This client data protection policy (“Policy“) applies to personal information about you (whether as an individual or on behalf of a corporate entity), any of your employees, officers, directors, agents, contractors or consultants, or any of your customers, suppliers or any other relevant individual that you engage with in the ordinary course of business (“Client Business Personnel“) held by Triide Group (“we“, or “us”).

 

By providing us with personal data in any capacity (whether your own or on behalf of Client Business Personnel), you hereby represent, warrant and undertake to us that you have obtained proper authorization from the relevant individuals or corporate entities, including any separate consent required, and will promptly provide documents evidencing such authorization as requested by us from time to time. You are also responsible for informing your Client Business Personnel of this Policy and their rights hereunder.

 

We are committed to processing personal information in compliance with all applicable Data Protection Legislation and this Policy. Please read this Policy carefully to understand how we collect, use, share, and protect your personal information.

 

In this Policy:

 

“Data Protection Legislation” means all applicable legislation relating to privacy or data protection in force from time to time, including but not limited to any statute or statutory provision which amends, extends, implements, consolidates or replaces the same. The terms “personal information/data”, “sensitive personal information”, “special categories of personal data”, “controller”, “entrusted party”, “individual” and “process” (and their respective derivatives) shall have the meanings given to them in the Data Protection Legislation.

 

“Triide Group” means Triide Holding Limited and its affiliates, including but not limited to any partnerships, corporations and undertakings which are authorized to carry the name “Triide”, GRIT Nominees Limited, GRIT Ventures Limited and FUTURE VISION MANAGEMENT LIMITED, each operating as a separate entity providing services. The Triide Group is not a legal entity or a partnership and services are provided to clients by the individual members of the Triide Group.

 

“processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

 

Types of Personal Information We Collect

 

We may collect personal information that can be used to identify a natural person or to reflect the activity of a natural person, including but not limited to the following types of personal information:

 

• Contact Data: contact information, such as an individual’s home or work address and contact details (including mobile phone number, WeChat ID and email address);
• Identity Data: name, gender, date of birth, marital/civil partnership status, details of dependents and next of kin, and copy of your document of identity (including identity card and passport);
• Financial Data: bank account details, salary and benefits, tax rates, housing information and information in relation to investments;
• Employment Data: employment status, employer, occupation, title, professional qualifications, salary and pay records;
• Communications Data: other information we collect directly from you or your Client Business Personnel through instructions and/or communications (including in person, by phone and by email), and details of any complaints or concerns raised by you or your Client Business Personnel; and
• Third-Party Data: information we obtain from third parties (including those for verification processes, from fraud prevention agencies and from publicly available sources).

 

We may also collect sensitive personal information or special categories of personal data of you and your Client Business Personnel, including but not limited to information about racial or ethnic origin, criminal or alleged criminal offences, or health and lifestyle, subject to obtaining separate consent where required by Data Protection Legislation.

 

If you fail to provide us with the aforementioned information, or if you or your Client Business Personnel object to us processing such information, we may be unable to offer our services to you, or continue to manage your matter(s) with us.

 

Our Processing of Your Personal Information

 

We may collect, record and use personal information in physical and electronic form about you and your Client Business Personnel, and will hold, use and otherwise process them in accordance with the Data Protection Legislation and as set out in this Policy for the following purposes:

 

• to conduct conflict checks;
• to provide our services to you;
• to administer and operate your client account(s) and matters;
• to monitor and analyze the conduct of your client account(s) and matters;
• to assess any billing matters or credit decisions;
• to enable us to carry out statistical and other analysis and to meet our legal or regulatory obligations;
• for our reasonable commercial purposes (including those in connection with our insurance, quality control and administration and assisting us in developing new and improved services);
• to confirm your or their identity and carry out background checks, including as part of our client due diligence for the purposes of anti-money laundering, combating terrorism financing, national security, compliance screening and preventing fraud and other crimes;
• to follow up with you or them after you request information to see if we can provide any further assistance;
• to comply with any requirement of applicable laws or regulations;
• to fulfill our obligations under any reporting agreement entered into with any tax authority or revenue service(s) from time to time;
• to reaffirm your instructions to us;
• to circulate attendee lists to other attendees of our events;
• to monitor, record and analyze any communications between you or them and us, including phone calls to analyze, assess and improve our services to you, as well as for training and quality purposes;
• to prevent or detect abuse of our services or any of our rights (and attempts to do so), and to enforce or apply this Policy and/or any other agreement and to protect our (or others’) property or rights;
• in the context of a sale or potential sale of a relevant part of our business, subject always to confidentiality obligations;
• if instructed to do so by you or them or where you or they give us consent to the use and/or processing involved; and
• to bring to your or their attention (in person or by post, email or telephone) information about additional services offered by us, which may be of interest to you or them, unless you or they indicate at any time that you or they do not wish us to do so.

 

Lawful Grounds for Processing Your Personal Information

 

In compliance with the Data Protection Legislation, we may process personal information of you or your Client Business Personnel by relying on one or more of the following lawful grounds:

 

• Consent: you or they have explicitly consented to us processing such information for a specific reason;
• Contract: the processing is necessary to perform the agreement we have with you or them or to take steps to enter into an agreement with you or them;
• Legal Obligation: the processing is necessary for compliance with a legal obligation we have;
• Public Interest: the processing is necessary for us to respond to sudden public health incidents, to protect individuals’ lives, health or properties under emergency conditions, or to implement news reporting, public opinion supervision and other such activities for the public interest, provided that such processing is carried out within a reasonable scope; or
• Publicly Disclosed Data: the processing is related to personal information which has already been publicly disclosed by yourself or themselves or by other lawful means, provided that such processing is carried out within a reasonable scope in accordance with the Data Protection Legislation and does not have a significant impact on your or their rights and interests.

 

Where we process publicly disclosed personal data and such processing has a major impact on the rights and interests of individuals, we will obtain the consent of individuals in accordance with the provisions of this Policy.

 

Information Sharing

 

Sharing Your Information with Others

 

We keep all client information confidential. However, in order to be able to service our clients’ needs to the best of our ability, we may identify a member or members of the Triide Group or other outside counsel, experts, agents, document management providers and other third-party service providers to work for you on your matter, and may therefore share any information you provide to us with such entities or persons and their agents, counterparties and support service or data providers, wherever located. If we are required to instruct such entities or persons on your behalf, we will seek your consent before doing so.

 

We may also provide third-party service providers, as entrusted parties, access to your personal information where they support or provide services to us. We will ensure that if we share information with, or provide access to, third-party service providers, any such disclosure or access is at all times in compliance with Data Protection Legislation. If you or your Client Business Personnel have provided information to a member or members of the Triide Group, to the extent permitted by the Data Protection Legislation, those entities may also share that information with us.

 

Save for the Triide Group or other outside counsel, experts, agents, document management providers, and third-party service providers, the recipients, or categories of recipients, of your information, or information relating to your Client Business Personnel, may be:

 

• any revenue service or tax authority, if obliged to do so under applicable regulations;
• your other advisers (including but not limited to accountants or other professional advisers) where authorized to do so by you;
• to the extent permitted by applicable laws and regulations, local and overseas regulators, courts and authorities in connection with their duties (such as crime prevention);
• fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime;
• third-party service providers who support or provide services to us;
• attendees of our events where we circulate names, corporate names and corporate email addresses on an attendee list for our events;
• anyone to whom we may transfer our rights and/or obligations under this Policy;
• analytics providers assisting us in improving our services, subject to confidentiality obligations; and
• potential buyers or successors in the event of a business sale, merger, or acquisition, subject to confidentiality obligations.

 

If we, or a fraud prevention agency, determine that you and/or your Client Business Personnel pose a fraud or money laundering risk:

 

• we may refuse to provide the services you have requested, or we may stop providing existing services to you; and
• a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you or them.

 

We will not publicly disclose the personal information of you or your Client Business Personnel and/or use your or their image or identify information collected from public places for any purpose other than safeguarding public security, unless we obtain separate consent from you or them.

 

Sharing Third-Party Information with Us

 

If any information which you or your Client Business Personnel provide to us relates to any third party, by providing us with such information, you or they confirm that you or they have obtained any necessary permissions from such persons to the reasonable use of their information in accordance with this Policy, or are otherwise permitted to give us this information on their behalf. You shall promptly provide us with documents evidencing such authorization or permission as requested by us from time to time.

 

Cross-Border Data Transfers

 

We will take reasonable steps to ensure your information is treated securely during such transfers, in line with applicable Data Protection Legislation. Information about you or your Client Business Personnel in our possession may be provided to recipients in other countries or regions (particularly to the entities within the Triide Group and their agents in different countries or regions) for any of the purposes described in this Policy by ways of, including but without limitations, transferring or storing the personal information locally, or granting the overseas recipient access to the personal information stored locally.

 

You and your Client Business Personnel understand and accept that these countries or regions may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information they hold and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, courts, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar processes. In addition, a number of countries have agreements with other countries providing for the exchange of information for law enforcement, tax and other purposes.

 

Your personal information is uploaded onto SharePoint and stored on cloud servers owned and operated by Microsoft  (See “Holding your Personal Information” section below). There may be instances where the data is required to be transferred to a data centre in another jurisdiction at Microsoft’s sole discretion when there is no readily available infrastructure in the jurisdiction where we access SharePoint and upload the data. We do not have control over the transfer of such data by Microsoft (For more information, please refer to Microsoft’s policies in relation to compliance with security standards and data residency).

 

When we provide your or your Client Business Personnel’s personal information across borders, we will take all necessary measures requested regarding the transfer, in particular by signing, on a case-by-case basis, standard contractual clauses defined by the competent authorities, or any other mechanism described in the applicable Data Protection Legislation. In addition, we will impose contractual obligations on the recipients to ensure that the recipient’s activities with respect to the handling of personal information meet the standards for the protection of personal information set forth in local laws and regulations. In any case, we will share your personal information only where:

 

• you and your Client Business Personnel have provided separate consent in relation to the cross-border provision of personal information; or
• such provision of personal information across borders is otherwise permissible under Data Protection Legislation (for example, if we are required to provide such information by law).

 

Holding Your Personal Information

 

Your personal information may be held at our offices, third-party agencies, service providers, cloud storage providers, representatives and agents as described above (See “Information Sharing – Sharing Your Information with Others” section above).

 

Your personal information is uploaded onto and kept in SharePoint (a web-based document and storage system, being one of the applications available under our Microsoft Office 365 license). The uploaded data is by default stored on cloud servers owned and operated by Microsoft in its data centre infrastructure.

 

In the event that the jurisdictions where we access SharePoint and upload the personal information do not have a readily available data centre infrastructure, your personal information may be transferred to the closest available data centre infrastructure owned and operated by Microsoft at their sole discretion for storage and backup purposes (For more information on this transfer of data outside your local area, see “Cross-Border Data Transfers” section above).

 

However, newly acquired entities by the Triide Group may store their data (including personal information) in their own data centres which may be managed by a different service provider. Upon our acquisition of the new entities, we will proceed to migrate such data to our cloud-based infrastructure under our Microsoft Office 365 license as part of their integration into the Triide Group. Throughout this process, we will take all reasonable measures to ensure that this migration of data will comply with all applicable Data Protection Legislation of the respective jurisdiction.

 

Protection of Minors

 

Please note that we do not intentionally collect or process personal information of minors under the age of 18 except when providing consultancy services to minors in protection of their legal rights with the consent of their legal guardians. Personal information of minors must be provided by their legal guardian or by the minors themselves if accompanied by their guardians. If you believe we have inadvertently collected such information, please contact us to remove it or obtain consent.

 

Your Rights in Relation to Your Information

 

You and your Client Business Personnel have a number of rights concerning the way that we use your information, which comprises of the following:

 

• to request access to, or a copy of, any personal information we hold about you or them, except where the laws require us to keep such information confidential;
• to request the rectification of your or their personal information, if you or they consider that it is inaccurate or incomplete;
• to request the erasure of your or their personal information in any of the following scenarios:
  • the purpose of personal information processing has been achieved or cannot be achieved, or the personal information is no longer necessary to achieve such purpose;
  • the period of the retention of the personal information has expired;
  • you or they have withdrawn your or their consent;
  • our personal information processing violates the laws and administrative regulations or breaches our contracts with you or them; and
  • other circumstances provided by the applicable laws and administrative regulations;
• to restrict or object to our processing of your or their personal information;
• to request transfer of data to another controller where technically feasible and legally permitted;
• where our processing of your or their personal information is undertaken based on your or their consent, to withdraw, at any time, any such consent by contacting us using the contact details set out in “Contacting Us” section below, and we will cease processing within 30 days unless one of the lawful grounds for processing described above is applicable. However, such withdrawal of consent shall not affect the effectiveness of our processing of the relevant information which had already been undertaken before you or they withdraw such consent;
• to request us to explain and elaborate on this Policy and any other rules on the processing of your or their personal information; or
• to ask us to stop or start sending them marketing messages at any time.

 

You are also responsible for ensuring that your Client Business Personnel are aware of these rights.

 

For security reasons, we may ask you to verify your identity before processing your request. Any such request must be made in writing and we will endeavor to respond within a reasonable period in compliance with Data Protection Legislation. We will comply with our legal obligations as regards any individual’s rights as a data subject.

 

If you would like to contact us in relation to any of the rights set out above, please contact us using the contact details in the “Contacting Us” section below.

 

Security

 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorized way. However, the transmission of information via the internet or any other electronic means is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

 

Our website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites. In addition, our website uses cookies and other similar tracking technologies (including but not limited to web beacons, tags, and scripts) to uniquely identify your browser and to gather information about how you interact with the websites and products. We use this information for the following purposes:

 

• assisting you in navigation;
• assisting in registration, login, and your ability to provide feedback;
• analyzing your use of our products or applications; and
• assisting with our promotional and marketing efforts (including behavioral advertising).

 

Retaining your Personal Information

 

We will only keep the information we collect about you and your Client Business Personnel for as long as required for the purposes set out above or as required to comply with any legal, accounting, or reporting obligations to which we are subject.

 

Such personal information may be retained for legal or archival purposes after the termination of our services.

 

Sending you Marketing Information

 

Where permitted in our legitimate interest or with your prior consent where required by law, we may use your information from time to time to send and inform you and your Client Business Personnel by letter, telephone, text (or similar) messages, email or other electronic means, certain newsletters, alerts and updates, and information about similar services (including those of third parties), which may be of interest to you or them.

 

You and your Client Business Personnel may opt-out by contacting us using the contact details set out below or by clicking “unsubscribe” for the relevant communication.

 

Contacting Us

 

If you or any of your Client Business Personnel wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about data protection, or you wish to raise a complaint about how we are using your information, you can contact our data protection officer via email DPO@triide.com.

 

Policy Update

 

We may make changes to this Policy from time to time and how we use your information in the future. You acknowledge and confirm that if you do not agree to the updated version of this Policy, you should immediately inform us and request that we stop processing your or your Client Business Personnel’s personal information, and if you continue to provide such information to us or allow us to process such information, you are deemed to have agreed to accept the updated content and given consent to the changes to the purpose or method of processing personal information or the type of personal information to be processed therein (if any).

 

Version: TRIIDE2025001

Effective Date: 6^th May 2025