When you create an account, we collect your name, email address, contact number, and other relevant information.

When you create a campaign or make a donation, we collect information related to the campaign and transaction, including payment details.

When you contact us for support or with inquiries, we collect information such as your name, email address, and the content of your communications.

We automatically collect information about your interactions with our platform, including IP addresses, browser types, operating systems, pages viewed, and the dates/times of your visits.

We use cookies and similar technologies to collect data on your usage patterns and preferences.

We collect data related to your social interactions on the platform, such as friend connections, in-app messages, and notifications.

To facilitate the creation and management of campaigns, process donations, and enhance the functionality of our platform.

To communicate with you regarding your account, respond to your inquiries, provide customer support, and send you updates about our services.

To personalize your experience on our platform by remembering your preferences and customizing the content we provide.

To protect our platform, users, and stakeholders from fraud, abuse, and other illegal activities. This includes complying with legal obligations and regulatory requirements.

To analyze usage patterns and trends to improve our platform's performance, user experience, and the services we offer.

To send you marketing communications about our services, offers, and events that may be of interest to you, provided you have given your consent to receive such communications.

To trigger engagement through in-app and push notifications, as well as maintaining a live activity stream. This includes notifying friends about your donation activities (unless you choose to donate anonymously) and allowing you to see your friends' donation activities.

We share personal data with trusted third-party service providers who assist us in operating our platform, conducting our business, or providing services to you, such as payment processors, hosting providers, and customer support services. These service providers are bound by confidentiality obligations and are only permitted to use your data for the purposes specified by us.

We may disclose your personal data to comply with legal obligations, such as responding to subpoenas, court orders, or other legal processes, or to establish or exercise our legal rights or defend against legal claims.

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal data.

We may disclose your personal data when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our terms of service, or as evidence in litigation in which we are involved.

We may share your personal data with third parties when you have provided your explicit consent for us to do so.

We may share your donation activities with your friends on the platform through notifications and live activity streams, unless you choose to donate anonymously.

We obtain explicit consent from you when you register on our platform, create or donate to a campaign, or otherwise provide us with your personal data.

In certain situations, your consent may be implied through your actions, such as when you voluntarily provide personal data during communications with us, use social features, or when you use our platform.

You may withdraw your consent for the collection, use, or disclosure of your personal data at any time by contacting our Data Protection Officer (DPO). Upon receiving your request, we will inform you of the likely consequences of withdrawing consent and will cease to collect, use, or disclose your personal data unless permitted or required by law.

If there are any changes to the purposes for which your personal data was collected, we will seek your consent for the new purposes before using your personal data in a manner consistent with the updated purposes.

Immediately upon discovering a potential data breach, we will assess the situation, contain the breach to prevent further unauthorized access, and mitigate any potential harm.

We will notify the Personal Data Protection Commission (PDPC) of the breach as soon as practicable, and in any case, no later than 72 hours after determining that a breach has occurred.

If the breach is likely to result in significant harm or impact, we will notify the affected individuals as soon as practicable. The notification will include:

• A description of the data breach.

• The type of personal data involved.

• Steps taken to contain the breach and mitigate its impact.

• Measures you can take to protect yourself from potential harm.

• Contact information for further assistance.

We will conduct a thorough investigation to determine the cause of the breach and implement measures to prevent future occurrences. This may include enhancing security protocols, conducting staff training, and reviewing our data protection policies.

To initiate a data portability request, please contact our Data Protection Officer (DPO) at the provided contact information. Your request should include sufficient details to identify the personal data you wish to be transferred and the organization to which the data should be sent.

We will verify your identity to ensure that the request is legitimate. This may involve requesting additional information or documentation from you.

Once your identity is verified, we will process your request and prepare your personal data for transfer. We will ensure that the data is in a structured, commonly used, and machine-readable format.

We will transfer your personal data to the specified organization in a secure manner, using appropriate safeguards to protect the data during transit.

You will be notified once the transfer is complete. If there are any issues or delays in processing your request, we will inform you promptly.

To request access to your personal data, contact our Data Protection Officer (DPO) at the provided contact information. Your request should include sufficient details to identify the personal data you are requesting access to.

We will verify your identity to ensure that the request is legitimate. This may involve requesting additional information or documentation from you.

Once your identity is verified, we will process your request and provide you with a copy of your personal data. We will make reasonable efforts to respond to your request within 30 days. If additional time is needed, we will inform you of the reasons for the delay.

We may charge a reasonable fee for the processing of access requests to cover administrative costs. We will inform you of any fees before processing your request.

To request correction of your personal data, contact our DPO at the provided contact information. Your request should specify the data to be corrected and provide evidence to support the correction.

We will verify your identity to ensure that the request is legitimate. This may involve requesting additional information or documentation from you.

Once your identity is verified and the evidence for correction is reviewed, we will correct your personal data as requested. We will make reasonable efforts to respond to your request within 30 days. If additional time is needed, we will inform you of the reasons for the delay.

If we have shared your personal data with third parties, we will notify them of the correction, unless it is impractical or unlawful to do so.

We have appointed a Data Protection Officer who is responsible for overseeing our data protection strategy and ensuring compliance with the PDPA. The DPOʼs responsibilities include:

• Developing and implementing data protection policies and practices.

• Conducting regular audits and assessments to ensure compliance.

• Providing training and guidance to employees on data protection matters.

• Serving as the point of contact for data protection inquiries and requests.

We have established comprehensive data protection policies and practices to ensure the secure and lawful handling of personal data. These policies cover:

• Data collection, use, and disclosure procedures.

• Data storage and security measures.

• Procedures for handling data breaches.

• Guidelines for data retention and disposal.

We conduct regular audits and assessments to evaluate our compliance with data protection laws and our internal policies. These audits help identify and mitigate potential risks to personal data.

We provide regular training and awareness programs for our employees to ensure they understand their responsibilities regarding data protection. This includes training on the PDPA, our internal policies, and best practices for data security.

We continuously monitor our data protection practices and review our policies to ensure they remain effective and up-to-date with changes in laws and technology. This proactive approach helps us maintain a high standard of data protection.

We use industry-standard encryption technologies to protect your personal data during transmission and storage.

We implement strict access controls to ensure that only authorized personnel can access your personal data. This includes the use of unique user IDs and passwords, multi-factor authentication, and role-based access permissions.

Our systems are protected by firewalls and intrusion detection systems to prevent unauthorized access and monitor for suspicious activity.

We have established comprehensive data protection policies that outline our procedures for handling personal data securely.

We provide regular training to our employees on data protection best practices, ensuring they understand their responsibilities in safeguarding personal data.

We have an incident response plan in place to address potential data breaches promptly and effectively. This includes procedures for containment, investigation, notification, and remediation.

Our data centers and offices are equipped with physical security measures, such as access controls, surveillance cameras, and alarm systems, to protect against unauthorized access.

We ensure that personal data is securely disposed of when it is no longer needed, using methods such as shredding, degaussing, or secure electronic deletion.

Users can choose to donate anonymously, in which case their donation activity will not be published or sent to friends.

Users can manage their privacy settings to control what information is shared with friends and on the activity stream.

Personal data related to your account and transactions will be retained for as long as you maintain an active account with us and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.

If you have consented to receive marketing communications from us, we will retain your contact information until you opt- out or withdraw your consent.

We retain personal data as required by applicable laws and regulations, such as tax laws, financial reporting requirements, and other regulatory obligations.

We regularly review the personal data we hold and ensure that it is relevant and necessary for our ongoing operations.

When personal data is no longer needed, we securely dispose of it using appropriate methods such as shredding, degaussing, or secure electronic deletion to prevent unauthorized access or use.

We maintain records of our data retention and disposal practices to demonstrate compliance with legal and regulatory requirements and our internal policies.

WTo withdraw your consent, please contact our Data Protection Officer (DPO) at the provided contact information. Your request should include sufficient details to identify your personal data and the specific consent you wish to withdraw.

We will verify your identity to ensure that the request is legitimate. This may involve requesting additional information or documentation from you.

Upon receiving your request, we will cease the collection, use, or disclosure of your personal data for the specified purposes, unless the withdrawal of consent affects our ability to fulfill our obligations to you.

We will inform you of the likely consequences of withdrawing your consent, including how it may affect your ability to use certain features of our platform or receive certain services.

We will update our records to reflect your withdrawal of consent and ensure that your personal data is no longer used for the specified purposes.

Even after you withdraw your consent, we may retain your personal data if required or permitted by law. This includes retaining data necessary for legal or contractual obligations, such as financial records or data required for dispute resolution.

Please allow a reasonable period for us to process your withdrawal request and update our records. We will strive to complete this process as quickly as possible.

Please allow a reasonable period for us to process your withdrawal request and update our records. We will strive to complete this process as quickly as possible.

Withdrawing consent may affect your ability to use certain features of our platform or receive certain services. We will inform you of any such impact and suggest alternative arrangements where possible.

External websites may have their own privacy policies and practices, which may differ from those of 3 Degrees. We encourage you to review the privacy policies of any external websites you visit to understand their data protection practices.

The inclusion of links to external websites on our platform does not imply endorsement of their content, products, or services by 3 Degrees.

When you visit external websites through links provided on our platform, those websites may collect personal data from you independently of 3 Degrees. We do not control or monitor how your personal data is collected, used, or disclosed by these external websites.

Any personal data you provide to external websites is governed by their respective privacy policies. 3 Degrees is not responsible for any loss or damage arising from your interaction with these external websites.

Be aware that external websites may have different security measures in place, and accessing these websites may involve certain risks. Always exercise caution and use your discretion when sharing personal data with external websites.

If you encounter any issues or have concerns about the privacy practices of external websites linked from our platform, please let us know. We will consider your feedback in our ongoing efforts to provide a safe and secure user experience.

If we become aware that we have inadvertently collected personal data from a child under the age of 18 without verifiable parental consent, we will take steps to delete such information from our records.

Parents or guardians who believe that their child has provided us with personal data without their consent can contact our Data Protection Officer (DPO) to request the deletion of the childʼs information.

In cases where parental consent is obtained, we will use the child's data solely for the purposes for which it was collected and as agreed upon by the parent or guardian.

We implement appropriate security measures to protect children's personal data in accordance with this privacy policy and applicable laws.

We provide information and resources to help parents understand our data practices and how to protect their childrenʼs privacy online.

We only transfer your personal data to third parties in countries that have been recognized to provide an adequate level of data protection, or where we have implemented appropriate safeguards to protect your data.

In the absence of an adequacy decision, we may use standard contractual clauses approved by relevant authorities to ensure that your personal data receives an adequate level of protection.

Your personal data may be stored and processed on servers located in different countries, including those outside of Singapore. We select reputable cloud service providers who comply with stringent data protection standards.

Our data centers are equipped with advanced security measures to protect your personal data from unauthorized access, use, or disclosure.

Regardless of where your personal data is transferred, we ensure that it remains subject to the same high level of protection as required by Singapore's PDPA.

By using our platform and providing your personal data, you consent to the international transfer, storage, and processing of your data as described in this Privacy Policy.

We conduct regular audits of our international data transfer practices to ensure compliance with applicable laws and our internal policies.

We continuously monitor changes in data protection regulations to ensure that our practices remain compliant with legal requirements.

Kelvin Tjia

[email protected]

+65 6908 0630

1 Kim Seng Promenade #13-04, Great World City, Singapore 237994

For any inquiries or requests, you can reach out to our DPO via email. We strive to respond to all emails within 7 business days.

For urgent matters, you can contact our DPO by phone during our business hours.

You can also send written correspondence to our office address. Please ensure that you provide sufficient details to facilitate a prompt response.

We value your feedback on our privacy practices and welcome any suggestions for improvement. Please send your feedback to our DPO using the contact information above.

If you believe that your privacy rights have been violated or if you have any complaints regarding our handling of your personal data, please contact our DPO. We will investigate and address your complaint in accordance with our internal procedures and legal requirements.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. We will notify you of any significant changes through our platform or by email.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

If we make significant changes to this Privacy Policy, we will provide a clear and conspicuous notice on our platform or notify you by email. The notice will include a summary of the changes and their effective date.

For minor changes that do not materially affect your rights, we may not provide individual notifications but will update the Privacy Policy on our platform.

The updated Privacy Policy will become effective on the date specified in the notice. By continuing to use our platform after the effective date, you consent to the updated Privacy Policy.

Any personal data you provide to external websites is governed by their respective privacy policies. 3 Degrees is not responsible for any loss or damage arising from your interaction with these external websites.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our platform constitutes your acceptance of any changes to this Privacy Policy.

If you have any questions or concerns about changes to this Privacy Policy, please contact our Data Protection Officer (DPO) using the contact information provided in the Contact Information section.