PRIVACY NOTICE

As of March 29, 2019

1 POLICY STATEMENT

VESL PTE LTD (“VESL” or “we”, “our”, “us”) is committed to protect and respect your right to data privacy. This Privacy Notice is intended to inform users and website visitors (“you”) regarding our policies on data privacy.

2 SERVICE DESCRIPTION

VESL operates an online platform (the “VESL Platform”) that gives businesses access to business insurance and financing. The VESL Platform acts as a risk management platform, allowing firms to manage their invoices and insurance coverage all in one portal. For insurers and lenders, the platform acts as their marketplace, enabling them access to companies without too much administrative costs. As a risk management platform, VESL works together with brokers who help structure the best coverage for VESL users, and administer the insurance policies via the platform.

3 CONSENT TO THE PRIVACY NOTICE

By clicking “I Agree”, you accept the policies and procedures that we employ in relation to the collection and use of any personal data that you may disclose through the VESL Platform. We may update this Privacy Notice from time to time as we improve our services. We will notify you of any changes that would substantially affect your data privacy rights and ask for your consent to such changes.

4 PERSONAL INFORMATION CONTROLLER

Except when you directly disclose your information to Insurers/Brokers and Lenders, VESL is the personal information controller of any personal data that you disclose on the Platform. Any information that you disclose directly to Insurers/Brokers and Lenders is subject to their respective privacy policies.

5 METHOD OF COLLECTION

Information is collected through your use of the VESL website and VESL Platform. The general types of user information gathered are: anonymous information gathered from cookies and log files and personal data disclosed by users through the VESL Platform.

6 CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED.

6.1 Anonymous Data Collected Through Cookies, Log Files and Web Analytics Software. Cookies are data stored on the user’s computer hard drive which contain information about the user. The use of cookies is not linked to personal information, until information is supplied by the user. A user has the option to reject the use of a cookie or delete those already saved in the user’s computer. However, rejection or deletion of cookies may result to limited use of some areas/functions of the website, such as inability to participate in promotional contests or receive notifications of offers. VESL likewise maintains standard web logs that record data about all visitors to the website. These logs may contain the following information:

  • The Internet domain from which the user accessed the site
  • The user’s IP address which is automatically assigned to a specific computer once the computer is connected to the web
  • The browser application, device and operating system used to access the site
  • The date and time the user visited this site
  • The pages viewed on the website
  • The address of the website from which the user linked
  • User ID
  • Ecommerce Order IDs
  • Random unique Visitor ID
  • Time of the first visit for every user
  • Time of the previous visit for every user
  • Number of visits for every user
  • Date and time of the request
  • Title of the page being viewed (Page Title)
  • URL of the page being viewed (Page URL)
  • URL of the page that was viewed prior to the current page (Referrer URL)
  • Screen resolution being used
  • Time in local user’s timezone
  • Files that were clicked and downloaded (Download)
  • Links to an outside domain that were clicked (Outlink)
  • Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed)
  • Location of the user: country, region, city, approximate latitude and longitude (Geolocation)
  • Main Language of the browser being used (Accept-Language header)
  • User Agent of the browser being used (User-Agent header)

6.1.1 Information obtained by VESL through the use of cookies to enable us to track and aggregate clickstream behavior data which will allow us to better target the interests of our users and enhance the overall experience on the website and Platform.

6.1.2 We use the information obtained from web logs and clickstream information to help us design the website and improve the Platform, identify popular site features and to make the site more useful for visitors. Web logs are recorded in sequential files, and VESL does not normally attempt to identify individuals from these logs. However, the web logs may be used to identify persons attempting to break into, gain control, disrupt, or damage the website.

6.2 Use of the VESL Platform. In addition to the data collected through cookies and log files, we may also collect and process any personal data that you voluntarily disclose to us when you register and use the VESL Platform. We collect varying categories of personal data depending on the type of user. This data is necessary for the VESL Platform’s operations and for you to obtain the services that you need.

6.2.1 Administrator Information: Name, Designation, Mobile Number, Email Address, Government Issued Identification, Signature

6.2.2 Company Information: Company Name, Company Address, ZIP/Postal Code, Country, Company Type, Company Registration Number, Tax Identification Number, Lender Company Name, Contact Number, Contact Person, Contact Email Address

6.2.3 Transactional Information, Information on Company Losses, Information on the Company’s Credit Management, Information on Buyers, Loans

6.2.4 Information contained in required transactional documents, including invoices, transport documents, proof of acceptance of goods/services, contracts

6.2.5 Communications between you and other users on the VESL Platform

6.2.6 Any information you disclose through your communications with authorized VESL representatives

7 PURPOSES FOR COLLECTION AND USE

When you upload, submit, store, send or receive content through the Platform, or when you communicate with us, your personal data will be used for the following purposes:

7.1 To facilitate the requested services on the VESL Platform;

7.2 To address your questions and concerns;

7.3 To deliver notices and other communications regarding your transactions on the VESL Platform;

7.4 To process payments; where payments are to be processed by third party payment processors, you shall be subject to their respective privacy policies;

7.5 To communicate with you through any communication channel regarding any questions, concerns, or complaints that you may have in relation to your use of the website and the VESL Platform, your transactions, and exercise of your data privacy rights;

7.6 Improvement of the website and the VESL Platform;

7.7 To conduct direct marketing activities, such as e-mail announcements and other promotional activities;

7.8 To comply with statutory and regulatory requirements, including directives, issuances by, or obligations of VESL to any competent authority, regulator, supervisory body, enforcement agency, exchange, court, quasi-judicial body, or tribunal;

7.9 To enable VESL to exercise sound corporate governance over its businesses, ensure that risks arising therefrom are duly identified, measured, managed and mitigated, and enhance risk assessment and prevent fraud;

7.10 To conduct company audits, investigate complaints and security threats;

7.11 Other legitimate business purposes;

7.12 To establish, exercise, or defend legal claims;

7.13 Fulfill any other purposes directly related to the above-stated purposes.

8 THIRD PARTY DISCLOSURES

In order for you to use the VESL Platform and complete your requested transaction, it is necessary for your personal data to be disclosed to our partners:

8.1 Business Partners, including insurers, lenders, reinsurers, brokers, agents, third party service providers, and purchase order fulfillment companies in order to fulfill and/or deliver services and/or products;

8.2 Service providers including payment providers, software developers, cloud storage providers, legal and auditing services providers, other information technology providers

8.3 Affiliates and Subsidiaries

8.4 Law enforcement, regulatory agencies, and other government authorities. Only upon valid request of the relevant government authority.

8.5 You expressly consent that the following information will be shared with our third party credit information and background investigation services partner for the creation of a credit information portfolio and credit risk analysis model: Name, Address, Date of Birth (where applicable), Company Name, Company Address, ZIP/Postal Code, Country, Company Type, Company Registration Number, Tax Identification Number, Lender Company Name, Products Sold, Credit Data, Loan Date, Outstanding Balance, Currency, Lender Name, Account Status, Invoice Date, Invoice Amount, Invoice Status.

8.6 Collaborations, mergers, and acquisitions. We reserve the right to transfer or assign the personal data we have collected from you in the event VESL enters into product and service collaborations with third parties, is acquired by, or enters into a merger with, a third party, or in the event we undergo any other form of reorganization. In certain limited circumstances, our business partners may have a contractual right to obtain a copy of your contact information and to contact you if VESL is unable to fulfill our contractual obligations to those parties.

8.7 We may share your personal data when we believe in good faith that access, use, preservation or disclosure of such information is reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues on the VESL Platform and in order to protect the rights, property, and security of VESL, its clients, or the public, as may be required or permitted by law.

8.8 Your anonymized data may be shared with marketers and advertisers for VESL’s promotional purposes. In no instance will these marketers and advertisers be able to contact you for direct marketing purposes.

9 OPT OUT

You may inform us of the specific personal information you do not want to be processed beyond the requested purpose. We will respect your request in so far as it is feasible to fulfill the purposes for which the personal data was collected.

10 DATA STORAGE

We will retain your personal data for as long as you maintain an account on the VESL Platform and for five (5) years after the deletion of your account, and as may be required by law. Your data will be stored on the secure servers of our third party service providers, which may be located in different locations, depending on the service provider. You may, at any time, request for the deletion of your personal data by contacting us if you no longer wish to keep your account. We will promptly anonymize your data from our servers upon receipt of your request. Please note that request for deletion with VESL does not equate to the deletion of your personal data from the servers and/or other storage facilities of the insurers/brokers or lenders with whom you transacted.

11 DATA SECURITY AND DISPOSAL

VESL shall take commercially reasonable precautions to protect your personal data. Unfortunately, no data transmission over the internet can be considered as 100% secure. However, once the information has been received by VESL, it employs and observes security procedures and policies commensurate with industry standards to safeguard against loss, theft, unauthorized access, destruction, use, modification and disclosure. VESL likewise safeguards your personal data from unauthorized access, through access control procedures, network firewalls and physical security measures. Further, VESL retains your personal information only as long as necessary to fulfill the purposes declared in this Privacy Notice or as maybe required by law. When such purposes are fulfilled, VESL shall anonymize your information.

12 CONFIDENTIALITY OF DATA

Our employees shall operate and hold personal data under strict confidentiality. They are required to sign non-disclosure agreements and have received training on the company’s privacy and security policies to ensure confidentiality and security of personal data.

13 RIGHTS OF THE DATA SUBJECT

You are entitled to the following rights:

13.1 The right to be informed on whether your personal information shall be, are being or have been processed;

13.2 Be furnished with the information indicated below before the entry of your personal information into the processing system of the personal information controller, or at the next practical opportunity:

13.2.1 Description of the personal information to be entered into the system;

13.2.2 Purposes for which they are being or are to be processed;

13.2.3 Scope and method of the personal information processing;

13.2.4 The recipients or classes of recipients to whom they are or may be disclosed;

13.2.5 Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;

13.2.6 The identity and contact details of the personal information controller or its representative;

13.2.7 The period for which the information will be stored; and

13.2.8 The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.

13.3 Any information supplied or declaration made to you on these matters shall not be amended without prior notification: Provided, that the notification under subsection 12.2 shall not apply should the personal information be needed pursuant to a subpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, or when the information is being collected and processed as a result of legal obligation;

13.4 Reasonable access to, upon demand, the following:

13.4.1 Contents of your personal information that were processed;

13.4.2 Sources from which personal information were obtained;

13.4.3 Names and addresses of recipients of the personal information;

13.4.4 Manner by which such data were processed;

13.4.5 Reasons for the disclosure of the personal information to recipients;

13.4.6 Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect you;

13.4.7 Date when your personal information was last accessed and modified; and

13.4.8 The designation, or name or identity and address of the personal information controller.

13.5 Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information has been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, that the third parties who have previously received such processed personal information shall be informed of its inaccuracy and its rectification upon your request;

13.6 Suspend, withdraw or order the blocking, removal or destruction of your personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected; and

13.7 Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

13.8 Right to data portability - where personal information is processed by electronic means and in a structured and commonly used format, you have the right to obtain from the personal information controller a copy of data undergoing processing in an electronic or structured format, which is commonly used and allows for further use.

14 QUESTIONS AND CONCERNS

If you have further questions or concerns about this data privacy notice, you may contact our Data Privacy Team through info@vesltradefinance.com