Privacy Policy
We, Junction Pte (BVI) Ltd (Company Registration No. 2147950), a company registered in the British Virgin Islands and whose registered address is c/o Quijano & Associates (BVI) Limited, Quijano Chambers, P.O. Box 3159, Road Town, Tortola, British Virgin Islands, and Junction Pte. Ltd. (UEN: 202409176Z), a company registered in Singapore and whose registered address is 9 Raffles Place, #06-01 Republic Plaza, Singapore 048619 (hereinafter referred to as "us", "we" or "our") are committed to protecting your Personal Data in accordance with the Personal Data Protection Act 2012 (“PDPA”) of Singapore. This Privacy Policy (“Policy”) describes how we handle information we obtain when you:
- Access and use our website and/or application (hereinafter collectively referred to as “platforms”);
- Access and use our services; or
- Communicate with us
(sub-clauses (i)-(iii) above hereinafter collectively referred to as “Services”).
By submitting any Personal Data to us and by using our Services, you acknowledge that you have read this Policy and that you consent to us collecting, using and disclosing your Personal Data in accordance with the terms of this Policy. If you do not consent to the terms of this Policy, please do not access or use our Services or provide your Personal Data to us.
We reserve the right to update this Policy from time to time, as well as to restrict access to it for a more or less determined period of time and without notice or compensation. Any changes to this Policy will be posted here and will come into effect on the date of posting. Your continued use of our Services will be taken as acceptance of any such change. You are therefore encouraged to check here regularly.
Individuals or entities accessing the platforms (collectively referred to as “Users” and each a “User”) are invited to take note of the Policy each time they use the Services of the platforms, without it being necessary to formally inform them of this.
Personal Data
What is “Personal Data”?
“Personal Data” means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which we have access to, including, but not limited to, cookies, emails to which our newsletters are sent and blockchain addresses.
We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.
What isn’t Personal Data?
Please note that “business contact information” is not covered by the PDPA and this Policy. “Business contact information” refers to an individual’s name, position name or title, company name, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his/her personal purposes.
Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).
Information we collect
We may obtain information about you in a variety of ways, such as when you voluntarily provide it to us, or when it is automatically sent to us by the device you use to access the Services.
We are committed to respecting the privacy of our Users and aim to collect only the minimum amount of Personal Data necessary for the operation of our decentralized exchange (DEX). As a decentralized platform, we do not actively collect or process personally identifiable information such as names, addresses, or phone numbers. However, please note that blockchain addresses, which are used to interact with our platform, may be considered Personal Data under certain circumstances, particularly if they can be linked to an individual’s identity. Users can interact with our platform using decentralized wallets, which allow them to transact without providing additional personally identifiable information. Authentication and transactions are performed in a decentralized manner, ensuring a high level of data confidentiality and security.
When do we collect your Personal Data?
We will only collect your Personal Data where it is reasonable and appropriate to do so in the circumstances.
If you provide Personal Data to us on behalf of another person, you warrant that you have obtained consent from that person to provide such Personal Data on his/her behalf, and you agree to indemnify and hold us harmless from any breach of such warranty.
For what purposes do we collect, use or disclose your Personal Data?
We may collect, use or disclose your Personal Data when you use our Services for the following purposes:
- To provide you with access to our Services;
- To improve your experience while using our Services including providing customisations or features;
- To comply with legal and regulatory requirements;
- To monitor suspicious or fraudulent activities and to identify violations of Policy;
- To respond to your queries, requests, feedback or complaints;
- To market and inform you about our Services; and
- Any other purposes necessary and/or incidental to any of the above purposes.
We will only collect and use your Personal Data with your consent, deemed consent or as otherwise permitted under the PDPA or other applicable laws and regulations, and for purposes which you have consented to, or where we believe it is necessary to protect our legal rights.
Individual Consent
Deemed consent by notification (where the User is an individual)
We may collect or use your Personal Data, or disclose existing Personal Data for secondary purposes that differ from the primary purpose(s) for which we had originally collected. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of Personal Data through appropriate mode(s) of communication.
Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the Personal Data will not likely have an adverse effect on you.
You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your Personal Data for such purposes. After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your Personal Data in relation to those purposes.
Reliance on legitimate interests exception (where the User is an individual)
In compliance with the PDPA, we may collect, use or disclose your Personal Data without your consent for our legitimate interests or that of another person. In relying on the legitimate interests exception of the PDPA, we will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
- Fraud detection and prevention;
- Detection and prevention of misuse of Services;
- Network analysis to prevent fraud and financial crime, and perform credit analysis; and
- Collection and use of Personal Data on company-issued devices to prevent data loss.
The purposes listed in the above sub-clauses (i)-(iv) may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter.
Who do we share your Personal Data with?
We do not use or share Personal Data for any purpose other than for the purpose for which it was disclosed. In the course of providing you with our Services, your Personal Data, if any, may be disclosed to the following third parties for the purposes listed above (which are non-exhaustive):
- Our agents, contractors or service providers who have been engaged by us to provide services such as payment processing, data processing, marketing etc. and their respective service providers, business partners and agents;
- Professional advisors engaged by us such as lawyers, auditors and advisors to help us perform statistical analysis;
- Financial institutions, government authorities or law enforcement agencies or other entities as required under applicable law;
- Any party to whom you authorise us to disclose your Personal Data; and
- Any of our partners/ affiliates/ subsidiaries, which may contact you for the purpose of offering their services/ product that may be of interest to you.
We will not disclose and/or transfer your Personal Data without your consent. We may disclose and/or transfer your Personal Data to a third party only if:
- The disclosure or transfer is necessary for the provision of the Services, in connection with legal proceedings, advice or rights, or required by any law or regulation to which we are subject;
- If a contract has been concluded between us and the relevant third party that provides for safeguards at a similar protection as provided by this Policy or by applicable law (including the PDPA);
- Such third party has implemented binding corporate rules or a similar transfer control mechanism which provide adequate safeguards under applicable law.
All such third parties to whom Personal Data is disclosed and/or transferred are required to:
- Maintain the confidentiality of your Personal Data in accordance with applicable laws (including the PDPA);
- Use and process Personal Data only in accordance with our instructions and for purposes authorized by us; and
- Take appropriate technical, physical and organizational security measures to protect the Personal Data.
We may also subcontract processing to, or share your Personal Data with third parties located in countries other than Singapore. You agree that we may transfer your Personal Data to our affiliates, subsidiaries and/or other third parties located outside of Singapore, as long as the Personal Data is handled in accordance with this Policy and all applicable laws. We will take all appropriate steps to ensure that any party in a country or territory outside Singapore to whom we transfer Personal Data is bound by legally enforceable obligations to provide to the transferred Personal Data a standard of protection which is comparable to the protection under the PDPA.
Individual Consent
Deemed consent by notification (where the User is an individual)
We may collect or use your Personal Data, or disclose existing Personal Data for secondary purposes that differ from the primary purpose(s) for which we had originally collected. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of Personal Data through appropriate mode(s) of communication.
Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the Personal Data will not likely have an adverse effect on you.
You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your Personal Data for such purposes. After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your Personal Data in relation to those purposes.
Reliance on legitimate interests exception (where the User is an individual)
In compliance with the PDPA, we may collect, use or disclose your Personal Data without your consent for our legitimate interests or that of another person. In relying on the legitimate interests exception of the PDPA, we will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
- Fraud detection and prevention;
- Detection and prevention of misuse of Services;
- Network analysis to prevent fraud and financial crime, and perform credit analysis; and
- Collection and use of Personal Data on company-issued devices to prevent data loss.
The purposes listed in the above sub-clauses (i)-(iv) may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter.
Who do we share your Personal Data with?
We do not use or share Personal Data for any purpose other than for the purpose for which it was disclosed. In the course of providing you with our Services, your Personal Data, if any, may be disclosed to the following third parties for the purposes listed above (which are non-exhaustive):
- Our agents, contractors or service providers who have been engaged by us to provide services such as payment processing, data processing, marketing etc. and their respective service providers, business partners and agents;
- Professional advisors engaged by us such as lawyers, auditors and advisors to help us perform statistical analysis;
- Financial institutions, government authorities or law enforcement agencies or other entities as required under applicable law;
- Any party to whom you authorise us to disclose your Personal Data; and
- Any of our partners/ affiliates/ subsidiaries, which may contact you for the purpose of offering their services/ product that may be of interest to you.
We will not disclose and/or transfer your Personal Data without your consent. We may disclose and/or transfer your Personal Data to a third party only if:
- The disclosure or transfer is necessary for the provision of the Services, in connection with legal proceedings, advice or rights, or required by any law or regulation to which we are subject;
- If a contract has been concluded between us and the relevant third party that provides for safeguards at a similar protection as provided by this Policy or by applicable law (including the PDPA);
- Such third party has implemented binding corporate rules or a similar transfer control mechanism which provide adequate safeguards under applicable law.
All such third parties to whom Personal Data is disclosed and/or transferred are required to:
- Maintain the confidentiality of your Personal Data in accordance with applicable laws (including the PDPA);
- Use and process Personal Data only in accordance with our instructions and for purposes authorized by us; and
- Take appropriate technical, physical and organizational security measures to protect the Personal Data.
We may also subcontract processing to, or share your Personal Data with third parties located in countries other than Singapore. You agree that we may transfer your Personal Data to our affiliates, subsidiaries and/or other third parties located outside of Singapore, as long as the Personal Data is handled in accordance with this Policy and all applicable laws. We will take all appropriate steps to ensure that any party in a country or territory outside Singapore to whom we transfer Personal Data is bound by legally enforceable obligations to provide to the transferred Personal Data a standard of protection which is comparable to the protection under the PDPA.
Personal Data Protection
We have appointed a Data Protection Officer who will oversee and ensure management of Personal Data in accordance with the PDPA. The contact details of our Data Protection Officer are listed below.
1. Protection
We take breaches of privacy very seriously and will take all reasonable steps and employ appropriate security measures to ensure that your Personal Data is securely stored and protected against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. To safeguard personal data, we have introduced reasonable security arrangements (including, where appropriate, administrative, physical and technical measures such as up-to-date antivirus protection, encryption, rendering data anonymous, using pseudonyms, the use of privacy filters and physical security of the buildings housing our systems and computer system security) to secure all storage and transmission of Personal Data by us, and disclosing Personal Data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of your Personal Data. We do not warrant or guarantee in any way that your Personal Data or communications will always remain private and/or safe. Although we will do our best to protect your Personal Data, any transmission is entirely at your own risk. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
We acknowledge that we make every effort to provide accurate and precise information on our platforms. However, we cannot be held liable for (i) damages resulting from access to or use of the platforms, (ii) the services published or the information contained therein, (iii) decisions made by Users based solely on the information published, or (iv) imprecise, inaccurate, or omitted information concerning a project described on our platforms. We acknowledge that we use our best efforts to ensure the continuity of the platforms. However, due to the technical characteristics of the Internet network, we cannot guarantee its absolute continuity.
In this section, “Corporate User Personal Data” means, in the case where the User is an entity, the Personal Data of the shareholder(s), director(s), officer(s), employee(s), agent(s) and/or representative(s) of the said entity.
If we have reason to believe that a data breach has occurred in relation to:
- Corporate User Personal Data (in the case where the user is an entity):
- We will immediately notify you of the said data breach; and
- Upon notification of such breach, please note that you will be required to assess whether the data breach is a notifiable data breach in accordance with the PDPA, and to thereafter comply with your corresponding obligations under the PDPA if the said data breach is assessed by you to be a notifiable data breach.
- Your Personal Data (in the case where the User is an individual):
- We will assess whether the said data breach is a notifiable data breach under the PDPA;
- Where the breach has been assessed by us to be a notifiable one, we will notify the Personal Data Protection Commission (“PDPC”) as soon as practicable, and in any case no later than 3 calendar days after we have made that assessment; and
- On or after notifying the PDPC as mentioned in the preceding sub-clause, we will also notify each affected individual affected by the said notifiable data breach in any manner reasonable in the circumstances, unless:
- On or after assessing that the data breach is a notifiable data breach, we take any action, in accordance with any prescribed requirements, that renders it unlikely that the notifiable data breach will result in significant harm to the affected individual(s);
- We had implemented, prior to the occurrence of the notifiable data breach, any technological measure(s) that renders it unlikely that the notifiable data breach will result in significant harm to the affected individual(s);
- We have been instructed by a prescribed law enforcement agency or the PDPC not to do so; or
- The requirement to notify an affected individual is waived by the PDPC.
2. Accuracy and Correction
We endeavour to ensure that your Personal Data collected is accurate and complete if the Personal Data is likely to be used by us to make a decision that affects you or is likely to be disclosed by us to another organisation.
To help us maintain the accuracy of your Personal Data, if there is any change, correction or update in your Personal Data, please update us accordingly.
3. Retention
We will only retain Personal Data for as long as the retention is required for (i) the purposes for which such Personal Data was collected and (ii) for legal and business purposes. Otherwise, we will exercise measures to ensure such Personal Data is disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.
What are your rights?
1. Right to withdraw consent
You may withdraw your consent for the collection, use and disclosure of your Personal Data at any time by giving us reasonable notice. You may withdraw your consent by sending a written request by email or by post to our Data Protection Officer at the addresses below.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 30 days of receiving it to cease to collect, use and disclose your Personal Data, unless otherwise permitted or required by the PDPA or any other applicable laws and regulations.
Please note that if you withdraw your consent to any or all use or disclosure of your Personal Data, depending on the nature of your request, we may not be able to offer or to provide to you our products or Services or administer any contractual relationship in place.
2. Right of access and correction
You may request for or correct information regarding your Personal Data that is in our possession or under our control, as well as information about the ways in which your Personal Data has been or may have been disclosed by us within a year before the date of your request, by writing to our Data Protection Officer at the contact details below.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request. We will respond to your access or correction request as soon as reasonably possible. In general, our response will be within 30 days. Should we not be able to respond to your request within 30 days after receiving your request, we will inform you in writing within 30 days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
Who should you approach?
If you have any feedback or enquiries relating to your Personal Data or if you wish to know more about our data protection policies and practices, please contact us at the following:
- Email address: [email protected]
- Postal address: Quijano & Associates (BVI) Limited, Quijano Chambers, P.O. Box 3159, Road Town, Tortola, British Virgin Islands
For more information about the PDPA, please visit pdpc.gov.sg.
This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us.
This Policy shall be governed in all respects by the laws of Singapore. In the event of a dispute and in the event that an amicable agreement can’t be reached, the competent courts will be those of the jurisdiction of the courts of Singapore, notwithstanding multiple defendants or third party claims.