For the purposes of this Policy:

• "Individual" (or "you") means a natural person, whether living or deceased and "Individuals" (and "your") shall be construed accordingly;
• "Personal Data" means data that is capable of identifying an Individual, whether on its own or in conjunction with other data accessible to Triple-A;
• "Personnel" means any Individual engaged under a contract of service with Triple-A including permanent or temporary employees as well as trainees and interns engaged by Triple-A from time to time; and
• "Potential Personnel" means any Individual who has submitted an application to be engaged by Triple-A as Personnel.

Triple-A will only collect, use and disclose Personal Data from/or related to an Individual that is reasonably considered necessary for the relevant purposes underlying such collection, use or disclosure, which may include but is not limited to the following:

• Provide our Services (including customer support);
• Process transactions and send notices about your transactions;
• Resolve disputes, collect fees, and troubleshoot problems;
• Communicate with you about our Services and business and to inform you of matters that are important for your account and/or use of the Sites. We also use your personal data to respond to any questions, comments or requests you filed with us and the handling of any complaints;
• Comply with applicable laws and regulations;
• Establish, exercise and defend legal claims;
• Monitor and report compliance issues;
• Customise, measure, and improve our business, the Services, and the content and layout of our website and applications (including developing new products and services; managing our communications; determining the effectiveness of our sales, marketing and advertising; analysing and enhancing our products, services, websites and apps; ensuring the security of our networks and information systems; performing accounting, auditing, invoicing, reconciliation and collection activities; and improving and maintaining the quality of our customer services);
• Perform data analysis;
• Deliver targeted marketing, service update notices, and promotional offers based on your communication preferences, and measure the effectiveness of it. To approach you via email for marketing purposes, we request your consent, unless it is not required by law. You always have the option to unsubscribe from our mailings, e.g., via the unsubscribe link in our newsletter;
• Perform risk management, including comparing information for accuracy and verify it with third parties and protect against, identify and prevent fraud and other prohibited or illegal activity, claims and other liabilities; and
• Enforce our contractual terms.

The exact Personal Information which we may collect from you will differ depending on if you are visiting a Triple-A website/social media account, or if you are onboarded or in the process of being onboarded for the use of our Services. Some of the Personal Data which we may collect through your interaction with us, depending on the mode of interaction, may include your/the:

• First and last name;
• Country and city of residence;
• Location data;
• Job title;
• Nationality of legal representatives and senior management members;
• % shares/voting rights in the company;
• Phone number;
• ID number;
• Date of birth;
• Date of birth and nationality of individuals owning or controlling directly and indirectly more than 10% in the company;
• First and last name and/or billing first and last name and/or shipping name;
• Billing address (street, city, state, country, zip code) and/or shipping address;
• Email and/or billing email and/or shipping email;
• Phone and/or billing phone number and/or shipping phone number;
• Billing company and/or shipping company;
• Username;
• User ID;
• Shopping cart items information : for each item, the SKY, price, quantity and name of the item;
• Shopping cart checkout information: shipping cost, tax cost, shipping discount;
• Any online identifier; and
• Any factors that may be used to identify you.

Generally, Triple-A may collect Personal Data from you in one or more of the following ways or circumstances:

• Information provided directly: You may be asked to provide Personal Data when you visit or use some parts of our websites and/or services. You do not have to provide us with your Personal Data; however, it could mean that you are not able to access some parts of our website or use our services.
• Information collected automatically: Some information is collected automatically, such as an IP address and device type, when you visit our websites or use our services. This information is useful to us as it provides us with a better understanding of how you are interacting with our websites and services so that we can continue to provide you with the best experience possible.
• Information from third parties: The majority of information that we collect is collected directly from you. Some data may be collected from other sources, such as information that is available in the public domain. We use this information to supplement the Personal Data that we have collected from you.

We may use personal and other information for our legitimate business interests, to the extent permitted by applicable law, including but not limited to:

• Complete your transactions, respond to your questions, and provide you with customer service;
• Send you transactional and other administrative messages;
• Personalise your experience when you use our services;
• Operate and grow our business (e.g., conduct data analysis; audit our activities; develop new products; enhance, improve and modify our services; identify usage trends; determine the effectiveness of our promotional campaigns);
• Monitor and prevent fraud, money laundering, abuse, and other actual and potential prohibited or illegal activities;
• Meet legal, auditing, regulatory, insurance, security and processing requirements;
• Report to credit bureaus;
• Respond to court orders and legal investigations;
• Deliver marketing communications to you about our services and other companies' services, including offers, coupons or incentives we believe may be of interest to you;
• Comply with applicable laws, which may include laws outside your country of residence;
• Respond to requests from public and government authorities, which may include authorities outside your country of residence;
• Cooperate with law enforcement, or for other legal reasons;
• Enforce our terms and conditions; and
• Protect our rights, privacy, safety or property, and/or that of our affiliates, you or others. We may also use information in other ways with your consent or as required by applicable law.

In the event of a data breach, Triple-A will notify the relevant supervisory authority and affected individuals as required by applicable data protection laws.

We share and disclose information with:

• Internal departments - To fulfill the purposes described in this policy, your Personal Data may be shared with our internal teams (such as compliance, risk, and support) on a need-to-know basis or where there is a legitimate interest, in line with applicable legal bases under each jurisdiction's data protection laws.
• Authorised service providers - We engage third-party vendors for IT services, website hosting, analytics, infrastructure, payment processing, order fulfillment, customer service, and email delivery. These vendors are contractually required to handle your Personal Data securely and in accordance with applicable data protection obligations.
• Marketing and communications providers - Where permitted under law or with your explicit consent, we may share your information with marketing service providers to manage communications and campaigns. Your choices and opt-out rights are respected under each applicable law (e.g., GDPR consent, CCPA opt-out, PDPO usage limitation).
• Social media platforms and other users - When you interact with our platforms or authorize sharing, your information may be disclosed to your social media connections or account providers, subject to your settings and applicable laws.
• Corporate transactions - In the event of a merger, acquisition, restructuring, or sale of our business or assets (including bankruptcy), we may transfer your Personal Data as part of the transaction, ensuring the receiving party complies with applicable privacy laws.
• Legal obligations and rights protection - We may disclose Personal Data where required by law, regulation, court order, or governmental request. This includes cooperation with relevant authorities in Singapore (e.g., PDPC), the EU (e.g., data protection authorities), Hong Kong (e.g., PCPD), the United States (e.g., state or federal regulators), and the UAE.
• Retention requirements - We may retain and disclose your Personal Data for up to 10 years or as otherwise required by AML regulations, financial record-keeping laws, or specific data retention obligations in jurisdictions like Singapore, the EU, Hong Kong, and the U.S.
• Jurisdiction-specific disclosures:
  • Singapore: We share data only with parties who meet the PDPA's consent or deemed consent requirements, and ensure transfers outside Singapore are made in accordance with cross-border transfer rules.
  • European Union: All data sharing is subject to lawful bases under the GDPR (e.g., contract, legitimate interest, or consent). Transfers outside the EU/EEA are made using appropriate safeguards such as Standard Contractual Clauses.
  • Hong Kong: We comply with the PDPO's Data Protection Principles, especially around purpose limitation and use. Data is shared only where necessary and lawful.
  • United States: We respect your rights under state-specific privacy laws (such as the CCPA) and provide mechanisms for data access, deletion, and opt-out of data sharing where required.