PRIVACY POLICY

1. Purpose and Basis

In order to provide the Services and E-Wallet to you, Halo may be required to collect some of your personal information when you register an E-Wallet or use the Services. This Privacy Policy, in combination with Halo's other applicable policies, set out the rules as to the use and protection of the collected information in order to prevent misuse of your Personal Information

This Privacy Policy is to be read in conjunction with our terms of use pertaining to the E-Wallet (the “Terms”).

2. Designation

For the convenience of wording in Privacy Policy, Halo is referred to as “we”, “us” or “our”.

Users of and other visitors to our Website and E-Wallet are referred to as “you”, “your” or “User”.

We and you are collectively referred to as “both parties” and as “a/one party” individually.

3. Information That We Collect

Personal information is typically data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.

For the purposes of this Privacy Policy, “Personal Information” refers to all information that is recorded electronically or otherwise and can be used, whether independently or in combination with any other information, to identify any particular natural person or reflect the pattern of behaviour of a particular natural person, including, but not limited to, sensitive personal information.

4. Scope of this Privacy Policy

This Agreement shall apply to all Users utilising the E-Wallet and the Services pertaining to the same, whether on our Website or Mobile App.

You shall comply with the terms and conditions of this Privacy Policy, subject to and as permitted by any and all laws relating to the protection of personal information and data in the country or region where they are based.

5. User Consent and Authorization

You acknowledge and understand that, at the point of creating an E-Wallet, whether on our Website or Mobile App, you will be deemed to have expressed to us your acceptance, consent, undertaking and confirmation of the following, regardless of whether you have completed your registration of the E-Wallet, that:

a.

you agree, on a voluntary basis, to disclose Personal Information to us;

b.

you will abide by all the terms and conditions of this Privacy Policy;

c.

you agree and authorises Halo to collect your Personal Information when the you register your E-Wallet, utilise your E-Wallet and/or use the Services;

d.

you agree to all the terms and conditions of this Privacy Policy and agree to accept any amendment that may subsequently be made to the Privacy Policy;

e.

you agree that any of our branch companies, subsidiary companies, employees, or service providers with whom we have engaged for the provision of the Services, will contact you to request for information or to inform you of any product and service that may be of interest to you (unless the User has indicated that he or she does not wish to receive such information).

6. Information Collected

Personal Information

Whilst we will try to minimise the amount of Personal Information requested from you, we may from time to time, be required to request the following Personal Information, where applicable, in order to comply with applicable law and regulation:

a.

Personal Identification Information: Full name, date of birth, nationality, gender, ethnicity, signature, facial data, utility bills, photographs, phone number, precise location, home address, and/or email;

b.

Formal Identification Information: Government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws.

c.

Contact list information: this may include your contact list you voluntarily provided to our support team when using our services.

d.

Institutional Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.

e.

Financial Information: Bank account information, payment card primary account number (PAN), account assets, transaction history, trading data, and/or tax identification.

f.

Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.

g.

Message Content: Feedback, Email, SMS, App Rating, Comments.

h.

Application Activity: Browsers and tap records, search history, installed apps, user-generated content, favorites.

i.

Device Information: Carrier, brand, software version, model name, manufacturer, system language, network, OAID, IMEI, GUID, MAC address.

j.

Employment Information: Office location, job title, and/or description of role.

k.

Correspondence: Survey responses, information provided to our support team or user research team.

We will collect your Personal Information in accordance with the legislative purpose of the Data Protection Act.

Third Party Wallet

We may also ask you to prove ownership or control of Third Party Wallets which you have imported to our E-Wallet. We are required to ask for this information to comply with anti-money laundering and counter-financing of terrorism requirements, and to ensure we safeguard against and report any suspicious activity.

Automatic collection of data

We may also collect and store certain information automatically when you visit the Website/Mobile App.

To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Website/Mobile App or use the Services.

This information helps us address customer support issues, improve the performance of our Website, Mobile App and Services.

Information collected automatically includes:

a.

Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.

b.

Usage Data: click-stream data, public social networking posts, and other data collected via cookies and similar technologies.For example, we may automatically receive and record the following information on our server logs:

  • How you came to and use the Services;
  • Device type and unique device identification numbers;
  • Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
  • How your device interacts with our Website/Mobile App and Services, including pages accessed and links clicked;
  • Broad geographic location (e.g. country or city-level location); and
  • Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.
  • c.

    Application checklist: For advertising and safety use and approval of service applications.

    We may also use identifiers to recognize you when you access our Website/Mobile App via an external link, such as a link appearing on a third-party site.

    7. Application and Usage of Information Permission

    Supply of Information

    If Users voluntarily use the E-Wallet and Services, they may be required to fill in and/or provide the following two categories of information in accordance with the requirements of Halo:

    a.

    Identity Information: this category of the User information, which may help Halo verify the User and comply with applicable laws. Identity information may include the User's full name, registered address, postal address, official proof of identity documents and the document numbers, as well as all other information that may assist Halo in verifying the User's identity (hereinafter collectively referred to as "Identity Information");

    b.

    Service Information: this category of User information helps the Platform to contact the User and to provide a smooth service experience It includes, but is not limited to, the User’s telephone number, fax number, valid email address, postal address, and debit card information and/or other account information (hereinafter collectively referred to as "Service Information").

    Applicable Permissions

    Android PermissionDescriptionApplication
    android.permission.INTERNETNetwork access permissionAllows applications to be networked
    android.permission.ACCESS_NETWORK_STATEGet network status permissionAllows applications to get the network status
    android.permission.CHANGE_NETWORK_STATEChange network status permissionAllows applications to change the network status
    android.permission.ACCESS_WIFI_STATEGet WiFi status permissionAllows applications to get the WiFi status
    android.permission.CHANGE_WIFI_STATEChange WiFi status permissionAllows applications to change the WiFi status
    android.permission.FOREGROUND_SERVICEFrontend service start permissionAllows market monitoring through the ticker widget
    android.permission.RECEIVE_BOOT_COMPLETEDBoot broadcast monitoring permissionAllows monitoring of background tasks in workmanager
    android.permission.USE_FINGERPRINTTouch ID permissionAllows fingerprint login
    android.permission.VIBRATEVibration permissionAllows phone vibration
    android.permission.WAKE_LOCKWake lock permissionAllows keeping the screen in awake status for KYC
    android.permission.CAMERACamera access permissionAllows taking of photos and scanning of ID cards for KYC
    android.permission.ACCESS_COARSE_LOCATIONCoarse location information access permissionAllows push notifications for news and events
    android.permission.READ_PHONE_STATERead local identification code permissionAllows device fingerprinting, statistics, and facial recognition

    android.permission.READ_EXTERNAL_STORAGE

    android.permission.WRITE_EXTERNAL_STORAGE

    Read and write external storage permissionAllows reading or writing of images, files, etc. to ensure stable app operation
    android.permission.WRITE_SETTINGSRead and write system settings permissionAllows device fingerprint functionality
    android.permission.REQUEST_INSTALL_PACKAGESUnknown source installation permissionAllows offline push notifications

    android.permission.SYSTEM_ALERT_WINDOW

    android.permission.SYSTEM_OVERLAY_WINDOW

    Hoverbox permissionAllows floating window functionality
    android.permission.ACCESS_FINE_LOCATIONFine location information access permissionUsed for KYC process to obtain location information
    ClipboardManagerClipboard access permissionUsed for 2FA login, red envelopes, and deposit and withdrawal services
    iOS PermissionDescriptionApplication
    NSFaceIDUsageDescriptionFacial or fingerprint information access permissionLogin with Facial ID
    CameraCamera access permissionAllows taking of photos and scanning of ID cards for KYC
    LocationServicesCoarse location information access permissionAllows push notifications for news and events
    PhotosRead and write external storage permissionAllows reading or writing of images
    PushPush permissionAllows offline push notifications
    UIPasteboardClipboard access permissionUsed for 2FA login, red envelopes, and deposit and withdrawal services
    NSLocationUsageDescriptionFine location information access permissionUsed for KYC process to obtain location information

    8. Third-party Protocols and websites

    Where a User connects his E-Wallet to any Third Party Protocols, third party websites, or procures a transfer from or to, a Third Party Wallet, the User agrees to and shall comply with the separate and independent privacy policies of such third-parties.

    The User understands and acknowledges that Halo is not responsible for the content or activities of such third-party websites or partners.

    9. Third Party Service providers

    We may transfer personal data to third parties in connection with the provision of the E-Wallet and Services as certain features of the E-Wallet rely on various third-party products and services (collectively “Third Party Services”).

    These Third Party Services providers only have access to certain information, in accordance with our contractual agreements and only as permitted by applicable data protections laws.

    10. External Databases

    Public Databases, Credit Bureaus & ID Verification Partners

    We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners like World-Check use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to assess risk and ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contractual obligations with you and others.

    Blockchain Data

    We may analyze public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under our Terms, and to analyze transaction trends for research and development purposes.

    Joint Marketing Partners & Resellers

    Unless prohibited by applicable law, joint marketing partners or resellers may share information about you with us so that we can better understand which of our Services may be of interest to you.

    Advertising Networks & Analytics Providers

    We work with these providers to provide us with de-identified information about how you found our Website/Mobile App and how you interact with the Website/Mobile App and Services. This information may be collected prior to account creation.

    11. Halo entities

    Our Halo Family of Companies:Our “family of companies” is the group of companies related to us by common control or ownership (“Affiliates”). In accordance with applicable law, we may obtain information about you from our Affiliates as a normal part of conducting business, if you link your E-Wallet to the Halo Platform or if you are a user of the Halo Platform so that we may offer our Affiliates' Services to you.

    12. Cookies

    You agree that Halo may use cookies to track User actions in connection with the User’s use of the Services and may collect and record all information left by Users, including but not limited to their IP address, geographical location and other data.

    Installation of Cookies

    Function of Cookies

    Cookies are frequently used to record the habits and preferences of visitors when they browse various items on the Website. Cookies collect anonymous collective statistics which do not contain Personal Information. Cookies cannot be used to obtain data from the User’ hard drive, the User’s email address or Personal Information. Cookies can enable the Website or a service provider’s system to recognize the User’s web browser as well as capture and remember information.

    Disabling Cookies

    Most browsers are preset to accept Cookies and Users can choose to set their web browsers to reject Cookies or to notify Users upon the installation of Cookies. Users should be aware that they may be unable to start or use certain features of the Services if they opt to disable Cookies.

    13. Use of Information

    The information collected we collect from you is primarily for the enhancement of our Services, and to comply with any applicable laws and regulations.

    The following are some ways which we may use your Personal Information and data collected through your use of the Services:

    a.

    to provide you with the Services;

    b.

    to identify and confirm your identity, in accordance with our Anti Money Laundering and Combating the Financing of Terrorism policies and obligations;

    c.

    to improve and upgrade the Services (the Users' information and feedback received, when you make a support request can help us improve the services of the Services);

    d.

    to keep statistics relating to the use of the Services and for use in data analysis carried out in cooperation with government agencies and public affairs institutions;

    e.

    to facilitate transactions (where entities/Third Party Protocols/Third Party Wallets with whom you wish to transact with your E-Wallet, are subject to disclosure requirements under applicable laws);

    f.

    to send regular emails, newsletters, updates, relevant product or service information, and announcements; and

    g.

    to fulfil other purposes as specified in the Terms and to be used for all the legal means adopted for fulfilling such purposes.

    For the avoidance of doubt, we do not sell, trade, or otherwise transfer information or allow any other party to collect or use any information from your use of the Services.

    However, this does not include the following parties and the following information: our affiliates, trusted third parties who assist us with the operation of our website and Services (provided that these parties agree to keep such information confidential).

    If we disclose any information to the above-mentioned parties, such information disclosure shall be in accordance with any applicable laws, regulations, rules or by any order of any court or other competent authorities, or necessary for the improvement and provision of Services, or for the protection of the rights, property or safety of us or other persons.

    Any such information disclosure will not be used by any of the above-mentioned parties for marketing, advertising or any other purpose that has not been agreed on by all the parties concerned.

    For your reference, we may use third-party SDKs AppsFlyer to measure the advertising performance, detect and prevent fraudulent activity on your account in real time. Information shared with AppsFlyer is treated by AppsFlyer in accordance with its Privacy Policy, available at https://www.appsflyer.com/legal/services-privacy-policy/ , we may use Sentry to monitor the anomalies of the Platform. Information shared with Sentry is treated by Sentry in accordance with its Privacy Policy, available at https://sentry.io/privacy/.

    Third-Party SDKPurposeData InvolvedLink to Third Party
    Firebase

    Performance monitoring

    Cloud configuration

    Push notifications

    Crashlytics

    Analytics

    MAID

    IDFV/Android ID

    FID

    App Instance ID

    Crashlytics Installation UUIDs

    Crash traces

    Breakpad minidump formatted data

    (NDK crashes only)

    Official Website

    Privacy Statement

    SensorsAnalyticsSDK

    Stability monitoring

    Device data

    Log data

    File data

    Network data

    System name

    System version

    Country code

    Official Website

    Privacy Statement

    Logan

    Stability monitoring

    Log data

    Github

    AppsFlyer

    Attribution analysis

    Device type and model

    CPU

    System language

    Memory

    Operating system

    WiFi status

    UDID

    AppList

    Official Website

    Privacy Statement

    14. Protection of Personal Data

    Halo adopts appropriate physical, electronic, management and technical measures to protect and safeguard the security of the Users' personal data. Halo will, to the greatest extent possible, ensure that any personal data collected through the Platform shall be free from being subject to nuisance by any third party unrelated to us. The security measures that Halo may take include but are not limited to:

    a.

    Physical measures: records of Users' Personal Information will be stored in an appropriately secure location.

    b.

    Electronic measures: computer data containing Users' Personal Information will be stored in computer systems and storage medias that are subject to strict login restrictions.

    c.

    Management measures: only staff members duly authorized by Halo may access the Users' personal data and such staff members shall comply with Halo’s internal code concerning personal data confidentiality.

    d.

    Technical measures: encryption techniques such as Secure Socket Layer Encryption may be used to transmit Users' Personal Information.

    e.

    Other measures: our network servers are protected by a proper "firewall".

    15. Your Rights

    You have the right to:

    a.

    Request information in relation to the collection and use of your Personal Information: This enables you to be informed at all times about the purposes for processing your Personal Information.

    b.

    Request access to your Personal Information: This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.

    c.

    Request correction of the Personal Information that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

    d.

    Request erasure of your Personal Information: This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it, if we have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    e.

    Object to processing of your Personal Information: Where we are relying on a legitimate interest (or those of a third party) and you want to object to processing. In some cases, we may demonstrate that we have legitimate grounds to process your information which can override your objection.

    f.

    Request to stop direct marketing: Where we are processing your personal data for direct marketing purposes, you have the right to notify us in writing requesting that we cease or do not begin processing your Personal Information for direct marketing purposes.

    g.

    Request the transfer of your Personal Information to you or to a third party: We will provide to you, or a third party you have chosen (where technically feasible), your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

    h.

    Withdraw consent at any time where we are relying on consent to process your Personal Information: You may withdraw your consent for our processing of your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you with continued access to the Services.

    16. Data Retention

    Please note that even If you delete your E-Wallet or Third Party Wallet addresses from the E-Wallet, uninstall the Mobile App from your device, or request that your information be deleted, we still may retain some information that you have provided to comply with the laws and regulations to which we are subject. If you have any question or objection as to how we collect and process your personal information, please contact [ [email protected] ].

    17. Reporting of Flaws

    If you become aware of any security flaw in our Website or Mobile App, you should contact us through the service email promptly (per our Website/Mobile App) so that the we can take appropriate measures to address any such flaw as soon as possible.

    18. Exemption

    Despite the above-mentioned technical and security measures, we cannot guarantee that the information transmitted via the Internet is absolutely safe. As such, Halo does not provide any guarantees with respect to the security of the Personal Information that the Users provide to us; and the we shall not be held liable for any loss or damage arising from or caused by any event that may occur in connection with unauthorized access to your Personal Information.

    19. Amendment of this Agreement

    Halo reserves the right to modify this Privacy Policy at any time. We will inform the Users of the amendments made to the Privacy Policy by releasing updates thereof, publishing the effective date of new versions thereof and highlighting the amendments thereto.

    Sometimes, but not always, we may issue a notice to Users to inform them of any amendments made to the Privacy Policy. Users shall regularly review the Privacy Policy and focus on amendments thereto, if any; and if the Users do not agree to any such amendments, the Users shall promptly stop accessing this Website. Whenever an updated version of this Privacy Policy is released, the User’s continued access to and use of the Website and Mobile App shall demonstrate the User’s agreement to the updated version of the Privacy Policy.

    Communication with Us

    Any User comments or feedback should be sent to the following email address: [[email protected]]. This is the only valid and official email address through which Halo communicates with Users. If a User uses any other means of communication to contact Halo, we shall not be obliged to reply and will not be held liable in any manner whatsoever.