PIPO Privacy Policy

Last updated: March 2021

1.Introduction

PIPO ("we", "our", "us") is committed to protecting and respecting your privacy. This policy sets out the basis on which we will process the personal data we collect from you, you provide to us or a merchant provides to us. Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data.

2.How does this Privacy Policy apply?

We provide our Services to merchants to facilitate payment processing. During this payment processing, personal data is needed to process specific transactions. Where we process this personal data acting on behalf of the merchant we process personal data on their behalf. For more information on how the merchant processes your personal data, please see the relevant merchant's privacy policy. In certain jurisdictions and under certain specific limited purposes, we may process personal data in accordance and under our own instructions and as such this Privacy Policy would apply as such.

3.What types of information do we collect?

We receive, collect and use the following types of personal data when you use the Services.

• Basic information: we receive information such as your user ID, IP address, and country from the merchant; and we collect information such as your name, mobile number, and email address.
• Payment information: We collect payment information depending on which payment method you choose to facilitate the payment processing, and such information we collect may also vary based on the local requirements in your jurisdiction. For instance, when you need to pay any amount and choose your bank card to pay such amount, we collect your card information such as the name on your card, card type, card number, billing address, and expiration date. For another instance, when you need to withdrawal or receive any amount, depending on the method you choose to withdraw or receive such amount, we may collect your bank account information such as beneficiary name, account number or IBAN, SWIFT BIC, beneficiary address, or collect your account information about the account you open with other payment service providers.

• Identity information: We collect information such as your name, billing address, device information such as your device type and your device's network connections, information about your device web browser and internet connection, and technical usage information such as your IP address. In necessary cases, we collect your identity information such as your local identification card number, passport number, local identification card copy or passport copy to process the transactions or conduct anti-money laundering and/or fraud prevention checks. We will only do so under necessary scenarios, and you will be notified when such requests happen.

4.How do we use this information?

We use your personal data for a range of legitimate purposes related to processing payments on behalf of the relevant merchant, including:

• To administer our Services including facilitating payment processing in a secure and reliable manner;
• To verify your identity. We do this to help protect merchants from fraud as part of the Services we provide. It also allows us to comply with laws which require us to assist with identifying illegal activities, such as Anti-Money Laundering and Know-Your Customer obligations and to meet financial reporting obligations;
• To comply with our legal and regulatory obligations; and
• Where it is in our legitimate business interests:
  • To ensure our Services are safe and secure; and
  • To monitor, analyze and improve our services.

In addition, we may use de-identified of aggregated data that can no longer identify you to develop new PIPO products or other purposes as permitted by law.

5.How do we share your personal data?

Third party services providers

We share your information with selected recipients. These categories of recipients include:

• Payment service providers that process the payment or facilitate the payment processing. These payment service providers may also process your payments and for anti-money laundering and fraud prevention purposes.

  Among others, we use Worldpay, a UK-based payment service provider. Under UK law, some of Worldpay's data processing activities are performed as an independent data controller. For details of its data processing activities, please read Worldpay's Privacy Statement (link);

• Service providers such as cloud storage providers and providers of IT support services that assist us in providing the Services;

• Analytics and search engine providers that assist us in the improvement and optimization of the Services; and
• Third parties that provide us with fraud and risk management services including checking the payment information provided to them to identify fraudulent transactions. Some of these third parties may use device fingerprinting technology to collect information about your device for fraud prevention, identity check, or security reasons. A device fingerprint refers to a collection of attributes about a device that enable the device to be recognized or uniquely distinguished from other devices.

Our corporate group

We also share your information within our corporate group, including parent, subsidiary or affiliate companies as needed to provide the Services or for the purposes set out in this policy.

Law enforcement

We will share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or based on our legitimate business interest if such use is reasonably necessary to:

• comply with a legal obligation, process or request;
• enforce any agreement we have with you or with third parties, including investigation of any potential violation thereof;
• detect, prevent or otherwise address security, fraud or technical issues; or
• protect the rights, property or safety of us, our merchants, a third party or the public as required or permitted by law (exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

Corporate reorganization

We will disclose your information to third parties in our legitimate business interests in the event that we:

• sell, buy, transfer, merge, consolidate or re-organize any part(s) of our business, or merge with, acquire, or are acquired by, or form a joint venture or partner with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or

• sell, buy or transfer any business or assets (whether as a result of liquidation, bankruptcy or otherwise), in which case we will disclose your data to the prospective seller or buyer of such business or assets.

6.Where do we store your personal data?

The personal data that we collect from you will be stored at/processed either in the United States or in countries outside the United States, including in Singapore.

7.The security of your personal data

We take steps to ensure that your information is treated securely and in accordance with this policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, for example, by encryption, we cannot guarantee the security of your information transmitted via the Platform; any transmission is at your own risk.

We have appropriate technical and organizational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of you and other users of our merchants' platforms. We maintain these technical and organizational measures and will amend them from time to time to improve the overall security of our systems.

8.How long do we store your personal data?

We retain your information for as long as it is necessary for us to provide our Services and fulfil our contractual obligations and rights in relation to the information involved. We retain your information only for so long as we have a legitimate business purpose or legal obligation to keep such data (including where it is necessary for the establishment, exercise or defence of legal claims).

9.Your Rights

For information about the rights you have in relation to your personal data, please see the Jurisdiction-specific Terms below.

10.Complaints

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at dpo@oneunita.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have infringed data protection laws.

11.Changes

Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.

12.Contact

Questions, comments and requests regarding this policy are welcomed and should be addressed to dpo@oneunita.com.

Our business address is:

PIPO US Inc., 5800 Bristol Pkwy, Culver City, CA USA 90230.

******************************************************************************

13.Jurisdiction-specific terms

Some jurisdiction-specific laws contain additional terms, which are set out in this section. If you are a user of our merchants' platforms to which the laws of the jurisdictions set out below apply, the terms set out below apply to you in addition to the terms set out above and, in the event of a conflict, the terms set out below prevail.

California

This Policy applies to all users of our merchants' platforms, including California residents. As a California resident, there are certain additional provisions that may apply to you.

To the extent we are processing consumers' payment transactions on behalf of merchants, we are acting as a service provider to that merchant. Such consumers may exercise their rights by contacting the relevant merchant.

To the extent that you have provided information to us as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, non-profit or government agency, the additional provisions that may apply to you as a California resident are more limited.

The following terms used in this section and not otherwise defined have the meanings given to such terms under the California Consumer Privacy Act of 2018 (CCPA): "personal information," and "sale."

No Sales. We do not and have not in the last twelve (12) months sold personal information about you. In the past 12 months we have disclosed for a business purpose the categories of personal information described in section 5 of this policy.

Freedom from Discrimination. You may have the right not to be discriminated against for properly exercising any rights under the CCPA that are applicable to you.

Rights Relating to Direct Marketing. You may be able to request certain details about our disclosure of information about you to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year.

Exercising Your California Privacy Rights. To submit a request, please contact us by email at dpo@oneunita.com.