We process your Personal Data in order to provide our products or services to you, or in order to receive products or services from you as set forth in this Section below.

Except as otherwise indicated, the Personal Data we collect is required to carry out the requested action. While the provision of your Personal Data is voluntary, if you do not provide your Personal Data to us, we may not be able to carry out the requested action. Generally, we collect Personal Data when you:

(a) submit forms or applications, resumes and/or CVs to us, we will collect from you or from third party recruiters, your identifiers (name, address, business and/or personal phone number, email address), protected classifications (gender, age, nationality), professional or employment-related information (employment history, job function or department, right to work information, information obtained from credit reference agencies). We use this information to assess your qualification for the position for which you applied, verify your identity, and conduct background checks or other verification purpose(s), to the extent permissible by law, and due diligence. We will also collect your national identity or passport numbers where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to, or to accurately establish or verify your identity to a high degree of fidelity. The legal basis for processing this information is to comply with a legal or regulatory obligation to which we are subject.

(b) submit queries, requests, complaints or feedback, or otherwise communicate with us, we will collect your identifiers (name and email address), and any information you choose to include in your correspondence with us. The legal basis for processing this information is performance of our contract with you;

(c) ask to be included in our mailing list, we will collect your identifiers (name and email address). We use this information to fulfil your request to receive information we feel may be of interest to you. The legal basis for processing your information is your consent. You can revoke your consent with effect going forward by clicking on the “unsubscribe” link in each email. Please note that we will continue to send you transactional messages such as notifications necessary for the requested products or services;

(d) place, obtain, subscribe and/or make payment for our goods and/or services or when you supply goods and/or services, we will collect your identifiers (name, address, email address, telephone number) and payment information (payment card or account number, routing number (if applicable), payment card security code, payment card expiration date). We will use this information to process your subscription or purchase. The legal basis for processing this information is performance of our contract with you;

(e) take part in our surveys and/or events organised solely or jointly by the Company and/or any third parties, we will collect your identifiers (name, personal or business email address, and personal or business telephone number) and preferences (to the extent that this information is relevant to organising and managing those events [for example, your dietary requirements]). We use this information to contact you about future business opportunities and/or organise events, respectively. The legal basis for processing your information is your consent. You can revoke your consent at any time, with effect going forward, by sending a request to withdraw your consent, via email, to Dataprotection@swirebulk.com ; and

(f) visit one of our physical locations, we collect information relating to you that you give to us, or we otherwise obtain when you visit us (your signature, if you sign in, or are recorded on CCTV while visiting us, or you give us the registration details of your vehicle). The legal basis for processing your information is our legitimate interest for securing our properties.

In addition, we also collect information relating to you when we:

(a) conduct reviews for the purposes of (i) system and business process improvements, (ii) risk/fraud management, (iii) regulatory and compliance risk management and (iv) improvements to human resource processes (this shall include information such as your IP address, browser, time-zone setting, IP address); and

(b) conduct dispute resolution, preventing, detecting and investigating non-compliance with laws, regulations and corporate policies and enforcing our contractual and legal rights and obligations.

If you provide us with any Personal Data relating to a third party (e.g. Personal Data of your dependents, spouse, children and/or parents), by submitting such Personal Data to us, you represent and warrant to us that you have informed them of how their information will be used, that you obtained the requisite consent of such third party and/or are authorised to provide us with such Personal Data for the relevant purposes contained in this Policy.

You are to ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to fulfil your requests and/or applications or delays in processing your applications.

Where the provision of your Personal Data is generally a contractual or legal requirement or is a requirement in order for us to enter into a contract, the consequences of any failure to provide such data will be that we may need to review any engagement or business relationship that we may have with you. Our legal rights and remedies in such event are expressly reserved. We also use the Personal Data collected for the above purposes to comply with the law and for other limited circumstances as described in Section 5.5 “Who we give your information to”.

We may conduct survey(s) to allow us to provide better services through customer research. You will be informed of the specific purpose(s) of each survey when we invite you to participate in the said survey. Participation in the survey is optional. The legal basis for the processing of your survey responses is your consent. You may revoke your consent with respect to being invited to future surveys by clicking the unsubscribe link included in the emails. Each of our surveys shall be conducted in accordance with the applicable Personal Data Protection Laws.

A cookie is a packet of data sent by a web server to a browser, which is returned by the browser each time it subsequently accesses the same server, used to identify the user or track their access to the server.

Our websites use cookies and similar tracking technologies (collectively, “Cookies”) to collect and use Personal Data about you (including internet and other electronic network activity information), to better understand and improve the usability, performance and effectiveness of our websites, to help us tailor content or offers for you, and to serve our interest-based advertising. These technologies may also allow certain third parties to collect information about you. The legal basis for the processing of this information is your consent.

• We share the information collected with our analytics and search engine providers that assist us in the improvement and optimisation of our website, subject to our Cookie Policy. The legal basis for processing this information is your consent. If you are a California resident and wish to opt out of this sharing, visit Do Not Sell or Share My Personal Information

To learn more, including about how to consent to or withdraw your consent to Cookies, please see our Cookie Policy.

Information that we automatically obtain when you use our website and/or business systems/applications

When you use any of our websites or business systems/applications, we process the following types and categories of Personal Data (including internet and other electronic network activity information) which we collect automatically from your device. The legal basis for the processing of this information is your consent.

• Usage information: We use essential, performance, and analytics cookies to collect information about your interaction with our websites or business systems/applications, such as what you access, what you click on, the frequency of access, and how much time you spend on the websites or business systems/applications. We use this information to: (i) track you within the websites or business systems/applications; (ii) enhance user experience; (iii) conduct analytics to improve the websites or business systems/applications; (iv) prevent fraudulent use of the websites or business systems/applications; and (v) diagnosis and repair websites or business systems/applications errors, and, in cases of abuse, track and mitigate the abuse. The legal basis for this is our legitimate interest in the improvement of our websites or business systems/applications.

• Device information: We use essential, performance, and analytics cookies to collect certain information about the device you use to access the websites or business systems/applications, such as hardware model, operating system, and device preferences. We use this information to: (i) track you within the websites or business systems/applications; (ii) enhance user experience; (iii) conduct analytics to improve the websites or business systems/applications; (iv) prevent fraudulent use of the websites or business systems/applications; and (v) diagnose and repair websites or business systems/applications errors, and, in cases of abuse, track and mitigate the abuse.

• Location information: We use essential, performance, and analytics cookies to collect information about your location, which may be determined through your IP address. We use this information to: (i) track you within the websites or business systems/applications; (ii) enhance user experience; (iii) conduct analytics to improve the websites or business systems/applications; (iv) prevent fraudulent use of the websites or business systems/applications; and (v) diagnosis and repair websites or business systems/applications errors, and, in cases of abuse, track and mitigate the abuse.

• We also collect your geolocation to provide location services to allow check-in, or to deliver content or advertising that are dependent on knowing where you are located. Some features within our websites or business systems/applications may only function upon confirmation of your location, and therefore such features will not be available if you choose not to provide your location data to us. The legal basis for this processing is consent.

Delivery of location services will involve reference to one or more of the following:

• The coordinates (latitude/longitude) of your location.

• Look-up of your country of location by reference to your IP address against public sources; and/or your Identifier for Advertisers (“IFA”) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.

Information we receive from other sources:

We combine the information we collect directly from you and the information we collect automatically with information we collect from third party sources. We use this information and the combined information for the purposes set out above under Section 5.1 “Information we collect from you and why” and ” Information that we automatically obtain when you use our website and/or business systems/applications” (depending on the types of information we receive).

We do not carry out automated decision-making or profiling in relation to you.

Subject to the provisions of any applicable Personal Data Protection Laws, we may share the Personal Data identified in this Policy in the following instances:

• Within SB Group: Where necessary, we share your Personal Data within SB Group for legitimate business purposes in order to efficiently carry out our business and to the extent permitted by law. The legal basis for this processing is our legitimate interest in carrying out our business operations efficiently. If any of these parties are using your Personal Data for direct marketing purposes, we will only transfer the Personal Data to them for that purpose with your prior consent (to the extent that such consent is required under the applicable Personal Data Protection Laws).

• With service providers: We share your Personal Data with our service providers that assist us in providing the services, including to the below services providers. The legal basis for this is our legitimate interest in providing the services more efficiently:

   o Our business partners, customers, suppliers, service providers and sub-contractors for the performance of any contract we enter into or       other dealings we have in the normal course of business with you or the person that you work for.
   o Our auditors, legal advisors and other professional advisors or service providers.
   o Credit reference agencies for the purpose of assessing your credit score where this is in the context of us entering into a contract with you or  the person that you work for.
   o Payment processing providers who provide secure payment processing services.
   o Relevant government regulators and/or law enforcement agencies (whether local or overseas), to comply with any directions, laws, regulations, rules, codes of practice or guidelines, or schemes issued or administered by any of them.
   o Any party to whom you authorise us to disclose your Personal Data.

Other disclosures we may make

We may also disclose your Personal Data in the following circumstances:

• In the event of a corporate reorganisation: In the event that SB Group (or any member of the SB Group) enters into, or intends to enter into, a transaction that alters the structure of our organisation, such as a reorganisation, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our assets, we would share your Personal Data with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We will also share your Personal Data with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. The legal basis for this is our legitimate interest in carrying out our business operations.

• If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the company you work for; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime. The legal basis for the processing of this information is to comply with a legal obligation to which we are subject.

Where we engage or require a Data Processor to act on our behalf (such as suppliers, service providers or other third-party vendors), we will ensure that proper procedures are followed when appointing such third parties, including to incorporate adequate contractual provisions under the applicable Personal Data Protection Laws into services or supply agreements.

Sharing in the Last Twelve (12) Months

For a Business Purpose. In the preceding twelve (12) months, SB Group has disclosed the following categories of Personal Data for a business purpose to the following categories of third parties:

• We have disclosed your personal identifiers, internet and other network activity information, and customer records information to service providers that perform services on our behalf. These service providers include our background check provider, and analytics service provider.

• We have disclosed your internet or other electronic network information to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair website errors that impair functionality.

• We have disclosed your internet or other electronic network information and location information to our IT support and data analytics provider to maintain, improve, and upgrade SB Group’s services.

For a Sale.

SB Group uses certain third-party cookies on its website and/or business systems/ applications. These cookie collects your internet and other electronic network activity and shares it with the third-party cookie providers. This use of your Personal Data may be considered a sale under the California Consumer Privacy Act. To opt out of this cookie, visit Do Not Sell or Share My Personal Information

Your Personal Data may be transferred to, and processed in, a country outside of your local jurisdiction or region for any of the purposes described in this Policy.

These countries may have differing (and potentially less stringent) laws relating to the degree of protection afforded to Personal Data.
We may process your Personal Data in countries outside your local jurisdiction or region:

• When we utilise cloud storage, we may process your Personal Data in countries outside your local jurisdiction or region in order to store it.

• When we process your order, process payment details, and provide support services, we may process your Personal Data outside your local jurisdiction or region in order to enable us to provide goods or services to and fulfil our contract with you or the company you work for.

• When we are legally required to do so, we may process your Personal Data in countries outside your local jurisdiction or region.

• When we share information within the SB Group, generally for the efficient functioning of our business, or as permitted by the applicable Personal Data Protection Laws, we may process your Personal Data in countries outside your local jurisdiction or region in order to facilitate the operation of our group of businesses.

Where your information is processed outside of your local jurisdiction or region, we (or our permitted third parties) will take reasonable steps to ensure that your Personal Data is protected in accordance with the applicable Personal Data Protection Laws.

For example, we may implement organisational, contractual and legal measures (e.g. through the implementation of an intra-group data transfer agreement including Standard Contractual Clauses) to ensure that your Personal Data is protected to the standard required in your local jurisdiction/region. You may request a copy of these measures by contacting us directly.

Unfortunately, no data transmission via the internet (including via mobile application, email or other messaging service) can be guaranteed to be completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our website and/or business systems/applications, and any transmission is at your own risk.

However, we maintain commercially reasonable physical, electronic and procedural safeguards to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed in accordance with the requirements of the applicable Personal Data Protection Laws.

All Personal Data you provide to us is stored on our secure servers. We comply with our security policies and standards when accessing or using this information and restrict access to your Personal Data to those persons who need to use it for the purpose(s) for which it was collected. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website and/or any business systems/applications, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone. All third-party service providers and other entities within the SB Group are required to take appropriate security measures to protect Personal Data in line with our policies. They are only permitted to process Personal Data for specified purposes and where appropriate, in accordance with our instructions.

All third-party service providers and other entities within our group are required to take appropriate security measures to protect Personal Data in line with our policies. They are only permitted to process Personal Data for specified purposes and where appropriate, in accordance with our instructions.

We have put in place procedures to deal with any suspected data security incidents and will notify you and any applicable Personal Data Protection Authority of a suspected breach where legally required under the applicable Personal Data Protection Laws, or if it is appropriate to do so.

Our website may, from time to time, contain links to external sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our site and read the privacy policies of other websites. We have no control over Personal Data that you submit to or receive from these third parties.

We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required. If we require consent to collect certain information about you, and such consent is withdrawn (see Section 5.9), we will delete such information unless we are legally required to retain it.

If you are resident in the US, Australia, People’s Republic of China, New Zealand, Brazil or Canada, please refer to the Schedules of this Policy to learn more about your rights and how to exercise them.

Under certain circumstances and to the extent such rights are granted in accordance with the applicable Personal Data Protection Laws in your country, you may have the right to:

• Request access to your own Personal Data. This allows you to receive a copy of your Personal Data held by us as well as the right to receive information about how your Personal Data is processed.

• Request correction of your Personal Data. This allows you to correct any incomplete or inaccurate information that we hold about you.

• Request erasure of your Personal Data. For example, this allows you to ask us to delete or remove your Personal Data where there is no good reason for it to continue to be processed.

• Object to the processing of your Personal Data where such Personal Data is processed on the grounds of legitimate interests.

• Request the restriction of processing of your Personal Data. This allows you to ask for the processing of your Personal Data to be suspended if, for example, you wish to establish its accuracy or the reason for processing it.

• Request the withdrawal of any consent you may have given to us for processing your Personal Data, including the right to object to marketing (as mentioned in Section 5.5 “Who we give your information to” above).

• Request the transfer of your Personal Data provided to us to another party where technically feasible.

To the extent applicable under the applicable Personal Data Protection Laws:

• Once we confirm that consent has been withdrawn, the processing of information for the purpose or purposes originally agreed to will not continue, unless there is another legitimate basis for doing so in accordance with the applicable Personal Data Protection Laws. If there is another legitimate basis for processing information in accordance with the applicable Personal Data Protection Laws, the same data may be processed without your consent.

• Do note that you may be allowed to withdraw consent for any optional purposes that your Personal Data is collected, processed and transferred without concurrently withdrawing consent for the necessary purposes that your Personal Data is collected, processed and transferred (e.g. for the provision of products/services that we offer).

Should you wish to exercise any of your rights, please contact us directly (see “How to exercise your rights” below).

You should be aware that not all of these rights are absolute and there may be circumstances in which we will not fully comply with your request because of a specified legal ground or exemption. In certain situations, your Personal Data may be exempt from access, correction and deletion requests pursuant to the applicable Personal Data Protection Laws or other laws and regulations. We will always inform you if this is the case.

How to exercise your rights

You can also exercise the rights listed above at any time by contacting us directly at DataProtection@swiresbulk.com or the contact details set out in Section 5.11 “Contact Details” below. Some jurisdictions may require such requests to be made in writing whilst others permit requests to be made orally or in writing. Please contact us if you are unsure as to how you may make a request. We will respond to your request in accordance with the applicable Personal Data Protection Law.

Please note that we may ask for proof of your identity and address. We also reserve the right, in accordance with the applicable Personal Data Protection Laws, to request additional information reasonably required to identify the specific information being requested or referred to, or any additional information reasonably required to confirm your identity.

To the extent permitted by the applicable Personal Data Protection Laws, we further reserve the right to charge you a reasonable fee for you to access your Personal Data, and for any additional copies of the materials provided, or to refuse to comply with the request.

If you have any concerns about our use of your information, you may also have the right to make a complaint to the relevant Personal Data Protection Authority. Please refer to the definitions section above (Section 4. “Definitions”), or to the relevant Schedule for your jurisdiction, to understand which Personal Data Protection Authority is relevant to the processing of your Personal Data.

Our full contact details are:
Name of Data Protection Officer (DPO): Mun Wai Wong
Contact number: +65 97727042
Email: DataProtection@swirebulk.com
Address: 300 Beach Road #28-02, The Concourse, Singapore 199555

Swire Bulk reserves the right to amend this policy at its sole discretion. In case of amendments, the policy owner will inform staff appropriately.

This United States of America Addendum (“USA Addendum”) supplements this Policy to the extent that the CCPA and CPRA (effective January 1, 2023), California Online Privacy Protection Act (“CalOPPA”), Nevada’s NRS 603A.300, et seq., Children’s Online Privacy Protection Act (“COPPA”), and applies in relation to the processing of Personal Data in California, Nevada, and throughout the United States by the SB Group. In case of any inconsistences between this USA Addendum and the rest of this Policy, this USA Addendum prevails.

Please refer to the Schedule 2 CCPA / CPRA Addendum (“California Addendum”) to learn more about California residents’ privacy rights and how to exercise those rights.

NEVADA RESIDENTS

If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your Personal Data. We do not currently sell any of your Personal Data under Nevada law, nor do we plan to do so in the future. However, you can submit a request to opt-out of future sales by contacting us at DataProtection@swirebulk.com Please include “Opt-Out Request Under Nevada Law” in the subject line of your message.

DO NOT TRACK

We will not place cookies or collect information via cookies when your browser is set to Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

GLOBAL PRIVACY CONTROL

Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt out from certain types of data processing, including sales of data. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable Personal Data Protection Laws.

AGE RESTRICTION

The website and/or business systems/ applications are not intended for individuals under the age of sixteen (16). If we learn that we have collected or received Personal Data from a child under the age of sixteen (16), we will delete that information. If you believe we might have information from or about a child under the age of sixteen (16), please contact us at DataProtection@swirebulk.com

This CCPA / CPRA Addendum (“Californian Addendum”) supplements this Policy to the extent that the California Consumer Privacy Act (“CCPA”) grants consumers (California residents) certain rights with respect to their personal information. The Californian Addendum must be read in conjunction with the rest of this Policy as it contains an additional explanation of why and how we process the personal data of California residents, their rights in relation to personal data, and how to contact us. Effective January 1, 2023, the California Privacy Rights Act Cal. Civ. Code §§ 1798.100–1798.199.100 (“CPRA”), modifies the rights and requirements under the CCPA.

In case of any inconsistences between this Californian Addendum and the rest of this Policy, this Californian Addendum prevails.

The Right to Know

This sets forth the SB Group’s current and past practices related to the general categories of personal information we collect, how we collect it, how we use the personal information we collect, and how, if at all, and with whom we share the personal information. In addition to what is described in this policy, consumers have the right to request that the SB Group discloses to the consumer the following information:

• The categories of personal information the SB Group has collected about the consumer.
• The categories of sources from which the SB Group has collected the personal information.
• The business or commercial purpose for collecting or selling (to the extent applicable) the personal information.
• The categories of third parties with whom the SB Group shares personal information.
• The specific pieces of personal information the SB Group collects about the consumer.

The SB Group will provide this information to a consumer upon receipt and verification of a Verifiable CCPA California Consumer Request Form (hereinafter a “Request to Know”). A consumer can request the form by writing to dataprotection@swirebulk.com

For details on how to submit a Request to Know, see Exercising your rights under the CCPA. Any information provided by the SB Group in response to a Request to Know will cover all information collected about you, unless impossible to retrieve, involves disproportionate effort (subject to CPRA regulations), or anything that violates trade secrets or data generated to help ensure security and integrity or as prescribed by regulation.

The Right to Delete

The Right to Request that the SB Group and its service providers delete your personal information

A consumer has the right to request that the SB Group deletes any personal information about the consumer which the SB Group has collected from the consumer, and the SB Group will notify any service providers or contractors acting on its behalf to do the same, and notify all third parties to whom the SB Group has sold or shared such personal information to delete the consumer’s personal information, unless this proves impossible or involves disproportionate effort. The SB Group will comply with a consumer’s request to delete his or her personal information upon receipt and verification of a Verifiable CCPA California Consumer Request Form (hereinafter “Request to Delete”). A consumer can request the form by writing to dataprotection@swirebulk.com

By law, the SB Group may retain certain personal information collected from a consumer, notwithstanding the consumer’s request to delete the same, if it is reasonably necessary for the SB Group to maintain the consumer’s information in order to:

• Complete a contract between the consumer and the SB Group.
• Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
• Identify and repair errors in SB Group provided products or services.
• Exercise any right provided for by law, and to exercise free speech.
• Comply with the California Electronic Communications Privacy Act.
• Engage in research that conforms or adheres to all other applicable ethics and privacy laws, when the SB Group’s deletion of the information is likely to render impossible or seriously impair the ability to complete such research, with informed consent.
• To enable solely internal uses that are reasonably aligned with the expectations of the consumer, based on the consumer’s relationship with the SB Group.
• Comply with a legal obligation.

The Right to Opt-Out

The Right to Opt-Out of the sale or sharing of your personal information

Under California law, a consumer has the right to opt out of sharing of his/her personal information for the purpose of targeted advertising and/or of the sale of his/her personal information by a business that collects personal information and sells it (“Request to Opt- Out”). Certain sharing with marketing and analytics cookies is considered a “sale” under the CCPA.

The Right to Non-Discrimination

The Right to Non-Discrimination for the exercise of your rights under the CCPA

A consumer has the right to be free from discrimination by the SB Group because the consumer exercised any of his/her rights under the CCPA. Examples of discrimination may include:
• Denying goods or services to you.
• Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, in a manner that is not justified under the law.
• Providing a different level or quality of goods or services.
• The SB Group will not discriminate against consumers who exercise their rights under the CCPA.

The Right to Correct Inaccurate Personal Information

A consumer has the right to request the SB Group to correct inaccurate personal information about the consumer, taking into account the nature of the personal information and the purposes of the processing of the personal information.
If the SB Group receives a verifiable consumer request to correct inaccurate personal information, the SB Group will use reasonable efforts to correct the inaccurate information.

The Right to Know What Personal Information is Sold or Shared and to Whom

In the event that the SB Group receives a verifiable consumer request from a consumer whose personal information has been sold, shared, or disclosed for a business purpose by the SB Group, the consumer has the right to request that the SB Group discloses to the consumer:
• The categories of personal information that the SB Group collected about the consumer.
• The categories of personal information that the SB Group sold or shared about the consumer and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared.
• The categories of personal information that the SB Group disclosed about the consumer for a business purpose and the categories of persons to whom it was disclosed for a business purpose.

The Right to Limit Use and Disclosure of Sensitive Personal Information

The SB Group is not required to offer consumers a right to limit the use or disclosure of sensitive personal information if the SB Group is using the sensitive personal information for the following purposes, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose:

• To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
• To detect security incidents.
• To resist malicious, deceptive, fraudulent, or illegal actions directed at the SB Group and to prosecute those responsible for those actions.
• To ensure the physical safety of natural persons.
• For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the SB Group, provided that the personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the SB Group.
• To perform services on behalf of the SB Group, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the SB Group.
• To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the SB Group, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the SB Group.

If the SB Group is not using the sensitive personal information for the above purposes, a consumer shall have the right to direct the SB Group to limit its use of the sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requested the goods or services. If the SB Group has received such a direction, the SB Group is prohibited from using or disclosing the consumer’s sensitive personal information for any other purpose, unless the consumer subsequently provides consent to use the information for additional purposes. If the SB Group uses or discloses a consumer’s sensitive personal information other than as necessary to perform the services or provide the goods, the SB Group will provide notice to consumers that this information may be used, or disclosed to a service provider or contractor, for additional, specified purposes and that consumers have the right to limit the use or disclosure of their sensitive personal information.

Exercising your rights under the CCPA

Consumers may submit a request to exercise their rights under the CCPA by either of the following methods:

• Completing the CCPA California Consumer Request Form or CCPA California Authorized Agent Designation Form and submitting it to dataprotection@swirebulk.com. A consumer can request the forms by writing to dataprotection@swirebulk.com
• Clicking the Do Not Sell or Share My Personal Information link in the Privacy Policy or on the Website.

A consumer is entitled to utilize an authorized agent to exercise his/her rights under the CCPA/CPRA. If the consumer chooses to utilize an authorized agent for this purpose, the SB Group reserves the right to require:

• That the authorized agent directly verifies his or her identity with the business.
• That the consumer otherwise directly confirms to the SB Group that he/she has provided the authorized agent permission to submit the request.

Any authorized agent submitting a Request to Know on behalf of a consumer should complete and submit a completed CCPA California Authorized Agent Designation Form to DataProtection@swirebulk.com along with his/her request on behalf of the consumer or provide all the information required by the CCPA California Authorized Agent Designation Form to the SB Group when submitting a consumer request via email or toll-free telephone.

This Australia Addendum (“Australia Addendum”) supplements this Policy to the extent that the Australian Privacy Act applies in relation to the processing of Personal Data in Australia by the SB Group. In case of any inconsistences between this Australia Addendum and the rest of this Policy, this Australia Addendum prevails.

PERSONAL DATA UNDER THE AUSTRALIAN PRIVACY ACT

In this Australia Addendum and in the Privacy Policy as it relates to the processing of Personal Data in Australia, “Personal Data” has the same meaning as “personal information” as defined in the Australian Privacy Act.

“Sensitive information” is a type of “personal information” and has the same meaning as defined in the Australian Privacy Act.

The concept of a “Data Controller” does not exist under the Australian Privacy Act.

DO WE SHARE YOUR PERSONAL DATA OVERSEAS?

We generally collect your Personal Data in Australia. However, we will share your Personal Data with overseas recipients located in Singapore and Hong Kong. These recipients include:

• our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data on data storage servers, or with improving our products and services;
• law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs and immigration; and
• other members of the SB Group.

We only ever share your Personal Data outside of Australia where we are permitted to do so under applicable Personal Data Protection Laws. Generally, this means we will take reasonable steps to ensure your Personal Data is treated securely and in accordance with applicable Personal Data Protection Laws.

There are other circumstances where we may disclose your Personal Data to an overseas recipient. For example, where you have provided your consent or we are otherwise permitted to do so under other relevant laws.

HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?

You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11.of the Policy.

We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).

If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are also entitled to request correction of the Personal Data (again, please contact our Data Protection Officer). After receiving a request from you, we will take reasonable steps to correct your Personal Data.

We may decline your request to access or correct your Personal Data in certain circumstances in accordance with the Personal Data Protection Laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.

DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?

We (or any member of the SB Group) may send you direct marketing communications, information and offers about services that we think may interest you, as permitted under applicable Personal Data Protection Laws. This may take the form of emails, SMS or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the contact details set out in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).

We will only send these communications in accordance with applicable privacy and marketing laws (such as the Australian Privacy Act (including Australian Privacy Principle 7), the Australian Spam Act 2003 (Cth), and only where you have opted in to (and not subsequently opted out of) receiving such communications from the us.

HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

If you have any questions or concerns about this Australia Addendum or how we have handled your Personal Data, you may contact the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy.

Please also contact the Data Protection Officer if you have a complaint about privacy. If you make a complaint about privacy, the following will occur:

Step 1: The Data Protection Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.

Step 2: If your complaint requires more detailed consideration or investigation:
• we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and
• we may ask you to provide further information about your complaint and the outcome you are seeking.

Step 3: We will then typically gather relevant facts, locate and review relevant documents and speak with the individuals involved.

Step 4: In most cases, we will respond to your complaint within 30 business days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the Australian Privacy Act (including the Australian Privacy Principles), you are entitled to make a complaint to the Office of the Australian Information Commissioner (the Australian privacy regulator).

The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992, or you can fill out this form to make a complaint about our handling of your Personal Data. Full contact details for the Office of the Australian Information Commissioner can be found online at www.oaic.gov.au.

This People’s Republic of China Addendum (“PRC Addendum”) supplements the Policy to the extent that PIPL applies to our processing of your Personal Data where such processing takes place in, or where you are an individual in, the People’s Republic of China (“PRC”), which for the purpose of the Policy, excludes the Hong Kong Special Administrative Region, the Macao Special Administrative Region and Taiwan. This PRC Addendum forms a part of the Policy. In case of any inconsistences between this PRC Addendum and the rest of the Policy, this PRC Addendum prevails.

The term “process/processing” used in the Policy shall have the same or equivalent meaning of “handle/handling” as described in PIPL.

Legal Basis for Processing of Personal Data

In respect of the various legal basis for processing your Personal Data being introduced in the main body of the Policy:

(a) where PIPL applies, we will not rely on legitimate interests as a legal basis for processing your Personal Data; and
(b) on top of the legal basis being introduced in the Policy, PIPL also allows us to process your Personal Data without your consent where the processing is:
   • Necessary for us to respond to sudden public health incidents or to protect individual’s lives, health or properties under emergency conditions;
   • Necessary for us to implement news reporting, public opinion supervision and other such activities for the public interest, provided that such processing is carried out within a reasonable scope; or
   • Related to your Personal Data which has already been publicly disclosed by yourself or by other lawful means, provided that such processing is carried out within a reasonable scope in accordance with PIPL and does not have a significant impact on your rights and interests.

Notwithstanding the foregoing, in any of the following scenarios, we may only process your Personal Data with your separate consent:

(a) Disclosure of your Personal Data to other Data Controllers;
(b) Public disclosure of your Personal Data;
(c) Use of your image or identifying information collected from public places for any purpose other than safeguarding public security;
(d) Processing of your sensitive personal information (as described in PIPL); or
(e) Exporting your Personal Data from the PRC.

For the avoidance of doubt, in the event of a corporate reorganisation of the SB Group as mentioned in the “Who we give your information to” section, we may transfer your Personal Data without your consent but will inform you of the name and contact information of the recipient of your Personal Data, who shall continue to fulfill our duties as a Data Controller.

Data Export from the PRC

In order to comply with PIPL when exporting your Personal Data from the PRC (by ways of, including but without limitations, transferring your Personal Data outside the PRC or granting the overseas recipient access to your Personal Data stored in the PRC), we will take necessary measures to ensure that your Personal Data will be protected by the overseas recipient at a level at least up to the standards set by PIPL.

Subject to the volume and nature of the relevant data export involving your Personal Data, we will also meet at least one of the following requirements set by PIPL for exporting your Personal Data:

(a) Passing the data export security assessment conducted by CAC;
(b) Obtaining certification from a specialised institution under the applicable rules prescribed by CAC;
(c) Entering into a standard form contract formulated by CAC with the overseas recipient; and
(d) Satisfying other conditions under the applicable laws, administrative regulations or rules prescribed by CAC.

Your Rights

To the extent that PIPL applies to our processing of your Personal Data, you would have the right:
(a) To restrict or object to our processing of your Personal Data;
(b) To request access to or a copy of your Personal Data, except where the laws require us to keep your Personal Data confidential;
(c) To request us to provide the portal for transferring your Personal Data to other Data Controllers, but we may grant such request only if the conditions set by CAC have been met;
(d) To request the correction or supplement of your Personal Data, if you find it inaccurate or incomplete;
(e) To request the erasure of your Personal Data in any of the following scenarios:
   • The purpose of processing your Personal Data has been achieved or cannot be achieved, or your Personal Data is no longer necessary to achieve such purpose;
   • The period of the retention of your Personal Data has expired;
   • You have withdrawn your consent;
   • Our processing of your Personal Data violates the laws and administrative regulations or breaches our contracts with you; or
   • Other circumstances provided by the applicable laws and administrative regulations; and
(f) To request us to explain and elaborate the Policy and any other rules on the processing of your Personal Data.

Where our processing of your Personal Data is undertaken based on your consent, you would also have the right to withdraw such consent, but it shall not affect the effectiveness of our processing of your Personal Data which had already been undertaken before your withdrawal of consent.

Age Restriction

The website and/or business systems/applications are not intended for any individual under the age of fourteen (14). If we learn that we have collected or received any Personal Data from an individual under the age of fourteen (14), we will delete that information. If you believe we might have information from or about an individual under the age of fourteen (14), please contact us.

Local Contact
In addition to our contact details set out in the main body of the Policy, you may also contact Data Protection Officer in the following ways:
Address: Unit 1311-1312, HKRI Centre One, HKRI Taikoo Hui, 288 Shi Men Yi Road, Shanghai
Contact Number: 021-2285 3880
Email: DataProtection@swirebulk.com

This New Zealand Addendum (“New Zealand Addendum”) supplements this Policy to the extent that the NZPA applies in relation to the processing of Personal Data in New Zealand by the SB Group. In case of any inconsistences between this New Zealand Addendum and the rest of this Policy, this New Zealand Addendum prevails. 

PERSONAL DATA UNDER THE NZPA

In this New Zealand Addendum, “Personal Data” has the same meaning as the definition of “personal information” in the NZPA.

“Sensitive” personal information, although not expressly defined in the NZPA, is likely to include health, genetic, biometric and financial information that are inherently sensitive types of Personal Data. While there are no express obligations on entities who handle sensitive Personal Data, the privacy principles under the NZPA create a higher standard of protection for such information.

The concept of a “Data Controller” does not exist under the NZPA.

DO WE SHARE YOUR PERSONAL DATA OVERSEAS?

We may share your Personal Data with overseas third parties. These recipients include:

• our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data on data storage servers, or with improving our products and services;
• law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs and immigration; and
• other members of the SB Group.

We only ever share your Personal Data outside of New Zealand where we are permitted to do so under the NZPA. Generally, this means either you have authorised us to do so or we believe that the Personal Data will be processed and safeguarded by the overseas entity in way that is comparable to the protections offered under the NZPA.

HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?

You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.

We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up-to-date. If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are also entitled to request correction of the Personal Data (again, please contact our Data Protection Officer). After receiving a request from you, we will take reasonable steps to correct your Personal Data.

We may decline your request to access or correct your Personal Data in certain circumstances in accordance with the NZPA. If we refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.

DO WE USE OR SHARE YOUR PERSONAL DATA FOR DIRECT MARKETING?

We (or any member of the SB Group) will only send you direct marketing communications, information and offers about services that we think may interest you with your consent and in accordance with the Unsolicited Electronic Messages Act 2007. This may take the form of emails, SMS or other forms of communication. You may opt-out of receiving marketing communications from us by contacting our Data Protection Officer using the details set out in Section 5.11 of the Policy or by using the opt-out facilities provided in our communications (e.g. an unsubscribe link).

HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

You can exercise your rights above and raise any concerns or complaints you may have about this New Zealand Addendum or how we have handled your Personal Data, by contacting the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the NZPA, you are entitled to make a complaint to the OPC.

The OPC can be contacted by telephone on 0800 803 909, or you can fill out form to make a complaint about our handling of your Personal Data. Full contact details for the OPC can be found online at www.privacy.org.nz.

Last updated: 22 June 2023

This Brazil Addendum (“Brazil Addendum”) supplements this Policy to the extent that the LGPD applies in relation to the processing of Personal Data in Brazil by the SB Group. In case of any inconsistences between this Brazil Addendum and the rest of this Policy, this Brazil Addendum prevails.

PERSONAL DATA UNDER THE LGPD

In this Brazil Addendum, “Personal Data” has the same meaning as the definition of “personal data” in the LGPD. “Sensitive Personal Data”, as such term is defined under the LGPD, includes information relating to health, genetic, biometric, racial or ethnic origin, religious conviction, political opinion, union membership or organization of a religious, philosophical, or political information. The LGPD creates a higher standard of protection for Sensitive Personal Data and restricts its processing to certain authorized scenarios. The concept of “Data Controller” under the LGPD includes public or private individuals or legal entities, who are responsible for determining the purpose for which and manner in which Personal Data is processed. The concept of “Data Processor” shall have the same or equivalent meaning of “operator” as described in the LGPD.

DO WE SHARE YOUR PERSONAL DATA OVERSEAS?

We may share your Personal Data with overseas third parties. These recipients include:

• our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data on data storage servers, or with improving our products and services;
• law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs and immigration; and
• other members of the SB Group.

We only ever share your Personal Data outside of Brazil where it is not in violation of LGPD. Generally, this means either you have authorised us to do so or we will take reasonable steps to ensure your Personal Data is treated securely and will be processed and safeguarded by the overseas entity in a way that is comparable to the protections offered under the LGPD.

HOW CAN YOU ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA?

You are entitled to request access to any of your Personal Data that we collect. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.

YOUR RIGHTS

We will respect the confidentiality of the Personal Data that we collect and ensure you the exercise of your rights. Regardless of the purpose or legal basis we use to process your Personal Data, and to the extent that LGPD applies to our processing of your Personal Data, you have the right:

(a) To request confirmation of processing or access to your Personal Data;
(b) To request correction of your Personal Data, if you find it inaccurate or incomplete;
(c) To request the erasure, deletion, restriction from processing and/or anonymization of your Personal Data;
(d) To request us to provide information from Third Parties with whom your Personal Data has been shared; and
(e) To request us to provide information regarding the possibility for you to deny consent to the processing of your Personal Data.

HOW CAN YOU MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA?

You can exercise your rights above and raise any concerns or complaints you may have about this Brazil Addendum or how we have handled your Personal Data, by contacting the Data Protection Officer at any time using the contact details at Section 5.11 of the Policy. If you are not satisfied with our response to a complaint, you are also entitled to file a complaint with the data protection authority, in particular, ANPD.

Full contact details for the ANPD can be found online at https://www.gov.br/anpd/pt-br/canais_atendimento/fale-conosco.

Last updated: 22 June 2023

This Canada Addendum (“Canada Addendum”) supplements this Policy to the extent that PIPEDA, applies in relation to the processing of Personal Data in Canada, or to the extent that PIPA BC apply in relation to the processing of Personal Data in British Columbia respectively by the SB Group. In case of any inconsistences between this Canada Addendum and the rest of this Policy, this Canada Addendum prevails for all Personal Data for which Canadian privacy laws apply.

PERSONAL DATA UNDER PIPEDA AND THE PROVINCIAL PRIVACY LAWS

In this Canada Addendum, “Personal Data” has the same meaning as the definition of “personal information” in PIPEDA and under the Provincial Privacy Laws. “Sensitive” personal information is not expressly defined in PIPEDA and PIPA BC. The concepts of a “Data Controller” or “Data Processor” do not exist under PIPEDA and PIPA BC.

DO WE SHARE YOUR PERSONAL DATA OUTSIDE OF CANADA?

We may share your Personal Data with third parties located outside of Canada. These recipients include:

• our service providers who may handle, process or store your Personal Data on our behalf. For example, we may share your Personal Data with service providers who assist us with storing our data on data storage servers, or with improving our products and services;
• law enforcement agencies, regulatory authorities or other government authorities requiring your Personal Data for purposes such as state security, customs and immigration; and,
• other members of the SB Group.

Accordingly, your Personal Data may become accessible to the courts and law enforcement and national security authorities of the jurisdictions your Personal Data is located when obtaining our services.

We only ever share your Personal Data outside of Canada where we are permitted to do so under PIPEDA or the applicable PIPA BC. We put in place contractual arrangements with service providers and third parties with whom we share Personal Data to ensure that Personal Data is processed and safeguarded in a way that is comparable to the protections offered under applicable Canadian privacy laws.

HOW TO ACCESS OR RECTIFY YOUR PERSONAL DATA

You are entitled to request access to any of your Personal Data that we collect subject to certain exceptions to and prohibitions on disclosure. Exceptions include where information is subject to solicitor- client privilege or where the information contains references to third parties or cannot be disclosed for legal, security or commercial reasons. To make such a request, please contact the Data Protection Officer using the contact details at Section 5.11 of the Policy.

How to make a request for access to your Personal Data

Step 1: Make a request for access in writing using the contact details at Section 5.11 of the Policy.
Step 2: If at any time you need assistance with making your request, we will provide assistance upon request.
Step 3: We will respond to your request within 30 days, or 45 days in Alberta. In certain circumstances, we seek an extension to respond by up to 30 days in certain cases. A fee may be required subject to certain conditions.

We will take reasonable steps to ensure that the Personal Data that we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in the Personal Data we hold about you and informing us of any change in your Personal Data (for example, if your email address changes or if you move and change address).

If you consider any Personal Data that we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are also entitled to request correction of the Personal Data by contacting our Data Protection Officer. After receiving a request from you, we will take reasonable steps to correct your Personal Data.

We may decline your request to access or correct your Personal Data in certain circumstances in accordance with PIPEDA or PIPA BC. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the Personal Data we store.

HOW TO MAKE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA

If you have any questions or concerns about this Canada Addendum or how we handle your Personal Data, you may contact the Data Protection Officer at any time using the contact details provided at Section 5.11 of the Policy.

If you are not satisfied with our response to your enquiry, or you consider that we may have breached PIPEDA or PIPA BC, you are entitled to make a complaint to:

Federal: Office of the Privacy Commissioner of Canada can be contacted by telephone at 1-800-282-1376. Full contact details for the OPC can be found online at http://www.priv.gc.ca/en/ and

British Columbia: Office of the Information and Privacy Commissioner for British Columbia can be contacted by telephone at (250) 387-5629. Full contact details for the IPC BC can be found online at http://www.oipc.bc.ca.