Whale Privacy Policy Statement

Version: 3.0

Updated: May 10, 2022

Notice

Thank you for your interest in Whale (hereinafter referred to as "us") products and services. Whale recognizes the importance of personal information to its customers and users. Therefore, Whale has formulated this "Privacy Policy" (hereinafter referred to as "this Policy") and reminds you: before using any Whale website services, please carefully read and fully understand this Policy. We strive to use plain language and concise words to express this Policy, and we use bold fonts to indicate terms and personal information that are closely related to your rights to remind you to pay attention. If you refuse to provide the personal information required for specific services, we may not be able to provide you with the required products and services.

This Policy will help you understand the following:

1. Definitions

2. Scope of application

3. How we collect personal information

4. How we use personal information

5. How we provide, transfer, and disclose your personal information

6. How we store personal information

7. How we protect personal information

8. Your rights to manage personal information

9. How we handle children's personal information

10. How this Policy is updated

11. How to contact us

I. Definitions:

- Whale Website: Refers to the official website of Whale (domain name: [www.meetwhale.com/] and related domains).

- Whale: Unless otherwise specified, refers to the legal entities responsible for providing you with relevant services and assuming corresponding responsibilities, including Whale Tech Pte. Ltd. and others.

- Affiliated Companies: "Affiliated Companies" refer to companies that Whale can directly or indirectly control, or can be directly or indirectly controlled by Whale, or jointly control the same company or can exert significant influence on it, or are controlled directly or indirectly by the same company as Whale, including but not limited to parent companies and subsidiaries.

- Personal Information: Unless otherwise specified by the applicable laws in your region, refers to various information recorded in electronic or other forms that is related to identified or identifiable natural persons, excluding anonymized information.

II. Scope of Application:

We believe that your personal information is very important and we highly value your privacy. This policy explains how we collect, use, store, provide, transfer, and disclose your information when you access or use (a) our website and website resources; (b) use Smart Space products. The website, app, and any services we provide related to one or more of the above businesses are collectively referred to as "Services."

This policy does not apply to how third parties collect, use, disclose, or retain information. We recommend that you review the personal information protection policies of these third-party websites or services.

III. How We Collect Personal Information:

1. Account Registration:

To register as our user and use our services, you need to provide your mobile number, email address, name, password, and verification code to create or log in to the Whale platform.

2. User Activity:

To provide you with the services you choose to use or ensure the quality and experience of the services, we collect your online behavior data.

3. Smart Space Product Technical Services:

To provide customers with Smart Space product technology, customers and their employees need to provide mobile phone numbers and email addresses to log in and receive operational data, work tasks, approval tasks, customer service consultations, and operations and maintenance support services.

4. Security Protection Services:

To meet relevant legal requirements and provide you with secure and stable services, prevent viruses, Trojan programs, or other malicious programs and websites, we need to record the service type, method, device brand, device model, device name, device software version information, and other log information related to the services you use that we provide.

5. Cookie and Similar Technologies Services:

Cookies and similar device information identification technologies are widely used technologies on the Internet. To ensure the normal operation of our applications and services, we may use your cookies so that you can easily log in or use services or functions that depend on cookies.

You have the right to choose to accept or refuse cookies. You can refuse to accept cookies by modifying your browser settings. However, if you choose to refuse cookies, you may not be able to log in or use services or functions that depend on cookies.

6. When you use Smart Space APP-related services, to ensure the implementation of the App's related functions and the stable operation of the application, we may access software development kits (SDKs) provided by third parties to achieve relevant purposes. Different versions of third-party SDKs may differ, and we will strictly monitor the security of software development kits (SDKs) used by our partners to obtain information to ensure data security. For more information on the purpose, method, and scope of processing personal information by SDKs, please refer to the "SDK Information List".

IV. How we use your personal information

1. To achieve the purposes described in "How we collect information" in this policy;

2. To send you service reminders or notifications so you can be aware of the status of the services you use;

3. To report to relevant departments in accordance with laws, regulations, or regulatory requirements;

4. To invite you to participate in customer surveys related to our services.

V. How we provide, transfer, and disclose your personal information

1. Providing: We will not share your personal information with companies, organizations, or individuals outside of Whale, except in the following situations:

a) With your explicit consent or authorization;

b) In accordance with relevant laws and regulations, or requests from administrative, judicial, or other authorities that have the right to do so;

c) To achieve the core functions of relevant products or services, including providing them to our affiliated companies or partners;

d) Based on the social public interest in accordance with relevant laws and regulations.

2. Transfer: We will not transfer your personal information to any company, organization, or individual, except in the following situations:

a) After obtaining your explicit consent;

b) When it is necessary in accordance with legal requirements, regulations, legal procedures, or mandatory requests from administrative or judicial authorities.

When it comes to asset transfers, acquisitions, mergers, reorganizations, or bankruptcies, and personal information transfer is involved, we will inform you of the relevant situation and require the new company or organization holding your personal information to continue to abide by this policy. When changing the purpose of personal information use, we will require the company or organization to obtain your explicit consent again.

3. Disclosure: We will not disclose your personal information publicly, except in the following situations:

a) After obtaining your explicit consent;

b) Based on legal disclosures: In the event of laws, legal procedures, litigation, or mandatory requests from government authorities, we may disclose your personal information.

VI. How we store personal information

We will store personal information collected and generated within the client in accordance with laws and regulations. Generally, we will not transfer your personal information overseas unless required by regulations or we have obtained your explicit consent. If we transfer personal information overseas, we will comply with relevant national regulations and seek your consent.

We will only store your personal information for as long as necessary to provide Whale's products and services, and strictly adhere to the relevant requirements of laws, regulations, and regulatory policies on the shortest retention period.

VII. How we protect personal information

We have implemented industry-standard security measures to protect the personal information you provide, in order to prevent unauthorized access, disclosure, use, modification, damage or loss of data. To ensure the security of your information, we are committed to using a variety of security technologies and supporting management systems to minimize the risks of your information being leaked, damaged, misused, accessed without authorization, disclosed without authorization, or altered without authorization. For example, we use network security layer software (SSL) for encrypted transmission and encrypted storage of information. We also use the services of Whale for authentication and firewall to isolate unauthorized and malicious access. We have established a unified role and permission control system to strictly limit access to the data center. When transmitting and storing personal information, we use security measures such as encryption, permission control, de-identification, and anonymization.

We have obtained level three information security protection certification, ISO/IEC 27001/IEC information security management system certification, ISO/IEC 27017 information security control measures certification, and ISO9000 quality management system certification.

Our data security capabilities: We have established a department responsible for personal information protection, and conduct personal information security impact assessments for personal information collection, use, provision, and entrusted processing. At the same time, we have established relevant internal control systems, including but not limited to developing personal information security incident emergency plans, regularly organizing emergency drills, managing and controlling the permissions and behavior of employees who have access to personal information, providing training on relevant laws, regulations, and information security protection, and organizing all staff to participate in security exams.

In the event of an unfortunate personal information security incident, we will promptly inform you in accordance with legal requirements, including the basic situation and potential impact of the security incident, the measures we have taken or will take, suggestions for you to take self-protection measures and reduce risks, and remedies for you. We will inform you of the relevant situation through email, mail, telephone, push notification, etc. When it is difficult to notify each individual information subject, we will release a public announcement in a reasonable and effective manner.

The internet environment is not 100% secure, but we will do our best to ensure or guarantee the security of any information you send us. If our physical, technical, or management protection facilities are compromised, resulting in unauthorized access, disclosure, tampering, or destruction of information and damage to your legitimate rights and interests, we will bear corresponding legal responsibilities. At the same time, we will proactively report to regulatory authorities on the disposal of personal information security incidents as required.

Please be sure to keep your service login name and other identity elements safe. When you use the services we provide, we will identify your identity through your login name and other identity elements. Once you disclose this information, you may suffer losses and may be adversely affected. If you find that your login name and/or other identity elements may or have been leaked, please contact us immediately so that we can take appropriate measures to avoid or reduce related losses.

VIII  Your rights to manage personal information

In accordance with relevant laws, regulations, and standards, we ensure that you have the following rights to your personal information:

1. Accessing or correcting personal information

You have the right to access your personal information, except for exceptions specified by laws and regulations. If you wish to exercise your data access rights, you can do so by logging in to the platform. If you are unable to access and correct your personal information, you can contact us at any time through the feedback methods provided in this policy, and we will assist you.

2. Deleting personal information

You can request that we delete other personal information in the following circumstances:

a) If our processing of personal information violates laws and regulations;

b) If we collect and use your personal information without your consent;

c) If our processing of personal information violates our agreement with you;

d) If you have cancelled your account;

e) If we terminate services and operations.

3. Changing the scope of authorized consent

Each business function requires some basic personal information to be completed. For additional collected and used personal information, you can give or revoke your consent at any time. When you revoke your consent, we will no longer process the corresponding personal information. However, your decision to revoke consent will not affect personal information processing that has been carried out based on your authorization prior to the revocation.

4. Cancelling your account

You can cancel your previously registered account at any time. After cancelling your account, we will stop providing products or services to you, and delete your personal information in accordance with your request, except as otherwise provided by laws and regulations. If you are unable to cancel your account through the client, you can contact us at any time through the feedback methods provided in this policy.

We will not be able to respond to your request in the following circumstances:

a) If it is related to personal information processing that the data processor is obligated to perform in accordance with laws and regulations;

b) If it is directly related to national security or national defense security;

c) If it is directly related to public safety, public health, or major public interests;

d) If it is directly related to criminal investigation, prosecution, trial, and execution of judgments;

e) If the data processor has sufficient evidence to show that the personal information subject has subjective malice or abuses their rights;

f) If it is difficult to obtain the personal consent to protect the life, property, and other major legitimate rights and interests of the personal information subject or other individuals;

g) If responding to the personal information subject's request will cause serious damage to the legitimate rights and interests of the personal information subject or other individuals or organizations.

IX. How do we handle children's personal information?

Our products or services are primarily aimed at adults and enterprise clients. Due to existing technological and business model constraints, if a child's personal information is collected without the consent of their parent or guardian, please contact us promptly to have the information deleted. In cases where we collect a child's personal information with the consent of their parent, we will only use or disclose this information when permitted by law, with the explicit consent of the parent or guardian, or when necessary to protect the child.

X. How is this policy updated?

We may make revisions or changes to this policy and other product or service privacy policies as appropriate. We will not reduce any rights that you currently enjoy without your explicit consent. We will publish any changes made to this policy on this page. For significant changes, we will also provide more prominent notice (including email notification for some services) of the specific changes.

XI. How can you contact us?

If you have any questions, opinions, suggestions, complaints or reports regarding this privacy policy, please contact us at sales@whale.im. We will review your concerns as soon as possible and respond within 15 working days of receiving your request. We have designated personnel responsible for protecting personal information and you can contact us by email or mail at 88 Market Street, #21-01, CapitaSpring, Singapore 048948