Privacy Policy

1. Purpose and Scope

This Privacy Policy applies to all personal data collected by Sirius Digital Pte. Ltd. ("we", "us", or "our") from:

• Customers and account holders
• Website visitors and platform users
• Business partners and counterparties
• Service providers and vendors
• Job applicants and employees
• Any other individuals who interact with our services

By using our services, accessing our website, or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Types of Personal Data We Collect

We collect various types of personal data depending on your relationship with us and how you interact with our services.

2.1 Identity and Contact Information

• Full name and aliases
• National identification number (NRIC), passport number, or other ID numbers
• Date of birth and nationality
• Residential address and correspondence address
• Email address
• Telephone and mobile numbers
• Photographs and identity verification images

2.2 Financial Information

• Bank account details and payment information
• Credit and debit card information
• Digital wallet addresses
• Transaction history and account balances
• Source of funds and source of wealth information
• Income, employment status, and occupation
• Tax identification numbers and tax residency
• Credit history and financial standing

2.3 Technical and Usage Data

• IP address and device identifiers
• Browser type and version
• Operating system
• Login credentials and authentication data
• Access logs, timestamps, and session information
• Cookies and tracking technologies data
• Geolocation data
• Platform usage patterns and preferences

2.4 Business and Corporate Information (for Business Customers)

• Company name and registration number
• Business address and contact details
• Nature of business and industry
• Ownership structure and beneficial owner information
• Directors, authorized signatories, and key personnel information
• Corporate documents (certificates, memorandum, articles of association)

2.5 Other Information

• Communication records (emails, calls, chat transcripts)
• Feedback, complaints, and support inquiries
• Marketing preferences and consent records
• Know Your Customer (KYC) and due diligence documentation
• Any other information you provide to us

3. How We Collect Personal Data

We collect personal data through various methods:

3.1 Direct Collection

• Account registration and onboarding forms
• Transaction instructions and service requests
• Communications via email, phone, chat, or in person
• Surveys, feedback forms, and questionnaires
• Document uploads and identity verification processes

3.2 Automated Collection

• Website and platform usage through cookies and tracking technologies
• Server logs and access records
• Analytics tools and performance monitoring

3.3 Third-Party Sources

• Identity verification service providers (e.g., Myinfo, Singpass)
• Credit bureaus and financial information services
• Public registers and databases (ACRA, sanctions lists)
• Business partners and introducers
• Social media platforms (if you link your account or use social login)

4. How We Use Your Personal Data

We use your personal data for the following purposes, which are necessary for or directly related to providing our services and complying with legal obligations:

4.1 Service Provision and Account Management

• Opening and maintaining your account
• Verifying your identity and conducting KYC/AML checks
• Processing transactions and executing orders
• Providing custody and safeguarding services
• Managing payments, deposits, and withdrawals
• Providing customer support and responding to inquiries
• Communicating with you about your account and services

4.2 Regulatory Compliance and Legal Obligations

• Complying with AML/CFT laws and regulations
• Sanctions screening and politically exposed persons (PEP) checks
• Regulatory reporting to applicable authorities
• Tax reporting and withholding obligations
• Responding to legal requests, court orders, and regulatory inquiries
• Preventing, detecting, and investigating fraud and financial crimes

4.3 Risk Management and Security

• Assessing and managing credit, operational, and market risks
• Monitoring for suspicious or unusual transaction activity
• Detecting and preventing fraud, money laundering, and unauthorized access
• Protecting the security and integrity of our systems and data
• Conducting security assessments and investigations

4.4 Business Operations and Analytics

• Analyzing platform usage to improve user experience
• Developing and enhancing products and services
• Conducting market research and analytics
• Managing business relationships and partnerships
• Internal audit, compliance, and quality assurance

4.5 Marketing and Communications (with your consent)

• Sending promotional materials, newsletters, and service updates
• Providing information about new products, features, or offers
• Conducting surveys and gathering feedback
• Personalizing your experience based on your preferences

5. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: Where you have given explicit consent for specific purposes (e.g., marketing communications)
• Contract Performance: Where processing is necessary to perform our contractual obligations to you
• Legal Obligation: Where processing is required to comply with Singapore laws and regulations (e.g., AML/CFT, tax reporting)
• Legitimate Interests: Where processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement) and does not override your fundamental rights

6. Disclosure and Sharing of Personal Data

We may disclose your personal data to third parties in the following circumstances:

6.1 Service Providers and Processors

We engage third-party service providers to perform functions on our behalf:

• Identity verification and KYC service providers
• Payment processors and banking partners
• Digital asset custody and wallet services
• Cloud storage and hosting providers
• IT support and cybersecurity services
• Customer support and communication platforms
• Analytics and data processing services

These service providers are contractually bound to protect your data and use it only for the purposes we specify.

6.2 Affiliated Companies

We may share your data with our parent company, subsidiaries, or affiliated entities for the purposes described in this Privacy Policy, including service provision, risk management, and internal administration.

6.3 Regulatory and Legal Authorities

• Inland Revenue Authority of Singapore (IRAS)
• Singapore Police Force (including STRO)
• Courts and tribunals
• Other regulatory, governmental, or law enforcement agencies

Disclosure to these authorities is made where required or permitted by law, including for AML/CFT compliance, tax reporting, or in response to legal requests.

6.4 Professional Consultants

We may share your data with lawyers, auditors, accountants, and other professional consultants who assist us with compliance, legal, and business matters.

6.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or business reorganization, your personal data may be transferred to the relevant successor or acquiring entity. We will notify you of any such transfer and any choices you may have.

6.6 With Your Consent

We may disclose your personal data to other third parties where you have provided explicit consent for such disclosure.

7. International Data Transfers

Your personal data may be transferred to, stored, or processed in countries outside of Singapore for the purposes described in this Privacy Policy. These countries may include:

• Locations where our service providers operate (e.g., cloud servers, data centers)
• Jurisdictions where our business partners or affiliated entities are located
• Countries required for regulatory reporting or compliance purposes

7.1 Safeguards for International Transfers

When transferring your personal data outside Singapore, we ensure appropriate safeguards are in place:

• Transfers to countries with data protection laws deemed adequate by Singapore
• Contractual protections (e.g., Standard Contractual Clauses)
• Corporate rules and binding agreements with group companies
• Your explicit consent for the transfer
• Transfers necessary for contract performance or legal compliance

8. Data Security and Protection

We implement robust technical, organizational, and physical security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction.

8.1 Security Measures

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256 or equivalent)
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection systems, and security monitoring
• Physical Security: Secure data centers with restricted access
• Regular Audits: Security assessments, penetration testing, and vulnerability scanning
• Incident Response: Documented procedures for responding to data breaches and security incidents
• Employee Training: Regular security awareness training for all staff

8.2 Your Security Responsibilities

You can help protect your personal data by:

• Keeping your login credentials confidential
• Using strong, unique passwords
• Enabling two-factor authentication where available
• Being cautious of phishing attempts and suspicious communications
• Logging out of your account when finished
• Reporting any suspected security incidents to us immediately

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and business requirements.

9.1 Retention Periods

• Active Accounts: For the duration of your relationship with us plus any applicable retention period
• Closed Accounts: At least 5 years after account closure, or longer if required by law
• Transaction Records: At least 5 years after completion of transaction
• KYC/AML Records: At least 5 years after termination of relationship
• Communications and Support Records: Up to 7 years for business records
• Marketing Consent: Until you withdraw consent or we no longer need it

9.2 Secure Disposal

When personal data is no longer required, we securely delete or anonymize it in accordance with our data retention and disposal procedures.

10. Your Rights Under PDPA

Under Singapore's Personal Data Protection Act, you have the following rights regarding your personal data:

10.1 Right to Access

You have the right to request access to your personal data held by us. Upon request, we will provide:

• Information about how we are using your personal data
• A copy of your personal data
• Details of the purposes for which the data is being used
• Information about recipients or classes of recipients of your data

10.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal data. We will make reasonable efforts to correct the data as soon as practicable, and we will notify any organizations to which we have disclosed the incorrect data.

10.3 Right to Withdraw Consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. However, withdrawal does not affect:

• Processing that occurred before withdrawal
• Processing based on legal obligations or other lawful bases
• Our ability to continue providing services that require such data

10.4 Right to Be Informed of Data Breaches

If a data breach occurs that is likely to result in significant harm to you, or if the breach involves sensitive personal data on a significant scale, we will notify you and the Personal Data Protection Commission (PDPC) in accordance with legal requirements.

10.5 How to Exercise Your Rights

To exercise any of these rights, please contact us:

We will respond to your request within 30 days. In some cases, we may charge a reasonable fee to cover administrative costs, and we will inform you of any fees before processing your request.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about your use of our website and platform. For detailed information, please see our Cookie Policy.

11.1 Types of Cookies We Use

• Essential Cookies: Required for the website to function properly
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use our website
• Marketing Cookies: Used to deliver relevant advertising (with consent)

11.2 Managing Cookies

You can manage or disable cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website.

12. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you are under 18, please do not provide any personal data to us.

If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information as soon as possible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on our website
• Where required, obtain your consent for material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

14. Third-Party Links and Services

Our website or platform may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third parties.

We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party services you access through our website.

15. Contact Us and Complaints

15.1 Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact:

15.2 Complaints to the PDPC

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Personal Data Protection Commission:

16. Consent

By providing your personal data to us, using our services, or accessing our website, you consent to the collection, use, and disclosure of your personal data in accordance with this Privacy Policy.

For certain types of processing (such as marketing communications), we will obtain your explicit consent separately.