Privacy Statement – Singapore Addendum

This Singapore Addendum supplements and amends the Privacy Statement and shall apply to all Singapore incorporated AEW entities and all processing of Personal Data in Singapore.

This Singapore Addendum shall prevail in the event of inconsistency between the principles stated herein and those as described under the Privacy Statement.

1. INTRODUCTION TO THE PERSONAL DATA PROTECTION ACT 2012 (“PDPA”)

1.1 “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organization has or is likely to have access.

1.2 We will collect your Personal Data in accordance with the PDPA. In general, before we collect any Personal Data from you, we will notify you of the purposes for which your Personal Data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your Personal Data for the intended purposes.

1.3 Your Personal Data may also be collected, used or disclosed if we have assessed that to do so would be in our legitimate interests and beneficial to the public. Before doing so, we will take steps to ensure that any adverse effects that might arise for you have already been identified and eliminated, reduced or mitigated.

2. PURPOSES FOR COLLECTION, USE & DISCLOSURE OF PERSONAL DATA

2.1 The Personal Data which we collect from you may be collected, used and/or disclosed for the following purposes:

(a) facilitating, processing, dealing with, administering, and/or managing your purchase of our products and/or service;

(b) processing and/or administering any product-related inquiries, consultations, negotiations, orders, deliveries, or providing customer support in relation to the purchase of products and/or service;

(d) processing your registration and/or participation for seminars, exhibitions, and other events organized or co-organized by AEW;

(e) carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;

(f) conducting customer due diligence or other screening and personal identification in accordance with laws, regulations or our risk management procedures that may be required by law or that may have been put in place by us;

(g) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned;

(h) complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which we are expected to comply;

(i) complying with or as required by any request or direction of any governmental authority, or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose your Personal Data to the aforementioned parties upon their request or direction;

(j) storing, hosting, backing up (whether for disaster recovery or otherwise) of your Personal Data, whether within or outside Singapore;

(k) administering security matters and/or arrangements;

(l) conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our products and services in order to enhance your relationship with us or for your benefit; and

(collectively, the “Purposes”).

1.1 To conduct our business operations more smoothly, we may also be disclosing the Personal Data you have provided to us to our third-party service providers, agents and/or our affiliates or related corporations, which may be sited outside of Singapore, for one or more of the above-stated Purposes. This is because such third-party service providers, agents and/or affiliates or related corporations would be processing your Personal Data on our behalf for one or more of the above-stated Purposes.

3. SPECIFIC ISSUES FOR THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

1.2 We respect the confidentiality of the Personal Data you have provided to us.

1.3 In that regard, we will not disclose any of your Personal Data to any third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your Personal Data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

(a) cases in which the disclosure is required based on the applicable laws and/or regulations;

(b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;

(c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;

(d) cases in which there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;

(e) cases in which the disclosure is necessary for any investigation or proceedings;

(f) cases in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorization signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer; and/or

(g) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.

1.4 The instances listed above at paragraph 3.2 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the First and Second Schedules of the PDPA which is publicly available at https://sso.agc.gov.sg/.

1.5 In all other instances of disclosure of Personal Data to third parties with your express consent, we will endeavor to provide adequate supervision over the handling and administration of your Personal Data by such third parties, as well as to provide for adequate forms of protection over such Personal Data.

1.6 Where Personal Data is transferred by us to any third parties outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations to ensure that these overseas recipients provide a standard of protection to the Personal Data so transferred that is comparable to the protection under the PDPA.

4. REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA

Access Request

4.1 An individual may request for us to provide access to Personal Data about the individual that is in our possession or under our control as well as information about the ways in which the Personal Data has been used or disclosed by us within a year before the date of the request.

4.2 Unless an exception to the access request applies, we will respond to your access request as soon as reasonably possible from the time the access request is received. If we are unable to respond to an access request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.

Correction Request

4.3 An individual may also request for us to correct Personal Data that is in our possession or under our control. Unless an exception to the correction request applies, or we are satisfied on reasonable grounds that a correction should not be made, we will endeavour to correct the Personal Data as soon as practicable and send the corrected Personal Data to every other organisation to which the Personal Data was disclosed by us within a year before the date the correction was made. This is unless that other organisation does not need the corrected Personal Data for any legal or business purpose.

4.4 Where we are unable to respond to a correction request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.

4.5 You may submit your access or correction request to the contact details listed at paragraph 7.2 of this Singapore Addendum.

5. REQUEST TO WITHDRAW CONSENT

5.1 You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control at any time by submitting your request to the contact details listed at paragraph 7.2 of this Singapore Addendum.

5.2 We will process your request as soon as practicable such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your Personal Data in the manner stated in your request.

6. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA

6.1 We will take appropriate measures to keep your Personal Data accurate, complete and updated.

6.2 We will also take commercially reasonable efforts to take appropriate precautions and preventive measures to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control.

6.3 We will also take commercially reasonably efforts to ensure that the Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.

7. COMPLAINT PROCESS

7.1 If you have any complaint or grievance regarding about how we are handling your Personal Data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.

7.2 Please contact us at DataPrivacy@aew.com.

7.3 Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in AEW to handle. For example, you could insert the subject header as “PDPA Complaint”.

7.4 We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.

2 UPDATES ON PRIVACY STATEMENT

2.1 As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we will be reviewing our policies, procedures and processes from time to time.

2.2 We reserve the right to amend the terms of this Singapore Addendum at our absolute discretion. Any amended Singapore Addendum will be posted on our website and can be viewed at www.aew.com .

2.3 You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.

Last Updated on June 7, 2021

Privacy Statement Singapore Addendum