PRIVACY POLICY

1. Collection and Use of Personal Data

1.1 In this Notice, “we”, “us”, “our” or “OWNDAYS” means Owndays Singapore Pte Ltd, “you”, “your” or “yours” means the persons to whom this Notice applies. “Personal Data” has the same meaning as that defined in the Personal Data Protection Act 2012 (the “PDPA”).

1.2 This Notice provides information on the way OWNDAYS obtains, uses, holds, transfers and otherwise processes your Personal Data as full time, part time and temporary employees, contract workers of OWNDAYS, and such other persons engaged by OWNDAYS to perform duties or functions for OWNDAYS (collectively “Personnel”). Collection, use and disclosure of Personal Data is conducted by lawful and fair means, and consistent with requirements under PDPA. It is also intended to notify Personnel the rules on the protection of Personal Data and the Personnel’s rights in relation to their Personal Data processed by OWNDAYS. In addition, the Notice provides information on the circumstances in which one entity of OWNDAYS processes Personal Data on behalf of another entity of OWNDAYS.

1.3 OWNDAYS processes Personal Data about individuals such as its Personnel (past and present), job applicants, business partners and suppliers. OWNDAYS may process either directly or through third party vendors and service providers, such Personal Data for a number of business purposes, including:

• Recruitment, including evaluation and reference checks of an individual for suitability of employment;
• Schedule work activities and projects undertaken by OWNDAYS’ departments, teams and retail stores;
• Employee performance management and professional development;
• Payroll, claims reimbursements, accounting or tax purposes;
• Administering records of leave applications and consumption of employment benefits;
• Applying for work permits at the Ministry of Manpower, if needed;
• Administer business travel (i.e., booking airfare, hotels and applying for visa etc.) and other corporate events (i.e., annual general meetings, extraordinary general meetings);
• Facilitating corporate insurance coverage;
• Knowledge management and training for staff;
• Government and other regulatory reporting;
• Business and market development;
• Publicity, external and internal marketing purposes;
• For leasing of properties for OWNDAYS’ employees;
• For security, safety surveillance and monitoring, reporting (especially in emergency situations) and contact tracing purposes;
• For issuance of staff ID passes and settings of staff access controls;
• For internal reporting and/or accounting or audit purposes;
• Registrations and submissions with relevant governmental or regulatory authorities (e.g., to Optometrists and Opticians’ Board for recertifications), and financial institutions (e.g., bank signatories), as necessary; and
• Other purposes required by law or regulation;

1.4 Please note that if you do not consent to any of the above business purposes, it may affect OWNDAYS’ ability to continue on the employer/employee relationship and/or other engagements with you.

2. OWNDAYS’ Duties

2.1 OWNDAYS will process your Personal Data in accordance with PDPA. In particular, OWNDAYS will not process Personal Data unless one of the following conditions is met:

• the individual concerned has consented to such processing;
• OWNDAYS needs to carry out such processing (i) to perform, or take steps with view to enter into, a contract with the individual concerned, (ii) to comply with legal obligation of OWNDAYS or (iii) to protect the vital interests of the individual concerned in a `life or death' situation; or (iv) as permitted by “other exemptions” under PDPA (as specified in Second, Third, Fourth, Fifth and Sixth Schedule of PDPA)

2.2 When you provide OWNDAYS with your (or those of any third parties) Personal Data, OWNDAYS will process the Personal Data according to PDPA.

2.3 OWNDAYS will make sure you are informed if the existing Personal Data about you is to be used in a new way, or for different purposes.

2.4 OWNDAYS will not collect or use or disclose your Personal Data unless: (a) you consent to such collection, or (b) OWNDAYS needs to do so to meet its obligations or exercise its rights under employment law or other applicable laws and regulations, or (c) in exceptional circumstances such as where the processing is necessary to protect the vital interests of the individual concerned, or (d) in circumstances permitted by PDPA.

2.5 OWNDAYS may in exceptional circumstances, rely on consent given on behalf of the individual, for example, by a company employee on behalf of a family member.

2.6 OWNDAYS shall:

• not collect Personal Data more than what is reasonably required for the intended purpose;
• ensure the Personal Data collected are adequate and relevant for the intended purposes, accurate and up to date;
• process Personal Data only for the purposes specified in this Notice or in information provided to the individual concerned; and
• ensure one of the conditions in Section 2.1 is met if it processes Personal Data for new or different purposes.

2.7 OWNDAYS will maintain retention policies and procedures so that Personal Data is deleted after a reasonable time, given the purposes for which the Personal Data are held, except where, given those purposes, another law requires the data to be kept for a certain period of time. When OWNDAYS no longer needs to keep Personal Data for the purposes for which they are held, it will destroy them as soon as practicable. OWNDAYS will destroy all unsolicited Personal Data immediately which it comes into contact or possess during the course of business activity. All Personnel can contact the Data Protection Officer (the “DPO”) about the duration and the purposes for which their Personal Data is retained by OWNDAYS.

2.8 OWNDAYS will maintain appropriate organisational, physical and technical security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal of Personal Data in its possession.

2.9 OWNDAYS may disclose your Personal Data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in the Companies Act (Cap. 50). On occasion, we may use third party agents and service providers to assist us in the use of your Personal Data as outlined under "Collection and Use of Personal Data". OWNDAYS will not transfer Personal Data to entities outside OWNDAYS in other countries for further processing unless such entities agree to abide by a data protection standard at least as high as this Notice, or enter into a contractual arrangement requiring the same. The only exceptions are where the transfer is necessary to

• protect the vital interests of the individual concerned in a `life or death' situation, or
• enter into or perform a contract with (or for the benefit of) that individual.

2.10 OWNDAYS has procedures to deal with any suspected breaches of data security arrangements, unauthorized access or disclosure, or loss of Personal Data.

3. An Individual's Rights

3.1 Right of Access and Correction, Withdrawal of Consent Requests

• Your Right of Access and Correction shall be as set out in PDPA. You may contact the DPO if you wish to request access and/or make correction to your Personal Data. Please take note that there may be a fee for performing such request.
• You may also contact the DPO to withdraw consent on the collection, use and disclosure of your Personal Data. All withdrawal of consent requests shall be done via email request and write in to DPO directly. If more time is needed, the DPO will inform you in writing. After successful withdrawal of consent, DPO shall inform all third parties or data intermediaries to cease, to collect, use or disclose the Personal Data of the individual (If applicable).

4. Accurate and Complete Records

4.1 OWNDAYS take reasonable actions to verify any Personal Data from third parties’ source are accurate and complete by:

• Ensuring third parties source provide the latest and completed data as per date of handover by the third parties.
• Performing system verification to ensure mandatory information (e.g., name, IC number, contact number, address, etc.) is provided.

4.2 OWNDAYS takes reasonable actions where possible to verify the accuracy and completeness of Personal Data before use or disclosure:

• Reviewing the current data
• Ensuring the data are the latest and most accurate to date
• Verifying the data with individual (if necessary)

4.3 Please note that it is your responsibility to ensure that all Personal Data (including those that are providing on behalf of another individual) submitted to OWNDAYS is complete, accurate, true and correct at the time of submission. You are also requested to inform us should there be any changes to the Personal Data that you had submitted to us.

4.4 OWNDAYS will amend any of the Personal Data when informed by Personnel. OWNDAYS will maintain the amendment details (e.g. changes, date, time, etc). All third parties who have obtained the particular data from OWNDAYS will also be provided with the latest Personal Data where necessary.

5. Company Compliance with this Notice

5.1 OWNDAYS will maintain internal and external arrangements to:

• facilitate compliance with this Notice;
• allow effective exercise of individuals' rights guaranteed in the Notice; and
• consider and respond to complaints from individuals that OWNDAYS may not have complied with this Notice.

You may rely upon these procedures and/or exercise your rights provided as informed in this Notice by contacting the DPO. The email address of the DPO is [email protected].

5.2 OWNDAYS may update this Notice any time. All personnel are reminded they can refer to the latest version on OWNDAYS’ intranet.

Version 2.0