AweSeed Game Privacy Policy

Welcome to use AweSeed Game Edition App (PC, iOS) or GameLink Global App (Android) (collectively referred to as “AweSeed Game”). This Privacy Policy (“this Policy”) applies to the AweSeed Game mobile application, website, software and related services (collectively referred to as the “Services”). We will provide Services to individual and corporate users (“you”). This Policy explains how AWERAY (“we”, “us”, or the “Company”) collects, uses, and shares your personal data when you use our Services. We attach great importance to the protection of your privacy and personal data. We process your personal data in strict accordance with this Policy and the data privacy laws and regulations applicable in your jurisdiction. Given that we provide Services on a global scale, special provisions applicable to specific jurisdictions are set out in the Appendix.

This Policy does not apply to products or services that are accessed through our mobile application, website, software and related services that are provided to you by third parties, such as third-party websites displayed in our products or services. It is important to note that when you use a third-party product or service, your personal data protection shall apply to that third party's privacy policy.

Please read this Policy carefully to get a clear understanding of our processing of your personal data. If you have questions relating to the processing of personal data, you can contact us through the contact details listed in this Policy.

TABLE OF CONTENTS

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA
2. COLLECTION AND USE OF PERSONAL DATA
3. TRANSFER OF PERSONAL DATA
4. RETENTION OF PERSONAL DATA
5. CROSS-BORDER TRANSFER OF PERSONAL DATA
6. RIGHTS REGARDING PERSONAL DATA
7. NEWSLETTER
8. PROTECTION OF PERSONAL DATA
9. MINOR'S PERSONAL DATA
10. COOKIES AND OTHER TECHNOLOGIES
11. CHANGES TO THIS POLICY
12. HOW TO CONTACT US
13. LEGAL APPLICATION & DISPUTE RESOLUTION

APPENDIX. SPECIFIC PROVISION FOR DIFFERENT JURISDICTIONS

1. EUROPE
2. THE UNITED STATES
3. SOUTH KOREA
4. SINGAPORE
5. INDONESIA
6. VIETNAM
7. THAILAND
8. MALAYSIA

1. Who is Responsible for the Processing of Your Personal Data

For information regarding the identity of the entity responsible for processing your personal data, please refer to the entities located in different countries or regions disclosed in the*** Appendix: Specific Provision for Different Jurisdictions***.***

2. Collection and Use of Personal Data

We will only process your personal data for the purpose of providing functions when you use our services. You will only be required to provide personal data that is absolutely essential, while you can provide other personal data on a voluntary basis. We will indicate whether input fields are mandatory or optional and explain the impact or consequences when you do not provide the information. We will collect your information through means such as your active provision, system collection, and data received from third parties. We will inform you concerning the specific details in the relevant section of this Policy.

2.1 Registration and Login

You can register to use certain functions on our services. During the registration process, you are required to provide the requested information, including UID, email address, and password. Additionally, you have the option to log in to our services using a third-party platform account, such as a Google or Apple account. In such cases, we will collect your email address. As part of the registration process, we will request your consent to use the aforementioned data. We use your personal data to assist you in completing user registration and to provide you with products or services.

A user account will be created for you when you register. We will retain the data in the user account for as long as an active user relationship exists. If no further activity is detected over an extended period, the status of the user relationship will be set to inactive. You have the right to request that we delete your user account at any time on the condition that there are no violations or other circumstances on your part that may impede the cancellation of the account.

2.2 Account Settings

You can set your account in the AweSeed Game platform. During this process, we will collect your email address. We use your personal data to help you to complete account settings.

The account data is only saved for as long as an active user relationship exists, after which it is deleted or anonymized.

2.3 Supply products or services

When you use AweSeed Game, we will collect your personal data according to the actual circumstances.

To provide you with online gaming functions, we will collect your device name, virtual IP, VPNID, DNS, and domain name.

In addition, when you use our services through the App, we will request to obtain your device permissions at appropriate times, including system VPN permissions, storage permissions, device information permissions, etc. These permissions are used for corresponding business purposes, such as storing logs, scanning codes to log in to the client, and ensuring security.

The aforementioned information is only saved for the duration of the account's existence or the shortest time required, after which it is deleted or anonymized.

2.4 Payment Services

If you wish to purchase membership and other premium functions or versions, you can use third-party payment functions for payment, with payment service providers including Apple Pay and Google Pay. If you pay via Apple Pay, your payment information will be collected directly by them; if you pay via Google Pay, we will collect your payment information, such as payment account, transaction information, payment amount, order number, and payment status, to complete the transaction, verify the payment result, and further determine whether to provide you with the corresponding purchased services. The above-mentioned payment information will be transmitted to the third-party payment service providers for purposes such as initiating payments, processing subscriptions/renewals/changes, etc.

Further information on the processing of data by Apple Pay and Google Pay, as well as your rights and options for privacy, can be found at:

- https://www.apple.com/legal/privacy/data/en/apple-pay/

- https://payments.google.com/payments/apis-secure/get_legal_document?ldt=privacynotice&ldl=zh_CN&ldr=US&utm_source=walletweb

The aforementioned information is only saved for the duration of the account's existence or the shortest time required, after which it is deleted or anonymized.

2.5 Operation Stability

Every time you use our services, we keep record of your web log, your operating information of browsing, purchasing and other activities. Operating information we collect including IP address, user agent, operating system, login time, system name, system version, system language, and device information (IMEI, IDFA, OPENUDID, Android ID, GUID, OAID, MAC, IMSI, device model and name).

We use these operating data to audit user in the login process, identify and resolve errors, assess the stability of our services across different browsers and operating systems, and make necessary adjustments or enhancements to our services.

Your operating data is only saved for the storage period stipulated by relevant laws and regulations, after which it is deleted or anonymized.

3. Transfer of Personal Data

We may transfer your personal data to the following categories of recipients. Further, we do not share personal data with third parties for their own marketing purposes.

•Our Affiliates

We may transfer your personal data to our affiliates because they could provide assistance in operation, development and improvement of our services. Our affiliates take organizational and technical measures to safeguard your personal data and never use your personal data in contradiction to this Policy. For information on affiliates, please refer to the entities located in different countries or regions disclosed in the Appendix: Specific Provision for Different Jurisdictions.

•Our Business Partners

We employ business partners to perform functions on our behalf. Examples include the Cloud service provider, the data analysis provider, the web monitoring service provider, the sales& marketing service provider, and the customer services provider. These business partners may have access to personal data needed to perform their functions, but may not use it for other purposes. Further, they must process the personal data in accordance with this Policy and as permitted by applicable data protection laws.

•Public Authorities

We may transfer personal data if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personal data (i) in response to a law enforcement or public agency's request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of end users; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.

We will not transfer the data to third parties without your explicit consent, in particular not for advertising and marketing purposes. Your personal data shall only be transferred if you have given your consent to do so, or if we are entitled or obliged to do so due to legal regulations and/or official or judicial orders. This may especially involve the provision of information for law enforcement purposes, for averting danger, or for enforcing intellectual property rights.

During transmission, we have implemented technical measures such as https encryption transmission protocol, etc. to ensure the data security during the transmission process.

We only use your personal data to provide the services you request. If we cooperated with external service providers in the provision of services, they shall also only access the data for the purpose of providing services. We use technical and organizational measures to ensure compliance with the data protection regulations and also ask for compliance on the part of our external service providers in this respect.

We do not sell your personal data including as "sale" is defined in California. We do "share" your personal data as that term is defined in California law (which essentially means sharing for cross-context behavioral advertising), as detailed below:

Sharing Method	Type of Personal Data Shared Externally	Scenario/Purpose/Use	Name of Personal Data Recipient	Recipient's Country & Server Location	Privacy Policy
SDK	Device information (IMEI, MAC address, Android ID, IDFA), networking information, device serial number	Statistics	Sensors Data Co., Ltd.	China	Click to view third-party Privacy Policy
SDK	IP address, ad interaction data (views, clicks, app launches, video watch progress), diagnostic information (app launch time, hang rate, battery usage, error logs), device identifiers (Advertising ID, App Set ID, user identifiers)	Advertising	Google LLC	United States	Click to view third-party Privacy Policy
SDK	1. Payment Account & Identity Info (User provided): Card number, validity, CVV, bank account (tokenized), Name, phone, email, address, DOB, Government ID (for compliance/risk control), Google Account association info; 2. Transaction Core Info (Auto-collected): Merchant name, order no., amount, currency, time, status, Payment Token; 3. Device & Network Info (SDK Auto-collected for security): Device IDs (Android ID, GAID), model, OS version, serial no., IP address, network type, carrier, Wi-Fi status, Security info (root status, secure lock, app package/version)	When using Google Pay for order payment	Google LLC	United States	Click to view third-party Privacy Policy

4. Retention of Personal Data

Your personal data we collect will remain on the server located in Singapore. These information and materials may be sent to, accessed, stored, and displayed in your country, region, or location where we collect information and materials.

We always delete your personal data as soon as the reason for storing it no longer applies. The data may remain stored beyond this period if this is provided for due to legal requirements to which we are subject, for example in respect of legal retention or documentation obligations. In such an event, we delete your personal data once the requirements cease to apply.

We attach great importance to information security and have established a dedicated technical team to establish systems and procedures that comply with data security technology standards. In addition, we also strive to protect your personal data from being accessed, used, or disclosed by unauthorized access through multiple measures such as access control and security incident handling. But please understand that the rapid development of Internet technology and possible malicious attacks may make the 100% information security impossible, and certain security issues beyond our control may occur. In the event of such scenarios, we will do our utmost to dispose of security incidents in a timely manner.

As one of the preventive measures in advance, we also remind you to strengthen the security of your accounts and information by using more complicated passwords and change it regularly, carefully disclose your personal sensitive information, and pay attention to the settings of device permissions when replacing devices. We will also remind you of new security attacks and precautions in the form of occasional notifications, therefore you shall pay close attention to these notifications.

5. Cross-Border Transfer of Personal Data

You acknowledge and agree that we may access and process personal data on a global basis as necessary to provide the products and services, and in particular that personal data may be transferred to and processed by us in Chinese Mainland, Singapore, the United States and other jurisdictions where our affiliates and business partners have operations.

Wherever personal data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of applicable data protection laws and regulations.

6. Rights Regarding Personal Data

Subject to possible restrictions under applicable laws, as a data subject, you have the right to knowledge, access, rectification, correction, erasure, restriction of processing, objection to a decision based solely on automated processing, data portability and not to be discriminated with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of our legitimate interests. You can also lodge a complaint with a supervisory authority.

We are doing everything possible to ensure that you can successfully exercise your rights in accordance with applicable laws and regulations. When you need to exercise your rights, we may ask you verification question in order to protect your personal data. If you have any questions regarding this Policy or you have a problem exercising your rights, you may send your request in writing to the email address provided in this Policy.

We reserve the right to charge you a reasonable fee for the processing of any data access or correction request where requests are manifestly unfounded or excessive, in particular because of their repetitive character.

Please notice, the types of rights regarding personal data vary across jurisdictions due to differences in applicable laws and regulations. For more detailed information about the specific rights and applicable response times, please refer to the Appendix: Specific Provision for Different Jurisdictions.

7. Newsletter

When you register for our e-newsletter, your email address will be used for our promotional purposes until you unsubscribe. You will regularly receive information via email in this regard on current topics as well as emails for specific events and special promotions. The emails may be personalized and individualized based on the information saved about you.

We use the double-opt-in process when you register for our newsletter, assuming you have not given us your consent in writing. This means that we will only send you a newsletter via email if you have explicitly confirmed to us in advance that we should activate the newsletter mailing. We will then send you a notification email and ask you to confirm by clicking a link in this email that you would like to receive our newsletter. We record the opening of the newsletter and any links that it may contain. In addition, we process the following data in relation to the use of the newsletter: the email program you are using, your browser's operating system, the time of access, and your abbreviated IP address. The legal basis for processing your data is your consent.

If you do not wish to receive this information, we will also provide you with the method to cancel such an information subscription with an unsubscribe link contained in every newsletter. But you will not be able to cancel the subscription of the information that is related to the system service and is not a promotion advertisement. For example, a notification sent to you due to the service suspension caused by system maintenance.

8. Protection of Personal Data

We implement appropriate technical and organizational measures to prevent unauthorized access, to maintain information accuracy and to ensure the correct use of the information we hold. Upon becoming aware of an information breach, we will notify you and the regulatory authorities in accordance with the timescales and scope required by applicable laws and regulations.

We have implemented a system access control policy. The system access privileges are in compliance with the principle of least privilege, ensuring that users can only access the functions and data within their authorized scope. User information is stored in the system database, and the query permissions are managed in a hierarchical manner based on user roles. An internal approval and authorization process has been established, and the operation logs of employees are recorded for auditing purposes.

Additionally, our corporate values, ethical standards, policies and practices are committed to the protections of users. In general, our business practices limit the use and disclosure of such information only to authorized persons, processes and transactions. However, apart from regular controls, absolute protection against all risks is not possible.

No data transmission over the internet or any wireless network can be guaranteed to be perfectly secure. As a result, while we use appropriate technical and organizational measures to protect the information we hold for you, we cannot guarantee the security of any information you transmit over the internet.

9. Minor's Personal Data

We attach great importance to the protection of information about Minors. Our platform services are specifically designed for adults, and we do not actively provide services to minors. If you have not reached the legal age of majority but indeed need to use our products or services according to your requirements, we encourage you to ask your guardian to read this Privacy Policy carefully and use our products or services through your guardian.

If it can be proved that a minor has provided us with personal data without parental or guardian consent, the parent or guardian should contact us to remove the information. You may send your request for erasure in writing to our email address as listed in this Policy.

Please note that the definitions and rights regarding minors or children vary across different jurisdictions due to differences in applicable laws and regulations. For detailed definitions regarding the personal data of minors or children, please refer to the Appendix: Specific Provision for Different Jurisdictions.

10. Cookies and Other Technologies

This section explains how we use cookies and similar technologies (we refer to them collectively as "cookies") to recognize you when you use our services. It explains what these technologies are and why we use them, as well as your rights to control them.

Cookies are small text files stored on your device, which save specific settings and data for exchange with the website via your device. A cookie generally contains the name of the domain from which the cookie file was sent as well as information on the age of the cookie and an alphanumeric identifier.

We use different cookies to evaluate the performance of the website to improve your browsing experience, to personalize content and ads, to analyze our traffic and to continually improve services to you. It should be noted that the strictly necessary cookies placed on the website are necessary for the website to function and cannot be switched off in our systems. You can disable the storage of all other cookies and manually delete previously saved cookies via the website settings. And you can choose to accept or refuse the use of all other cookies at any time. If you choose to reject the use of those cookies, you will still be able to use the website while without them, but the website may not function as you expect it to and this could lead to a poor experience on the website for you. For more information about cookies, please review our Cookie Policy.

11. Changes to this Policy

We may update this Policy from time to time in response to changing legal, technical or business developments.

When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make and as required by applicable laws, such as by posting an amended Policy on the AweSeed Game.

The up-to-date version of the Privacy Policy can be accessed directly via our services at all times. We recommend that you familiarize yourself regularly with any changes to this Policy. For detailed requirements regarding updates to this Policy, please refer to the Appendix: Specific Provisions for Different Jurisdictions.

12. How to Contact us

We have appointed a data protection team to support us in relation to data privacy issues and with whom you can also make contact directly. Our data protection team is available to you to deal with queries relating to our processing of personal data or to provide other information on data privacy issues. We will respond to your requests as required by the applicable law and regulation in your jurisdiction.

Data Privacy Team Contact

·E-mail: contact-global@aweray.com

If you believe that our processing of your personal data does not comply with this Policy or the applicable data protection regulations, you have the right to lodge a complaint with a regulatory authority.

13. Legal Application & Dispute Resolution

This Policy applies to the laws and regulations applicable in your jurisdiction. All disputes arising from or in connection with this Policy or the execution thereof shall be settled through friendly negotiation. In case no settlement can be reached through consultation, you agree to refer the dispute to the courts located in Yangpu District, Shanghai, China, and you consent to personal jurisdiction and waive any objection as to inconvenient forum.

Appendix. Specific Provision for Different Jurisdictions

1. Europe

1. Identity

In the context of the provision of our services in Europe, we are bound by the General Data Protection Regulation (GDPR). Under the GDPR, AWERAY PTE. LTD. constitutes a "Controller."

2. Types of Personal Data, Purposes, and Legal Basis

Under the GDPR, there are six legal basis for processing personal data:

Legal Basis	Definition
Consent	User explicitly authorized
Contract	Necessary for the performance of a contract
Legal obligation	Necessary for compliance with a legal obligation
Vital interests	Necessary to protect the vital interests of a natural person
Public task	Necessary for the performance of a task carried out in the public interest
Legitimate interests	Necessary for the legitimate interests of the enterprise, without infringing on user rights

The types of personal data we process, the purposes, and the legal basis are as follows:

Type of Personal Data	Processing Purpose	Legal Basis
User network identity information (UID, email address)	Account registration and login	Contract
Device name, virtual IP, VPNID, DNS, domain name	Provide online gaming functions	Contract
Transaction information, payment account, payment amount, order number, and payment status	Complete transactions, verify payment results, and further determine whether to provide corresponding purchased services	Contract
Operational information regarding web logs, browsing, purchasing, etc., including: IP address, User Agent, operating system, login time, system name, system version, system language, device information (IMEI, IDFA, OPENUDID, Android ID, GUID, OAID, MAC, IMSI, device model and name)	Audit user identity during login, identify and resolve errors, assess the stability of our services on different browsers and operating systems, and make necessary adjustments or optimizations to the service; Device information is used to identify devices, perform information push, compatibility judgment, and security assurance functions.	Legitimate interests

3. Rights under GDPR

   (1) Right of access: you have the right to obtain from the us confirmation as to whether or not your personal data are being processed; you can also request a copy of your personal data that are undergoing processing.

   (2) Right to rectification: you have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data.

   (3) Right to erasure ('right to be forgotten'): you have the right to obtain from us the erasure of personal data if the following circumstances occur:

   •the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

   •when you withdraw consent on which the processing is based, and there is no other legal ground for the processing;

   •when you object to the processing, and there are no overriding legitimate grounds for the processing;

   •the personal data have been unlawfully processed;

   •the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

   •the personal data have been collected in relation to the offer of information society services for children under the age of 16.

   (4) Right to restriction of processing: you have the right to obtain from us the restriction of processing where one of the following applies:

   •the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data;

   •the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

   •we no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

   •you have objected to processing, pending the verification whether the legitimate grounds of us override those of yours.

   (5) Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller provided that (a) the processing is based on consent; and (b) the processing is carried out by automated means. (6) Right to object: you have the right to object to data processing based on specific reasons, including: (a) processing based on legitimate interests; (b) processing based on public interest or official authority; (c) when personal data is used for direct marketing, you can object at any time; (d) for scientific, historical research, or statistical purposes, unless it involves public interest. (7) Right not to be subject to automated decision-making (including profiling): you have the right not to be subject to decisions based solely on automated processing, especially when the decision has legal consequences or significantly affects the data subject. (8) Right to complaint: If you are of the opinion that our processing of your personal data by us is not in compliance with this Policy or the applicable data protection regulations, you have the right to make a complaint to a regulatory authority. Complaint channel: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

We will respond to your requests within one month or two months (if the request is complex or you have made a number of requests).

4. Children's Personal Data

Children are not the intended audience of our services, and we do not knowingly collect or maintain any data from children under the age of 16. If you believe that we may hold any data provided by or involving a child under the age of 16, please contact us through the contact details in "12. How to Contact Us."

2. The United States

1. Definitions

The term "Personal Information" refers to "personal data," "personal information," or other similar terms, and "Sensitive Personal Information" refers to "sensitive personal information," "sensitive data," or other similar terms, as defined by state privacy laws, but such terms do not include information exempted by state privacy laws.

2. Identity

This part is intended to assist California customers to be informed of their rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in the first instance. As we provide a single form of services, this part also applies to customers in other regions in the United States. Under the CCPA and CPRA, AWERAY PTE. LTD. constitutes the "business".

3. Processing of Personal Information in the Past 12 Months

Type of Personal Information	Statutory Category	Purpose
UID, email address	Identifiers	Business Purpose: Account registration and login
Password	Sensitive Personal Information	Business Purpose: Account registration and login
Device name, virtual IP, VPNID, DNS, domain name, IP address, User Agent, device name, device model, operating system, application version, system name, system version, system language, device information (IMEI, IDFA, OPENUDID, Android ID, GUID, OAID, MAC, IMSI, device model and name)	Identifiers / Internet or other electronic network activity information	Business Purpose: Provide product basic functions and online gaming functions, verify login devices, and assess network environment; Device information is used to identify devices, perform information push, compatibility judgment, and security assurance functions
Transaction information, payment account, payment amount, order number, payment status, interested products	Personal Records	Business Purpose: Complete transactions, verify payment results, and further determine whether to provide corresponding purchased services
Operational information regarding web logs, browsing, purchasing, etc., login time	Internet or other electronic network activity information	Business Purpose: Audit user identity during login, identify and resolve errors, assess the stability of our services on different browsers and operating systems, and make necessary adjustments or optimizations to the service

4. California Privacy Rights

California consumers have a right to knowledge, access, correction, and deletion of their personal data under the CCPA and CPRA. California consumers also have a right to opt out of the sale or sharing of their personal data by a business, and a right not to be discriminated against for exercising their California privacy rights.Rights are explained as follows:

(1) Right to Know and Access: You have the right to know the details of the personal information we collect, use, disclose, sell, or share, and request specific copies thereof.

(2) Right to Correct: If the personal information we hold about you is inaccurate, you have the right to request correction.

(3) Right to Delete: Except for specific exceptions provided by law, you have the right to request that we delete your personal information.

(4) Right to Opt-Out: You have the right to request that we stop "selling" or "sharing" (for cross-context behavioral advertising) your personal information to third parties.

(5) Right to Limit Use: You have the right to request that we limit the use of sensitive personal information to what is necessary to provide services.

(6) Right to Non-Discrimination: When you exercise the above rights, we will not deny you services or provide services of different quality because of this.

We do not sell the personal data of California consumers as those terms are defined under California law, and do not discriminate in response to privacy rights requests. We also do not use or disclose sensitive personal data for any purposes that would require a user to exercise a right to limit according to California law.

We do engage in sharing California consumers' personal data (as defined by California law), and you have the right to request that we stop sharing your personal information.

We will respond to the consumers' requests within 45 days.

5. Do Not Track

We do not track our customers over time and across third-party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals.

6. Children Under 13

Children are not the intended audience of our services, and we do not knowingly collect or maintain any data from children under the age of 13. If you believe that we may hold any data provided by or involving a child under the age of 13, please contact us through the contact details in "12. How to Contact Us."

3. South Korea

1. Identity

In the context of the provision of our services in South Korea, we are bound by the Personal Information Protection Act (PIPA). AWERAY PTE. LTD. constitutes "controller" under the PIPA.

2. Rights under PIPA (1) Right to be informed: you have the right to obtain detailed information on the processing of your personal data.

(2) Right of access: you may request to access your personal data.

(3) Right to transfer: you may also request us to provide a copy of your personal data and to transfer it. You may request the transfer to yourself or to an institution specifically managing personal data. The transfer request may be withdrawn.

(4) Right to rectification and erasure: you may request us to rectify or erase your personal data. However, erasure is not allowed if the personal data is required to be collected under laws or regulations.

(5) Right to suspend processing: you may request us to suspend the processing of your personal data, and you have the right to withdraw your consent.

(6) Right to object to automated decision-making: If the processing of your personal data through fully automated systems (including artificial intelligence) has a significant impact on your rights or obligations, you have the right to object to the relevant decision. Additionally, you may request us to explain the automated decision that has already been made.

(7) Right to claim compensation: If you have suffered damage due to the violation of this law by us, you have the right to claim compensation for such damage from us.

4. Singapore

1. Identity

In the context of the provision of our services in Singapore, we are bound by the Personal Data Protection Act 2012 (PDPA). AWERAY PTE. LTD. constitutes "organization" under the PDPA.

2. Measures to Ensure the Accuracy

To ensure the accuracy of the personal data we collect and hold, you agree not to submit any information to us which is inaccurate or misleading, and you agree to inform us of any inaccuracies or changes to such information. We reserve the right at our sole discretion to require further documentation to verify any information provided by you.

3. Rights under PDPA

1. Right of access: you have the right to be informed about the personal data we held, and the use and disclosure of such data in the year preceding your request for access. We will respond to your request for access as soon as reasonably possible.
2. Right to rectification: you have the right to correct inaccuracies and to complete incomplete personal data about you.

We will respond to your request for rectification as soon as practicable.

5. Indonesia

1. Identity

In the context of the provision of our services in Indonesia, we are bound by the Law No. 27 of 2022 on Personal Data Protection (PDPL). AWERAY PTE. LTD. constitutes "controller" under the PDPL.

2. Rights under PDPL (1) Right to be informed: you have the right to request the information regarding the purpose of processing, and our responsibilities.

(2) Right to completion and rectification: you have the right to request the completion of inaccurate personal data or the rectification of errors.

(3) Right of access and right to obtain a copy: you have the right to access their personal data and obtain a copy of it.

(4) Right to erasure: you have the right to request the termination of processing, deletion, and/or destruction of your personal data.

(5) Right to withdraw consent: you have the right to withdraw consent to the processing of your personal data that has been granted to us.

(6) Right to object to automated decision-making: you have the right to object to decisions made solely based on automated processing.

(7) Right to delay or restrict processing: you have the right to delay or restrict the processing of your personal data based on the purpose of the processing of personal data.

(8) Right to complain and claim compensation: you have the right to file a lawsuit against violations in the processing of your personal data and to obtain compensation in accordance with relevant laws and regulations.

(9) Right to data portability: you have the right to obtain and/or use your personal data from us in a format that is structured, commonly used, and machine-readable. You also have the right to transfer your personal data to another data controller, provided that the systems used can communicate securely.

6. Vietnam

1. Identity

In the context of the provision of our services in Vietnam, we are bound by the Decree No. 13/2023/ND-CP on the Protection of Personal Data (PDPD). AWERAY PTE. LTD. constitutes "controller" under the PDPD.

2. Rights under PDPD (1) Right to be informed: you have the right to be informed about the processing of your personal data.

(2) Right to decide (right to consent and right to withdraw consent): you have the right to give consent to the processing to withdraw consent.

(3) Right of access: you have the right to access personal data in order to view, modify, or request rectification.

(4) Right to erasure: you have the right to delete or request the deletion of personal data.

(5) Right to restrict processing: you have the right to request the restriction of processing of your personal data.

(6) The restriction of processing of personal data will be implemented within 72 hours after receiving the request from you.

(7) Right to data portability: you have the right to request us to provide you with their personal data.

(8) Right to object to processing: you have the right to object to the processing of your personal data, in order to prevent or limit the disclosure of personal data or the use of personal data for advertising and marketing purposes. We will respond to your request within 72 hours after receiving it.

(9) Right to complain, report, and litigate: you have the right to file complaints, reports, and lawsuits in accordance with legal provisions.

(10) Right to compensation for damages: When personal data protection regulations are violated and cause damage to the data subject, you have the right to claim compensation in accordance with legal provisions.

(11) Right to self-protection: you have the right to exercise right to self-protection or to request that competent authorities and organizations implement measures for the protection of your civil rights.

7. Thailand

1. Identity

In the context of the provision of our services in Thailand, we are bound by the Personal Data Protection Act, B.E. 2562 (2019) (PDPA). AWERAY PTE. LTD. constitutes "controller" under the PDPA.

2. Rights under PDPA

(1) Right to withdraw consent: you may withdraw consent at any time.

(2) Right of access and right to obtain a copy: you have the right to access the personal data processed by us and to obtain a copy of the personal data.

(3) Right to receive and transfer: you have the right to obtain personal data from us and to request us to send or transfer your personal data to another controller.

(4) Right to object: you may, at any time, object to the collection, use, and disclosure of personal data by us in specific circumstances.

(5) Right to erasure, destruction, and anonymization: you have the right to request the us to delete, destroy, or anonymize personal data in specific circumstances.

(6) Right to restrict processing: you have the right to restrict the processing of your personal data.

(7) Right to rectification and completion: you have the right to request that the personal data held by us be accurate, up-to-date, complete, and not misleading.

(8) Right to lodge a complaint: you have the right to lodge a complaint against us or other processors for the unlawful processing of personal data.

For requests to exercise the right of access and the right to obtain a copy, a response should be provided without undue delay and no later than 30 days after receiving the request. For requests to exercise the right to object, the objection will immediately become effective.

8. Malaysia

1. Identity

In the context of the provision of our services in Malaysia, we are bound by the Akta Perlindungan Data Peribadi 2010 (PDPA). AWERAY PTE. LTD. constitutes "controller" under the PDPA.

2. Rights under PDPA

(1) Right to be informed, right of access, and right to obtain a copy: you have the right to be informed whether your personal data is being processed. You can submit a written request to access their personal data.

(2) Right to rectification: you may request the rectification of inaccurate, incomplete, misleading, or outdated personal data.

(3) Right to data portability (effective from June 1, 2025): you have the right to request in writing to transmit personal data directly to another designated data controller in electronic form.

(4) Right to withdraw consent: you may withdraw consent to the processing of personal data in writing.

(5) Right to restrict processing that may cause damage or distress: Except in cases of exception, if the processing of personal data or the processing of personal data for a specific purpose or in a specific manner is causing or is likely to cause significant damage or significant distress to you or another person, and such damage or distress is not warranted, you may at any time request in writing us to cease or refrain from commencing the processing of personal data for the specific purpose or in the specific manner within a reasonable period.

(6) Right to object to processing for direct marketing purposes: you may request in writing us to cease using their personal data for direct marketing.