4.1 Introduction
Arboris Global Partners Pte. Ltd. (“Arboris” or “we”) is committed to protecting your privacy. This Privacy Policy (“Policy”) outlines how we collect, use, disclose, and protect personal data obtained through our website or in the course of our business. It applies to personal data of visitors to our Site, clients, and other individuals who interact with us. We adhere to applicable data protection laws, including the Singapore Personal Data Protection Act 2012 (“PDPA”), the Hong Kong Personal Data (Privacy) Ordinance (“PDPO”), the People’s Republic of China Personal Information Protection Law (“PIPL”), the Macao Personal Data Protection Act (Law No. 8/2005), and the Australia Privacy Act 1988, as relevant. Note to Minors: Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 without parental or guardian consent.
4.2 Personal Data We Collect
We may collect various types of personal data (“personal information”) from you, depending on your interactions with us. This may include:
4.2.1 Information You Provide Directly
For example, when you contact us via email or forms on our Site, we may collect your name, contact details (such as email address or phone number), company or organization, and any other information you choose to provide. If you engage our services or inquire about business opportunities, we may also collect information related to your inquiries or service requests.
4.2.2 Automatically Collected Information
When you visit our Site, we may automatically collect certain technical information through cookies and similar technologies. This includes your IP address, browser type, device information, pages viewed, time spent on pages, and other analytics data about your browsing activities. (See section 4.4 “Cookies and Tracking Technologies” for details.)
4.2.3 Information from Third Parties
We may receive personal data about you from third parties in certain circumstances. For example, if you are referred to us by a business associate, or if we perform due diligence or background checks as required by law or internal policies (for instance, anti-money laundering checks when you become a client), we might obtain information from public databases or service providers.
4.2.4 Sensitive Personal Data
We do not actively seek to collect sensitive personal data (such as financial account details, health information, or government identifiers) through our Site. Please avoid submitting sensitive personal data unless necessary. If you do provide sensitive information, you consent to our processing of that information for the purposes for which it was provided, subject to applicable law.
4.2.5 Mandatory Data Provision
Where we need to collect personal data by law or under a contract and you fail to provide that data when requested, we may not be able to fulfill the related purpose (for example, responding to your inquiry or providing services).
4.3 How We Use Personal Data
We use the personal data we collect for the following purposes, as appropriate:
4.3.1 Providing and Improving Services
To respond to your inquiries and requests; to provide you with information, products, or services that you have requested; and to manage and improve our services and our website’s functionality.
4.3.2 Communication
To communicate with you, including sending administrative information (such as updates to our terms or policies), and - with your consent (where required) - to send you newsletters, market insights, or information about our services and events that may interest you. You can opt out of marketing communications at any time.
4.3.3 Business Operations
To conduct our internal business operations, including data analysis, audits, developing new services, identifying usage trends, and determining the effectiveness of our marketing or promotional campaigns.
4.3.4 Legal and Compliance
To comply with applicable laws and regulations (such as anti-money laundering, “know your client” and sanctions requirements), to enforce our Terms of Use and other agreements, and to protect the rights, property, or safety of Arboris, our clients, or others (including fraud prevention and detecting or investigating security incidents).
We will only use your personal data for the purposes for which we collected it, or for related purposes that a reasonable person would consider appropriate in the circumstances, or as otherwise required or permitted by law. If we need to use your personal data for a new purpose, we will notify you and obtain your consent where required.
4.4 Cookies and Tracking Technologies / Cookie
We use cookies and similar tracking technologies on our Site to collect information automatically as you browse. Cookies are small text files that websites place on your device to store preferences and other information. These technologies help us to:
4.4.1 Recognize You
Recognize you when you return to our Site and remember your preferences (e.g., language settings).
4.4.2 Analyze Traffic
Analyze website traffic and usage (via analytics providers) to understand how users interact with our Site and to improve its performance and content.
4.4.3 Enable Features
Enable certain features on the Site provided by third parties (for example, embedded videos or social media sharing features).
By using our Site, you consent to our use of cookies as described in this Policy. You can manage or disable cookies through your browser settings. Please note that blocking cookies may affect your experience of the Site (for instance, some features might not function properly).
4.5 Disclosure of Personal Data
We may disclose or share your personal data with third parties in the following circumstances:
4.5.1 Within Arboris Group / Arboris
We may share your information with our affiliates or subsidiaries (if any) as needed to fulfill the purposes described in this Policy (for example, if different Arboris entities provide services to you in different regions). All such entities are required to handle your data in accordance with this Policy.
4.5.2 Service Providers
We engage third-party service providers to perform functions on our behalf, such as website hosting, data storage, IT support, analytics, marketing support, or other services. These providers will have access to personal data only as necessary to perform their tasks and are obligated to protect personal data and use it only for our specified purposes.
4.5.3 Professional Advisors and Partners
We may share personal data with our auditors, legal counsel, banks, consultants, or other professional advisors in the course of obtaining their services. We may also share information with business partners or co-organizers of events (for example, if we co-host a seminar or workshop), but we will do so only with your consent or as permitted by law.
4.5.4 Legal and Regulatory Requirements
We may disclose personal data to comply with applicable laws, regulations, court orders, or governmental requests. For example, we may need to provide information to regulators or law enforcement agencies (such as the Monetary Authority of Singapore or other relevant authorities) upon request. We may also disclose personal data as necessary to enforce our rights, protect our operations or clients, or in connection with an investigation of fraud or other wrongdoing.
4.5.5 Business Transfers
If we undergo a business transaction such as a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the relevant third party (e.g., a successor company or purchaser) as part of that transaction. In such cases, we will ensure that the personal data remains protected in accordance with this Policy.
4.5.6 No Sale of Personal Data
We do not sell personal data to third parties for profit, and we do not share your personal data with third parties for their own direct marketing purposes without your consent.
4.6 Cross-Border Transfer of Data
Arboris is based in Singapore and operates internationally. Accordingly, your personal data may be transferred to, stored, and processed in countries other than your home country. Those countries may have data protection laws different from those in your jurisdiction. Whenever we transfer personal data across borders, we will ensure that appropriate safeguards are in place as required by applicable law. This includes:
4.6.1 Singapore
If your personal data is transferred out of Singapore, we will take steps to ensure that the recipient is legally bound to provide a standard of protection for the data that is comparable to the protection under the PDPA, as required by Singapore’s data protection laws.
4.6.2 Hong Kong
If your personal data is transferred out of Hong Kong, we will ensure compliance with any applicable requirements under the PDPO. (Note: Section 33 of the PDPO, which would regulate cross-border transfers, has not been brought into force as of the date of this Policy. Nevertheless, we endeavor to protect all personal data leaving Hong Kong in accordance with best practices.)
4.6.3 Mainland China
If we need to transfer personal information collected in Mainland China to a location outside of Mainland China, we will comply with the requirements of the PIPL. This may include obtaining your separate consent for the transfer, conducting security assessments or signing standard data transfer agreements as mandated by Chinese authorities, and ensuring the overseas recipient provides a level of data protection as required by PIPL.
4.6.5 Australia
If your personal data is transferred outside of Australia, we will take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles (“APPs”) in relation to your data (for example, by contractual arrangements). If it is not practicable to ensure this, we will only transfer your data if you consent to the transfer or if the transfer is otherwise permitted by the Privacy Act.
By providing us with your personal data or using our Site, you acknowledge and consent that your personal data may be transferred to and processed in countries outside of your own, as described above.
4.7 Data Security
We implement reasonable technical and organizational measures to protect personal data in our possession against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include access controls to personal data, encryption and secure storage of data, network and infrastructure security, and regular training for our staff on data protection. However, please note that no method of transmission over the internet or electronic storage is completely secure or error-free. While we strive to protect your personal data, we cannot guarantee absolute security. You provide your personal data at your own risk, and you should take care to safeguard your usernames, passwords, and other credentials used to access our services.
4.8 Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and to meet our business and legal obligations. The exact retention period will depend on the nature of the data and the purposes of processing. We comply with data retention requirements of each applicable jurisdiction. For example:
4.8.1 Singapore
Under the PDPA, we will cease retention of personal data, or anonymize it, once it is no longer necessary for legal or business purposes.
4.8.2 Hong Kong
Consistent with the PDPO, we will not retain personal data longer than is necessary for the fulfillment of the purpose for which it was collected (unless the individual has given consent for a new purpose).
4.8.3 Mainland China
In accordance with PIPL, we keep personal information only for the shortest period necessary to achieve the purposes of processing, unless a longer period is required or permitted by law.
4.8.4 Macau
In line with Macau’s Personal Data Protection Act, we will not retain personal data longer than necessary for the purpose for which it was collected, unless the individual has consented to a longer retention period or as otherwise permitted by law.
4.6.4 Macau
If your personal data is transferred outside of Macau, we will ensure that the transfer complies with Macau’s Personal Data Protection Act (Law No. 8/2005). We will generally ascertain that the destination jurisdiction ensures an adequate level of personal data protection. If the destination cannot provide an adequate level of protection, we will implement appropriate safeguards or rely on exceptions (such as obtaining your explicit consent or other conditions permitted under Macau law) before transferring your data.
4.9 Your Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data. Subject to applicable law (and relevant exceptions), these rights may include:
4.9.1 Access
The right to request access to the personal data we hold about you, and to be informed about how we have used or disclosed your data.
4.9.2 Correction
The right to request correction of any inaccurate or incomplete personal data we hold about you.
4.9.3 Deletion
The right to request deletion or erasure of your personal data in certain circumstances - for example, if the data is no longer necessary for the purposes it was collected, or if you have withdrawn consent (where our processing was based on consent).
4.9.4 Withdraw Consent
Where we rely on your consent to process your personal data, the right to withdraw that consent at any time. For example, you have the right to opt out of our marketing emails or newsletters at any time.
4.9.5 Object/Restrict Processing
The right to object to, or request restriction of, certain processing of your data. For instance, you may have the right to object to the use of your personal data for direct marketing, or to request that we suspend processing if you contest the accuracy of the data or the lawfulness of our processing.
4.9.6 Data Portability
In some jurisdictions, you have the right to request a copy of certain personal data in a structured, commonly used, machine-readable format, and/or to request that we transfer that data to another data controller where technically feasible (applicable, for example, under certain conditions in PDPA and PIPL).
4.9.7 Complaint
You have the right to lodge a complaint with a data protection regulator if you believe we have infringed your rights. For example, individuals in Singapore can contact the Personal Data Protection Commission (PDPC); in Hong Kong, the Office of the Privacy Commissioner for Personal Data (PCPD); in Mainland China, the relevant cyberspace or data protection authorities; in Macau, the Office for Personal Data Protection (GPDP); and in Australia, the Office of the Australian Information Commissioner (OAIC).
To exercise your rights, please contact us using the contact details provided in section 4.11 “Contact Us.” We may need to verify your identity (for instance, by requesting information or documentation) before processing certain requests. Please note that some rights may be subject to exceptions or limitations under applicable law - for example, we may refuse a deletion request if retaining the data is required by law, or decline an access request if it would adversely affect the rights and freedoms of others. We will respond to your request within a reasonable timeframe and in accordance with applicable law. In general, we do not charge a fee for handling a request to exercise your rights, unless the request is excessive or unfounded. If a fee is legally permissible and necessary, we will inform you of the fee and explain the reason before fulfilling your request. We encourage you to contact us with any concerns or questions before reaching out to a regulator, so that we can attempt to resolve the issue directly.
4.10 Updates to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make material changes, we will post the updated Policy on our Site and update the “Last updated” date at the top. We may also inform you of significant changes through appropriate channels (e.g., email notification, if we have your email on file). We encourage you to review this Policy periodically to stay informed about how we protect your personal data. Your continued use of our Site or services after any changes to this Policy constitutes your acceptance of the updated Policy.
4.11 Contact Us
Arboris values your privacy. If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:
●Email: privacy@arborisglobalpartners.com
●Address: Arboris Global Partners Pte. Ltd., 160 Robinson Road #14-04, Singapore Business Federation Center, Singapore 068914 - Attn: Data Protection Officer
We will strive to respond to your inquiry promptly and to resolve any privacy issues you raise. We welcome you to reach out to us regarding any personal data protection matters.