This Privacy Policy (“Policy”) outlines how Multiply Capital Limited (“Multiply, we, us, our”) will manage your personal data which is in our possession or under our control in accordance with the Personal Data Protection Act 2012 (“PDPA”).

By using our services pursuant to your agreement(s) with us or any of our described activities that we own or control and all associated products and features that we may offer from time to time (“Services”), operating any account maintained with us, downloading, using, installing and accessing our website maintained at www.friyay.asia (“Website”) or our “FriYAY” mobile application (“App”) (collectively “Platforms”), you are taken to have agreed to our collection, use, processing and disclosure of your Personal Data in accordance with this Policy.

This Policy will form a part of the terms and conditions governing the relationship of Multiply’s clients and Registered Users (“Clients”) with Multiply and should be read in conjunction with such terms and conditions in all other agreements between the Clients and Multiply (“Terms and Conditions”). In the event of any conflict or inconsistency between the provisions of this Policy and the Terms and Conditions, the provisions of the Terms and Conditions shall prevail to the fullest extent permissible by law.

This Policy supplements but does not supersede or replace any other consent which may have been previously provided to Multiply including any other rights of collection, use or disclosure under the Terms and Conditions nor does it affect any rights that Multiply may have at law in connection with the collection, use and/or disclosure of the Personal Data. Nothing herein is to be construed as limiting any of these other rights.

Multiply may amend and vary this Policy from time to time and upon notification of such amendment, the contents thereof shall take effect from the date specified in such notice.

1. Personal Data

In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data or (b) from that data and other information to which Multiply has or is likely to have access.

2. Collection of Personal Data

Multiply may collect personal data about you from a variety of sources, including (a) directly from you or from any persons authorised by you (b) Multiply’s clients to whom you have given consent (c) third parties including Relevant Individuals (defined below), (d) your device, (e) location information (f) publicly available sources.

3. Types of Information we Collect

Multiply may collect, and you hereby consent to such collection of, the following categories of personal data from and about you including but not limited to:

a. Demographic and other personally identifiable information including your name, nationality, gender, age, postal addresses, email addresses, date of birth, contact information, transaction patterns, background (which may possibly include financial, career, education and family background).

b. Employer information including your employer, your employer’s beneficial owners, partners, directors, officers, or authorised signatories, representatives, and other natural persons related to you or connected to the Services (collectively all of the foregoing who are natural persons, “Relevant Individuals”), employer’s postal and email address, employer’s telephone number and/or other address where your employer can be reached.

c. Salary and Financial Information including your occupation and position, monthly salary, any current employee loans or other information that may affect your application for any of the Services, information collected from you that is required to process any payments such as your bank account and other such relevant information.

d. Commercial information such as the date of your first use of the Platforms, frequency of access to the Platforms, frequency of use and browsing time of the Platforms, information collected through your interactions with our chat bot/feedback or complaint functionalities and information about users or employers who refer you or whom you have referred.

e. Location information such as specific information that is provided through the GPS functionality on mobile devices used to access the Services.

f. Internet and network activity information such as information about your browsing behaviour, search history and interactions with websites and advertisements (including the Website) such as data from cookies, or other technologies deployed for analysis of visits to websites or the use of any information technology application and/or platform of Multiply.

g. Any other information and data generated in the ordinary course of the business relationship with Multiply. Where the Personal Data of the Relevant Individual is submitted by the Client (or any person on the Client’s behalf), the Client must obtain the consent of such Relevant Individual to Multiply collecting, using and disclosing his or her Personal Data for the Purposes set out below. By providing the Personal Data to Multiply, the Client undertakes, represents and warrants that: a. it has notified and obtained the consent of the Relevant Individual for Multiply to collect, use, disclose and process the Personal Data for the Purposes set out below and it has retained the proof of such notification and consent which shall be provided to Multiply upon Multiply’s request; b. it has validly acted for and on behalf of such Relevant Individual in disclosing such Personal Data to Multiply and for Multiply to collect, use, disclose and process the Personal Data for the Purposes set out below; and, c. it will inform such Related Individual who wish to access, correct, or withdraw consent in relation to his/her Personal Data provided to Multiply of this Privacy

4. Purposes for the Collection and Use of Personal Data

Multiply may collect, use and/or process the Personal Data for, one or more of the following purposes:

a. to process your application for our Services;

b. to assess your application, instructions or request from you in relation to our Services;

c. to provide, administer and maintain your account with us;

d. to carry out or respond to any enquiries or instructions from you; e. to conduct credit checks or credit assessment on you and/or the Relevant Individuals;

f. to review and assess your ongoing credit worthiness and standing;

g. for internal operational requirements (including credit and risk management, system or product development and planning, insurance, audit and administrative purposes) and to comply or meet Multiply’s internal policies and procedures;

h. to carry out due diligence or other screening activities and background checks (including but not limited to those designed to combat financial crime, “know‐your customer”, anti‐money laundering, counter‐terrorist financing or anti‐bribery) in accordance with legal or regulatory obligations or as required by Multiply;

i. to prevent, detect and investigate fraud, misconduct, any unlawful action or omission and analyzing and managing other commercial risks;

j. to manage Multiply’ relationship with you and/or the Relevant Individuals;

k. archival of documents and records for record keeping purposes;

l. to comply with any applicable domestic and foreign laws, regulations, rules (including stock exchange rules), directives, orders, instructions and requirements from any local or foreign authorities including regulatory, governmental, tax and law enforcement authorities or other authorities;

m. the recovery of any and all amounts owed or owing to Multiply;

n. to enforce or defend the rights of Multiply, contractual or otherwise;

o. to facilitate proposed or actual assignment or transfer of any part of business and/or asset of Multiply, or assignment, transfer, participation or sub‐participation in any of Multiply’s rights or obligations in respect of the Services; and

p. any other purposes reasonably related to any of the above.

(collectively, the “Purposes”)

5. Disclosure of Personal Data

In carrying out one or more of the above Purposes, the Personal Data may be disclosed to the following parties (whether located within or outside Singapore) for the above Purposes or for processing in accordance with the above Purposes on a need to know basis:

a. related corporations and affiliates of Multiply;

b. any director, officer, staff and relevant personnel of Multiply and its related corporations and affiliates;

c. any process agent to receive, accept and acknowledge the service of process in any legal proceedings;

d. any agent, contractor or third party service provider who provides operational services such as administrative, information technology, telecommunication or other services to Multiply for its business operations;

e. any credit reference agency, credit information bureau, rating agency, business partner, insurer provider or insurance broker, bank or financial institution, and, in the event of default, to debt collection agencies;

f. Multiply’s auditors and professional advisors including its solicitors;

g. auditors of the Client or any entity in relation to the Services for the purpose of audit confirmation;

h. any person or entity to whom Multiply is under an obligation or otherwise required to make disclosure pursuant to legal process or pursuant to any domestic or foreign legal and/or regulatory obligation or rules issued by stock exchange;

i. regulators, law enforcement and government agencies;

j. dispute resolution parties;

k. any actual or proposed assignee or transferee of all or any part of the business and/or asset of Multiply or participant or sub‐participant or transferee of Multiply’ rights or obligations in respect of the Services;

l. any party giving or proposing to give a guarantee or third-party security or guarantee or secure the Services or any person in connection with any of the Purposes.

6. Withdrawal of Consent

The consent to use or disclose the Personal Data for any of the above Purposes can be withdrawn at any time by reasonable notice in writing to Multiply pursuant to PDPA.

However, depending on the circumstances and the nature or extent of the withdrawal of consent, such withdrawal of consent may result in Multiply’s inability to provide or continue to provide you with our Services and hence may result in the termination of the Services granted to the you whereupon all monies including charges and expenses owing to Multiply shall be fully repaid or other consequences of a legal nature which may arise by virtue of the legal relationship with Multiply. Multiply’s legal rights and remedies are expressly reserved in such event.

7. Access and Correction of Personal Data

To the extent that the applicable law allows, you may request access to, and correction of, the Personal Data in relation to themselves. However, some Personal Data may be exempt from such access and correction rights in accordance with the PDPA.

All requests for access to, and/or correction of, the Personal Data can be submitted to Multiply’s Data Protection Officer via email address at ewa@ifscapital.com.sg.

Please note that Multiply has the right to charge a reasonable fee for the handling and processing of such requests.

8. Retention of Personal Data

Your Personal Data will be kept by Multiply only for as long as it is needed for the purposes for which it was collected and as required for business or to comply with legal, regulatory and internal requirements.

9. Administration and Management of Personal Data

Multiply will take reasonable efforts to ensure that your Personal Data is accurate and complete if your Personal Data is likely to be used by Multiply to make a decision that affects you or disclosed to another organisation. However, this means that Multiply must be updated of any changes in your Personal Data that was initially provided to Multiply. Multiply will not be responsible for relying on inaccurate or incomplete Personal Data arising from Multiply not being updated of any changes in the Personal Data that was initially provided to Multiply.

Multiply will also put in place reasonable security arrangements to ensure that your Personal Data and information is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of the Personal Data. However, Multiply cannot assume responsibility for any unauthorised use of the Personal Data and information by third parties which are wholly attributable to factors beyond Multiply’s control.

Where the Personal Data is to be transferred out of Singapore, Multiply will comply with the PDPA in doing so. In this regard, this includes Multiply obtaining the relevant consent unless an exception under the PDPA or law applies and taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the PDPA. This may include Multiply entering into an appropriate contract with the foreign recipient organisation dealing with the personal data transfer or permitting the personal data transfer without such a contract if the PDPA or law permits Multiply to. 9. Cookies

We use cookies on our platforms to improve our service to you and some of the cookies are strictly necessary for the functionality of the platforms while other cookies are used to enhance the performance of the platforms and your user experience.

You can block or deactivate cookies in your browser settings. By continuing to use our platforms, you are agreeing to the use of cookies.

However, please note that we do not have control over cookies used by third parties.

10. Governing Law

This Policy shall be governed by and construed in accordance with the laws of Singapore. Any dispute arising out of or in connection with this Policy including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the Courts of Singapore.

11. Contacting Us

For any queries relating to the collection, use or disclosure of the Personal Data or for more information about this Policy, please contact Multiply’s Data Protection Officer at ewa@ifscapital.com.sg.

For the avoidance of doubt, where PDPA permits an organization such as Multiply to collect, use, disclose or process Personal Data without consent, such permission granted by the law shall continue to apply and nothing herein is to be construed as limiting any of these rights. Where written permission is required by law or otherwise for any such disclosure by Multiply, the signing of the relevant documents, Personal Data consent form and/or other methods of consent notification, as well as in any other manner permitted by law shall constitute and be deemed to be sufficient written permission for such disclosure.