Singapore PDPA Privacy Notice

Last Updated: May 2024

1. APPLICABILITY OF PDPA PRIVACY NOTICE

This Privacy Notice (“Notice”) applies solely to residents of Singapore and supplements the Website Privacy Notice, the Unhosted Wallet Privacy Policy, and pertains to your use of an unhosted Digital Asset software wallet, offered by Anchorage Innovations, LLC (collectively, “Provider,” “we,” “us,” or “our”). that allows users independently to store and control their own Digital Assets (the “Wallet”). We adopt this Notice to comply with the Personal Data Protection Act (No 26 of 2012) (“PDPA”), including subsidiary legislation and the Personal Data Protection Regulation of 2021 (“PDPR”).

Under the PDPA, “Personal data” refers to all “data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organisation has or is likely to have access” (regardless of whether such data is in electronic or another form or degree of sensitivity). The PDPA uses the term “organisation” to cover those entities who are obligated to comply with the PDPA. Organisations broadly covers natural persons, corporate bodies (such as companies) and unincorporated bodies of persons (such as associations), regardless of whether they are formed or recognised under the law of Singapore, or are resident or have an office or place of business in Singapore.

The PDPA, however, does not apply to certain categories of organisations:

individuals acting in a personal or domestic capacity;
employees acting in the course of their employment with an organisation;
public agencies; or
any other organisation or personal data, or classes of organisations or personal data as may be prescribed.

Moreover, the PDPA also does not apply to certain information, such as information subject to the Banking Act of 1970 or other sector specific national laws. The PDPA also expressly excludes the following categories of personal data from its application:

'business contact information', which is defined as 'an individual's name, position name or title, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes', unless expressly referred to in the PDPA;
personal data that is contained in a record that has been in existence for at least 100 years; and
personal data about a deceased individual who has been dead for more than ten years.

2. COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

We generally do not collect your Personal Data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorized by you to disclose your Personal Data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional Personal Data and before using your Personal Data for a purpose which has not been notified to you (except where permitted or authorized by law).

3. WITHDRAWING YOUR CONSENT

The consent that you provide for the collection, use and disclosure of Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your Personal Data for any or all purposes listed in this Notice or the Unhosted Wallet Privacy Policy in writing via email to our Data Protection Officer (“DPO”) at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we seek to process your request within ten (10) days of receiving it.

Please note that, depending on the nature and scope of your request to withdraw consent, we may not be in a position to continue providing our services to you. We shall, in such circumstances, notify you before completing the processing of your request should that be the case. Should you decide to cancel your withdrawal of consent, kindly inform us in writing via email to our DPO at the contact details provided below.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

4. CATEGORIES OF PERSONAL DATA WE COLLECT

Most of the information we collect is in the context of providing financial products or services to institutional clients with their “employees acting in the course of their employment” and is therefore not subject to the PDPA. We do collect Personal Data relating to Singapore residents in other contexts, including for employment and recruiting purposes, marketing activities and interaction with our website.

In the past 12 months, we may have collected and disclosed to third parties for our business purposes the following categories of Personal Information about you in several ways when you use our services, as described below:

Identifiers: name, email, and address (e.g., Social Security Number);
Personal Data, as defined in the PDPA, contact and financial information;
Commercial Information: products or services purchased and account information;
Internet or other similar network activity: browser type, pages viewed, and links clicked;
Biometric Information: video footage and voiceprints;
Geolocation Data: device location;
Professional or employment-related information: occupation, job title, employment email or prior employer;
Sensory Data: audio recordings of customer care calls, electronic, visual or similar information; and
Inferences are drawn from any of the Personal Information listed above to create a profile about, for example, an Individual’s preference and characteristics.

5. PROTECTION OF PERSONAL DATA

To safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have appropriate administrative, physical and technical measures in place.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your Personal Data and are constantly reviewing and enhancing our information security measures.

6. PERSONAL DATA RETENTION & STORAGE

Provider only keeps or processes Personal Data for as long as necessary to carry out its business and legal purposes. Personal Data is deleted or anonymized when no longer required for the purposes for which it was collected. The specific periods for which we keep information about you vary depending on the nature of the information, why we need it, and whether the Personal Data is de-identified. We also consider the minimum necessary retention period prescribed by applicable laws, recommended by industry standards, and stated in contracts and other legal obligations. Additionally, you may request deletion of your Personal Data consistent with Section 8 “Individual Rights” below.

We may be legally required to retain your Personal Data to:
- comply with legal obligations;
- resolve disputes; and
- enforce rights.

Storage: We may use data hosting service providers in the U.S., Portugal, and Singapore to store information we have about you, and to safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we use administrative, physical and technical measures.

7. PERSONAL DATA SHARED WITH THIRD PARTIES

We share information we have about you with third parties, service providers, and Provider affiliates who assist us with administering our Wallet, advertising, and providing you with information regarding Provider or Affiliate products and services on Provider or third party platforms. We at times partner with other companies to offer products or services jointly; we may share your Personal Data in order to facilitate that offering.

Any third parties that we share your Personal Data with are limited by law and by contract in their ability to use your Personal Data. Provider requires third party service providers acting on our behalf or with whom we share your information to safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we use administrative, physical and technical measures and industry standards and in compliance with this Policy, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of Personal Data we receive from or transfer to them. For additional information, please see our Unhosted Wallet Privacy Policy (available on our Privacy Center page).

8. INDIVIDUAL RIGHTS

Provider would like to make sure you are fully aware of all of your data protection rights. Every user in Singapore is entitled to the following:

The right to access and correct Personal Data: You have the right to request copies of your Personal Data from Provider. You have the right to request that Provider corrects any information you believe is inaccurate.

If you wish to make (a) an access request to a copy of the Personal Data which we hold about you or information about the ways we use or disclose your personal data, or (b) a correction request to correct or update any of your Personal Data which we hold about you, you may submit your request in writing via email to our Data Protection Officer (“DPO”) at the contact details provided below.

We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) business days after receiving your request, we will inform you via email of the time by which we will be able to respond to your request. If we are unable to provide you with any of your Personal Data or to make the correction requested by you, we shall inform you of the reasons we are unable to do so (except where we are not required to do so under the PDPA).

The right to accuracy of Personal Data: We need your assistance to ensure that your Personal Data is current, complete and accurate. As such, please inform us of any changes or updates in writing via email to our DPO at the contact details provided below.

9. COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small text files that are stored through the browser on your computer or mobile device. Cookies and other trackers serve a variety of functions; they help you navigate between website pages efficiently and may improve the user experience on a website. Cookies vary in duration (they can be “persistent” or “session-based”), and by whom they are served (“first party” cookies are directly from us; “third party” cookies are from other parties on our behalf).

Provider and our service providers use cookies and similar technologies on our website and mobile application to collect information about your browsing activities over time and across different website pages. At Provider, we use these tools to:

Administer our services
Analyze services usage and trends
Track how you were referred to our website
Improve the services functionality
Perform analytics and marketing integration
Deliver advertisements and other marketing offers

For further information please review Provider’s Cookie Notice (available at Section 4 of the Website Privacy Notice, on our Privacy Center page).

10. DATA TRANSFER

Provider is a company based in the United States (U.S.) with an affiliate office in Singapore. We use data hosting service providers in the U.S. or Singapore to host the information we collect from or about you. When we transfer your Personal Data outside of Singapore, we will do so in accordance with the PDPA by collecting your consent unless otherwise not required by the PDPA. We generally use consent for the transfer to be made and we will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

11. PRIVACY POLICIES OF OTHER WEBSITES

The Provider website and mobile application contain links to other websites. Our privacy notice applies only to our website and mobile application, so if you click on a link to another website, you should review their privacy notice.

12. CHANGES TO THIS NOTICE

We may change or update this Singapore PDPA Notice in the future. When we do, we will post the revised version on our website. This notice was last updated and became effective on the date posted at the top of this page.

13. DATA PROTECTION OFFICER

If you have any questions about this policy or our privacy practices please contact us. You can write to our DPO at privacy@anchorage.com.

Products and software are provided by Anchorage Innovations, LLC (“Anchorage Innovations”). Anchorage Innovations is not a custodian, is not registered with the SEC or any other government authority as a broker or dealer and is not authorized to engage in the business of the offer, sale or trading of securities. Anchorage Innovations does not provide legal, tax, or investment advice.

Holdings of cryptocurrencies and other crypto assets are speculative and involve a substantial degree of risk, including the risk of complete loss of monetary value. Anchorage Innovations does not own or control, and is not responsible for any blockchain protocols, and you are solely responsible for any transactions that you engage in with blockchain protocols, including but not limited to staking, governance, or any other on-chain activities.

*The Stablecoin Rewards Program (the "Program") is offered by Anchorage Digital Neo, Ltd. Stablecoins must be held with custody or wallet platforms offered by Anchorage Digital Bank National Association, Anchorage Digital Singapore Pte, Ltd., or Anchorage Innovations, LLC, in order to be eligible for rewards. This program is not offered by any of the aforementioned custody or wallet service providers. Please refer to the Stablecoin Rewards Program Terms & Conditions for all applicable terms and risks. By participating in the Program, participants acknowledge that they have read, understood, and agreed to be bound by this disclaimer and any other terms and conditions governing the Program. Information in this document is for general educational purposes only and eligibility limitations apply. This document is not intended to constitute an offer, solicitation, recommendation, investment, or any other advice on financial products. Availability is subject to jurisdictional limitations. The Program is not subject to regulatory oversight in the Cayman Islands or any other jurisdiction. Participants in the Program acknowledge and understand that the Program is not regulated by any governmental authority or regulatory body in the Cayman Islands or elsewhere. As such, there are no guarantees regarding the stability, security, or reliability of the Program. Participation in the Program carries inherent risks, including but not limited to the risk of loss of funds, lack of recourse in case of disputes, and potential volatility of a stablecoin's value. Participants are responsible for understanding and complying with all applicable laws, regulations, and requirements in their respective jurisdictions regarding the use, possession, and transfer of digital assets, including stablecoins. Nothing in the Program constitutes investment advice, financial advice, or any other form of professional advice. Participants should conduct their own research and seek appropriate professional advice before participating in the Program. Anchorage Digital Neo, Ltd. and its affiliates, officers, directors, employees, agents, and representatives shall not be liable for any losses, damages, liabilities, costs, or expenses arising out of or related to participation in the Program, regardless of the cause of action or legal theory asserted.