Privacy Policy

At Digital Fan Engagement (DFE), we highly value users' privacy and are committed to protecting personal data in full compliance with the Personal Data Protection Act (PDPA) of Singapore. This Privacy Policy explains how we collect, use, disclose, and protect users' personal data when they use the DFE platform, including our website, mobile application, and related services. By creating an account and using our platform, users explicitly consent to the collection, storage, and processing of their personal data, such as age, gender, nationality, and other relevant details, for various purposes, including participating in our blockchain-based voting system and receiving promotional offers.

All definitions provided in the Terms and Conditions also apply to this Privacy Policy. By using the DFE platform, including the website, mobile application, and related services, users agree to both the Terms and Conditions and this Privacy Policy. Acceptance of this Privacy Policy is a condition for accessing and using any features of the DFE platform. If users do not agree with any part of this Privacy Policy, users must refrain from using the platform.

Why We Collect Personal Data

UPCX Blockchain

UPCX records users' votes to execute them securely on the UPCX blockchain. This ensures transparency and immutability of the voting process.

• Votes: Each user's votes are recorded on the UPCX blockchain and linked to their nickname to ensure transparency and immutability. Votes are an essential part of the platform's blockchain-based system, ensuring that users' support for athletes is securely stored and cannot be tampered with.

User Verification / Voting

UPCX records users' full name, nickname, 12-word security phrase, email and biometric data (such as facial recognition and fingerprint) to confirm the authenticity of users and prevent bots from participating in the voting system. Also, UPCX records age to ensure users meet the legal age in order to consent data collection.

• Nickname (Account Name): A unique identifier for each user on the DFE platform. It is used to personalize the user's experience and is linked to votes on the UPCX blockchain, ensuring transparency and accountability in the voting process.

• Full Name: Collected to verify the identity of users, ensuring that votes are cast by real individuals, not bots. The combination of full name and biometric validation prevents fraudulent activity and ensures that the voting process remains legitimate.

• Password: A critical security measure that protects user accounts from unauthorized access. Together with biometric validation, the password ensures that only the authorized user can access the account and participate in key activities like voting.

• 12-word Security Phrase: This phrase serves as a safeguard for account recovery in case users lose their credentials. It enhances account security, ensuring that even if passwords are compromised, the account remains protected from malicious actors.

• Email Address: Used to communicate important information, such as security alerts, event reminders, and promotional offers. The email address also ensures users receive critical updates related to their participation in the voting system and other platform activities.

• Age: Required to verify that users meet the legal age requirement for data collection and participation in the voting process.

Promotional Offers and Merchandise (Optional)

UPCX optionally records nationality to offer users promotional offers, coupons, discounts, and other merchandise from World Aquatics. Users may opt-in to receive these benefits.

• Nationality: Collected for regional analysis and the distribution of promotional offers, such as coupons and discounts for World Aquatics events. Nationality data also helps us understand regional engagement trends and ensures transparency in the voting process by validating geographical participation.

Sports Preferences

UPCX records Sport Preferences and Favorite Athletes in order to customize the user experience and provide updates related to their favorite athletes.

• Favorite Athletes: This data allows the platform to offer personalized updates on the performance and activities of users' selected athletes. It ensures that users receive timely notifications about their favorite athletes' progress and exclusive content related to their participation in events.

• Favorite Sports: Collected to tailor the platform experience to the user's interests. By understanding users' favorite sports, we can provide relevant content, updates, and recommendations, enhancing overall engagement.

Gender Preference (Optional)

UPCX records gender in order to improve how we address and engage with users in a way that respects and reflects their identity. This ensures that DFE platform offers a welcoming experience for all users, regardless of how they identify, fostering a community that celebrates individuality and diversity.

Protection of Underage Individuals

In compliance with Singapore's PDPA, DFE platform does not knowingly collect personal data from underage individuals without verified parental consent.

If DFE platform becomes aware that personal data from an individual below the legal age has been collected without parental consent, DFE platform will take immediate steps to delete such information from its records.

Sharing Data with Third Parties

DFE platform may share users personal data with the following third-party service providers to ensure smooth platform operations and legal safety:

• Data Storage: This category covers service providers managing data storage, ensuring sensitive information is securely stored with encryption and regular backups, in line with industry standards.

• Fanbase Insights and Marketing Offers: We share personal data with World Aquatics to help them identify the fanbase of the athletes. This allows them to offer exclusive discounts and special promotions, though participation in these offers is optional.

In addition, DFE platform adheres to the Personal Data Protection Act (PDPA) of Singapore, which mandates that companies ensure the protection and proper handling of personal data. Under the PDPA, DFE platform is obligated to notify to the Personal Data Protection Commission (PDPC) of any data breaches that might result in significant harm to individuals. The notification must occur within 72 hours after determining that a breach has taken place. Furthermore, the company will take immediate steps to rectify the issue and mitigate any potential damage. This includes notifying affected users if their data is at risk and providing information on steps taken to address the breach.

The PDPA also obliges companies to periodically review their data protection processes and policies to remain compliant with any updates in legislation.

In some cases, personal data may be transferred outside of Singapore if necessary for service provision. DFE platform ensures that any international data transfer is conducted in strict compliance with the PDPA. This involves ensuring that the receiving party in the foreign country offers an equivalent level of protection for personal data. DFE platform executes legally binding agreements with international service providers, ensuring they uphold the same data protection standards required under Singaporean law. These agreements safeguard the personal data transferred to ensure it is protected against unauthorized access, loss, or misuse in line with the PDPA's regulations. Should there be a need for further transfers, users will be notified, and their consent will be obtained where necessary.

In particular, DFE platform requires any third parties involved in data transfers to implement robust security protocols, such as encryption and data access controls to ensure the personal data remains secure throughout the transfer process.

Security Measures

1. Biometric Validation: Our platform uses biometric validation both during account creation and for each vote process. This includes facial recognition to confirm user identity and prevent bots.

2. 12-word Security Phrase: Upon account creation, users are assigned a unique 12-word security phrase for ensuring protection, account recovery and safeguarding access.

3. Password Security: Users must create strong passwords during onboarding, and password verification is required for sensitive actions.

4. Data Storage: Our platform stores the personal data of its users in a database with the following security measures:

   • Data Encryption: Encrypting data both at rest and in transit to ensure unauthorized parties cannot access sensitive information.
   • IAM (Identity and Access Management): Ensuring controlled and secure access to data based on specific roles.
   • DDoS Protection: Protection against Distributed Denial of Service (DDoS) attacks to maintain service availability.
   • Activity Monitoring: Constant oversight of platform activities to quickly identify and address potential security threats.
   • Key Management: Secure encryption key management for enhanced data protection.

These measures are reinforced by employee training on data security, and the adoption of international best practices to prevent unauthorized access and ensure data integrity.

Users Rights

In accordance with Singapore's PDPA, users of the DFE platform are entitled to specific rights concerning their personal data, which are outlined as follows:

• Access to Personal Data (PDPA, Section 21): Users have the right to request access to the personal data held by DFE platform. This includes information about how their data has been collected, used, or disclosed. Upon receiving such a request, DFE platform provides users with their personal data, except in cases where exceptions apply (such as situations concerning national security or where disclosure could interfere with ongoing legal investigations).

• Correction of Personal Data (PDPA, Section 22): If users believe that the personal data held by DFE platform is inaccurate or incomplete, they have the right to request corrections. DFE platform answers to such requests and, if valid, corrects the data. Additionally, DFE platform ensures that any third parties who have received the incorrect data are informed of the necessary corrections, unless there are legal reasons preventing the correction.

• Deletion of Personal Data (PDPA, Section 25): Users may request the deletion of their personal data when it is no longer required for the purpose it was collected. DFE platform will securely delete such data unless there is a legal obligation to retain it.

• Data Portability (PDPA, Section 26A): Users have the right to request the transfer of their personal data to another service provider. The data will be provided in a structured, commonly used, and machine-readable format, making it easy to move between platforms. This is subject to technical feasibility and does not include data that would adversely affect the rights of others.

Users are responsible for maintaining the confidentiality of their account credentials (e.g., username, password, and security phrase) and for any activities or actions that occur under their account. Users must immediately notify DFE platform of any unauthorized access or use of their account.

DFE platform ensures compliance with the PDPA, guaranteeing that these rights are respected and that users have control over their personal data.

Data Retention

DFE platform complies with the PDPA and retains personal data, including age, gender, nationality, and other relevant information, for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal, regulatory, or business requirements.

Personal data is retained for the duration of the user's account activity. Once a user requests account deletion or becomes inactive, the data will be securely deleted or anonymized as soon as possible, unless a longer retention period is required by law or for regulatory purposes.

In some cases, DFE platform may be required to retain certain personal data for a longer period due to ongoing investigations, legal obligations, or regulatory requirements. In such situations, the data will be securely stored and deleted once these obligations no longer apply. Users will be notified if an extended retention period is applicable to their data.

Users can request the deletion or modification of their personal data at any time by using the button within DFE mobile app that allows users to delete their account, and users may also request deletion through customer service via email. Any data no longer needed for the purpose it was collected, or after the retention period expires, will be securely deleted or anonymized to prevent unauthorized access or misuse.

Cookies

DFE platform uses cookies and similar technologies to enhance user experience, personalize content, and analyze usage. By using the platform, users consent to the use of cookies. Our platform uses the next cookies:

• Essential Cookies: Required for the platform to function properly.
• Performance Cookies: Collect data on how users interact with the platform to improve its functionality.
• Functionality Cookies: Remember user preferences to offer a more personalized experience.
• Targeting Cookies: Used for delivering relevant advertisements and measuring their effectiveness.

Customer Service

If users encounter any issues, have inquiries, or require assistance related to DFE platform, they are encouraged to contact our dedicated Customer Service team through the official support channels we provide. Utilizing these channels ensures that all interactions are handled in a professional, secure, and efficient manner, offering users the support they need.

DFE platform offers several ways for users to reach out for assistance, each designed to facilitate quick and reliable communication:

• Email Support: Users can reach us via support002@upcx.org for any questions, concerns, or issues they may have. This is a direct line for detailed inquiries and allows us to respond with the appropriate level of support.

• Contact Form: Users can reach us through the "Contact Us" section for assistance with claims, complaints, or any related inquiries. We are here to provide support and address any issues or concerns users may have, ensuring a smooth and efficient resolution process.

It is important for users to stick to these official channels when seeking support, as they are specifically designed to handle inquiries in a structured manner that ensures compliance with our security protocols. These channels are equipped with the necessary security mechanisms to protect the personal information and data shared by users, preventing unauthorized access and ensuring confidentiality.

Users are strongly discouraged from attempting direct contact with individual DFE employees outside of these official channels. Such interactions may pose security risks, lead to unresolved issues, and could result in legal complications for both users and the platform. Official support channels are the only authorized avenues for resolving platform-related matters.

Moreover, users who misuse the official channels, engage in offensive, inappropriate, or harassing behavior towards our support staff or other users, may face disciplinary actions. These sanctions could range from a warning to the suspension or permanent closure of their accounts, depending on the severity of the behavior. DFE platform is committed to maintaining a respectful and safe environment for both users and employees.

Our customer service team is committed to addressing all inquiries and resolving any issues promptly. While response times may vary based on the complexity of the request, we make every effort to ensure that users receive timely and satisfactory solutions.

By adhering to these procedures, users help to safeguard their own data and contribute to the smooth and secure operation of DFE platform.

Modifications of Privacy Policy

DFE platform reserves the right to modify or update this Privacy Policy at any time, in response to changes in legal requirements, updates to our services, or operational needs. Any modifications will be effective upon posting the revised Privacy Policy on DFE platform. Users are advised to review the Privacy Policy regularly to stay informed about how their personal data is being handled. Continued use of the platform after such changes are posted will signify users acceptance of the updated Privacy Policy.