SWAP GROUP OF COMPANIES PRIVACY POLICY (SINGAPORE)

Last Updated Date: [18 June 2025]

This Privacy Policy applies to Swap Group of Companies, which includes Swap Solutions Pte Ltd, Swap Telecommunications Pte Ltd and Riffsound Pte Ltd and any other affiliated or subsidiary companies (collectively “ Swap”, “ we”, “ us” or “ our”). We take seriously our responsibilities under Singapore’s Personal Data Protection Act 2012 (“ PDPA”), any regulations enacted thereunder, and any guidelines that may be issued from time to time by the Personal Data Protection Commission. We recognise the importance of the personal data you have entrusted to us and acknowledge our responsibility to properly manage, protect and process your personal data.

This Privacy Policy is designed to assist you to understand how we collect, use, disclose and/or process the personal data you have provided to us, as well as assist you in making an informed decision before providing us with any of your personal data.

It is important that you check back often for updates to this Privacy Policy. We may update this Privacy Policy periodically at our discretion without prior notice to reflect changes in our personal information/data protection practices with respect to our policies or changes in applicable law.

The most current version of the Privacy Policy will always be available here [ https//fenderaudio.com/privacy-policy]. Your continued use of our services and/or our website, as the case may be, following any amendment of this Privacy Policy will signify your assent to and acceptance of its revised terms as well as your consent to your personal data being collected and processed in accordance with its revised terms.

1. Introduction to the PDPA

1.1

“Personal data” is defined in the PDPA to mean data, whether true or not, about an individual who can be identified (a) from that data or (b) from that data and other information to which the organisation has or is likely to have access.

1.2

We will collect, use, disclose and/or process your personal data in accordance with the PDPA. We will notify you (whether through this Privacy Policy or otherwise) of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for such intended purposes, unless an exception under the law permits us to do so without consent.

1.3

Collection of Personal Data. We may collect and process the following types of personal data:-

  1. Personal details such as name, identity card or passport number, gender, race, nationality, date of birth or age, marital status, occupation, photo, credit card number, assets, financials;
  2. Contact details such as residential and/or mailing addresses, email address, telephone number, mobile number,
  3. Billing and payment status and records (credit/debit card, bank account);
  4. Usage data (calls, SMS, mobile data);
  5. Network and device information (IMEI, IP address etc);
  6. Location and connectivity data;
  7. Account and customer service interaction records;
  8. Personal data from credit reporting agencies, government agencies, credit bureau reports, etc; and
  9. CCTV recording of image or images of individuals representing you or acting on your behalf, when you or such individuals visit our premises including our branches.

1.4

How We Collect Your Personal Data. We may collect your personal data in several ways including but not limited to the following ways. When you:

  1. communicate with us (for example when you submit an application form to become our customer, or when you contact us for any enquiries including by calling our customer service);
  2. register or subscribe for a specific product and/or service or our publications;
  3. participate in any of our surveys, questionnaire etc;
  4. register interest and/or request for information (through our online portals or other available channels) or subscribe to our products and/or services;
  5. respond to any marketing materials we send out;
  6. commence a business relationship with us (for example, as a service provider/business partner);
  7. visit any of our offices;
  8. visit or browse our websites;
  9. lodge a complaint with us; and
  10. provide feedback to us (for example via our websites or in hard copy); and (k) authorize third parties to provide information to us in connection with your use of our products/services including but not limited to governmental agencies and regulatory authorities.

1.5

Legitimate Interests Exception. Swap may rely on the legitimate interests exception under the PDPA to collect, use, disclose and/or process your personal data without your consent, for the purpose of detecting and/or preventing:

  1. fraud;
  2. an illegal activity; and/or
  3. the misuse of services provided by or to be provided by Swap,

on the basis that such collection, use, disclosure and/or processing is for the legitimate interests of Swap or another organisation, and that such legitimate interests outweigh the adverse effects (if any) on you.

Should Swap rely on this exception, Swap may/will need to disclose your personal data that is being processed in reliance on such exception, to third parties, whether located within or outside Singapore, for the Purposes stated below, and such third parties may/would be processing your personal data for the Purposes stated below.

2. Purposes for Collection, Use, Disclosure, and/or Processing of Personal Data

2.1

We will only collect, use, disclose and/or process your personal data as reasonably necessary for our legal or business purposes. The purposes for our collecting, using, disclosing and/or processing your personal data would include the following:

  1. verifying your identity;
  2. considering and/or processing your requests for or your purchase of, or your intended purchase of our products and/or services;
  3. facilitating, processing, dealing with, administering, managing and/or maintaining your account with us, including but not limited to processing and/or administering registration, applications to close your account, or requests for access and/or correction of your personal data;
  4. facilitating the daily operation of services you subscribe to, including but not limited to billing, payments, customer service, customer verification, technical support, network maintenance and troubleshooting;
  5. monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training, performance evaluation and identity verification purposes;
  6. generating internal reports including but not limited to annual, operational, risk and management reports;
  7. processing of payment instructions, top-ups, trade-ins, GIRO, direct debit facilities and/or credit facilities requested by you;
  8. administering and/or managing activities and/or events organised by Swap;
  9. dealing in any matters which you are entitled to under your contract with us;
  10. carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
  11. contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your account with us such as but not limited to communicating information to you related to our services, promotions, and/or events. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
  12. carrying out due diligence or other screening in accordance with any legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;
  13. to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether relating to your account with us or any other matter arising from your account with us, and whether or not there is any suspicion of the aforementioned;
  14. complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which we are expected to comply;
  15. complying with or as required by any request or direction of any governmental authority; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
  16. conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and business solutions;
  17. storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
  18. administering security matters and/or arrangements;
  19. any other purposes which we notify you of at the time of obtaining your consent; and (t) responding to, handling, and processing complaints and feedback from you. (collectively, the “Purposes”).

As the purposes for which we may collect, use, disclose and/or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless the intended processing of your personal data without your consent is permitted by the PDPA or other applicable law.

The purposes listed above may continue to apply even in situations where your relationship with us in connection to a contract has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).

3. Disclosure of Personal Data to Third Parties

3.1

In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or affiliates or related corporations, and/or other third parties whether sited in Singapore or outside of Singapore, in connection with one or more of the above-stated Purposes. This is because such third party service providers, agents and/or affiliates or related corporations would be processing your personal data on our behalf for one or more of the above-stated Purposes. We may also need to disclose your personal data to third parties without first obtaining your consent where permitted by the PDPA or other applicable law.

3.2

In all instances of disclosure of personal data to third parties, we will endeavour to provide adequate supervision over the handling and administration of your personal data by such third parties, as well as to provide for adequate forms of protection over such personal data.

4. Withdrawal of Consent

4.1

If you wish to withdraw your consent to our collection, use, disclosure and/or processing of your personal data, you may do so by informing our Data Protection Officer in writing or via email at the contact details provided below.

4.2

We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your personal data in the manner stated in your request.

4.3

Please note that as a result of such withdrawal, we may not be able to continue to provide some or all of our products and/or services to you. This may result in a termination of our contractual relationship, but shall not affect the legal consequences arising from the withdrawal.

5. Transfer of Personal Data Outside Singapore

Where your personal data is to be transferred outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, this includes us taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide the transferred personal data a standard of protection that is at least comparable to that provided under the PDPA.

6. Retention of Personal Data

We will take commercially reasonable efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.

7. Protection of Personal Data

We will take commercially reasonable efforts to take appropriate precautions and preventive measures to ensure that your personal data is adequately protected and secured. We will protect your personal data by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage, and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorised use of your personal data by third parties which are wholly attributable to factors beyond our control.

8. Accuracy of Personal Data

We generally rely on personal data provided by you and/or through a third party authorised by you. In order to ensure that your personal data is current, complete and accurate, if there is any change in your personal data, you must update us in a timely manner by informing our Data Protection Officer in writing via email at the contact details provided below.

9. Access to and Correction of Personal Data

If you wish to request for access and/or corrections to your personal data in our possession or under our control, you may do so by submitting your request in writing via email to our Data Protection Officer at the contact details provided below. Please note that a reasonable fee may be charged for such requests to defray our administrative cost. If so, we will inform you of the fee before processing your request. If we are unable to accede to your access request or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

10. Use of Cookies

Our websites may use cookies or similar technologies to enhance user experience. You may set your browser to disable cookies, but this may limit your ability to use certain features.

11. Contact Details

If you have any queries, complaints or feedback regarding this Privacy Policy, or if you wish to submit an access, correction or withdrawal request, you may contact our Data Protection Officer in writing via email as follows:

Attention: Data Protection Officer

Email: dpo@fenderaudio.com