When you access or use the Site and Services, depending on the nature of your interactions with us, we may collect information including but not limited to:

• • your name, email address, IP address, phone number, demographic information (such as age range, country of residence, gender, occupation);

• • billing information which you provide us with (e.g., debit or credit card information), information about the device(s) you are using, your geographical location; and

• • any other information that you may provide while accessing or using the Site and Services, which comprises “personal data” within the meaning of the PDPA (i.e. data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access), and other applicable laws,

• (Collectively, "Personal Information").

• We only have access to and collect Personal Information that:

  • • you voluntarily provide to us by filling out our online forms which are part of the Site and Services, submitting orders to rent Products or via email or other direct contact with you.

  • • you voluntarily provide to us via a third party which you have authorised to disclose Personal Information to us.

  • • we are permitted to collect, or authorised under applicable laws to collect, without seeking your consent.

• We shall seek your consent before collecting any additional Personal Information and before using your Personal Information for a purpose which has not been notified to you (except where permitted or authorised by law).

Information Collected by Automated Means

• Whenever you use the Site and Services, we and/or our service providers may use a variety of technologies that automatically collect information, including through cookies, about how the Site and Services are accessed and used (“Usage Information”). Usage Information may include, in part, browser type, operating system, the page viewed, the time, how many users visited the Site, and the website you visited immediately before the Site. This statistical data provides us with information about the use of the Site and Services, such as how many visitors visit a specific page on the Site, how long they stay on that page, which websites they are coming from and which hyperlinks, if any, they “click” on, what Products are more popular among visitors and Users. Usage Information helps us to keep the Site and Services user friendly and to provide users with readily accessible and helpful information. We may also use your Usage Information to troubleshoot issues with access or use of our Site and Services. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we treat it as Personal Information.

• We believe that such technology usage is fair, lawful, and proportional to the legitimate interest and needs of our business, and that our methodology fairly addresses each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected.

We will use your information to respond to you regarding the reason you contacted us.

We will also use your information as follows:

• • performing obligations in the course of or in connection with our provision of the Services to you;

• • contacting you about the Products on our Site in which you have expressed interest or subscribed to and allows you to easily update your contact information;

• • managing your relationship with us, responding to, handling, and processing queries, requests, applications, complaints, and feedback from you, and notifying you about changes to our Services or this Policy;

• • processing or facilitating the processing of your claims and payment transactions;

• • creating Anonymised Information (defined below) for the purposes of analytics and market research;

• • marketing and promoting the Site and Services, and the services and products offered on the Site to you;

• • complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

• • preventing fraud and misuse of the Site and Services, including but not limited to creating several accounts by using the same device and IP address;

• • for any other purposes for which you have provided the information;

• • transferring or transmitting to any unaffiliated third parties including our third party service providers and agents, whether in Singapore or abroad, for the aforementioned purposes;

• • transferring or transmitting to any relevant governmental and/or regulatory authorities, whether in Singapore or abroad, based on regulatory requirements; and/or

• • any other incidental business purposes related to or in connection with the above.

You hereby explicitly consent for us to use your Personal Information for the purposes set out above. Where we do contact you in connection with any of the purposes set out above, you agree that we may contact you directly (by email, text messaging, including WhatsApp messaging, and other messaging application, calls, post) using the information provided to us by you. If at any time you wish that we cease communication with you, please notify us using the contact information provided below.

We may rely on the “legitimate interests” exception under the PDPA (and similar exceptions under other applicable laws) to collect, use and disclose personal data without your consent for the purposes of detecting and preventing fraud and misuse of our services. Such disclosures may be made to your employer, where relevant for such purposes.

Except as provided herein, we will not trade, rent, share or sell your Personal Information to third parties, unless provide your consent to do so, we will not share your Personal Information with any third party outside of our organisation, provided always that we may disclose your Personal Information to third parties (who process your Personal Information on our behalf or otherwise) where such disclosures are required for performing our obligations in connection with providing you with the Site and Services, in the following circumstances:

• • to our subsidiaries, related companies, affiliates, or partners;

• • to our service providers and subcontractors in order to troubleshoot issues you may have with the Site, or to assist us in our provision of the Site and Services. Only employees, service providers (including data service providers) and subcontractors who need the Personal Information to perform a specific job are granted access to Personal Information. The computers/servers in which we store Personal Information are kept in a secure environment, and these third parties are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them;

• • when we believe in good faith that such disclosures

  • (a) are required by law, including, for example, to comply with a court order or subpoena, or

  • (b) will help to: enforce our policies; protect your safety or security, including the safety and security of property that belongs to you; and/or protect the safety and security of the Site, us, our employees, our service providers, our subcontractors, other third parties, or equipment that belongs to us, our service providers, or our subcontractors. Disclosures in this limited scenario would be made to a court of law, law enforcement, or other public or government authority;

• • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of the Cinch’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information maintained on the Site is among the assets transferred; and/or

• • to any other person or organisation after we have sought consent for such disclosure.

INTERNATIONAL TRANSFERS

• By using our Site and Services, you agree that any transfer of your Personal Information to various countries is necessary and reasonable for us to provide you with the Site and Services, and acknowledge that such third parties processing your Personal Information either on our behalf or otherwise may be located in a different country from the point of collection of your Personal Information (including transfers to servers from other countries as determined by the Cinch from time to time) which may be outside of the country you are accessing the Site and Services from), or may have multiple physical locations and backups (e.g. cloud based services).

• Where we disclose your Personal Information to third parties, we will employ our best efforts to ensure such third parties protect your Personal Information and meet our data security standards, and process Personal Information provided to them only for the purpose of providing the specific service to us.

• We may use non-identifiable anonymous data that is based on visitors’ access or use of the Site and/or use of the Services that may be used by us to improve the Site and/or Services. We may also use anonymised data based on your use of the Site and Services, including anonymous data (“Anonymised Information”). Anonymised Information may include information that describes the habits, usage patterns, survey responses and/or demographic information of users as a group, but does not identify any particular users. We may provide Anonymised Information to our third party collaborators and partners. Such Anonymised Information does not comprise of and does not constitute Personal Information protected by law. Such Anonymised Information is not subject to data privacy laws, and may be transferred, disclosed, assigned, leased, licensed, sold and otherwise shared with and by our partners, service providers, advertisers and/or other third parties for any purposes permitted under applicable law.

YOUR ACCESS TO AND CONTROL OVER YOUR INFORMATION

• We offer you choices regarding the collection, use, and sharing of your Personal Information. Our Site and Services do not currently respond to browser-based do-not-track signals. Except where it is required for the purposes of the use of your Personal Information as provided in Section II above, we do try to minimise tracking and may develop techniques that will allow us to respond to browser-based do-not-track signals. You can choose to have your computer warn you each time a cookie is being set, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is different, so look at your browser's Help menu to learn the proper way to modify your browser’s cookies setting.

• If you disable cookies, some features may be disabled that make your user experience more efficient and some of our services may not function properly.

• You may do the following at any time by contacting us via the email address provided on our Site, or to our Data Protection Officer (“DPO”) whose contact details are set out below:

  • • Accessing and updating your Personal Information

  • • Withdraw your consent to any type of use and disclosure of Personal Information

ACCESSING AND UPDATING YOUR PERSONAL INFORMATION

• You may access and correct your Personal Information that is in the possession or under the control of the Cinch at any time. You may also request for a copy of such information. Please note that a reasonable fee may be charged for an access request or where a copy of your information is so requested. If so, we will inform you of the fee before processing your request. No fee is payable for any request to correct your Personal Information (including any incomplete or inaccurate information).

• To access, review, correct, or remove your Personal Information or part thereof, please submit a request to our DPO via the contact information provided below. While we will try our best to accommodate your request, we reserve the right to reject or limit any such requests in accordance with the provisions of any applicable laws or regulations.

• Unless the Cinch is satisfied on reasonable grounds that a correction should not be made, the Cinch shall correct the Personal Information as soon as practicable, and send the corrected information to every other organisation to which such information had been provided to within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

• We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing of the time by which we will be able to respond to your request. If we are unable to accede to any request for access to or to correct any of your information, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under any applicable law or regulations).

• If you do not want your information to be shared with our employees, service providers and subcontractors, upon your request, we will not share your information. However, your ability to access and use the Site and Services may be limited or interrupted.

WITHDRAWING YOUR CONSENT

• The consent that you provide for the collection, use and disclosure of your Personal Information will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your Personal Information for any or all of the purposes listed above at any time by submitting your request via email to our DPO via the contact information provided below.

• Upon receipt of your written request to withdraw your consent, we may require reasonable time to process your request and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

• Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing you with access to our Site and Services and we shall, in such circumstances, notify you of the same before completing the processing of your request. You may cancel your withdrawal of consent by submitting your request via email to our DPO via the contact information provided below. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Information where such collection, use and disclosure without consent is permitted or required under applicable laws (please see Section VII – Retention of Personal Information below).

We take measures designed to protect your Personal Information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We provide physical, electronic, and procedural safeguards to protect Personal Information we process and maintain. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other types of misuse.

You agree that the Cinch shall have no liability for any kind or form of cyber damage resulting from a denial of service attacks, theft or corruption of data, or other data denials, hacking, operation of malware or other harmful agents, and any other electronic interference with equipment, databases, software, operating systems, networks, or other facilities, adversely affecting or with the potential to adversely affect your Personal Information, caused in whole or part by third parties (“Cyber Attack”).

In the occurrence of a Cyber Attack, the Cinch will take its best endeavours to remedy the Cyber Attack directed against the Cinch’s systems, networks, property, Site or other facilities that adversely affect your Personal Information.

The Site may contain links to other websites. Any Personal Information you provide on linked pages or sites is provided directly to that third party and is subject to that third party’s privacy policy (if any). This Policy does not apply to such linked sites, and we are not responsible for the content or privacy and security practices and policies of these websites or any other sites that are linked to or from the Site. We encourage you to learn about their privacy and security practices and policies before providing them with Personal Information.

The Site and Services are intended for use by individuals at least or above the age of 18 or the age that the law in the country you reside in requires for you to legally access and/or use the Site and Services (whichever is higher).

The Cinch does not knowingly collect or use any Personal Information from persons below the age of 18. If we become aware that we have unknowingly collected Personal Information from a person under the age of 18 or the age that the law in the country you reside in requires for you to legally access and/or use the Site and Services (whichever is higher), we will make commercially reasonable efforts to delete such Personal Information from our database.

We may allow you to delete some of the records that are stored on the Site or Services. However, please note that such deletion(s) shall only delete your records from the Site. A back-up copy shall be retained by our Cinch for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your Personal Information, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Information was collected, and is no longer necessary for legal or business purposes.

To the fullest extent permitted by law, we shall not be liable in any event for any special, exemplary, punitive, indirect, incidental or consequential damages of any kind or for any loss of reputation or goodwill, whether based in contract, tort, equity, strict liability, statute or otherwise, suffered as a result of unauthorized or unintended use, access or disclosure of your Personal Information.

By using the Services, you are representing that you agree to the Terms and this Policy, and this agreement supersedes any other agreement that we might have with you concerning the use of your Personal Information. If you do not agree to any of these terms and conditions, you must stop using/accessing the Website and Services immediately. Except as otherwise specified in this Policy, this Policy shall be governed by and construed in accordance with the laws of Singapore.

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, the Website and Services, and your information as collected, processed and maintained through our Website and Services may be included in the assets sold or transferred to the acquirer. You agree that we may transfer or assign the information we have collected about you in connection with any such event. In the event of a bankruptcy, insolvency, reorganisation, receivership or assignment for the benefit of creditors, we may not be able to control how your Personal Information is treated, transferred, or used.

If you have any questions about this Policy, please contact our DPO via email at: support @cinch.com To exercise any of your rights in this Privacy Policy please contact us in writing, via email as indicated above, so that we may consider your request under applicable law. Please be aware that to facilitate our review and processing of your request you will be required to provide the following details:

• • The name, email address, or other identifier that you have used to use the Site and Services, or if you are not a registered user of the Services, or have not otherwise previously interacted with us, your first and last name and an address where we can correspond with you.

• • Clear description of the nature of your request and the action you wish to be taken.

• • Sufficient information to allow us to assess and carry out your request (if applicable).

For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request.

In addition, please note that, depending on the nature of your query, request or complaint, we may need to verify your identity before implementing your request and may require proof of identity, such as in the form of a government issued ID and proof of geographical address.

Further, please note that while we will endeavour to respond to your request as soon as reasonably practicable, you may first receive just an automated reply to any query sent to the Cinch. The Cinch reserves the right to only provide you with a customised reply after examining the query and only if deemed necessary, as determined at the Cinch’s sole and absolute discretion.