Multiplier Privacy and Data Protection Policy

A. OBJECTIVE, SCOPE AND APPLICABILITY

1. Multiplier Technologies Pte. Ltd. and its affiliates worldwide (hereinafter collectively referred to as the “Company”, “We”, “Us”, “Our”) is dedicated to protecting and respecting the individual’s legal rights of privacy and data protection while collecting, storing, using and transmitting the Personal Data (as defined below).
2. This Privacy and Data Protection Policy (“Policy”) explains Our privacy and data protection practices vis-à-vis how We collect, use, process, disclose and transfer the Personal Data, through the websites usemultiplier.com and mobile applications (collectively, the “Platform”) of the individuals who browse, or access the Platform or provide information on or through the Platform in connection with its services (“Services”) (hereinafter, collectively referred to as “You”, “Your”). The Policy also informs You about Your rights and the choices You may have with respect to Your Personal Data, and how You can contact Us about Our privacy and data protection practices. We are committed to respecting Your online privacy and ensuring that the Personal Data is processed for Our legitimate business purposes and in a transparent manner, as set out herein. We seek to ensure that the Policy is in compliance with applicable laws and regulations. 
3. Your actions of accessing and / or using the Platform, the Services and/or communicating any information in a manner explained in this Policy will mean that You have understood that the Company will collect and use Your Personal Data as described in this Policy and You expressly consent to the terms of this Policy. This Policy should be read in conjunction and together with the terms of services and other policies as may be available on the Platform (collectively the “Terms of Service”). Please read this Policy and in the event You do not agree to the terms or policies specified herein, please discontinue the usage of the Platform and the Services.
4. In relation to the users who are based in EU, the Company complies with the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”) and in relation to the users who are based in the UK, the (United Kingdom) Data Protection Act 2018 (“UK Act”) and the UK GDPR , each of which set guidelines for the collection and processing of the personal data from individuals. We have therefore established and created this Policy to inform You about the type of the Personal Data we collect from You, how We use it and Your rights with respect to such data.
5. Further, We may engage third parties who will be working with or for the Company, and who have or may have access to the Personal Data to perform their functions, but may not use it for other purposes. The Company may act as a data processor or a data controller depending on the Service being provided and the amount of control the Company has over the purpose(s) and means of the data processing.
6. Please note that any Personal Data provided to the Company by Our clients or any other third party is collected by the clients and third parties under their respective privacy and data protection policies. This Policy does not govern any other information or communications that may have been collected by such parties.
7. You agree that the Company reserves the right to take any legal or other action against You including the right to deny the usage rights to the Platform and the Services and referral to the appropriate authorities.
8. For the purpose of this Policy, the term “Personal Data” refers any information relating to an identified or identifiable individual and includes the information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
9. If You are a current or former employee of Multiplier, or a job applicant, Employee Privacy Policy https://www.usemultiplier.com/employee-privacy-policy describes the Personal Data that Multiplier collects from or about You, and how We use and to whom We disclose such Personal Data, from the point at which You make an application to work with Us (e.g. in your application) and throughout Your employment with Us (e.g., through on-boarding, using our systems, and signing up for benefits).

B. CATEGORIES OF THE PERSONAL DATA COLLECTED 

1. Depending upon the Services You avail and the manner You interact with Us, We may use and the collect the Personal Data. The following categories of the Personal Data is collected by Us to provide better services and offerings to You.
   1. Contact Information: This category includes data such as name, age, gender, email address, password, country, city, contact number.
   2. Unique identifiers: This category includes data such as customer number, account number, subscription number, rewards program number), system identifiers (including username or online credentials), device advertisers, advertising IDs and IP address.
   3. Government-issued identification information numbers: This category includes data such as social security number, driver’s license number, and passport number. Further, we may collect any Personal Data that would be required by the Company to ensure compliance with any applicable laws.
   4. Financial information: data such as bank account number and details and payment card information are collected by the Company for processing payments.
   5. Transaction and Commercial Information: This category includes data such as customer account information, qualification data, purchase history and related records (returns, product service records, records of payments, credits etc.), records related to downloads and purchases of products and applications, non-biometric data collected for consumer authentication (passwords, account security questions), customer service records.
   6. Inferred Information derived from other information listed in this section: We create inferred and derived data elements by analysing our relationship and transactional information.
   7. Online & Technical Information, including internet or other electronic network activity information: This category includes data such as IP address, MAC address, SSIDs or other device identifiers or persistent identifiers, online user ID, encrypted password, device characteristics (such as browser information), web server logs, application logs, browsing data, viewing data, website and app usage, cookies, web beacons, clear gifs and pixel tags.
   8. Other Information: We may collect Your information such as name, age, contact details, preferences, etc. through surveys and forms, when You choose to participate in these surveys etc. When You communicate with or use the Platform to communicate with other users (such as partners) on our platform, We collect information about Your communication and any information You choose to provide.
   9. Cookies: When You visit the Platform, We use cookies to automatically collect, store and use technical information about Your system and interaction with Our Platform.
   10. Permissible information: To the extent permitted by law, the Company may record and monitor Your communications with Us to ensure compliance with our legal and regulatory obligations and our internal policies. This may include communications through telephone, by email, via the contact form, via a link contained in an email sent by us or via some other electronic message offered to you, via the chat function, web care, surveys or (panel) surveys, the (mobile) website, if you sign up for newsletters or via social media. This may also include recording of telephone conversations.
   11. Collection of anonymized data: We may also collect and/or generate anonymized and aggregated information from Your use of the Platform. The anonymized or aggregated information is not Personal Data since We are not able to re-identify You using any means available to Us from that anonymized or aggregated information. The anonymized and aggregated information is used for a variety of functions, including to help Us identify and remediate any bugs, and to improve the performance of Our Platform. We may share this information with third parties for Our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying You.

C. PURPOSE FOR THE COLLECTION OF PERSONAL DATA 

1. Our use of Your Personal Data shall depend on the purpose for which You have interacted with Us. Below is the list of purposes for which We may process Your Personal Data:
   1. Creation of Your account and sending You the agreements or other promotional materials;
   2. Facilitation of payment, in connection with chargeable Services or your employment/engagement with the client, as the case may be;
   3. Automated processing in order to provide Our Services;
   4. Enhancing and optimizing Our Services and improving the users experience and the quality of Our Services and Platform;
   5. Handling of complaints, questions, disputes and participation in social media;
   6. Acceptance and issuing of offers to current and potential clients and performance of contracts with the Company.
2. Further, We may also use the Personal Data for the purpose of the following:
   1. Analysing market trend and/or conducting research;
   2. Communicating marketing or promotional information about Our products and Services, which could be done directly, but also for instance via social media campaigns on Facebook, for example, and/or search engines like Google. Preventing, detecting, investigating and taking action against crimes, any other illegal activities, suspected fraud, or violations of Company’s Terms of Service in any jurisdiction;
   3. Establishing, exercising or defending legal rights in connection with legal proceedings and seeking professional or legal advice in relation to such legal proceedings
   4. Complying with any applicable law, regulation, legal process or enforceable governmental request
3. We generally collect the Personal Data to provide the Services requested by You or to fulfil Your request. Where additional, optional information is sought, You will be notified of this at the point of collection. Further, We process the Personal Data, so long as We have a ground under the law to do so. Accordingly, We process the Personal Data based on one of the following conditions:
   1. Performance of a contract: Herein, We process the Personal Data as it is necessary in order to fulfil Our obligations set forth under a contract or for the performance of Our agreement with You;
   2. Legal obligation: Herein, We process the Personal Data in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
   3. Legitimate interests: Herein, We process Your Personal Data information where it is in Our legitimate interest in running a lawful business. We will only rely on such a ground where an assessment has been performed balancing the interests and rights involved and the necessity of the processing in order to provide our Services, products and features to You. Few examples of Our legitimate interests are: (i) to offer information and/or services to individuals who visit the Platform or (ii) to prevent fraud or criminal activity and to safeguard our IT systems etc; In some cases, we will ask You for Your specific permission to process Your Personal Data and we will only process Your Personal Data in this way if you agree to us doing so. You may withdraw your consent at any time by requesting Us at privacy@usemultiplier.com.
4. To the extent permissible under the applicable law, We may use and disclose any non-personal data (data which is does not contain any information that can be used to identify natural person) for any purpose, any non-personal data. However, in the event We combine any non-personal data with Personal Data, then We will only use and disclose such combined information for the purposes described above while it is so combined.

D. SHARING OF PERSONAL DATA 

We may share Personal Data as necessary for our legitimate professional and business needs, to carry out Your requests, and/or as required or permitted by an applicable law. The Personal Data may be shared with the third parties only if is for the purposes identified or in the event You consent for the sharing of such Personal Data. Proper assurances will be obtained for the third parties that they will comply with the rules or policies specified under this Policy and subsequently notify the Company if it makes a determination it can no longer meet this obligation. We will take all the reasonable steps to prevent or stop unauthorized use or disclosure of the Personal Data by the third parties.

1. Do not rent or sell Personal Data: We do not rent, list or sell the Personal Data with any third parties.
2. Internally: Your personal data will be used and shared amongst our employees and contractors who are working on providing your services to you on a need-to-know basis.
3. Professional advisers: This would include lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
4. Legal obligation:  Further, We may disclose information about You: (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We may disclose Personal Data to third party rights owners, or others in the good faith belief that such disclosure is reasonably necessary to: (a) enforce our Terms of Service and this Policy; (b) respond to claims that an advertisement, posting or other content violates the rights of a third party; (c) respond to any authority, having the right to receive such information under law; or (d) protect the rights, property or personal safety of the users or the general public.
5. Suppliers: This would include service providers who support our business including IT and communication suppliers and outsourced business support to ensure our service runs smoothly. 
6. Sale or Merger: In the event of any proposed or actual reorganization, sale, merger, joint venture, assignment, amalgamation or any other type of acquisition, disposal or financing of all or any portion of the Company or of any Company assets, We may disclose or transfer Your Personal Data to such third party. Should such an event take place, We will endeavour to direct the transferee to use the Personal Data in a manner that is consistent with this Policy.
7. Advertising networks and analytics service providers: This is to support and display ads on our website, apps and other social media tools.

E. RETENTION AND STOPRAGE OF THE PERSONAL DATA

1. The Personal Data will be retained as long as we have to or keep a record of or need to for the purpose of providing the Services or until You ask Us to delete the Personal Data.
2. Personal Data we retain until You delete it: We offer a range of Services that allow You to correct or delete the Personal Data stored in your account. For example, you can:  If You wish to delete Your Personal Data, You should submit a delete request at privacy@usemultiplier.com or change the details of Your account. When You delete any Personal Data, We follow a deletion process to make sure that Your Personal Data is safely and completely removed from Our servers or retained only in anonymized form, if required as explained below. We try to ensure that Our Services protect information from accidental or malicious deletion. Because of this, there may be delays between when You delete something and when copies are deleted from Our active and backup systems.
3. Information retained until Your Account is deleted: We retain some of the Personal Data for the life of your Account if it’s required by Us to provide You the Services or is useful for helping Us understand how Users interact with our features and how we can improve our Services.
4. Personal Data that expires or is anonymized after a specific period of time: In some cases, We store certain Personal Data for a predetermined period of time. For each type of data, We set retention timeframes based on the purpose of its collection. For example, the Personal Data collected for the purpose of providing the Services is stored and retained for a period of 10 (ten) years post the completion of the Services. We also take steps to anonymize certain data post the expiry of the set time periods. 
5. Information retained for extended time periods for limited purposes: Please note that the Personal Data sometimes may be held for longer periods where extended retention periods are required by local law, regulation, or professional standards and to establish, exercise or defend our legal rights. Sometimes business requirements also oblige Us to retain certain information, for specific purposes, for an extended period of time. For example, when We process a payment for You, or when You make a payment to Us, We’ll retain such data for longer periods of time as required for tax or accounting purposes. 
6. We may store Your Personal Data using Our own secure on-site servers or other internally hosted technology. Your Personal Data may also be stored by third parties, via cloud services or other technology, with whom the Company has contracted, to support the Company’s business operations, such as data centers, domain administrators, cloud service providers, etc. These third parties do not use or have access to Your Personal Data other than for cloud storage and retrieval. When we share information with others, we put contractual arrangements and security mechanisms in place as appropriate to protect the information and to comply with our information protection, confidentiality and security standards.
7. We may share non-personally identifiable information publicly and with Our partners such as publishers, advertisers, developers, or rights holders. For example, We share information publicly to show trends about the general use of our Services.

F. TRANSFER OF PERSONAL DATA ACROSS BORDERS

1. We are part of a global network of companies and in common with other professional service providers, We use third parties located in other countries to help Us run Our business. As a result, the Personal Data may be transferred outside the countries where We and Our clients are located. The Personal Data may be transferred internally to Our affiliates and externally to third parties (including payroll processors, payment partners and service providers) across international borders for the purposes described in this Policy. This may include transfers to countries that may not have laws that provide the same degree of protection for the Personal Data as Your home country. In accordance with applicable legal requirements, We take appropriate measures to facilitate adequate protection for any Personal Data so transferred, only in accordance with legally approved transfer mechanisms that are appropriate under applicable data protection laws, including the EU GDPR and the UK Data Protection Act 2018 and the UK GDPR.
2. We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information; or 
3. We will use specific contracts approved for use in the UK or EU which give personal information the same protection it has in the UK/EU. For example, the use of Article 46 UK and EU GDPR safeguard mechanisms to transfer personal data endorsed by the UK Government or European Commission. 

To find out more about the transfer mechanism used please contact us at privacy@usemultiplier.com. 

G. DATA PROTECTION STRATEGIES 

1. We follow several strategies to protect Your data such as:
   1. Data loss prevention: We employ tools to ensure that Your data is not lost, accidentally deleted or stolen;
   2. Firewalls: We use firewalls to monitor and filter network traffic, ensuring that only authorized users are allowed to access or transfer data;
   3. Authentication and authorization: We use tools to ascertain and verify the credentials, assuring that user privileges are applied correctly; and
   4. Endpoint protection: We use endpoint protection software to protect gateways to our network.

H. DATA PROTECTION IMPACT ASSESSMENT

In the event that We change Our processes relating to data processing and protection, particularly through introduction of new technologies, We will undertake a risk assessment (“Data Protection Impact Assessment”) to analyze the risk to Your data. This Data Protection Impact Assessment shall take into account the current nature, scope, context and purpose of data processing under this Policy, to flag any significant changes or risks to Your rights. If the risk level is found to be high even after undertaking standard risk mitigating measures, Our Data Protection Officer (“DPO”) will contact appropriate statutory authority for consultation.

I. CUSTOMER COMMENTS AND CONTENT

Any comment or content uploaded by You on the Platform may be read, collected, or used by the third parties. For any such disclosure of information, the Company will not be held responsible for any reasons. You agree that We cannot guarantee that the third parties will not any copies or use the information in a manner specified herein.

J. LINKS TO THIRD PARTY ADVERTISEMENTS OR SITES

Our Platform may contain links to or display links to the web sites that are owned or operated by the third parties and are not governed by this Policy. Such websites links are independent from the Company, and the Company has no control over the content on that website, even if the Company provides information or Services to the owner of that website. The Company is not making any representations about, endorsing, or accepting any responsibility for the content or the use of such website. Further, We are not responsible or liable for any damage or loss related to the use of any third party website. We encourage users to review the privacy and data protection policy of each website visited before accessing or disclosing any Personal Data.

K. SECURITY

1. We use reasonable security measures to help protect against the loss, misuse and alteration of the Personal Data under our control. However, despite our best efforts, security cannot be absolutely guaranteed against all threats. To the best of Our ability, the access to Your Personal Data is limited to those who have a need to know. Those individuals who have access to the Personal Data are required to maintain the confidentiality of such data. In addition, please note that emails, messages sent via Your web browser, and other similar means of communication with other users, are not encrypted. Therefore, while We strive to protect Your information, We cannot guarantee its security. In case You require to share any Personal Data with the Company, please share it with Us at securedata@usemultiplier.com which is an encrypted channel of communication. You understand and acknowledge that if We receive your Personal Data through any other channel of communication, we cannot ensure the security of the same. 
2. Please also be aware that We may use third-party cloud service providers that provide hosting, data storage and other services pursuant to standard terms and conditions that may be non-negotiable. These service providers have informed Us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures. However, We will not be liable (to the fullest extent permitted by law) for any damages that may result from the misuse of any information, including Personal Data, by these companies. 

L. EXERCISING RIGHTS WITH RESPECT TO PERSONAL DATA

1. In the event, We process Your Personal Data, You may avail Yourself the rights explained below. Please note that prior to fulfilling Your request in relation to the rights provided below, we may verify Your identity associated with Our Platform. In case We are unable to verify Your identity, We reserve the right to deny a request. If You authorize someone to make a request on Your behalf, We may also deny Your request if We are unable to verify with You that the individual making the request is authorized to act on Your behalf. 
2. In the event, We are processing Your Personal Data on behalf of another entity or are acting as a data processor, We will forward Your requests, inquiries or claims concerning these processing activities to the respective data controller the necessary action. Your Rights are as follows:
   1. Data Subject Rights: Under certain circumstances, you have data subject rights. Some of these rights are not absolute. You can:
      1. Request access to your personal data: This is known as a “data subject access request” and enables you to receive a copy of the personal data Company name hold about you.
      2. Request correction of your personal data: This enables you to have any incomplete or inaccurate information we hold about you corrected.
      3. Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note: We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you at the time of your request.
      4. Object to processing of your personal data: This is where we are processing your personal data based on a legitimate interest or those of a third party and you may challenge this.  However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to any legal claims.  
      5. Request restriction of processing your personal information: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the information’s accuracy (b) where our use of the information is unlawful but you do not want us to erase it (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
      6. Request transfer of your personal information (“data portability”):  This is where in some circumstances we will provide to you or a third party you have chosen your personal data in a structured, commonly used, machine-readable format.
      7. Right to withdraw consent: This is where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Depending on the processing activity, if you withdraw your consent we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
      8. Automated decision making:  This is where decisions are made about you by automated means. We do not carry out automated decision making.
   2. Carrying out your data subject rights 
      1. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
      2. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
         If you wish to exercise any of the rights set out above, please contact us at privacy@usemultiplier.com 
      3. Please note that in the event We identify that Our system have been hacked or security measures have been breached and Your Personal Data is disclosed, We will notify You as soon as possible but no later than 72 (seventy-two) hours.
      4. Some Limitations: The rights provided herein are subject to certain limitations as specified in the applicable laws. Any individual requests will be completed within the time allotted by relevant regulations, which starts to run from the point of the Company confirming Your request. To the extent permissible by applicable law and where permitted, We may impose a charge for subsequent requests from the same individual which will be determined by the Company.

M. CHILDREN UNDER THIRTEEN

We do not collect any data from children under the age of 13 (thirteen). In the event You are under the age of 13 (thirteen), You must ask Your parent or guardian for permission to use the Platform. We attempt to delete any information so received on the Platform, We learn that the Personal Data is the information of a child under 13 (thirteen). If You believe that We might have any Personal Data from a child under 13 (thirteen), please contact Us at privacy@usemultiplier.com 

N. AUTOMATIC PROCESSING OF THE PERSONAL DATA 

We may use cookies, web beacons and other technologies to automatically collect certain types of data when You visit Our Platform or through emails that We may exchange. The collection of this information allows us to customize Your online experience, improve the performance, usability and effectiveness of Our online presence, and to measure the effectiveness of Our marketing activities.

O. COOKIES INFORMATION

1. To improve the responsiveness of the Platforms for the users, we may use “cookies”, or similar electronic tools to collect information to assign each visitor a unique, random number as a user identification to understand the user’s individual interests using the identified computer. Cookies are small text files that websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings in your browser. We may use cookies for various purposes, including to:
   1. Authenticate the users;
   2. Personalize Your experience;
   3. Analyze which portions of the Platform are visited or used most frequently; and
   4. Measure and optimize advertising and promotional effectiveness.
2. Below is a summary of the categories of cookies collected on Our Platform and how Your consent may impact Your experience of certain features as You navigate those websites.
3. 1. Strictly necessary cookies: The strictly necessary cookies are essential in order to enable users to browse the Platform and use its features, such as accessing secure areas of the Platform. These cookies must be enabled or the site will not function, and cannot be blocked
   2. Performance cookies: The performance cookies are cookies used to gather data to enhance the performance of the Platform. You can manage Your consent for performance cookies using the cookie banner, or by updating Your browser’s settings.
   3. Functionality cookies: The functionality cookies are used to remember the user selections that change the way the Platform behaves or looks. You may opt-out of these cookies, but it will impact Your experience on the Platform, and You may need to repeat certain selections each time You visit or access the Platform. You can manage Your consent for functionality cookies using the cookie banner, or by updating your browser’s settings.
   4. Targeting cookies or advertising cookies: The targeting cookies are used to deliver content relevant to Your interests They are also used to limit the number of times You see certain marketing materials, as well as help measure the effectiveness of those marketing materials. If You do not provide consent for targeting cookies, Your computer or internet-enabled device will not be tracked for marketing-related activities.

P. THIRD PARTY ANALYTICS 

1. We may use third party web analytics services on the Platform. The service providers that administer these services use technologies such as cookies, web server logs and web beacons to collect information (such as IP address) and use that information to help Us analyse how visitors use the Platform. When You access or browse the Platform, a cookie banner will inform you of the use of these analytics technologies. They will only be used if You accept them or if You continue using the Platform. You may change Your cookie settings at any time to accept or refuse these analytics technologies by clicking on the cookie control tool below to adjust Your cookie preferences. Adjusting Your cookie preferences may disable certain functionality on the Platform. You consent to the processing of information about You by these analytics providers in the manner and for the purposes set out in this Policy. 
2. At present, We work with the following analytic partners:
   1. Google Analytics
   2. Fullstory
   3. Hubspot
   4. Mixpanel
3. Cookies control and disabling cookies :You can refuse the use of cookies by changing the settings on your browser or by clicking on the cookies consent mechanism. However, if you block certain cookies, such as strictly necessary cookies for the functioning of our website, you may not be able to access all or parts of our website.You can use your browser to delete cookies that have already been stored. However, the steps and measures required vary depending on the browser you use. If you have any questions, please use the Help function or consult the documentation for your browser or contact its creator for support.

To find out more about cookies, visit www.aboutcookies.org or www.allaboutcookies.org.