly authorized representative) to have provided the personal data to REDi in the circumstances; or
  4. any other circumstances where the Data Protection Legislation provides for the deemed consent of such User.



3.Purpose of Collection and Use of Personal Data


1.(Purpose of Collection and Use of Personal Data)

  1. REDi may collect and use personal data for any of the purposes as set forth below:
    1. for REDi to perform its obligations in the course of, or in connection with, the provision of Services requested by the relevant Users;
    2. verifying and authenticating the identity of its Users;
    3. managing use of, or subscription to, the Services, including for example, creating and managing user accounts;
    4. providing, maintaining, improving and delivering content and Services. For example, REDi may collect anonymous analytics and statistical information from its users to verify the effectiveness of the Services, the frequency of access or conducting statistical analysis;
    5. facilitating any potential token sale organized by REDi, including carrying out any KYC checks on potential purchasers and holders of such tokens;
    6. where a User has agreed to receive marketing and advertising communications, informing such User of new service developments, customized services, events and other customized marketing and advertising information.
    7. communicating with Users, such as responding to, handling, and processing queries, requests, applications, complaints and feedback;
    8. conducting investigations or internal audits, or taking action, including in relation to any violation of the laws or terms and conditions applicable to the use of the Website or any of the Services;
    9. complying with any applicable laws, regulations, codes of practice, guidelines or rules or to assist in law enforcement and investigations conducted by any governmental or regulatory authority;
    10. any other purposes for which the relevant User has provided the personal data;
    11. transmitting to any third parties (including, for example, third party service providers and agents and relevant governmental and regulatory authorities, whether in Singapore or elsewhere) for the aforementioned purposes; and
    12. any other purposes which are necessary, ancillary or consequential to the above.
  2. REDi may continue to collect, use, disclose or otherwise process personal data for any of the purposes listed above, even in situations where the User's relationship with REDi (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable REDi to enforce its rights against the User).
  3. REDi will collect, use, disclose and otherwise process the User's personal data only for the purposes set out in Article 5(a) and only to the extent allowed under the Data Protection Legislation. REDi will not collect, use, disclose and otherwise process the User's personal data for any other purpose save where:
    1. the User consents to such collection, use, disclosure and processing of the personal data; 
    2. the personal data has been processed to be personally unidentifiable, and will be used for statistical analysis; or 
    3. where such collection, use, disclosure and processing is otherwise required by law or upon lawful request by governmental authorities.



4.Disclosure of Personal Data


1.(Basic Principles of Sharing and Provision of Personal Data)

REDi may disclose personal data to third parties:

  1. where such disclosure is required for REDi to perform its obligations in the course of or in connection with its provision of the Services requested by the User; or
  2. where such disclosure is to a third party service provider, agent or other organization performing any of the functions listed in Article 5 on behalf of REDi.


2.(Transfer of Personal Data outside of Singapore)

  1. REDi shall only transfer personal data outside Singapore in accordance with the Data Protection Legislation.
  2. Each User agrees, acknowledges and consents that due to the nature of the Services, personal data may be stored or processed in any country where REDi has operations (including but not limited to Singapore, the Republic of Korea) or engages third party service providers.
  3. REDi may transfer personal data outside Singapore to countries which may have data protection rules that are different from those of Singapore. However, REDi shall take measures to ensure that any such transfers comply with the Data Protection Legislation, and such personal data remains protected to the standards described in this Data Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access the personal data.


3.(Outsourced Handling of Personal Data)

REDi may outsource the handling of Users' personal data to third party service providers for the purposes of performing KYC checks, anti-money laundering checks, countering terrorism financing checks and/or any other checks as required by the applicable laws on the Users. For the purposes of such handling:

  1. REDi may disclose and transmit the personal data to its third party service provider. [Argos]
  2. REDi may disclose and transmit the following types of personal data to the third party service providers: TBA
  3. The personal data may be disclosed and transmitted by REDi to the third party service providers who will store and retain such personal data in not limited but including Singapore and the ROK
  4. The personal data will be disclosed and transmitted to the third party service provider immediately upon REDi's receipt of the personal data; and
  5. The third party service provider shall protect and retain the personal data in accordance with REDi's written instructions.



5.Retention of the Personal Data


1.(Basic Principles of Retention of the Personal Data)

  1. REDi shall retain personal data for as long as is necessary to fulfill the purpose for which the personal data was collected, or as required or permitted by the applicable laws.
  2. REDi will cease to retain personal data, and remove the means by which the personal data can be associated with individual Users, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.


2.(Process and Method of Destruction of Personal Data)

  1. REDi shall destroy the personal data in accordance with Article 10(b) within 5 days from the date when the period for retention of the personal data under Article 9 expires.
  2. REDi will destroy the personal data by any of the following methods:
    1. Personal data recorded or stored on paper: by shredding or by incinerating; or
    2. Personal data stored electronically: by deleting the files permanently using technical methods such as low-level formatting so that the records cannot be recovered.



6.Rights of Users


1.(Right to Withdraw Consent to Collection, Use and Provision of Personal Data) 

  1. A User can withdraw his/her consent for the collection, use, disclosure and processing of personal data at any time by writing to REDi's Data Protection Officer at the email address set out at Article 20 below.
  2. Upon receipt of the request to withdraw the User's consent, REDi will require a reasonable time to process the request and for REDi to notify the User of the consequences of such withdrawal, including any legal consequences which may affect the User's rights and liabilities. In general, REDi shall seek to process the request within 30 calendar days of receiving the same.
  3. Depending on the nature and scope of the withdrawal of consent, in certain cases, REDi may not be able to continue providing the User with certain Services.
  4. The User's withdrawal of consent does not affect REDi's right to continue to collect, use, disclose and process personal data where such collection, use, disclosure and processing without consent is permitted or required under the applicable laws.


2.(Request for Access to and Correction of Personal Data) 

  1. A User may make:
    1. an access request, for a copy of that User's personal data which REDi holds, or for information about the ways in which REDi uses or discloses that User's personal data; or
    2. a correction request, to correct or update any of the personal data which REDi holds about that User,
    by contacting REDi's designated Data Protection Officer, whose details are set out at Article 20.
  2. Where the User requests for correction or deletion of the personal data, REDi will not use or provide the personal data of that User until the correction or deletion of the personal data is complete, and will response to the User's request in good faith. If the correction or deletion is deemed to be necessary due to any errors in the personal data or expiration of the retention period, REDi will take necessary measures without delay. 
  3. REDi may ask the User to verify his/her identity and for more information about the request. Where REDi is legally permitted to do so, REDi may also refuse the request with or without providing the User with any reasons for doing so.
  4. Where the User has made an access request, REDi may charge a reasonable administrative fee to cover the costs of responding to such request. If REDi decides to do so, REDi will provide the User with a written estimate of such fee before processing such request.


3.(Exercise of Rights by Proxy)

The User may exercise such User's rights under this Chapter 6 through his/her legal representative or agent. In this case, the User shall submit a power of attorney under the relevant Data Protection Legislation to REDi.



7.Installation/Operation and Rejection of Automatic Data Collection Tools


1. (Use of cookies, etc.)

  1. REDi uses cookies or similar tracking technologies that authenticate, save and retrieve the User's access information. Cookies are small data files stored on the User's device by the Website or the Services, which also save readable information when the User visits the Website or uses REDi's services.
  2. REDi uses the cookies for the following purposes:
    1. maintenance of the User's access session;
    2. analysis of service visits and uses; and
    3. secured access.
  3. The User has the option to install the cookies. Accordingly, the User may permit all cookies, or go through confirmation whenever the cookies are saved, or reject saving of all cookies, by configuring his/her web browser appropriately. However, if the User rejects the installation of the cookies, this may adversely affect the User's browsing experience, and the User may also face difficulties in using the Services.



8.Protection of the Personal Data


1.(Basic Principles of Protection of the Personal Data)

  1. REDi shall take reasonable steps to secure and protect personal data in its possession by implementing measures to secure and protect such personal data as required to comply with the Data Protection Legislation, including:
    1. reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to personal data; and
    2. security precautions safeguarding all electronic storage and transmission of personal data.
  2. While REDi strives to use commercially acceptable means to protect personal data, no method of transmission over the Internet or method of electronic storage is completely secure and REDi cannot ensure absolutely the security of any personal data in its possession or control.
  3. To the fullest extent permitted by the law, REDi shall not be liable in any manner for any losses arising from any unauthorised collection, use, disclosure or otherwise processing of personal data.
  4. REDi shall not be held responsible for the acts, omissions, data policies or use of cookies by any third party, or the content or security of any third party websites (even if linked from the Website). Any such liability is expressly disclaimed and excluded to the fullest extent permitted under the law.


2.(Minimum Staff and Staff Training) 

REDi limits the staff handling the personal data to the staff-in-charge, and for this purpose, REDi assigns a separate password which is reset on a regular basis. In addition, REDi always stresses compliance with this Data Privacy Policy through frequent training of the staff-in-charge.


3.(Establishment and Execution of Internal Management Plan) 

REDi has established and is executing an internal management plan to ensure secured processing of the personal data.


4.(Encryption of Personal Data, etc.) 

The User's personal data is encrypted for storage and management, such that only the User and the appropriate REDi staff have access to it.


5.(Restriction on Access to Personal Data) 

REDi takes reasonable measures to control access to the personal data by granting, changing or revoking access to the database system that processes the personal data as necessary, and controls unauthorized access from external networks by using firewalls. 


9.Contact information


1.(Data Protection Officer) 

The User may notify the following staff of any complaint related to the protection of personal data that may occur when using the Services, or to request for access to or correction of personal data:

Name: Lee Dongyoung

Position: CEO and Data Protection Officer 

E-mail: info@redi-chain.io



10.Miscellaneous


1.(Public Notice and Notification of Data Privacy Policy)

  1. If REDi amends the Data Privacy Policy, REDi will notify all Users of the reason for the amendment and the details through a "Public Notice" electronic bulletin board managed/operated by REDi, at least 7 days before the amendment; provided, that if there is an important change in the Users' rights with regard to the collection and use of the personal data, REDi will notify the Users at least 30 days before the amendment.
  2. If REDi wishes to obtain additional consent from the User in order to use the personal data or outsource handling of the personal data to a third party service provider beyond the scope agreed by the User, REDi will individually give the Users a written notice prior to doing so.
  3. If REDi outsources the collection, storage, processing, use, provision, management, and destruction, etc. of the personal data to a third party, REDi will notify the User of the same through in writing or through this Data Privacy Policy.


2.(Remedies Available for Violation of Rights and Interests) 

The User may make inquiries about remedies or consultations available for infringement on the personal data to the institutions set forth below, which are independent from REDi. If the User is not satisfied with the results of REDi's own handling the complaints or the remedy related to the personal data or needs more information, he/she may contact the Personal Data Protection Commission of Singapore at the contact details set out on https://www.pdpc.gov.sg/.