
Effective Date: 27 May 2020 · Revision Date: 22 June 2026
1.1. This Privacy Policy forms part of Digital Treasures Center Pte. Ltd.'s ("dtcpay") Terms of Services, any capitalised terms used in this Privacy Policy shall have the meanings given to them in the Terms of Services.
1.2. This Privacy Policy describes how we may collect, use, disclose and process your personal data when you (i) access or use our websites and applications (including mobile and web-based applications) (collectively, "Applications"), and services, and/or (ii) provide us with your personal data.
1.3. By providing us with personal data, you agree to the terms of this Privacy Policy and you consent to our collection, use, disclosure and processing of personal data on these terms. DO NOT provide any personal data to us if you do not accept this Privacy Policy.
1.4. This Privacy Policy supplements but does not supersede or replace any other consents you may have provided to us, or any other agreements or arrangements that you may have with us, in respect of your personal data.
1.5. Our Applications may contain links to other websites that are not owned or maintained by us. These links are provided only for your convenience. This Privacy Policy only applies to our Applications. When visiting these third-party websites, their privacy policies apply.
1.6. If you have any feedback, questions, or issues in relation to your personal data or about this Privacy Policy, or wish to make a complaint or submit an access or correction request, you may contact our Data Protection Officer at: Email: privacy.policy@dtcpay.com. When you contact us, we may require that you submit certain forms or provide certain information, including verification of your identity, before we are able to respond.
1.7. Your Rights Under Applicable Data Protection Laws: Depending on your jurisdiction, one or more data protection laws may apply to the processing of your personal data, including the Singapore Personal Data Protection Act 2012 (as amended) ("PDPA"), the UK General Data Protection Regulation and Data Protection Act 2018 ("UK GDPR"), the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), and the EU General Data Protection Regulation ("EU GDPR") (together the "Data Protection Laws"). Under the applicable law(s), you may have rights including the right to access, correct, withdraw consent for the use of, and request the portability or deletion of your personal data. Further details are outlined in clause 9 – Your Rights.
2.1. We may amend this Privacy Policy from time to time without notice to you, in compliance with applicable laws or as we update our data usage and handling processes. This updated policy will supersede earlier versions and will apply to personal data provided to us previously. Where material changes are made that structurally impact data processing rules for individuals within the EU/EEA, we will provide appropriate notice or obtain refreshed consent as mandated under the GDPR.
3.1. "Personal data" refers to data, about an individual who can be identified from that data or from that data and other information to which we have or are likely to have access. Under the GDPR, this includes unique online identifiers such as Internet Protocol (IP) addresses, device hardware identifiers and mobile advertising identifiers.
3.2. We collect personal data that you voluntarily provide to us. The types of personal data we collect depend on your relationship with us and the context in which you provide the data. You can choose not to provide us with personal data. You also have the right to withdraw your consent for us to continue collecting, using, disclosing and processing your personal data, by contacting us in accordance with paragraph 1.6. However, if you do so, it may not be possible for us to fulfill the purposes for which we require the personal data, including processing your transactions or providing you with the products and services that you require or setting any account on dtcpay platform and services.
3.3. Providing personal data belonging to others. By submitting any personal data of another individual to us, you confirm that you have obtained that individual's consent to provide their personal data for the relevant purposes and that they have been informed of this Privacy Policy.
3.4. Accuracy and completeness of personal data. You are responsible for ensuring the accuracy and completeness of all personal data submitted to us.
3.5. Minors. Our services are not intended for minors under the age of 18. We do not knowingly collect personal data from minors without appropriate consent from their parent or legal guardian.
4.1. Personal data you provide. We collect personal data that is relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, such as when when you register an account; download or use our Applications and services; transact with us or contact us through our communication channels; attend our events; provide information in connection with your relationship with us; provide documents or information for employment, internship or secondment; otherwise submit personal data to us.
4.2. We may also collect personal data from third-party sources such as business partners, service providers, public databases, and referrals This includes business partners and service providers; referees, educational institutions or previous employers; family members or friends acting on your behalf; public agencies or public sources.
4.3. Automated Data Collection Technologies. Our Applications may contain certain technologies that collect data in the manner described in this Privacy Policy (see below). You should not use our Applications if you do not agree to having your data collected through such means. Alternatively, you should disable these technologies where it is possible to do so. For individuals located within the EU/EEA, non-essential tracking technologies used for marketing attribution or product performance analytics will only deploy following your explicit and affirmative opt-in consent cookies and browser settings; Flash cookies; Third Party Use of Cookies and other Tracking Technologies; web tracking beacons and tracking links; Google Analytics for web analytics; Use of Location-Masking Technologies (VPNs).
5.1. General purposes. Generally, we collect, use, disclose and process your personal data for purposes connected or relevant to our business, to manage your relationship with us. Such purposes would include carrying out transactions; facilitating your use of Applications including identity verification and account authentication; processing payment or credit transactions; compliance with applicable laws and regulations (e.g. KYC, AML/CFT); administering your accounts and digital tokens; administrative purposes (finance, IT, HR, audit, accounting, risk management); research and statistical analysis; resolving disputes and complaints; enforcing legal obligations; other reasonable purposes.
5.2. Additional purposes. We will only collect, use, disclose and process your personal data for purposes you have consented to. If we wish to use your personal data for a purpose unrelated to what you have provided your personal data to us for, we will notify you and seek your consent.
5.3. Legitimate purposes. We may collect, use, disclose and process your personal data for legitimate purposes related to our business. For example providing requested products or services, sending communications, and evaluating your preferences; managing investor and shareholder relations; disclosing to service providers (hosting, analytics, marketing, professional services).
5.4. Use permitted under applicable laws. We may also collect, use, disclose and process your personal data without your knowledge or consent where required or permitted by law.
5.5. Marketing purposes. With your consent, we may use your personal data for marketing our products and services and those of our strategic partners.
5.6. Contacting you. We may contact you by post, e-mail, SMS, telephone or other provided means. We will not contact you for marketing purposes unless you have provided consent or we are exempted by applicable law.
6.1. We may disclose or share your personal data with our related parties or business partners in connection with the above stipulated purposes. We may also disclose or share your personal data where required to perform obligations in connection with our goods or services; with third parties providing products or services requested by you; with service providers supporting hosting, maintenance, analytics, messaging, marketing, and professional services; with related parties, advisers, insolvency administrators, and regulatory or governmental authorities; our related parties, and respective employees; any liquidator, a provisional liquidator; any regulatory, supervisory.
7.1. Transfers. You fully understand and unambiguously consent that we may transfer your personal data to any country (including to third parties where necessary) for the purposes set out in this Policy or as notified to you. For users protected under GDPR jurisdictions, cross-border architectural transmissions are governed via standard compliance arrangements as defined in Clause 7.2 below, overriding reliance on standard unmitigated global consent.
7.2. Safeguards. Whether transferring personal data outside of Singapore (under the PDPA) or outside the EU/EEA (under the GDPR), dtcpay ensures that all overseas recipients provide a comparable standard of data protection. We achieve this by executing legally binding data processing agreements—including EU-approved Standard Contractual Clauses where applicable—and utilizing robust data encryption."
8.1. Unauthorised access. While precautions will be taken to ensure that the personal data you provide is protected against unauthorised or unintended access, we cannot be held responsible for unauthorised or unintended access that is beyond our control.
8.2. Vulnerabilities. We do not guarantee that our systems or applications are invulnerable to security breaches, nor do we make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
8.3. Period of retention. We keep your personal data only for so long as we need the personal data to fulfill the purposes we collected it for, and to satisfy our business and/or legal purposes, including audit, accounting or reporting requirements. How long we keep your personal data depends on the nature of the data, for example: Some information may be retained for longer, for example where we are required to do so by law, or need to retain it for the purposes of litigation.
8.4. Anonymised data. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction.
Access: you may ask us if we hold your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of and information on the personal data we hold about you.
Correction: you may request that any incomplete or inaccurate personal data we hold about you is corrected.
Erasure: you may ask us to delete or remove personal data that we hold about you in certain circumstances.
Restriction: you may withdraw consent for our use of your personal data, or ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy.
Portability: you may request the transfer of certain of your personal data to another party under certain conditions.
Objection: where we are processing your personal data based on a legitimate interest (or those of a third party) you may object to processing on this ground.
Complaint Lodgement: If you are an EU/EEA resident, you hold the legal right under the GDPR to file a formal grievance regarding our processing activities with your localized European National Data Protection Supervisory Authority.
If you wish to exercise any of your rights, you may contact us in accordance with paragraph 1.6. We may require that you submit certain forms or provide certain information to process your request. Where permitted by law, we may also charge you a fee to process your request. Please note that under the GDPR, dtcpay will not apply processing fees to individuals exercising legitimate individual data protection rights unless requests are demonstrably excessive, unfounded, or continuous in nature.
9.1. Depending on the jurisdiction in which you are resident, you may enjoy certain rights at law in relation to our collection, use, disclosure and processing of your personal data. Such rights may include:
9.2. Limitations. We may be permitted under applicable laws to refuse a request, for example, we may refuse (a) a request for erasure where the personal data is required for in connection with claims; or (b) an objection request and continue processing your personal data based on compelling legitimate grounds for the processing.