長橋證券（新加坡）幫助中心：開戶、入金、交易

4 November 2024

PRIVACY POLICY

LONG BRIDGE PTE. LTD. (“Long Bridge Singapore”, the “Company”) referred to as “we”, “our”, “us” in this Privacy Policy operates the Longbridge Platform. We are committed to respecting and protecting your personal data collected through or in connection with the Platform during the course of your use. This Privacy Policy is a legally binding agreement between you (“you” or “user”) and us.

IF YOU DO NOT AGREE TO THE TERMS AS STATED IN THIS PRIVACY POLICY, PLEASE STOP USING AND UNINSTALL THE LONGBRIDGE APP IMMEDIATELY.

1. Introduction

We take our responsibilities under the Singapore Personal Data Protection Act 2012 (the “PDPA”) seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.

This Privacy Policy sets out the basis on which we use and process any personal data we collect from you. It is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us, as well as to assist you in making an informed decision before providing us with any of your personal data. If you, at any time, have any queries on this policy or any other queries in relation to how we may manage, protect and/or process your personal data, please do not hesitate to contact our Data Protection Officer (the “DPO”) at the contact details provided at the end of this document.

In addition, please take note that the Longbridge Platform may, from time to time, contain links to and from other platforms or websites of our partner networks, advertisers, affiliates or other third parties. If you follow a link to any of these platforms or websites, please note that these platforms websites have their own privacy policies. As these platforms and websites may not be owned or operated by us, we do not accept any responsibility or liability for the contents of these platforms or websites and their privacy policies. Please note that your access and provision of your personal data to these third-party platforms or websites are at your own risk. Please check these policies before you submit any personal data to any such other platforms or websites.

2.Summary

2.1 This Privacy Policy informs you how we collect, use, disclose, process or otherwise handle your Personal Data (as defined below) which is subject to the PDPA.

2.2 Please read this Privacy Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

2.3 By interacting with us, submitting information to us, you agree and consent to us collecting, using, disclosing and sharing your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties in the manner set forth in this Privacy Policy.

2.4 Please note that though we make an effort, as per legal requirements, to provide reasonably adequate information concerning our policies as it pertains to personal data, this Privacy Policy is not an exhaustive list of all the situations or scenarios concerning personal data. Please feel free to approach Long Bridge Singapore’s Data Protection Officer (see Section 14 below) if you need clarification about any specific situation.

2.5 We may from time to time update this Privacy Policy to ensure that it is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Privacy Policy as updated from time to time on the Longbridge Platform. Please check back regularly for updated information on the handling of your Personal Data. IF YOU DO NOT AGREE, PLEASE STOP USING AND UNINSTALL THE LONGBRIDGE APP IMMEDIATELY.

3.What is Personal Data

3.1 In this Privacy Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

3.2 Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data, network data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.

3.3 NRIC, passport and other state issued numbers (national identification numbers, or “NIN”) are requested for and handled in accordance with relevant PDPA guidelines. Handling of NIN is necessary where the establishment of identity to a high degree of fidelity is needed – this is particularly so for the finance-related purposes given the need for verification and to prevent the risk of fraud and unauthorised activities.

3.4 Personal Data does not include data about a data subject which has been anonymised. Anonymisation is the process of removing identifying information such that the remaining data does not identify any particular individual. Techniques can include pseudonymisation, aggregation, replacement, data reduction, data suppression, data shuffling, or masking.

3.5 We practice and undertake reasonable safeguards to anonymise personal data in appropriate situations, balancing both the need to rely on and use sufficiently accurate and complete personal data to protect life and health, and avoid mistakes, injury or accidents.

4.How we Collect Personal Data

4.1 Generally, we collect Personal Data in the following ways:

a) when you submit any form, including but not limited to registration as a user, declaration or other electronic forms;

b) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our Longbridge Platform;

c) when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, social media platforms and emails; or when you have meetings with us;

d) when you interact with us via our website/ application,

e) when you request that we contact you or request that you be included in an email or other mailing list or distribution list;

f) when you respond to our initiatives or to any request for additional Personal Data;

g) when we seek information about you and receive your Personal Data in connection with your relationship with us, including from public agencies or relevant authorities; and/or

h) when you submit your Personal Data to us for any other reason.

4.2 When you browse our websites, you generally do so anonymously but please see the section below on cookies. We do not, at our website, automatically collect Personal Data unless you provide such information or login with your account credentials.

5.Purposes of Collection, Use and Disclosure of Your Personal Data

5.1 Generally, we collect, use and disclose your Personal Data for the following purposes:

a) responding to your queries, feedback, complaints and requests;

b) performing data analytics;

c) processing an application to facilitate the establishment of a user/ business relationship

d) facilitating the daily operation of our services and providing customer service and support (including but not limited to performance evaluations, processing payments, transactions, resolving any technical difficulties, disputes or problems that you may encounter in connection with the use of the Longbridge Platform);

e) facilitating back-end operations (including but not limited to disclosing required information to counterparties for administration and processing purposes);

f) managing project, business operations and/or product development

g) requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our services that we may provide to you;

h) monitoring our interactions with you for quality assurance, employee training and performance evaluation and identity verification purposes;

i) in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;

j) conducting investigations relating to audit, disputes, billing or fraud;

k) meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on Long Bridge Singapore (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations, including conducting contact tracing when required as carried out during the Covid-19 pandemic);

l) matching any Personal Data held which relates to you for any of the purposes listed herein; and/ or

m) purposes which are reasonably related to the aforesaid.

5.2 Furthermore, where permitted under the PDPA, we may also collect, use and disclose your Personal Data for the following “Additional Purposes”:

a) providing or marketing additional products, services and benefits to you, including but not limited to special events or promotions;

b) matching Personal Data with other data collected for other purposes and from other sources (including but not limited to third parties) in connection with the provision, marketing or offering of services to you;

c) communicating to you on advertisements involving details of our Platform which we have identified may be of interest to you;

d) conducting market research and surveys to enable us to understand and determine customer location, preferences and demographics for us to offer you services as well as marketing programmes which may be relevant to your preferences and profile; and/or

e) purposes which are reasonably related to the aforesaid.

6.Use of telephone numbers for Marketing

6.1 If you have provided your telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your telephone number(s), then from time to time, we may contact you using such telephone number(s) (including via voice calls, text, fax or other means) with information about our Longbridge Platform.

6.2 In relation to your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

6.3 You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. If you request us to do so, you may contact us using the contact details set out in Section 14 below.

6.4 Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 30 working days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time.

6.5 Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the Longbridge Platform in relation to the products and services that you have already requested/ are currently in receipt of from the Longbridge Group. If you wish to find out more about withdrawal of your consent, please see details provided in Section 11 below.

7.Disclosure of Personal Data

7.1 We will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law or for confidentiality reasons, your Personal Data may be disclosed, for the purposes listed below to the following entities or parties, whether they are located overseas or in Singapore:

a) vendors or third party service providers in connection with marketing promotions and services offered by us;

b) credit bureaus, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;

c) our professional advisers such as consultants, auditors and lawyers;

d) relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority;

e) anyone to whom we transfer or may transfer our rights and obligations and/or

f) any other party to whom you authorise us to disclose your Personal Data to.

7.2 We require that organisations outside of Long Bridge Singapore which handle or obtain Personal Data as service providers, vendors, or other entities which Long Bridge Singapore work with, acknowledge the confidentiality of this data, undertake to respect any individual’s right to privacy and comply with the PDPA in Singapore. Long Bridge Singapore also require that these organisations use this information only for our purposes and follow our reasonable directions with respect to this information.

7.3 In carrying out our business, it may be necessary for Long Bridge Singapore to share information about you with and between the Longbridge Group and third party service providers. Some of these related corporations and third party service providers may be located in countries outside Singapore that may not afford an adequate protection to Personal Data or have protections in place which are similar to those in your country of residence. However, we will take reasonable steps to ensure that your Personal Data transmitted outside of your country of residence is adequately protected.

7.4 While we will not disclose Personal Data provided to us to third parties without first obtaining the relevant consent(s) permitting us to do so, please note that we may disclose the Personal Data you provided to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

a) cases in which the disclosure is required or authorised based on the applicable laws and/or regulations;

b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;

c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;

d) cases in which the disclosure is necessary for any investigation or proceedings;

e) cases in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer;

f) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or

g) where such disclosure without your consent is permitted by the PDPA or by law.

8.Security and Retention

8.1 We will safeguard the confidentiality of your Personal Data, whether you interact with us personally, by telephone or mail, over the Internet or other electronic media. We hold Personal Data in a combination of secure computer storage facilities and/ or paper based file and other records and take steps to protect the Personal Data we hold from misuse, loss, unauthorised access, modification or disclosure.

8.2 We do not keep Personal Data longer than is necessary and will destroy or anonymise Personal Data which we no longer require.

8.3 We will take reasonable steps using administrative, technical and physical safeguards to protect your Personal Data. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of the Personal Data provided. However, we cannot assume responsibility for any unauthorised use of such Personal Data by third parties which are wholly attributable to factors beyond our control.

8.4 We will retain your information for a term which shall not exceed the time strictly necessary for the purposes set out in this Privacy Policy, or for our legal or business purposes. In any case, such retention will not exceed seven (7) years after the last contract between you and us, unless you continue to have a subsisting relationship with us.

9.Use of Cookies and Similar Technologies

9.1 When you interact with us on the Longbridge Platform, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

9.2 Cookies are small text files stored in your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on you.

9.3 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, do note you may not be able to enter certain part(s) of the Longbridge Platform subsequently.

9.4 Types of Cookies

There are two main types of cookies:

a) Session cookies: these are temporary cookies that expire at the end of a browser session; that is, when you leave the website/application. Session cookies allow the website/application to recognise you as you navigate between pages during a single browser session and allow you to use the website/application most efficiently.

b) Persistent cookies: in contrast to session cookies, persistent cookies are stored on your equipment between browsing sessions until expiry or deletion. They therefore enable the website/application to recognise you on your return, remember your preferences, and tailor services to you.

In addition to session cookies and persistent cookies, there may be other cookies which are set by the website/application which you have chosen to visit, such as this website/application, in order to provide us or third parties with information.

9.5 Our use of Cookies

We use session cookies to:

a) help us maintain security and verify your details whilst you use the website/application as you navigate from page to page, which enables you to avoid having to re-enter your details each time you enter a new page.

We use persistent cookies to:

a) help us recognise you as a unique user when you return to our website/application so that you do not have to input your details multiple times as you move between our pages or services;

b) remember how you have customised your use of this website/application, such as the region that you are in; and

c) collect and compile anonymous, aggregated information for statistical and evaluation purposes to help us understand how users use the website/application and help us improve the structure of our website/application.

Many cookies are designed to give you optimal usage of the website/application. For example, we use cookies to enable you to improve your user experience when using our website/application, e.g. a cookie which recognises if your browser supports specific technology features. This helps, for example, in enabling web pages/application to be loaded more quickly when you request the download of a large file.

Some of our cookies may collect and store your personal information, enable the website/application to recognise you on your return and remember your preferences setting. We are committed to respecting and protecting your privacy and will ensure that all personal information collected by us is kept and treated in accordance with our Privacy Policy.

9.6 Refusing Cookies on the Website/ Application

a) Most browsers are initially set to accept cookies. However, you have the right to disable cookies if you wish, generally through changing your internet software browsing settings.

b) It may also be possible to configure your browser settings to enable acceptance of specific cookies or to notify you each time a new cookie is about to be stored on your computer/mobile device enabling you to decide whether to accept or reject the cookie.

c) To manage your use of cookies there are various resources available to you, for example the "Help" section on your browser may assist you. You can also disable or delete the stored data used by technology similar to cookies, such as Local Shared Objects or Flash cookies, by managing your browser’s “add-on settings” or visiting the website of its manufacturer.

d) As our cookies allow you to access some of our website/application’s features we recommend that you leave cookies enabled. Otherwise, if cookies are disabled, it may mean that you experience reduced functionality or will be prevented from using this website/application altogether.

9.7 Cookie Homogeneity Technology

In addition to cookies, we use Authorization or Web Beacon and other similar technologies on the website. Authorization is an HTTP protocol header that is passed behind the browser and the server of the Internet, instead of cookie use. The Web Beacon can calculate who browses the web or access some cookies. We use Authorization to record your identity and collect information about your web browsing activities through the Web Beacon, such as Internet Protocol (IP) Address, Browser Type, Internet Service Provider (ISP), Visited Pages, Operating System, Date/Time Stamp, Click Data Stream, and so we can learn more about and improve our products and services.

9.8 SDK Technology

The Longbridge Platform embeds third-party software developer kit (“SDK”) and collects some information from you to ensure that you can use our Longbridge Platform normally. We will conduct strict security monitoring of APIs, SDKs and other SDKs and agree with authorizing partners on strict data protection measures to enable them to process personal information in accordance with our delegated purpose, service instructions, this Privacy Policy and any other relevant confidentiality and security measures.

10.Managing Consents

10.1 The purpose of this Privacy Policy is to not only inform you of the purposes and business contact information of the Data Protection Officer (see Clause 11 below), but to also provide with you further information which is relevant to the way in which we may also manage your consent arrangements in respect of your Personal Data where such consents are required or not subject to an exception.

Deemed Consent by Conduct

10.2 Without prejudice to other consents or rights we may have under the PDPA or at law, and in the daily course of our dealings with you both in the past, now and in the future, you may have provided us with your Personal Data in connection with the purposes which have already been notified to you either in this current or earlier version of this Privacy Policy. Where so, your consent to the collection, use or disclosure of your Personal Data for such purposes would have been deemed by your provision of your Personal Data except where we have explicitly indicated a separate consent is required.

Deemed Consent for contractual necessity

10.3 Where we have entered into a contract with you under which we are to execute contractual obligations owed to you, and without prejudice to other consents or rights we may have under the PDPA or at law, your Personal Data will be collected, used or disclosed by other organisations with whom we collaborate in accordance with this Privacy Policy to the extent it is reasonably necessary for us to fulfil our contractual obligations or to exercise our contractual rights, in relation to you.

10.4 These other organisations may in turn collect, use or disclose your Personal Data in order to carry out these necessary purposes and that may in turn include further disclosures to third party organisations. In each case the collections, uses and disclosures of such Personal Data are limited to the necessary purposes.

10.5 In the event that your contract with us is terminated or expires for any reason whatsoever, such reasonably necessary purposes will continue to apply to allow us to discharge our obligations and exercise our rights in accordance with the termination or expiry of the contract and also to manage our rights and obligations which survive such termination or expiry, including our duties at law that apply.

Deemed Consent by Notification

10.6 Without prejudice to other consents or rights we may have under the PDPA or at law, we may, having first taken measures (including conducting relevant assessments, identify reasonable measures to eliminate, mitigate or avoid any identified adverse effects, and apply or other requirements as prescribed by law) choose to manage additional or future further consents required of you under this Privacy Policy, by issuing a notice to you (“Notice”) by placing /posting on the Longbridge Platform, providing you with information, on:

Our intention to collect, use or disclose your Personal Data; and

The purposes for which the Personal Data will be collected, used or disclosed.

10.7 Where you do not consent, you will need to inform us within thirty (30) days (or such period as we may reasonably deem appropriate) that you do NOT consent.

Where we do not receive a response to that effect, we will proceed on the basis that such consent is deemed pursuant to the PDPA.

10.8 Kindly note that your response should be unambiguous so we are able to apply your Instructions and that we may seek verification of such Instructions and your identity to confirm the Instructions are duly authorised.

10.9 You agree that you will let us know if you would prefer another mode by which such a Notice or communications in connection with this would be preferred, failing which we will proceed on the basis as outlined above.

11.Withdrawal of Consent

11.1 You are entitled under applicable law to withhold / withdraw consent to the collection, use or disclosure of personal data, and we will respect your choices in this regard.

11.2 However, if you withdraw your consent to any or all purposes and depending on the nature of your request, we may not be in a position to continue to allow you to use the Longbridge Platform.

12.Right for Data Deletion

12.1 As a user of the Longbridge Platform, you have the right to request that your Personal Data collected through the app be deleted. This includes data such as your account information, personal details, and usage data, subject to applicable laws and regulations. If you wish to request the deletion of your data, you may do so by contacting our DPO using the contact details provided in Section 14.

12.2 Upon receiving your request, we will take reasonable steps to verify your identity to ensure the validity of the request. Once confirmed, we will proceed to delete your Personal Data from our platform unless retention is required for legal or regulatory purposes, it is technically difficult to delete the Personal Data , or to fulfil any ongoing obligations to you.

12.3 Unless otherwise required by applicable laws and regulations, we will also take proactive steps to delete your Personal Data under the following circumstances:

a) the purpose for processing your Personal Data has been fulfilled, can no longer be fulfilled, or is no longer necessary for the purposes for which it was collected;

b) we have stopped providing services, or the retention period has expired;

c) you withdraw your previously provided consent;

d) we have processed your Personal Data in violation of laws, administrative regulations or our agreement with you;

e) other circumstances as required by applicable laws and regulations.

12.4 In cases where the retention period required by applicable laws and regulations has not yet expired, or where it is technically difficult to delete the Personal Data, we will cease further processing, except for storage and the implementation of appropriate security measures to protect your Personal Data.

12.5 Please note that certain data may not be deleted immediately if it is necessary for us to comply with legal requirements, resolve disputes, or enforce our agreements. Processing your data deletion request may take up to 30 days.

12.6 Kindly be aware that requesting the deletion of your data may impact your ability to continue using certain features of the Longbridge Platform, as some services rely on specific data to function.

13.Use of Biometric Data

13.1 Introduction

We may offer biometric authentication services (such as fingerprint or facial recognition) as part of the security features available on the Longbridge App. The biometric authentication feature allows you to access our services more securely. By enabling this feature, you consent to the use of your biometric credentials stored on your device to facilitate login and certain transactions, as governed by the Terms and Conditions for the Biometric Authentication Service.The use of biometric authentication is optional, and you may choose alternative authentication methods if preferred.

13.2 Collection and Use of Biometric Data

Your biometric data, including fingerprints and facial recognition information, is stored and managed solely by your mobile device's biometric identity sensor. The Longbridge App does not collect or store any biometric data. Instead, the app interacts with the biometric sensor on your device to verify your identity, receiving only a "yes/no" confirmation. This ensures that your biometric data remains secure on your device.

13.3 Consent

By enabling biometric authentication, you acknowledge and agree to the use of your biometric credentials for verifying your identity when accessing the Longbridge App and authorising transactions. You may disable biometric authentication at any time via the settings on your device or within the app. Disabling biometric authentication will not affect your ability to use other authentication methods, such as passwords.

13.4 Data Security

We ensure that all communication between the Longbridge App and your device, particularly related to biometric authentication, is encrypted and secured. Any sensitive data involved in the authentication process (e.g., session tokens or login information) is protected in accordance with the MAS Technology Risk Management Guidelines and the PDPA.

13.5 Control and Transparency

You retain full control over the biometric authentication feature, including the option to enable or disable it at any time. We will ensure that you are fully informed about how the feature works and how your biometric data is handled, which is processed solely on your device and not stored by us.

13.6 Limitations of Responsibility

We do not have access to, or control over, the biometric identity sensor on your device. Therefore, any issues with the security of the biometric sensor or its data storage should be addressed through your device's manufacturer. If you suspect any security issues related to the biometric authentication feature on your device, we recommend that you disable the feature and notify us immediately to secure your account.

14.Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data

14.1 If you:

a) have any questions or feedback relating to your Personal Data or our Privacy Policy;

b) would like to withdraw your consent to any use of your Personal Data as set out in this Privacy Policy; or

c) would like to obtain access and make corrections to your Personal Data records, you can contact us by writing to our Data Protection Officer(“DPO”) at:

For the attention of: DPO Long Bridge Pte. Ltd.

10 Anson Road, #05-01

International Plaza

Singapore 079903