Data Protection and Privacy Policy

ST ASU PTE. LTD. (the “Company”, “we”, “our” or “us”) realizes the importance of protecting your personal data.

This document contains the personal data protection and privacy policy adopted by the Company to manage your personal data in accordance with the Personal Data Protection 2012 (as may be in force, amended or re-enacted from time to time) and/or other relevant laws and regulations as well as guidelines applicable in Singapore, and other applicable laws and regulations in other countries (collectively, the “Act” or “PDPA”). Please take a moment to read this policy to understand the purposes for which we collect, use and/or disclose your personal data. The term “personal data” we use herein has the same meaning as defined in the PDPA.

1. Concerning the observance of laws and standards

1.1 The Company respects the privacy of individuals and recognizes the need to treat personal data in an appropriate and lawful manner, and acknowledges itself as a data controller under the EU General Data Protection Regulation (GDPR), and commits to fulfilling its obligations to the providers or subjects of all personal data it handles.

1.2 As stated in the purposes described below, we may use cookies or other tracking technologies for advertising purposes. We recognize that this may constitute the sale or sharing of personal information under the CCPA, and opt-out settings are made available as also described below. We will not discriminate against you for exercising your opt-out rights. However, please note that if you disable settings that are essential for the use of our services, certain features or functionalities may become unavailable.

1.3 The Company may change some parts or all of the contents of this policy from time to time to ensure that this policy is in line with the legal and regulatory requirements, as well as the regulations and constitutive documents of the Company. Hence, we advise you to check regularly for updated information on the handling of your personal data.

1.4 If you consider that this policy does not follow the PDPA in respect to the personal data about you or others, you should raise the matter with our Data Protection Officer as soon as possible. You also have the right to lodge a complaint with the relevant supervisory authority under the applicable law, if you believe that there has been a violation in the handling of personal data.

2. Concerning the collection, use and/or disclosure of personal data

2.1 In general, we collect your personal data in several ways, including but not limited to the following:

2.1.1. When you contact us for our services and/or goods, or enquiries regarding the same, via your selected mode of communication;

2.1.2. When you request us to contact you for any reason;

2.1.3. When you submit personal data to us in order to purchase or receive our services and/or products

2.1.4. When you submit your personal data to us for recruitment and/or employment purposes; and

2.1.5. When we receive your personal data from authorized third parties (including but not limited to our service providers and employment agencies).

2.1.6 When you consent to the use of cookies and/or other tracking technologies through cookie banners or privacy setting interfaces displayed during your visit to our website and/or use of our services;

2.2 Personal data that is collected by the Company may include some or all of the following personal information:

2.2.1. Name;

2.2.2. Date of birth;

2.2.3. Gender;

2.2.4. Contact information such as email addresses and telephone numbers;

2.2.5. Demographic information such as residential address, postal code, preferences and interests;

2.2.6. Financial information such as bank account information and credit card numbers (where necessary);

2.2.7. Online identifiers such as social media account information, IP addresses, cookies, device identifiers (device IDs), and location information;

2.2.8. Images and audio data such as photographs, portraits, and voice recordings;

2.2.9. Sensor information (data from wearable devices such as pedometers and heart rate monitors);

2.2.10. Usage history such as purchase history, website browsing history, search history, and app usage history;

2.2.11. Medical information such as medical records, consultation history, prescription history, and health checkup results;

2.2.12. Educational background and work history;

2.2.13. Location information such as GPS data; and

2.2.14. Other information necessary for the purposes set out in clause 2.

The above list is not exhaustive of the categories of personal data the Company may collect. Notwithstanding, the Company will not collect your NRIC/FIN/Passport number unless permitted or required by the Act or any other applicable laws or regulations.

2.3 Generally, the Company collects, uses and/or discloses your personal data for the following purposes. These activities are carried out based on the performance of a contract or steps taken prior to entering into a contract, compliance with legal obligations, your consent, or the pursuit of the Company’s legitimate interests (as described below).

2.3.1. To send information on products and campaigns by e-mail or post.

2.3.2. To provide our services and to use the information to improve marketing activities (the information may be processed into a form that does not identify individuals and used as statistical data).

2.3.3. In order to display products that match the customer's attributes, etc., the Company's websites use cookies, etc. to collect information on the behaviour history and attributes of customers who visit the Company's websites (information that cannot identify a specific individual on its own, even if it is information about the individual). Specifically, this includes cookies, IP address information, website browsing history and behaviour history, purchase history on websites, device IDs, user agents and referrers).

2.3.4. To fulfil other claims, liabilities and obligations under various contracts and laws and regulations with the Company.

2.3.5. To verify your identity, personal authentication, and other viewing, modifying, and deleting of registration information

2.3.6. To understand your usage status of our company's website and services.

2.3.7. To conclude and perform a contract, including provision of services/products, the management of a contract, and the after-sales service of provided products/services

2.3.8. To improve and utilizing the website and services provided by our company.

2.3.9. To maintain the systems of the website and services provided by our company, and for responding to malfunctions.

2.3.10. To contact necessary for providing services/products (including the case of requesting delivery agencies to deliver products, etc.)

2.3.11. To discover, notify, and otherwise respond to customers who violate the terms of use of the website and services provided by our company.

2.3.12. To investigate, detect, prevent, and otherwise respond to fraud, unauthorized access, and other illegal activities related to the misuse of the website and services provided by our company.

2.3.13. To provide information on services/products and other information related to our business activities; (including distribution of e-mail magazines, etc.)

2.3.14. To consider and develop the services/products

2.3.15. To bill and collect fees for services/products and to protect receivables (including the case of requesting a credit company for a credit card payment, etc.)

2.3.16. To conduct market research, and other researches or surveys

2.3.17. To conduct business analysis

2.3.18. To conduct sales promotion and other similar activities

2.3.19. To conclude and perform contracts with business partners, and the management of the contracts

2.3.20. To conduct for CSR (corporate social responsibility)-related activities

2.3.21. To receive, respond to, record and otherwise deal with your inquiries and requests

2.3.22. To ensure security of our customers and employees

2.3.23. To consider and develop of software, systems, equipment, devices, etc.

2.3.24. To ensure security;

2.3.25. To operate and maintain facilities, equipment and devices and the manage the usage thereof; and

2.3.26. other purposes reasonably related to the foregoing uses.

2.4 Generally, the Company collects, uses and/or discloses your personal data from or about our employees, applicants, and retirees, and their families, and the like for the following purposes:

2.4.1. for recruitment activities and providing information related to recruitment

2.4.2. for employee management (including loans and transfers)

2.4.3. for payment of salaries, etc.

2.4.4. for benefit programs, etc.

2.4.5. for health management, etc.

2.4.6. for post-retirement procedures

2.4.7. for the procedures and contacts, etc. necessary for legal requirements; and/or

2.4.8. for the procedures and contacts, etc. necessary for business operations.

2.5 Your personal data will be retained by the Company for as long as necessary to fulfil the purposes stated in this clause 2, or as required to satisfy any legal or business purposes, in accordance with our internal policy. In setting the retention period, the Company takes into account factors such as the purpose of data processing, legal obligations, accounting and tax requirements, dispute resolution, and other operational needs.

2.6 The Company will take reasonable steps to protect your personal data against unauthorized collection, use and/or disclosure. Subject to the provisions of any applicable law or regulations, your personal data may be collected, used and/or disclosed for any purposes listed in this clause 2 (where applicable), to the following:

2.6.1. the Company’s staff;

2.6.2. researchers, agents, contractors or third party service providers who provide services to the Company;

2.6.3. our professional advisers such as auditors and lawyers;

2.6.4. relevant government regulators, statutory boards or authorities, or law enforcement agencies to comply with any laws, rules, guidelines, regulations or schemes imposed by any governmental authority; and

2.6.5. any other party to whom you authorise us to disclose your personal data to.

2.7 In addition to clause 2.6, the Company will transfer your personal data to third parties in Japan and the United States, including but not limited to StockTech, Inc., the Company’s parent company (the “Parent Company”), as well as third parties including affiliated companies, for any purposes listed in this policy.

2.8 In order to provide the best service possible, the Company may engage a data intermediary to process and handle personal data on its behalf. In these cases, we will only work with recognized personal data management firms and shall enter into contracts with these data intermediaries to include provisions that clearly set out the data intermediaries’ responsibilities and obligations to ensure compliance with the Act.

3. Concerning the consent for collection, use and/or disclosure of personal data

3.1 By submitting your personal data to the Company, you agree and consent to the collection, use and/or disclosure of your personal data by the Company for a part or all of the purposes set out in clause 2. In relation to the use of cookies and other tracking technologies, such use shall be based on your explicit consent provided via cookie banners or privacy settings displayed when browsing the Company’s website and/or using the services. This consent can be modified at any time via the privacy settings available at the bottom of the website.

3.2 If at any time we decide to collect, use or disclose your personal data in a different manner as to the purposes set out above, we will request your consent to the additional purpose(s) in writing or by electronic means, , in which you may refuse to give at your discretion.

3.3 If you provide us with personal data relating to a third party (e.g. information of your spouse, children, parents or relatives), you represent and warrant to us that you have obtained the consent of such third party to provide us with their personal data for the relevant purposes. Where the personal data provided relates to a child or ward, you represent and warrant to us that you are either his/her parent or legal guardian, and that such personal data is legitimate, indeed and accurate.

3.4 You may at any time modify or withdraw any consent given in respect of the collection, use or disclosure of your personal data by the methods prescribed by the Company (such as a written request or an email addressed to the Data Protection Officer, or via the privacy settings page located at the bottom of the website footer).In addition, where the Company sells or shares your personal data with third parties (only where applicable), you have the right to opt out of such processing through the aforementioned privacy settings page (titled “Do Not Sell or Share My Personal Information”).

3.5 In the event that you modify withdraw your consent to the Company in relation to the purposes mentioned above, the Company shall cease to collect, use and/or disclose your personal data within ten (10) working days upon receiving your request. Please note that once consent is mofified or withdrawn, it may not be possible for us to accomplish the purposes as set out in clause 2, and hence, we may be unable to continue providing the requisite services to you. For consent modified or withdrawn via the privacy settings page located at the bottom of the website footer, the changes will be reflected immediately.

4. Concerning personal data management and security measures

4.1 The Company will take reasonable measures to protect your personal data from unauthorized access or modification, improper collection, use or disclosure, unlawful destruction or accidental loss. You should be aware, however, that no method of transmission over the internet or electronic storage is 100% secure. While security cannot be guaranteed, we strive to protect the security of the personal data and will constantly review and enhance our information security measures. In the event that we have credible grounds to believe that an incident of personal data breach has occurred, we will take reasonable and expeditious steps in accordance with the Act.

4.2 The Company engages third-party service providers to process personal data on its behalf. In such cases, the Company ensures that these data processors are contractually bound to implement appropriate technical and organizational security measures, and to process the personal data only in accordance with the Company’s instructions. These third parties are not permitted to use the data for their own purposes. The Company also supervises and monitors their compliance with these obligations.

5. Concerning access, correction and accuracy of personal data

5.1 You may apply for a copy of your personal data held by the Company, or request for your personal data to be updated, deleted, the processing of such data to be restricted, or to exercise your right to data portability, by sending a formal request in writing or by email to our Data Protection Officer. Please be informed that we are entitled to charge a fee to recover the costs directly related to the access of the personal data for the time and effort spent by us in responding to the same, and will let you know the amount accordingly.

5.2 Within thirty (30) days upon receiving your request, the Company shall:

5.2.1. provide you with a copy of your personal data under our custody and/or other relevant information in accordance with the Act therein;

5.2.2. correct your personal data as soon as practicable and inform you that the relevant correction has been made; or

5.2.3. inform you that your request for access or correction of your personal data is rejected, if the request was made in circumstances predefined by the Act where such access or correction is prohibited or not required.

5.3 You should ensure that all personal data submitted to us is complete and accurate. Failure to do so may result in our inability to provide you with the information or services you requested.

5.4 The Company shall make a reasonable effort to ensure that the personal data collected by or on behalf of the Company is accurate.

6. Concerning transfer of personal data outside of Singapore

The personal data we collect from you may be transferred to destination(s) outside Singapore as per clause 2 for the fulfilment of any of the purposes stated in clause 2. The Company will ensure that any transfers of your personal data to a territory outside of Singapore will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA. In particular, the Company has a Data Protection Agreement with the Parent Company which obliges the Parent Company to protect personal data that the Company transfers to it at a standard of protection comparable to that under the Act.

7. Concerning the establishment and continual improvement of a management system for personal data protection

In order to appropriately manage personal data, the Company shall continually work towards improving the development of our data management system and internal company regulations.

8. Contact information

Should you have a complaint or require more information about how we manage your personal data, please contact our Data Protection Officer at the following contact details :

Email: info@wr.st-asu.com

Mail: 2 KALLANG AVENUE

#07-25

CT HUB

SINGAPORE (339407)

Date of Establishment: September 1, 2024

Date of Revision: June 30, 2025

This Policy was published on June 26, 2025, and shall take effect as of the Date of Revision.

Cookie Policy

We use cookies and other tracking technologies (collectively, “Cookies, etc.”) on our websites, services, and other platforms (hereinafter collectively referred to as “our Websites, etc.”) to enhance user experience, personalize advertisements and content, provide social media features, and analyze traffic.

We may also share information regarding your use of our Websites, etc. with our social media, advertising, and analytics partners. These partners may combine the shared information with other information that you have provided to them or that they have collected from your use of their services.

1. What Are Cookies, etc.

Cookies, etc. are small files or codes that website operators or third parties can store on a user’s device.

Cookies are saved on your device when you visit our Websites, etc., and they allow us to recognize you when you revisit the same site, thereby enhancing usability.

In addition to cookies, similar technologies such as pixel tags, web beacons, local storage, and JavaScript may also be used to collect user information.

2. Purposes of Our Use of Cookies, etc.

We use Cookies, etc. for the following purposes:

2.1 Understanding Usage and Improving Services

We analyze user behavior (such as access patterns, browsing history, and user interaction trends) to improve the usability, performance, and content of our Websites, etc.

2.2 Displaying Personalized Advertisements

We use Cookies, etc. to show you advertisements that are more relevant to your interests and browsing behavior. This includes the use of cookies from third-party advertising networks.

2.3 Preventing Fraud and Ensuring Security

We use Cookies, etc. to prevent misuse of our services (e.g., unauthorized access or duplicate submissions) and to enhance security.

2.4 Improving User Convenience

We use cookies to retain login information and manage sessions to allow users to navigate our Websites, etc. and use our services smoothly.

3. How to Check the Usage and Retention Period of Cookies, etc.

We use Cookies, etc. for various purposes including session management, fraud prevention, service usability improvements, data analytics, and advertisement optimization.

You can check the types of information collected, the purposes of use, and the retention periods of these technologies at any time through the “Privacy Settings / Do Not Sell or Share” link located at the bottom of our website, which redirects to the settings screen.

4. Use of Cookies, Consent, and Disabling Options

Except for essential Cookies that are necessary to provide our services, we use Cookies, etc. only after obtaining your explicit consent.

5. Amendments to This Cookie Policy

This Cookie Policy may be updated from time to time without prior notice.Any revisions to this Cookie Policy will be published on our Websites, etc.