Privacy Notice

Effective date: July 1, 2024

This Privacy Notice ("Notice") describes how Xender (HK) Limited ("Xender", "we", "our" or "us") collects, processes, and protects personal data about you through the AppLock & Picture Privacy App (the "App"), xender.com, and all other Xender websites and applications (collectively, the "Services") that link to this Notice. This Notice also describes your rights in relation to your personal data.

Xender is the controller of your personal data. If you have any questions about this Notice or how we use your data, our details are provided in the "Contact Us" section below.

This Notice may be provided in more than one language. In the event of any conflict, where permitted under local law, this English language version of the Notice shall prevail.

1. PERSONAL DATA THAT WE COLLECT

Personal data is information, or a combination of pieces of information that could reasonably allow you to be identified. We collect personal data from a variety of sources, including from you directly (e.g., when you contact us), information we generate about you in the course of our relationship with you, and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law), and third-party services (such as third-party social media companies, advertising partners, and analytics providers).

We may also collect certain personal data about you as required by law, or as a consequence of our contractual relationship. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time when your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.

We may collect the following categories of personal data from and about you:

• Personal information (e.g., nickname, email address);
• Authentication and identification information (e.g., user identification number, username, avatar);
• Transactional information (e.g., information relating to any of your requests, queries, or complaints);
• Information we collect automatically from you including internet or other electronic network activity information, such as the data we receive when you interact with our app (e.g., your search history, log data, or actions you take within the app) or information about your device (e.g., your device ID, your device version, operating system, system language and regions, and identification number), and the information about the other apps you have installed;
• Subject to requirements under applicable law, coarse geolocation data, such as location information we receive about you (e.g., based on your Precise location, IP address, Wi-Fi SSID, etc.); and
• Any information you include in your publicly visible app profile or which you or others make available to us or the public (e.g., the feedback you leave).

2. HOW WE USE YOUR PERSONAL DATA AND THE BASIS ON WHICH WE USE IT

We may use your personal data for the following purposes:

• Identification and authentication: we use your personal data to verify your identity when you use our Services, or otherwise engage with us, and to ensure the security of your personal data. This is necessary to provide the requested service;
• Contractual obligations: we use your personal data to meet our contractual obligations to you under our terms and conditions of use or to take steps at your request prior to entering into such contract;
• Service operations: we process your personal data to provide the Services that you request, such as to connect you with other users; We use the information about the other apps you have installed to provide you with the App's core functionality, which is peer-to-peer transmission service;
• Service improvements: we analyse usage information, including site analytics, to continually improve the user experience;
• Communications: communications may include providing information about changes to the terms and conditions, updates regarding our Services, or responses to questions you pose;
• Advertising and marketing: we may use your personal data to build a profile about you, to understand your preferences, and to help determine which marketing materials (for example, region- or sector-focused) would be of interest to you. Where required by law, we will obtain your consent before sending such marketing materials;
• Exercising our rights: we may use your personal data to exercise our legal rights where it is necessary to do so, for example to detect, prevent, and respond to intellectual property infringement claims or violations of law;
• Complying with our obligations: we may process your personal data to carry out fraud prevention checks or comply with other legal or regulatory requirements, when required by law;
• Customising your experience: we may use your personal data to improve your experience of the Services, such as by providing interactive or personalised elements on the Services and providing you with content based on your interests.

We must have a legal basis to process your personal data, as specified under applicable laws. In most cases the legal basis will be one of the following:

• As consented by you in respect of this Notice;
• To fulfil our contractual obligations to you, for example to provide the services you request;
• To comply with our legal obligations, for example to obtain proof of your identity to enable us to meet our fraud prevention and anti-money laundering obligations;
• Where permitted under applicable laws, to meet our legitimate interests, for example:
  • To understand how you use our services and to enable us to derive knowledge that enables us to develop new services;
  • To carry out data analysis to ensure the stability and security of our Services and prevent crime, fraud and misuse of our Services;
  • To provide non-personalised advertising, which keeps most of our services free; and
  • To improve user experience.
• When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected;we may obtain your separate consent to collect and use certain types of personal data when we are required to do so by law (for example, in relation to our direct marketing activities). If we ask for your consent to process your personal data, you may withdraw your consent at any time by contacting us using the details at the end of this Notice; and
• As otherwise may be permitted under applicable laws.

3. HOW AND WHEN WE SHARE YOUR PERSONAL DATA

We may share your personal data as follows:

• With our service providers and other third parties that perform marketing services and support our other business operations. For example, we may partner with companies to send marketing messages, support email and messaging services, and analyse information. These service providers may include cloud service provider, advertising agencies and fraud prevention agencies which will use your personal data only in the ways described in this Notice.
• With advertisers and third-party measurement companies to show how many users of the App have clicked on that advertisement.
• With our affiliate companies, joint venture partners, and other partners or collaborators for the purposes of processing, analysing, or storing your information or otherwise as needed to provide the Services to you or achieve other purposes for which we collect information, in each case, consistent with the terms of this Notice.
• With law enforcement agencies, courts, other government authorities (whether in your jurisdiction or abroad) or other third parties where we or any of our affiliates believe it's necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
• With potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business. Should such a sale or transfer occur, we will use reasonable efforts to obligate the entity to which we transfer your personal data to use it in a manner consistent with this Notice.

4. INTERNATIONAL DATA PROCESSING & TRANSFER

Where permitted under applicable laws, your personal data may be transferred to, stored, and processed outside of your jurisdiction, including, if you are an EU or UK-based user of the Services, in a country that is not regarded as ensuring an adequate level of protection for personal data under European Union law / by the European Commission or under UK law / by the UK Government, including Singapore.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protection for your personal data. For more information on the appropriate safeguards in place, and to obtain a copy of such safeguards, please contact us at the contact information below.

5. DATA SECURITY AND RETENTION

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the ongoing integrity and confidentiality of personal data. We evaluate these measures on a regular basis to ensure the security of the processing.

We retain your personal data for as long as we have a relationship with you. After our relationship has ended, we retain your information as long as required by law. We may also retain records to investigate or defend against potential legal claims, deal with any complaints or official enquiries or investigations regarding the Services, or maintain business records for analysis and/or audit purposes.

6. YOUR RIGHTS OVER YOUR PERSONAL DATA

You have certain rights regarding the personal data we hold about you, subject to local law. These may include the following rights:

• Access – Request a copy of your data and information relating to how it is processed;
• Rectify – Request any inaccuracies in the data we hold about you be corrected;
• Erase – Request that we erase your data from our records;
• Restrict – Request that your data is no longer processed by us to the full extent set out in this Notice;
• Object – Object to certain ways that we process your data;
• Transfer – Request that your data be shared with a third party;
• Withdraw your consent – Where we are relying on your consent to process your data, then you can withdraw your consent at any time; and
• Lodge a complaint – You may be entitled to lodge a complaint with your local data protection authority.

If you would like to discuss or exercise any rights you may have under law, please contact us at the contact details below.

7. CHILDREN'S INFORMATION

The Services are not directed to children, and we do not knowingly collect any personal data from children under the age of 13 (or such legally required age of consent as defined under applicable laws) or knowingly allow such person to register on our Services. In the event that we are notified that we have collect personal data from a child of or under the age of 13 (or such legally required age of consent as defined under applicable laws) without parental consent, we will suspend the account and delete relevant information as quickly as possible. If you believe that we might have any information from a child of or under 13 (or such legally required age of consent as defined under applicable laws), please contact us at the contact details provided below.

8. CONTACT US

Xender is the controller responsible for the personal data Xender collects and processes. If you have questions or concerns regarding the way in which your personal data has been used or would like to exercise any right, please contact us at: xenderlockservice@xender.com.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority of your country of residence.

9. CHANGES TO THE NOTICE

You may request a copy of this Notice from us using the contact details set out above. We may modify or update this Notice from time to time.

If we change this Notice, we will notify you of the changes. Where changes to this Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing) or to terminate your use of the Services.

10. Nigeria-Specific Terms

If you are using our Services in Nigeria, the following additional terms apply. In the event of any conflict between the following additional terms and the provisions of the main body of these Terms, the following terms shall prevail.

• Minimum age. The Services are only intended for users of more than 18 years old (including) in Nigeria. If you are under the age of 18, you are not eligible to use the service offered on our digital platform.

11. Indonesia-Specific Terms

If you are using our Services in Indonesia, the following additional terms shall apply. In the event of any conflict between the following additional terms and the provisions of the main body of this Notice, the following terms shall prevail.

• Minimum age. The Services are only intended for users of more than 14 years old (including) in Indonesia.
• Age, Parental and Guardian Consent. By using the Services, you represent that you are at least 21 years of age or married or not under guardianship. If you are below 21 years old and you are not married, or under guardianship, you represent and warrant that you have obtained consent from your parent or legal guardian to use the Services. If you do not obtain consent from your parent or legal guardian, or your parent or guardian is not willing to give their consent, you must cease using the Services.

12. Singapore-Specific Terms

If you are using our Services in Singapore, the following additional terms shall apply. In the event of any conflict between the following additional terms and the provisions of the main body of this Notice, the following terms shall prevail.

Where we rely on personal data provided by you (or your authorised representative), in order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided above.

13. California, USA-Specific Terms

If you are using our Services in California, USA, the following additional terms shall apply. In the event of any conflict between the following additional terms and the provisions of the main body of this Notice, the following terms shall prevail.

California law grants its residents certain rights regarding the collection and use of their personal information. Subject to certain limitations, California residents have the following rights:

• Right to know. You have the right to know and request information about the categories and specific pieces of personal information we have collected about you within the last 12 months, as well as the categories of sources from which such information is collected, the purpose for collecting such information, and the categories of third parties with whom we share such information. You also have the right to know if we have sold or disclosed your personal information.
• Right to delete. You have the right to request the deletion of your personal information, subject to certain exceptions.
• Right to non-discrimination. You have the right to not be discriminated against for exercising any of the above-listed rights. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your personal information.