Triterras Privacy Notice
Triterras, Inc. (“us”, “we”, or “our”) is dedicated to protecting the confidentiality and privacy of personal data entrusted to us. We are committed to the appropriate protection and use of personal information (sometimes referred to as “personal data”, “personally identifiable information” or “PII”) through our website, https://triterras.com/ (the “Site“), and our KRATOSTM block-chain based physical commodities trading platform at https://kratos.triterras.com (the “Platform”).
We will always process your personal data in accordance with applicable data protection laws. This Privacy Notice explains how we collect, use, disclose, process, protect and transfer personal data which is provided to us through our Site and/or Platform. Please take a moment to read this Privacy Notice.
1. Applicability of our Privacy Notice
This Privacy Notice applies to personal data obtained from you, or from our clients who subscribe to access the services provided through our Platform (the “Client”).
Other data protection notices and policies may apply in different contexts, e.g. where you provide us personal data for the purposes of employment.
2. What personal data we collect and how we collect it
Personal data is data that can be used to identify an individual person, whether directly or indirectly in combination with other information. Some examples of personal data that we may collect include:
- personal particulars (e.g. name, country of residence, nationality, date of birth, and/or identity card/passport details);
- contact information (e.g. email addresses and phone numbers); and
- information about your use of our Site and Platform including data collected through cookies.
We collect the personal data about you specified below, in the following ways.
Information you provide to us directly
We collect personal data when you provide it to us directly, such as in the following circumstances:
- when a user account is created and managed for the use of our Platform;
- when you use and interact with our Site and/or Platform;
- when you participate in any of our promotions, events and other activities; or
- when you otherwise communicate with us either offline or via the Site and/or Platform.
Information we collect about you indirectly
A cookie is a small data file sent by a website to your computer that is stored on your browser/hard drive when you visit certain online pages of our website.
You can find more information about the individual cookies we use and the purposes for which we use them in our Cookies Policy [https://kratos.triterras.com/Triterras-Cookies-Policy.pdf]
Information provided by a Client
Your personal data described in this “What personal data we collect and how we collect it” section may also be provided to us by the Client. Where we collect and receive personal data indirectly from a Client, we may be considered a Data Intermediary. This means that we are required to process personal data solely on behalf of the Client. Where we are a Data Intermediary, this may affect the way in which we carry out our data protection obligations. For example, requests for access or correction of personal data may need to be made through the relevant Client.
3. Why we collect your personal data
We only collect, use, disclose and process your personal data when the law allows us to. Most commonly, we will collect, use, disclose and process personal data for the following purposes:
- to evaluate and provide advice and/or recommendations regarding our services;
- to facilitate purchases of subscriptions to our service and to set up, manage and administer accounts for users authorised by our Clients for the use of our Platform;
- to carry out our obligations as a result of any contract entered into between us and our Clients for the provision of our products and services;
- to meet our legal and statutory obligations, for example in relation to anti-money laundering and prevention of terrorist financing;
- to administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in interactive features of our products and services made available through our Site and Platform;
- as part of our efforts to keep our products and services safe and secure;
- to measure or understand the effectiveness of our advertising and marketing;
- to operate and improve our products and services;
- to set up and maintain registrations with the Service;
- to improve customer service;
- to provide features available in the Service;
- to audit and analyse the Service;
- to ensure the technical functionality and security of the Service;
- to send you routine customer service messages and related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
- for statistical and research purposes (including market research, marketing and data analysis purposes);
- to identify your trading behaviour, habits and preferences;
- to analyse your credit risk (if applicable);
- to handle payment and collection processes to and from customers;
- to ensure the effective operation of software and IT services procured by us (including disaster recovery); and
- to share relevant information with others in the manner set out in the “Who do we share your information with” section of this Privacy Notice.
In general, we use your personal data in order to achieve our legitimate interests in ensuring we provide our services and run our business effectively; to comply with our legal obligations; or (in certain circumstances, such as for our customers in Singapore) on the basis of your consent. If you do not provide us with the personal data required to comply with our legal obligations, we may not be able to provide relevant services to you.
Where you have provided us with your consent, we may use your personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you if you consent to receive such communication. We may contact you for direct marketing purposes via social and direct messages, post, telephone, email and SMS/MMS.
This marketing may relate to:
- products and services we feel may interest you;
- information about other goods and services we offer that are similar to those that you have already used or enquired about; and
- upcoming events, promotions and new products/services or other opportunities as well as those of selected third parties.
If you no longer wish to receive marketing communications from us, you may:
- amend your preferences in your account settings;
- contact us at [email protected]; or
- click on the unsubscribe link on any marketing communication that you receive from us.
4. Who do we share your information with
We will take reasonable steps to protect personal data provided to us and safeguard it against unauthorised disclosure. Subject to the provisions of any applicable law, we may share your personal data with the following categories of recipients where necessary for the purposes described in the “Why we collect your personal data” section:
We may disclose or transfer your personal data to our group companies where this is necessary for the purposes for which personal data was provided to us.
Compliance with Laws
We may disclose your personal data:
- to regulators and law enforcement agencies (including those responsible for enforcing anti-money laundering legislations);
- in response to an enquiry from a government agency;
- to banking regulatory bodies;
- where otherwise required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement; or
- to protect the security or integrity of our Site and/or Platform.
We may disclose your personal data to third party service providers (including our professional advisors, payment processors and data storage service providers) who require access to such information for the purpose of providing specific services to us and/or where we utilise such service providers in the course of providing services to our Clients. Further information on service providers we use for our Platform and/or Site may be found in our Cookies Policy [https://kratos.triterras.com/Triterras-Cookies-Policy.pdf]
Unless otherwise stated, where we provide personal data to third parties, these parties will only be able to access your data in order to provide us with their services and may not use it for their own purposes.
Replacement Providers and Purchase or Sale of Assets
If the management and operation of Triterras, Inc. is transferred from us to another company, we may disclose your personal data to the other company, so the products and services can continue to be provided to you.
In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
If Triterras, Inc. or substantially all of its assets are acquired by a third party, the personal data held by us about our customers will be one of the transferred assets.
5. What are my rights?
Under the Singapore Personal Data Protection Act (“PDPA”), you have the following rights in relation to your personal data:
Right to withdraw consent
Where we have obtained your consent to collect, use, disclose and transfer your personal data, you may withdraw this consent at any time by contacting us using the information in the “Contacting Us” section of this Privacy Notice.
Data subject access requests
You may ask us for (i) a copy of personal data we hold about you and (ii) for information about the ways in which your personal data has been or may have been used or disclosed by us within a year before the date of the request. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law.
Right to correction
You have the right to request that we correct an error or omission in personal data that we hold about you.
Right to complain
You have the right to lodge a complaint in Singapore with the Personal Data Protection Commission. You can contact them in the following ways:
- Main Line: +65 6377 3131
- Fax: +65 6577 3888
- Post: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438
You may also have other rights in relation to your personal data, depending on (amongst other things) the jurisdiction where you are based. These may include rights to erasure, restriction of/objection to processing, or data portability. You may also have the right to lodge a complaint with other data protection regulators, such as the regulator in your place of residence or work or the place in which the relevant infringement has taken place.
We will take reasonable precautions necessary to protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
Such measures will vary depending on the (i) nature of the personal data, (ii) form in which the personal data has been collected, and (iii) possible impact to the individual concerned if an unauthorised person obtained, modified or disposed of the personal data, and will involve, as applicable, physical, organizational and electronic security measures.
The security of your personal data is important to us. However, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.
7. International transfers of data
Our data storage servers are located across the Asia-Pacific region and are managed by third-party service providers in the cloud. Your information, including personal data, may be transferred to, stored at and accessed from destinations or computers both within and outside your home jurisdiction where the data protection laws may differ than those from your home jurisdiction.
We will put in place safeguards to protect your personal data in respect of these transfers, as required by applicable law. In particular, if we transfer your personal data outside of Singapore, we will take all reasonable steps to ensure that it is provided with a comparable standard of protection.
8. How long will we keep your personal data?
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless the law or a request of a judicial or governmental authority requires us to keep it for a longer period (for example, because of a request by a tax authority or in connection with an ongoing litigation).
9. Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Notice of every site you visit.
10. Changes to this Privacy Notice
We may from time to time update our Privacy Notice to reflect changes to our data and information privacy practices, or where required by any applicable law, regulation or industry practice.
We will notify you of any changes by posting the new Privacy Notice on this page.
11. Contacting Us
If you have any questions or concerns about this Privacy Notice, wish to exercise any of your rights under data protection law, or have any other issue with your personal information, please contact our Data Protection Officer at:
Address: Triterras, Inc.
#23-04, Republic Plaza
9 Raffles Place