Legal Items & Disclosures

TERMS AND CONDITIONS

Last updated April 2024

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS SITE. INFORMATION CONTAINED ON THIS SITE SHOULD NOT BE REGARDED AS AN OFFER, SOLICITATION, PROMOTION OR ADVERTISEMENT OF ANY FINANCIAL SERVICES (INCLUDING MONEY TRANSFER SERVICES) IN ANY COUNTRY WHERE SUCH OFFER, SOLICITATION, PROMOTION OR ADVERTISEMENT IS NOT PERMISSIBLE UNDER APPLICABLE LOCAL LAW.

This Site is for information purposes only and is not intended to be relied upon as a forecast, research or investment advice. The information on this Site does not constitute a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy. Any opinions expressed on this Site may change as subsequent conditions vary. Past performance is no guarantee of future results.

What’s in these terms?

These Terms and Conditions tell you the rules for using our Site.

Who we are and how to contact us?

We operate the website alphageo.ai (the “Site”), app.alphageo.ai (the “Customer Portal”), as well as any other related products and services that refer or link to these legal terms (the “Terms and Conditions”) (collectively, the “Services”).

Our Site and Customer Portal are operated by AlphaGeo Global PTE LTD. (“we” or “us”).

We are registered in Singapore under UEN 202210380Z and have a registered office at 101 Upper Cross Street, #05-16, People’s Park Centre, Singapore, 058357.

We are also registered in Delaware under EIN 37-2061765 and have our registered office at 651 N Broad St, Suite 201, Middletown, Delaware, USA 19709.

Use of the Site or Customer Portal

By using our Site or Customer Portal you accept these terms

By using our Site or Customer Portal, you confirm that you accept these terms of use and that you agree to comply with them. If you do not agree to these terms, you must not use our Site. We recommend that you print a copy of these terms for future reference.

By accessing and using the Services, you are agreeing to be bound by these Terms and Conditions, which constitute a legally binding agreement between you and AlphaGeo, whether you are acting on your own behalf or on behalf of an entity. You acknowledge that you have read, understood, and accepted all of these Terms and Conditions.

If you do not agree to all of these Legal Terms, you are expressly prohibited from using the Services, and you must immediately discontinue use.

There are other terms that may apply to you

These terms of use refer to the following additional terms, which also apply to your use of our Site or Customer Portal:

Our Personally Identifiable Information Protection & Privacy Policy (for Site users) or Client & Vendor Privacy Notice (for Customer Portal Users), which sets out the terms on which we process any personal data we collect from you, or that you provide to us. By using our Site or Customer Portal, you consent to such processing and you warrant that all data provided by you is accurate.
Our Cookie Policy, which sets out information about the cookies on our Site.

We may make changes to these terms

We amend these terms from time to time. Every time you wish to use our Site or Customer Portal, please check these terms to ensure you understand the terms that apply at that time.

We may make changes to our Site

We may update and change our Site from time to time to reflect changes to our products, our customers’ needs and our business priorities. We will try to give you reasonable notice of any major changes. We may suspend or withdraw our Site. Our Site is made available free of charge. We do not guarantee that our Site, or any content on it, will always be available or be uninterrupted. We may suspend or withdraw or restrict the availability of all or any part of our Site for business and operational reasons. We will try to give you reasonable notice of any suspension or withdrawal. You are also responsible for ensuring that all persons who access our Site through your internet connection are aware of these terms of use and other applicable terms and conditions, and that they comply with them.

Your Responsibilities

AlphaGeo Customers must keep Customer Portal account details safe

If you are provided with a customer identification code, password or any other piece of information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party. We have the right to disable any customer identification code or password, whether chosen by you or allocated by us, at any time, if in our reasonable opinion you have failed to comply with any of the provisions of these terms of use. If you know or suspect that anyone other than you knows your user identification code or password, you must promptly notify us.

How you may use material on our Site

We are the owner or the licensee of all intellectual property rights on our Site, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved. You may print off one copy, and may download extracts, of any page(s) from our Site for your personal use and you may draw the attention of others to content posted on our Site. You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text. Our status (and that of any identified contributors) as the authors of content on our Site must always be acknowledged. You must not use any part of the content on our Site for commercial purposes without obtaining a license to do so from us or our licensors. If you print off, copy or download any part of our Site in breach of these terms of use, your right to use our Site will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.

The content and marks provided through the Services are protected by copyright, trademark, and other intellectual property rights and unfair competition laws and treaties in the United States and throughout the world.

You may use the content and marks for your personal, non-commercial use or for internal business purposes only. However, they are provided “AS IS” and without any warranties or guarantees.

Unless expressly permitted by us in these Terms and Conditions, you are prohibited from copying, reproducing, aggregating, republishing, uploading, posting, publicly displaying, encoding, translating, transmitting, distributing, selling, licensing, or otherwise exploiting any part of the Services, including the content and marks, for any commercial purpose.

To use any of our Services or content provided through the Services for commercial purposes, you must first obtain our express prior written permission.

Do not rely on information on this Site

The content on our Site is provided for general information only. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our Site. Although we make reasonable efforts to update the information on our Site, we make no representations, warranties or guarantees, whether expressed or implied, that the content on our Site is accurate, complete or up to date.

We are not responsible for websites we link to

Where our Site or Customer Portal contains links to other external websites and resources provided by third parties, these links are provided for your information only. The presence of links to external websites or resources provided by third parties should not be interpreted as approval by us of those linked websites or information you may obtain from them. We have no control over the contents of those external webites or resources.

Our Responsibilities

Our responsibility for loss or damage suffered by you

We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors and for fraud or fraudulent misrepresentation. We have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity; and

If defective digital content that we have supplied damages a device or digital content belonging to you and this is caused by our failure to use reasonable care and skill, we will either repair the damage or pay you compensation.

However, we will not be liable for damage that you could have avoided by following our advice to apply an update offered to you free of charge or for damage that was caused by you failing to correctly follow installation instructions or to have in place the minimum system requirements advised by us.

Rules about linking to our Site

You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it. You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not establish a link to our Site on any website that is not owned by you. Our Site must not be framed on any other website, nor may you create a link to any part of our Site other than the home page. We reserve the right to withdraw linking permission without notice.

If you wish to link to or make any use of content on our Site other than that set out above, please contact us at [email protected].

Legal Information

Which country’s laws apply to any disputes?

Please note that these terms of use, their subject matter and their formation (and any non-contractual disputes or claims) and all related matters shall be governed by, and construed and enforced in accordance with, the laws of the State of Delaware, and any applicable federal law. The invalidity or illegality of any provision herein shall not be deemed to affect the validity of any other provision.

Disclaimer

The services provided are on an “as-is” and “as-available” basis, and your use of the services will be at your sole risk. We make no warranties or representations regarding the accuracy, completeness, or content of the services or any websites or mobile applications linked to the services. We do not assume any liability or responsibility for any errors, mistakes, or inaccuracies of content and materials, personal injury, property damage, unauthorized access to secure servers, interruptions or cessation of transmission, or any bugs, viruses, trojan horses or the like which may be transmitted to or through the services by any third party.

Furthermore, we do not warrant, endorse, guarantee, or assume responsibility for any product or service advertised or offered by a third party through the services, any hyperlink website, or any website or mobile application featured in any banner or other advertising. We will not be a party to or in any way responsible for monitoring any transaction between you and any third-party providers of products or services. As with the purchase of any product or service through any medium or in any environment, you should use your best judgment and exercise caution where appropriate. To the fullest extent permitted by law, we disclaim all warranties, express or implied, in connection with the services and your use thereof, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

User Representation

By using the Services, you warrant and represent that:

All registration information you submit is true, accurate, current, and complete.
You will maintain the accuracy of your registration information and update it promptly as needed.
You have the legal capacity and agree to comply with these Terms and Conditions.
You are not a minor in the jurisdiction where you reside.
You will not access the Services through automated or non-human means, including bots, scripts, or any other method.
You will not use the Services for any illegal or unauthorized purpose.
Your use of the Services will not violate any applicable law or regulation.
If you provide any information that is untrue, inaccurate, not current, or incomplete, we reserve the right to suspend or terminate your account and refuse any and all current or future use of the Services or any portion thereof.

To access and use the Services, registration may be necessary. It is your responsibility to maintain the confidentiality of your password and account, and you will be held accountable for all activities associated with your account. We reserve the right, at our sole discretion, to remove, recover, or alter any username you select if we determine it to be inappropriate, obscene, or objectionable.

Prohibited Activities

The Services are provided for a specific purpose, and as a user, you agree to use the Services only for their intended purpose. The Services may not be used for any commercial purpose except those that have been explicitly endorsed or approved by us.

As a user of the Services, you agree not to engage in the following activities:

Collecting data or other content from the Services in a systematic way to create or compile a database, compilation, directory, or collection without written permission from us.
Attempting to obtain sensitive account information, such as user passwords, by deceiving or misleading us or other users.
Interfering with or circumventing security features of the Services designed to prevent or restrict the use or copying of any content or limit the use of the Services and their contents.
Disparaging, tarnishing, or otherwise harming us and/or the Services, as determined by us.
Using information obtained from the Services to harass, abuse, or harm another person.
Making improper use of our support services or submitting false reports of abuse or misconduct.
Using the Services in a manner that violates any applicable laws or regulations.
Engaging in unauthorized framing of or linking to the Services.
Uploading or transmitting viruses, Trojan horses, or other material, including excessive use of capital letters, spamming (continuous posting of repetitive text), or other material that interferes with any party’s use and enjoyment of the Services, or modifies, impairs, disrupts, alters, or interferes with the Services’ operation, functions, features, or maintenance.
Engaging in any automated use of the Services, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.
Removing copyright or other proprietary rights notice from any content.
Attempting to impersonate another user or person or using another user’s username.
Uploading or transmitting any material that collects or transmits information, including, but not limited to, clear graphics interchange formats (“gifs”), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as “spyware” or “passive collection mechanisms” or “pcms”).
Interfering with, disrupting, or creating an undue burden on the Services, or the networks or services connected to the Services.
Harassing, annoying, intimidating, or threatening any of our employees or agents engaged in providing any portion of the Services to you.
Attempting to bypass any measures designed to prevent or restrict access to the Services, or any portion of the Services.
Copying or adapting the Services’ software, including Flash, PHP, HTML, JavaScript, or other code.
Deciphering, decompiling, disassembling, or reverse-engineering any of the software comprising or making up a part of the Services, except as permitted by applicable law.
Using, launching, developing, or distributing any automated system, including, without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Services, or using or launching any unauthorized script or other software, except as may be the result of standard search engine or internet browser usage.
Using a buying agent or purchasing agent to make purchases on the Services.
Making any unauthorized use of the Services, including collecting usernames and/or email addresses of users by electronic or other means to send unsolicited email or creating user accounts by automated means or under false pretenses.
Using the Services to compete with us or using the Services and/or the content for any revenue-generating endeavor or commercial enterprise, except as expressly permitted by us.

Management of the Services

We have the right, but not the obligation, to do the following:

Monitor the Services for any violations of these Terms and Conditions.
Take appropriate legal action against anyone who, at our sole discretion, violates the law or these Terms and Conditions, which may include reporting such users to law enforcement authorities.
Refuse, restrict access to, limit the availability of, or disable (to the extent technologically feasible) any of your contributions, submissions and/or content on our Site and/or Customer Portal, or any portion thereof, at our sole discretion and without limitation.
Remove from the Services or otherwise disable all files and content that are excessive in size or are in any way burdensome to our systems, at our sole discretion and without notice or liability.
Manage the Services in a manner that is designed to protect our rights and property, as well as to facilitate the proper functioning of the Services.

Duration and End of Services

This section outlines the duration of the agreement between you and us, as well as the circumstances under which the agreement may be terminated.

The agreement is effective from the date you first access or use the Services and will remain in effect until terminated by either party. You may terminate this agreement by ceasing to access or use the Services. We may terminate this agreement at any time, without prior notice or liability, for any reason or no reason, including without limitation if you breach any provisions of these Terms and Conditions.

Upon termination of this agreement, your right to access and use the Services will immediately cease. All provisions of these Terms and Conditions that by their nature should survive termination shall survive termination, including without limitation, ownership provisions, warranty disclaimers, indemnity, and limitations of liability.

Limitation of Liability

Under no circumstances will we, or our directors, employees, or agents, be liable to you or any third party for any direct, indirect, consequential, exemplary, incidental, special, or punitive damages, including but not limited to lost profits, lost revenue, loss of data, or any other damages arising from your use of the Services, even if we have been advised of the possibility of such damages. Notwithstanding anything to the contrary contained herein, our liability to you for any cause whatsoever, and regardless of the form of the action, will at all times be limited to a certain amount.

Indemnification

By using the Services, you agree to defend, indemnify, and hold us and our subsidiaries, affiliates, officers, agents, partners, and employees harmless from any loss, damage, liability, claim, or demand, including reasonable attorneys’ fees and expenses, made by any third party arising out of or related to: (1) your use of the Services; (2) your breach of these Terms and Conditions; (3) any breach of your representations and warranties set forth in these Terms and Conditions; (4) your violation of the rights of a third party, including but not limited to intellectual property rights; or (5) any harmful act towards any other user of the Services with whom you connected via the Services. However, we reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with us in such defense. We will use reasonable efforts to notify you of any such claim, action, or proceeding subject to this indemnification upon becoming aware of it. Please note that some jurisdictions may not allow the exclusion or limitation of certain damages, so some of the above limitations or exclusions may not apply to you.

Contact Us

To address any concerns related to the Services or to request additional information about the use of the Services, please contact us at [email protected].

COOKIE POLICY

Last updated April 2024

Our Cookie Policy details how we, the company named AlphaGeo Global PTE LTD. (“Company,” “we,” “us,” and “our”), utilize cookies and similar technologies to identify you when you visit our website located at alphageo.ai (“Site”) and our customer portal located at app.alphageo.ai (“Customer Portal”) (our Site and Customer Portal, collectively our “Sites”).

This policy explains the nature of these technologies, the reasons for their use, and your rights to control our use of them.

In some instances, we may use cookies to gather personal information or information that may become personal if combined with other data.

By using our Sites, you consent to our use of cookies and similar technologies in accordance with this Cookie Policy. If you do not agree to our use of cookies, you must either disable cookies in your browser or refrain from using our Site.

What Are Cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. They are widely used by website owners to make their websites work or work more efficiently, as well as to provide reporting information. Cookies set by the website owner (in this case, us) are called “first-party cookies.” Cookies set by parties other than the website owner are called “third-party cookies.”

Why do we use Cookies?

At our Sites, we utilize both first-party and third-party cookies for a variety of purposes. We rely on essential or strictly necessary cookies for technical reasons to ensure that our Sites operates effectively. Additionally, we use other cookies to track and target our users’ interests, which helps to enhance their experience on our Sites. Our Sites may also feature third-party cookies, which are served by other entities for purposes such as analytics, advertising, and more.

What types of cookies do we use?

Necessary cookies: These cookies enable us to provide you with the most optimal experience when navigating and accessing our Sites and their features. For instance, necessary cookies allow us to recognize when you’ve created an account and logged in to access content.

Functionality cookies: Functionality cookies permit us to operate our Sites in accordance with your specific choices. For example, we’ll remember your username and how you’ve customized our Sites during future visits.

Analytical cookies: These cookies allow us and third-party services to collect aggregated data for statistical purposes on how visitors utilize our Sites. Analytical cookies do not contain personal information such as names or email addresses and are utilized to help us enhance your overall user experience of our Sites.

Advertising cookies: Advertising cookies are cookies that are used by our Sites to gather information about a user’s browsing habits and interests. This information is then utilized to display targeted advertisements to the user. Advertising cookies track a user’s online activity, including the websites they visit, products they view, and searches they perform. This enables advertisers to customize their ads to the user’s specific interests. Both the website owner and third-party advertisers who collaborate with the website owner may utilize advertising cookies. We may use cookies to deliver personalized ads to you based on your browsing history and interests. These cookies help us deliver ads that are more relevant to you.

Third-party cookies: We may use third-party cookies to track website usage and performance, deliver personalized ads, and enhance your browsing experience. These cookies are subject to the third party’s privacy policy, and we have no control over these cookies.

How do third parties use cookies for advertising?

With your consent, we may share and receive online data collected through cookies with our advertising partners. This allows our partners to display targeted advertising to you on other websites based on your browsing patterns on . Additionally, we may also use this data to display advertising on our own Sites that is tailored to your browsing patterns on other websites we have obtained from our advertising partners.

Another form of online advertising we use is called online retargeting, which allows us and some of our advertising partners to display ads to you based on your browsing patterns and interactions with other websites. This means that if you have viewed content on our Sites, you may be shown related advertising when you visit other websites that use cookies to track your online behavior.

Managing Cookies

You have the right to control the use of cookies on our Sites. You can set your browser to reject all or some cookies, or to alert you when websites set or access cookies. You can also delete cookies that are already on your device. However, if you block or delete cookies, some parts of our Sites may not function properly.

As a user, you hold the right to choose whether to accept or reject cookies. You can easily exercise your cookie preferences by utilizing our Cookie Consent Manager, which permits you to select which categories of cookies you wish to accept or reject. However, it’s important to note that essential cookies cannot be rejected, as they are necessary to provide you with our services.

The Cookie Consent Manager is easily accessible on our Sites, as well as in the notification banner. Should you choose to reject cookies, you may still access and utilize our Sites, although some functionalities and areas may be limited. Additionally, you have the option to set or adjust your web browser controls to accept or refuse cookies.

If you are a resident of California or the US, you can opt out of any sale of personal information that may occur through cookies, tags, pixels, and web beacons.

Changes to This Cookie Policy

We may update our Cookie Policy occasionally to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes to this policy will be posted on this page and take effect immediately.

If we make significant changes to the way we use cookies, we will notify you either by prominently posting a notice on our Sites or by sending you an email. We encourage you to review this page periodically to stay informed about our use of cookies and any changes to our Cookie Policy.

Your continued use of our Sites after the effective date of any changes to this Cookie Policy indicates your acceptance of the changes. If you do not agree to any changes in this Cookie Policy, you should discontinue your use of our Sites and services.

LEGAL DISCLAIMER

Last updated April 2024

Site and Customer Portal

The content presented by AlphaGeo Global PTE LTD. (“we,” “us,” or “our”) on alphageo.ai (the “Site”) and app.alphageo.ai (the “Customer Portal”) is solely intended for general informational purposes. While we endeavor to maintain accuracy and relevance, we cannot guarantee or warrant the completeness, appropriateness, reliability, availability, or timeliness of the information presented on this Site and our Customer Portal. We retain the right to modify, adjust, or remove any information from this Site without prior notification.

Although all the information on the Site and our Customer Portal is provided in good faith, we do not make any express or implied representations or warranties regarding its accuracy, adequacy, validity, reliability, availability, or completeness. As a result, we assume no liability for any loss or damage incurred by you due to your use of this Site or our Customer Portal, or your reliance on any information provided on this Site and our Customer Portal. Any use of this Site and our Customer Portal and relying on any information provided therein is strictly at your own risk.

This Site’s content, such as text, graphics, images, and videos, is the intellectual property of their respective owners and is safeguarded by copyright laws. Unless explicitly stated, we do not assert ownership over any copyrighted material featured on this Site.

Any information presented on this Site and our Customer Portal is for general information purposes only and is not intended to provide any legal, tax, accounting, investment, financial and/or other professional advice. This Site and our Customer Portal is not intended to be a source of professional advice and any information presented therein should not be used as such. It is imperative to seek advice from a qualified professional as needed. Any information presented on this Site and the Customer Portal cannot be substituted for professional advice and should not be relied upon as such.

Please be advised that any information or advice provided through our communication channels, including but not limited to emails, messages, and calls, does not establish a professional relationship between us. Therefore, we cannot be held responsible for any action taken based on the information provided. If you require professional assistance, please consult with a qualified expert in the relevant field. By engaging in any communication with us, you agree to release us from any liability for any claims or damages resulting from your reliance on any information provided.

Our information is intended for general informational purposes only and should not be considered a substitute for professional advice. It is not intended to replace any professional legal, financial, or other advice or services. If you require professional assistance, please seek the advice of a qualified expert in the relevant field.

Additionally, our Site and/or the Customer Portal may contain links to third-party websites. We do not endorse, control, or guarantee the accuracy, completeness, suitability, reliability, availability, or timeliness of any information or content contained on such websites. We assume no liability for any loss or damage of any kind incurred as a result of the use of any third-party website linked to or from this Site.

We assume no liability for any loss or damage of any kind incurred as a result of the use of this Site or reliance on any information provided on this Site. You agree to indemnify and hold us harmless from any and all claims, damages, or expenses arising out of your use of this Site or reliance on any information provided on this Site.

We retain the right and authority to amend, modify or revise this disclaimer at any time without prior notice. By continuing to use this Site following any such amendments, modifications, or updates, you indicate your acceptance of the revised disclaimer.

Communications

Our communication channels may mention various products, services, or procedures, but we do not endorse or guarantee them. We cannot be held responsible for any claims, damages, or losses that may arise from the use of any products, services, or procedures mentioned.

We will not be liable for any damages, including but not limited to direct, indirect, incidental, consequential, or punitive damages, arising from the use of our communication channels or the information contained therein. You also acknowledge and accept that we may terminate our communication with you at any time and for any reason, without notice or liability.

Our Products and Services

Our products and services are provided to you on an “as is” and “as available” basis, without any representation or warranty of any kind, whether express or implied. We disclaim all warranties, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement.

Any content, materials, or information accessed or downloaded through our products or services is done at your own risk, and you will be solely responsible for any damage to your computer system or loss of data that results from such access or download.

In no event shall we be liable for any direct, indirect, incidental, consequential, special, or punitive damages arising from your use of our products or services, even if we have been advised of the possibility of such damages. To the extent permitted by law, our liability shall be limited to the amount you paid for the product or service giving rise to the claim.

This warranty disclaimer applies to the fullest extent permitted by law and shall survive any termination or expiration of our products or services. By using our products or services, you acknowledge and agree to this warranty disclaimer, and waive any and all claims against us arising from or related to your use of our products or services.

We cannot guarantee or warrant any future performance, results, or success of our products or services. Any references to past performance or historical results are provided for informational purposes only and are not indicative of future performance.

We make no representations or warranties regarding the accuracy, completeness, or reliability of any information, materials, or content provided by us. This includes, but is not limited to, financial statements, marketing materials, or any other information related to our products or services. We cannot guarantee that our products or services will meet your expectations or be suitable for your particular needs or purposes. Any information and/or material provided in relation to GeoSense is for general information purposes only, to professionals and institutions, and is not intended to provide legal, tax, accounting, investment, financial or other professional advice on any matter.

The provision of this material and/or reference to specific assets, commodities, funds, securities, sectors, or markets does not constitute investment advice, or a recommendation to buy or sell any security, or an offer of any regulated financial activity.

Any investor under GeoSense must consider the investment risks, objectives, investment horizon and associated investment parameters of any investment made in relation to GeoSense carefully before investing.

Any opinions, estimates, forecasts, projections, and statements of financial and/or market trends are based on market conditions at the date of the relevant publication, shall constitute the judgment of the relevant authors and are subject to change. There can be no guarantee that any information contained as part of a market outlook will be met.

Any investing in publicly traded securities, assets and/or funds involves risk, including the possible loss of principal. Shares of any asset, exchange-traded fund (ETF) or other investment vehicle are bought and sold at market price and may by traded at a discount. Any brokerage commissions will reduce returns. Hypothetical portfolios are constructed with monthly rebalancing and reinvestment of dividend parameters.

Any information and/or material provided in relation to GeoSense may not be comprehensive or up to date and AlphaGeo and related entities (including holding companies and subsidiaries) makes no undertaking as to the accuracy, timeliness, completeness or fitness for a particular purpose of such information. AlphaGeo and related entities will not be responsible for updating any information contained within such material, and opinions and information contained herein are subject to change without notice.

AlphaGeo and related entities, assume no direct or consequential liability for any errors in or reliance upon any information and/or material provided in relation to GeoSense.

We have not and do not intend to provide this information to or otherwise solicit individual (or retail) investors.

Any information and/or material provided in relation to GeoSense does not constitute any recommendation or advice by AlphaGeo or any related entities, of any kind. You should discuss such information and/or material with appropriate advisors in the context of your circumstances before acting in any manner or agreeing to use any of the referenced products or services and make your own independent assessment as to whether the referenced products or services are appropriate or suitable for you.

PERSONALLY IDENTIFIABLE INFORMATION PROTECTION & PRIVACY POLICY

Last updated May 2024

AlphaGeo Global PTD LTD. (“we” or “us” ) is committed to protecting the privacy and security of personal information we collect, use and process in accordance with the Personal Data Protection Act 2012 (“Singapore PDPA”), the General Data Protection Regulation 2016/679 (“EU GDPR”), the Data Protection Act 2018 (“UK GDPR”), the Privacy Amendment (“Notifiable Data Breaches”), the Personal Information Protection Law (“PIPL”), the Personal Data Protection Bill (“PDPB”), Protection of Personal Information Act (“POPIA”), Data Protection Act “Datenschutzgesetz” (“DSG”), the Personal Data Protection Act 2010 (“Malaysia PDPA”), the Law on Personal Data Protection (“LPDP”), the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA””), the Virginia Consumer Data Protection Act (“CDPA”), Canada’s Consumer Privacy Protection Act (“CPPA”) (the Singapore PDPA, EU GDPR, UK GDPR, Notifiable Data Breaches, PIPL, PDPB, POPIA, DSG, Malaysia PDPA, LPDP, CCPA, CPRA, CDPA, and CCPA, collectively, the “Data Protection Laws”). This Privacy Policy outlines how we collect, use, store, and share personal information, and the rights individuals have in relation to their personal information.
If you have any questions or concerns about this Privacy Policy, or our practices with regards to your personal information, please contact us at [email protected].

Scope of Policy

This policy together with the Terms and Conditions apply to your use of our website at alphageo.ai (the “Site”), our customer portal at https://app.alphageo.ai (“Customer Portal”) as well as any other related products and services that refer or link to the Terms and Conditions (collectively, the “Services”).

This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed and used by us. We strive to ensure that our practices regarding personal data of our users comply with the various Data Protection Laws applicable to us.

By using any of the Services, you accept our practices and processes as set out in this policy. If you do not agree to any part of this policy, please do not use any of the Services. This Privacy Policy applies to all information collected through our Services as well as any related services, sales, marketing or events.

Legal Basis for the processing of personal data

We process your personal information only when it is deemed essential and we possess a legitimate legal justification for doing so, as per relevant laws. This includes instances where we have your consent, to comply with relevant Data Protection Laws, to deliver services to you, to fulfill our contractual obligations, to safeguard your rights, or to pursue our legitimate business interests.

If you reside in the EU or UK, this section applies to you in accordance with the EU GDPR and the UK GDPR.
The EU GDPR and UK GDPR necessitate us to clarify the valid legal grounds that we rely upon to process your personal information. As a result, we may process your personal information based on the following legal foundations:

Consent.
We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.

Legal Obligations.
We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital Interests.
We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you reside in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can revoke your consent at any moment.

Under certain exceptional circumstances, as per relevant Data Protection Laws, we may be legally entitled to process your information without your consent. This may include, for instance:
• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way;
• For the purposes of investigations and preventing fraud;
• For conducting business transactions under specific conditions;
• If it is included in a witness statement and the collection is necessary to evaluate, handle, or resolve an insurance claim;
• For identifying individuals who are injured, sick, or deceased and communicating with their next of kin;
• If there are reasonable grounds to believe that an individual has been, is, or may be a victim of financial abuse;
• If it is plausible to assume that collecting and using the information with consent would compromise its accuracy or availability, and the collection is reasonable for the purposes of investigating a violation of an agreement or a contravention of the laws of Canada or a province;
• If disclosure is mandatory to comply with a court order, subpoena, warrant, or the court’s records production rules;
• If the collection is exclusively for journalistic, artistic, or literary purposes;
• If the information is publicly accessible and specified by regulations;

If you reside in California, this section applies to you.

We are committed to protecting the privacy of our users and comply with the CCPA and under the CCPA, California residents have the right to request access to and deletion of their personal information. California residents also have the right to opt-out of the sale of their personal information. To exercise your privacy rights, please contact us using the information provided herein.

We may collect the following types of information from users:

• Personal Information: We may collect personal information such as your name, email address, and phone number.
• Usage Information: We may collect information about how you use our website and services, including the pages you visit and the actions you take.
• Device Information: We may collect information about the device you use to access our website and services, including the type of device, operating system, and browser.
• If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California.
• We may also collect other personal information outside of these categories instances where you interact with us in-person, online, or by phone or mail in the context of:
• Receiving help through our customer support channels;
• Participation in customer surveys or contests;
• and Facilitation in the delivery of our Services and to respond to your inquiries.

Complaints

You have the right to make a complaint at any time by contacting our team at [email protected] prior to engaging in a formal complaint procedure with the relevant government authorities. Consequently, we would appreciate the chance to deal with your concerns before you approach a government body or any other legal entity, so please contact us in the first instance.

We will:

• Always keep your data safe and private.
• Never sell your data.
• Allow you to manage and review your marketing choices at any time.
• Only collect, manage, transfer and use your data for the purposes set out in this Privacy Policy.

Cookies

We use cookies to give you a good experience on our Site and to improve our Site. We utilize cookies to enhance your experience while using the Site and to make our Services more effective. We have meticulously selected these cookies and taken measures to ensure your privacy is always safeguarded and respected. For detailed information on the cookies, we use and the purposes for which we use them, see our Cookie Policy.

Information we collect about you

We will collect and process the following data about you:

(a) Information you give us (“Submitted Information”):
This is information you give us about yourself by filling in forms on the Site, or by corresponding with us (for example, by e-mail or via the form functions on the Site). If you contact us, we will keep a record of that correspondence. We also collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us within 30 working days of any changes to such personal information.

(b) Information we collect about you and your device (“Device Information”). Each time you visit our Site we will automatically collect the following information:

• technical information, including the internet protocol (“IP”) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
• information about your visit, including the full uniform resource locators (“URL”), clickstream to, through and from our Site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, device information;

(c) We use GPS technology and your IP address to determine your location (“Location Information”).

(d) If you access our Customer Portal via a shareable link given to you, we collect visitor information including name, email addresses and interactions.

We automatically collect certain information when you visit, utilize, or navigate our Services. This information, while it does not personally identify you (such as through your name or contact details), may consist of device and usage data such as your IP address, browser and device specifications, operating system, language preferences, referral URLs, device name, country, location, usage patterns and frequency of our Services, and other technical information. This information is primarily used for the maintenance of security and smooth functioning of our Services and for internal analytical and reporting purposes. Additionally, similar to many organizations, we also gather information through the use of cookies and similar technologies.

Use of the information

Below is a summary of the key types of data that we use. For more information on how these types of data are used and for which purposes then please see the table located at the subsection “Purposes for which we will use your data” below.
We use information held about you in the following ways:

(a) Submitted Information: We will use this information:
• to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
• to notify you about changes to our Services;
• to comply with our regulatory obligations, e.g., requests from competent authorities such as regulatory requests; and
• to ensure that content from our Site and Customer Portal is presented in the most effective manner for you and for your computer.

(b) Location Information: We will use this information to deliver relevant advertising to you.

We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this Privacy Policy for as long as it is combined.

If we decide to engage advertisers to promote our products and services, the advertisers and their advertising networks may require anonymized personal data to serve relevant adverts to you and others. We will never disclose identifiable information about individuals to advertisers, but we may provide them with aggregate information about our Site visitors. We may also use such aggregate information to help our advertising partners provide a tailored and targeted campaign, relevant for a subsection of our users (for example, women in a particular geographical location).

The duration of maintaining your information

We retain your information for the duration required to accomplish the objectives stated in this Privacy Policy, unless legal obligations dictate otherwise. We will retain your personal information for as long as it is necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is mandated or allowed by relevant Data Privacy Laws (such as for tax, accounting, or other legal reasons). No goal outlined in this Privacy Policy will necessitate keeping your personal information for a period exceeding 365 days (about 12 months). Once we no longer have a valid business reason to process your personal information, we will either erase or anonymize the information, or if this is not feasible (for instance, if the personal information has been stored in backup archives), we will securely store the information and restrict any further processing until deletion is feasible.

Purposes for which we will use your data

We have set out below a description of all the ways we use your personal data as stated above, and which of the legal bases we rely on to do so.

	Purpose	Legal Basis	Type of Information
To provide Services	To carry out our obligations resulting from any customer contracts you enter into with us, and to provide you with the information, products and services that you request from us.	(a) Fulfilling contracts: – being efficient about how we fulfill our legal and contractual duties. (b) Legal obligations: – complying with regulations and laws that apply to us.	Submitted Information
To help market and provide new products and services to engage you and acquire new customers	To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about; To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; To make suggestions and recommendations to you and other users of our Site and the Customer Portal about goods or services that may interest you or them; and to process applications for products and services available through us.	(a) Fulfilling contracts: – being efficient about how we fulfill our legal and contractual duties. (b) Legal obligations: – complying with regulations and laws that apply to us.	Submitted Information
To keep the Site up and running	To administer our Site for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; to ensure that content from our Site and/or Customer Portal is presented in the most effective manner for you and for your computer; to allow you to participate in interactive features of our service, when you choose to do so; to notify you about changes to our service; and as part of our efforts to keep our Site and the Customer Portal safe and secure.	(a) Fulfilling a contract: – being efficient about how we fulfill our legal and contractual duties. (b) Our legal obligations: – Complying with regulations and laws that apply to us.	Submitted Information and Device Information.
To provide location-based Services	To deliver relevant advertising to you.	(a) Fulfilling a contract: being efficient about how we fulfill our legal and contractual duties. (b) Our legal obligations: complying with regulations and laws that apply to us.	Location Information

What do we mean when we say:

Fulfilling a Contract: This means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Our Legal Obligation: This means processing or retaining (even after termination of the business relationship) your data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Storage security & International Transfers

Please note that the data we collect from you may be transferred, processed, and stored in a location within or outside of Singapore. As we provide an international service, your data also may be processed outside Singapore in order for us to fulfill our contract with you.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted on our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Your legal rights

You have rights under relevant Data Privacy Laws in relation to your personal data. Please see below to find out more about these rights:

You have the right to:
• Request access to your personal data (commonly known as a data subject access request). This enables you to receive a copy of the personal data we hold about you. If you require this, then please reach out to our support team at [email protected]. Please note that Singapore law allows us to refuse your request for access for various reasons, including where the burden or expense of providing such access would be unreasonable to us or disproportionate to your interests. Please also note that Singapore law allow us to charge an administrative fee to cover the costs of such requests. If so, we will inform you of such administrative fee beforehand. Please note that we are not required to respond to or deal with your access request unless you have agreed to pay the administrative fee.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. If you require this, then please reach out to our support team at [email protected]. Please note that Singapore law allows us to refuse your request for correction for various reasons, including where your personal data is contained in a document that is related to a prosecution if all proceedings related to the prosecution have not been completed.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the relevant Data Protection Laws.
• Object to processing of your personal data. You have the right to object to where we are processing your personal data for direct marketing purposes.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

(a) if you want us to establish the data’s accuracy;
(b) where our use of the data is unlawful, but you do not want us to erase it; or
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

Please note that any requests in relation to the restriction of the processing of your data mean that we may not be able to fulfill the contract we have or are trying to enter into with you.

Request the transfer of your personal data to you or to a third party. We will provide you with your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided with your consent for us to use or where we used the information to carry out a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide services to you.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

In regions such as the European Economic Area (“EEA”), the United Kingdom (“UK”), Singapore and Canada, you have enhanced control over your personal information due to the relevant Data Privacy Laws within the jurisdictions. These rights may include the ability to access, rectify, erase, restrict processing, or transfer your data, as well as the option to object to its processing, in accordance with the relevant local Data Protection Laws.

We will respect and promptly address any requests you make regarding your personal information in accordance with applicable laws. If you reside in the EEA or the UK and believe we are processing your information illegally, you have the right to report the matter to your local data protection authority.

If you wish to review or modify the information in your account, or request that your account be terminated, you may do so at any time. Upon your request to end your account, we will remove your data from our active databases. However, in some cases, we may retain some information for the purpose of fraud prevention, problem resolution, investigations, legal compliance, or to enforce our terms and conditions.

Changes to privacy policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. If we make material changes to this Privacy Policy, we’ll inform you either by posting a noticeable announcement or by sending you a direct notification by email. We recommend that you frequently review this privacy policy to stay informed on how we’re safeguarding your information. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Contact us

If you wish to exercise any of your rights, or have questions concerning this Privacy Policy, please contact [email protected].

CLIENT & VENDOR PRIVACY NOTICE

Last updated May 2024

Introduction

AlphaGeo Global PTE LTD. (“AlphaGeo”) is committed to processing personal information (“PI”) in line with all applicable privacy and data protection laws. Our offices are in countries with laws governing the processing of PI. References to “you” or “your” refers to individuals whose PI is processed by AlphaGeo, including clients with direct or indirect relationships (such as those who invest through an intermediary); employees, contingent workers, officers, agents (together “Representatives”); and beneficial owners of an organization or entity in connection with:

the provision of services to potential and actual clients;
transactions to which we are party (including those which we effect on behalf of clients);
or services provided to us by a third-party vendor.

This Privacy Notice sets out the purposes for which we collect, use and disclose (collectively “processing”) PI and how it is protected. It also sets out individuals’ rights in relation to the processing of their PI.

There may be additional terms, conditions and commitments that also govern how we collect, use and disclose your PI, which should be read with this Privacy Notice.

PI we collect about you

PI is information relating to an individual, which can be used either alone or with other sources of information to identify that individual. PI does not include information where the identity of the individual or the specific detail of the information has been removed and is therefore anonymous. Sensitive Personal Information (“SPI”) is a sub-category of PI that includes PI relating to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data. We collect personal information about our clients and vendors to provide services and support to them.

The information we collect depends on the services we provide and our relationship with you.

We categorize PI we process as follows (the PI listed for each category are non-exhaustive examples):

Identification data: Full name, title, gender, marital status, date of birth, passport number, driving license number, national identification number, signature
Contact data: Personal address, telephone number, email address
Electronic Monitoring data
To the extent permitted by law, we may record and monitor your electronic communications with us
Financial data: Bank account number; credit card number
Marketing and Communications data: Marketing and communication preferences; tracking data relating to whether you have read marketing communications from us
Professional Information data: Position/job title, work address; telephone number; email address
Profile data: Username and password for our online services that you have access to; investments made by you; services requested; marketing communications responded to; survey responses
Services data: Payment details to and from you; details of services you have provided to us or we have provided to you
Technical data: Your use of and interaction with our online services; your IP address; browser type and version; browser plug in types and versions; operating system
SPI: In limited circumstances, and where allowed by law, we may collect information about criminal convictions and offenses, when legally required; dietary requirements if we are arranging catering; disability so that we can make reasonable accommodations for you in our buildings; sexual orientation if you provide details of your spouse or partner; political affiliations for us to determine whether you are a politically exposed person.

We collect PI in relation to you in a number of ways, including:

when you provide it to us in connection with a AlphaGeo product or service;
if you are Representative of an organization or entity that is a client or vendor of AlphaGeo and that organization or entity provides us with your PI;
throughout the course of our relationship with you, including where you change your details, provide additional PI, or where the services we are providing to you change;
from public sources where you have manifestly chosen to make your PI public, including via public profiles on social media;
from third parties;
from visits to www.alphageo.ai (our “Site”) or app.alphageo.ai (“Customer Portal”) Please see our Cookie Policy for more information on this.

We may also create or derive PI such as creating records of your interactions with us, subject to applicable law.

Unless we otherwise indicate that the provision of specific PI is optional, any PI we request is necessary for us to provide you or your organization or entity with the products and services requested. If you do not provide the PI requested, we may not be able to provide those products and services.

Purpose and legal basis for processing your PI

The below table sets out the purposes and basis for which we process PI.

Processing Purpose	Category of PI	Basis of Processing
To consider entering into a contract at your request, including performing anti-terrorism, sanction screening, fraud and other due diligence checks	Identification data Contact data Financial data Professional Information data Services data SPI	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring we do not accept the proceeds of criminal activities or assist in fraudulent or any unlawful activities, such as terrorism
To deliver the services you have requested, including liaising with third parties (e.g. data providers you work with) and to provide access to our technology solutions services	Identification data Contact data Financial data Profile data Services data Technical data Marketing and Communications data Professional Information data	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring that you are provided with the best client services and visitor services we can offer, and securing a prompt payment of any fees, costs and debts in respect of our services
To manage payments, fees and charges and to collect and recover money owed to us	Identification data Contact data Financial data Professional Information data Services data	Performance of a contract Legitimate interests: ensuring we can manage payments, fees and charges and to collect and recover money owed to us
To manage our relationship with you which will include notifying you about changes to our terms of business or this privacy notice	Identification data Contact data Profile data Marketing and Communications data Professional Information data	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring we can notify you about changes to our terms of business or this notice
To interact with governmental or regulatory bodies or other competent national authorities	Identification data Contact data Financial data Services data Professional Information data	Legal or regulatory obligation Public Interest
To detect or prevent fraud and/or other criminal activity and to protect our employees and assets	Identification data Contact data Electronic Monitoring data Financial data Professional Information data Profile data Services data Technical data	Legal or regulatory obligation Public interest Legitimate interests: protecting Climate Alpha and client assets; detecting, and protecting against breaches of our policies and applicable laws; protecting Climate Alpha employees
To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting	Identification data Contact data Profile data Technical data Marketing and Communications data Professional Information data	Legal or regulatory obligation Legitimate interests: ensuring the efficient and secure running of our business, including through office and facilities administration, maintaining information technology services, network and data security and fraud prevention
To invite you to take part in market insight or other events, or client seminars or similar events, and to manage your participation in them	Identification data Contact data Profile data Technical data Marketing and Communications data Professional Information data	Consent Legitimate interests: ensuring our client records are up-to-date; promoting our client services; receiving feedback; improving our services; identifying ways to expand our business
To send you marketing (including by paper and electronic channels) communications and service updates.	Identification data Contact data Profile data Technical data Marketing and Communications data Professional Information data	Consent Legitimate interests: reviewing how clients use, and what they think of, our services; identifying ways to improve and expand our business

In relation to vendor services:

Purpose and/or activity	Type of Data	Legal Basis for Processing
To engage you or the organization or entity you work for as a new supplier	Identification data Contact data Financial data Services data Professional Information data	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism Public interest
To manage payments, fees and charges and to collect and recover money owed to us	Identification data Contact data Financial data Professional Information data Services data	Performance of a contract Legitimate interests: ensuring we can manage payments, fees and charges; to collect and recover money owed to uses
Where we provide you access to our systems we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, and data hosting	Identification data Contact data Profile data Technical data	Legal or regulatory obligation Legitimate interests: ensuring the efficient and secure running of our business, including maintaining information technology services, network and data security

In connection with one or more of the purposes outlined in the section ‘Purpose and Legal basis for processing your PI’ above, we may disclose PI in any jurisdiction to:

professional advisors, third parties, agents or independent contractors that provide services to any member of AlphaGeo (such as IT systems providers, platform providers, consultants (including lawyers and accountants));
goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); and other individuals and entities that partner with us;
competent authorities (including any national and/or international regulatory or enforcement body, agency, court or other form of tribunal or tax authority) or their agents where AlphaGeo is required or allowed to do so under applicable law or regulation;
a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of AlphaGeo’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
any person to whom disclosure is allowed or required by local or foreign law, regulation or any other applicable instrument.

International transfers and transfers to service providers

To provide global services and in the course of running our business, we may transfer PI to a location outside of the country where you reside or where services are provided to you or the organization or entity you work for. Although the country to which PI may be transferred may not have the same level of privacy and data protection laws, we apply the same level of security and organizational controls to the processing of PI wherever it is processed. We require by contract that our third party service providers processing PI on our behalf to comply with AlphaGeo’s criteria for PI processing.

Marketing and exercising your right to opt-out of marketing

We will not process your PI for marketing purposes if you have informed us you do not wish to receive marketing materials. You can request that we stop processing your PI for marketing purposes at any time by clicking on marketing opt-out links in any electronic marketing materials we send you, by making a request to your usual AlphaGeo contact or by using the contact details set out in the “Contact Us” section of this Site.

Third-party marketing/sale of PI

We do not share or sell your PI to third parties for the third party to use for their own marketing or other purposes.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time. If we make any material changes, we will notify you by email or by posting a notice on our Site. If we make any modifications to this Privacy Notice in the future, we will update this page and, when applicable, send you an email notification. If there are significant changes to this Privacy Notice, we will inform you by either posting a prominent announcement or directly notifying you via email. To ensure that you are aware of how we are protecting your information, we suggest that you review this Privacy Notice regularly. By continuing to use our services, you acknowledge and agree to these changes.

PI retention

We will process your PI for as long as is necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements or for the establishment or defense of legal claims.

PI security

We use a range of physical, electronic and managerial measures to ensure a level of security appropriate to the risk of PI processing. These measures include:

education and training of relevant staff to ensure they are aware of our privacy obligations when processing PI as well as training around social engineering, phishing, spear phishing, and password risks;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
the ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident;
administrative and technical controls to restrict access to PI;
technological security measures, including fire walls, encryption (industry standard SSL encryption with 128-bit key lengths), and anti-virus software;
application security;
endpoint security;
real-time monitoring of data leakage controls;
layered and comprehensive cybersecurity defenses; and
security incident reporting and management.

The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries the risk of access and interception. You should not send us any PI by open/unsecure channels over the internet. We endeavor to protect personal information but cannot guarantee the security of data transmitted to us or by us.

We take reasonable measures to protect your personal information from unauthorized access, use, or disclosure. We maintain physical, electronic, and procedural safeguards to protect your information, including the use of encryption and secure communication protocols.

Your rights

In certain circumstances you may have the following rights in relation to the processing of your PI:

Access
To request a copy of the PI we process in relation to you and to be informed about how we use and share your PI.
Object
To object to the processing of your PI if (i) we are processing your PI on the grounds of legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we are processing your PI for direct marketing purposes
Correction
To request that we update the PI we process in relation to you, or to correct PI that you think is incorrect or incomplete.
Erasure
To ask that we delete the PI that we process in relation to you where we do not have a legal or regulatory obligation or other valid reason to continue to process it.
Restriction
To request that we restrict the way in which we process your PI, for example, if you dispute the accuracy of your PI or have raised an objection which is under consideration.
Portability
To request a copy of your PI that you have provided to us in a commonly used electronic format such as through the completion of an application form.
Automated decision making
To request manual intervention if you are subject to automated decisions where the decision results in a legal or similar effect to you.

To the extent permitted by applicable law or regulation we reserve the right to charge an appropriate fee in connection with your exercising your rights.

We may need to request specific information from you to help us confirm your identity and ensure your right to access to the PI requested, or to exercise any of your other rights. This is to ensure that PI is not disclosed to any person who does not have authority to receive it. We may also request further information in relation to your request to help us to locate the PI processed in relation to you, including, for example, the nature and location of your relationship with us.

We will respond to [email protected] all legitimate requests in line with the timescales set out in applicable law.

You will not be disadvantaged in any way by exercising your rights in relation to the processing of your PI.

Contact us

If you wish to exercise any of your rights, or have questions concerning this notice, please contact [email protected].

In connection with one or more of the purposes outlined in the section “Purpose and Legal basis for processing your PI” above, we may disclose PI in any jurisdiction to:

professional advisors, third parties, agents or independent contractors that provide services to any member of AlphaGeo (such as IT systems providers, platform providers, consultants (including lawyers and accountants));
goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); and other individuals and entities that partner with us;
competent authorities (including any national and/or international regulatory or enforcement body, agency, court or other form of tribunal or tax authority) or their agents where AlphaGeo is required or allowed to do so under applicable law or regulation;
a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of AlphaGeo’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
any person to whom disclosure is allowed or required by local or foreign law, regulation or any other applicable instrument.

International transfers and transfers to service providers

Marketing and exercising your right to opt-out of marketing

Third-party marketing/sale of PI

We do not share or sell your PI to third parties for the third party to use for their own marketing or other purposes.

Changes to this Privacy Notice

PI retention

PI security

We use a range of physical, electronic and managerial measures to ensure a level of security appropriate to the risk of PI processing. These measures include:

education and training of relevant staff to ensure they are aware of our privacy obligations when processing PI as well as training around social engineering, phishing, spear phishing, and password risks;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
the ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident;
administrative and technical controls to restrict access to PI;
technological security measures, including fire walls, encryption (industry standard SSL encryption with 128-bit key lengths), and anti-virus software;
application security;
endpoint security;
real-time monitoring of data leakage controls;
layered and comprehensive cybersecurity defenses; and
security incident reporting and management.

Your rights

In certain circumstances you may have the following rights in relation to the processing of your PI:

Access
To request a copy of the PI we process in relation to you and to be informed about how we use and share your PI.
Object
To object to the processing of your PI if (i) we are processing your PI on the grounds of legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we are processing your PI for direct marketing purposes
Correction
To request that we update the PI we process in relation to you, or to correct PI that you think is incorrect or incomplete.
Erasure
To ask that we delete the PI that we process in relation to you where we do not have a legal or regulatory obligation or other valid reason to continue to process it.
Restriction
To request that we restrict the way in which we process your PI, for example, if you dispute the accuracy of your PI or have raised an objection which is under consideration.
Portability
To request a copy of your PI that you have provided to us in a commonly used electronic format such as through the completion of an application form.
Automated decision making
To request manual intervention if you are subject to automated decisions where the decision results in a legal or similar effect to you.

To the extent permitted by applicable law or regulation we reserve the right to charge an appropriate fee in connection with your exercising your rights.

We will respond to [email protected] all legitimate requests in line with the timescales set out in applicable law.

You will not be disadvantaged in any way by exercising your rights in relation to the processing of your PI.

Contact us

If you wish to exercise any of your rights, or have questions concerning this notice, please contact [email protected].

DATA PROCESSING AGREEMENT

Last updated June 2024

This AlphaGeo Data Processing Agreement and its Annexes (“DPA”) reflects the parties’ agreement with respect to the Processing of Personal Data by us on behalf of you in connection with the AlphaGeo Subscription Services under the AlphaGeo Customer Terms and Conditions available at https://alphageo.ai/legal-items-and-disclosures/ between you and us (also referred to in this DPA as the “Agreement”).

This DPA is supplemental to, and forms an integral part of, the Agreement and is effective upon its incorporation into the Agreement, which may be specified in the Agreement, an Order Form or an executed amendment to the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency.

We update these terms from time to time. If you have an active AlphaGeo subscription, we will let you know when we do via email (if you have subscribed to receive email notifications via any of the subscription forms within https://alphageo.ai)

The term of this DPA will follow the term of the Agreement. Terms not otherwise defined in this DPA will have the meaning as set forth in the Agreement.

Definitions

Customer Responsibilities

AlphaGeo Obligations

Data Subject Requests

Sub-Processors

Data Transfers

Demonstration of Compliance

Additional Provisions for European Data

Additional Provisions for California Personal Information

General Provisions

Parties to this DPA

Annex 1 – Details of Processing

Annex 2 – Security Measures

Annex 3 – Sub-Processors

1. Definitions

“California Personal Information” means Personal Data that is subject to the protection of the CCPA.

“CCPA” means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 or “CPRA”).

“Consumer,” “Business,” “Sell,” “Service Provider,” and “Share” will have the meanings given to them in the CCPA.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

“Data Privacy Framework” means the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework self-certification programs (as applicable) operated by the U.S. Department of Commerce; as may be amended, superseded or replaced.

“Data Privacy Framework Principles” means the Principles and Supplemental Principles contained in the relevant Data Privacy Framework; as may be amended, superseded or replaced.

“Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws, the CCPA and other applicable U.S. federal and state privacy laws, and the data protection and privacy laws of Australia, Singapore, and Japan, in each case as amended, repealed, consolidated or replaced from time to time.

“Data Subject” means the individual to whom Personal Data relates.

“Europe” means the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom.

“European Data” means Personal Data that is subject to the protection of European Data Protection Laws.

“European Data Protection Laws” means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); and (iv) Swiss Federal Data Protection Act and its Ordinance (“Swiss DPA”); in each case, as may be amended, superseded or replaced.

“Instructions” means the written, documented instructions issued by a Controller to a Processor, and directing the same to perform a specific or general action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available).

“Permitted Affiliates” means any of your Affiliates that (i) are permitted to use the Subscription Services pursuant to the Agreement, but have not signed their own separate agreement with us and are not a “Customer” as defined under the Agreement, (ii) qualify as a Controller of Personal Data Processed by us, and (iii) are subject to European Data Protection Laws.

“Personal Data” means any information relating to an identified or identifiable individual where (i) such information is contained within Customer Data; and (ii) is protected similarly as personal data, personal information, or personally identifiable information under applicable Data Protection Laws.

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by us and/or our Sub-Processors in connection with the provision of the Subscription Services. “Personal Data Breach” will not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

“Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data. The terms “Process”, “Processes” and “Processed” will be construed accordingly.

“Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.

“Standard Contractual Clauses” means the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 currently found at https://eur-lex.europa.eu/eli/dec_impl/2021/914, as may be amended, superseded or replaced.

“Sub-Processor” means any Processor engaged by us or our Affiliates to assist in fulfilling our obligations with respect to the provision of the Subscription Services under the Agreement. Sub-Processors may include third parties or our Affiliates but will exclude any AlphaGeo employee or consultant.

“UK Addendum” means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018 currently found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as may be amended, superseded, or replaced.

2. Customer Responsibilities

a. Compliance with Laws. Within the scope of the Agreement and in its use of the services, you will be responsible for complying with all requirements that apply to it under applicable Data Protection Laws with respect to its Processing of Personal Data and the Instructions it issues to us.

In particular but without prejudice to the generality of the foregoing, you acknowledge and agree that you will be solely responsible for: (i) the accuracy, quality, and legality of Customer Data and the means by which you acquired Personal Data; (ii) complying with all necessary transparency and lawfulness requirements under applicable Data Protection Laws for the collection and use of the Personal Data, including obtaining any necessary consents and authorizations (particularly for use by Customer for marketing purposes); (iii) ensuring you have the right to transfer, or provide access to, the Personal Data to us for Processing in accordance with the terms of the Agreement (including this DPA); (iv) ensuring that your Instructions to us regarding the Processing of Personal Data comply with applicable laws, including Data Protection Laws; and (v) complying with all laws (including Data Protection Laws) applicable to any emails or other content created, sent or managed through the Subscription Services, including those relating to obtaining consents (where required) to send emails, the content of the emails and its email deployment practices. You will inform us without undue delay if you are not able to comply with your responsibilities under this ‘Compliance with Laws’ section or applicable Data Protection Laws.

b. Controller Instructions. The parties agree that the Agreement (including this DPA), together with your use of the Subscription Service in accordance with the Agreement, constitute your complete Instructions to us in relation to the Processing of Personal Data, so long as you may provide additional instructions during the Subscription Term that are consistent with the Agreement, the nature and lawful use of the Subscription Service.

c. Security. You are responsible for independently determining whether the data security provided for in the Subscription Service adequately meets your obligations under applicable Data Protection Laws. You are also responsible for your secure use of the Subscription Service, including protecting the security of Personal Data in transit to and from the Subscription Service (including to securely backup or encrypt any such Personal Data).

3. AlphaGeo Obligations

a. Compliance with Instructions. We will only Process Personal Data for the purposes described in this DPA or as otherwise agreed within the scope of your lawful Instructions, except where and to the extent otherwise required by applicable law. We are not responsible for compliance with any Data Protection Laws applicable to you or your industry that are not generally applicable to us.

b. Conflict of Laws. If we become aware that we cannot Process Personal Data in accordance with your Instructions due to a legal requirement under any applicable law, we will (i) promptly notify you of that legal requirement to the extent permitted by the applicable law; and (ii) where necessary, cease all Processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as you issue new Instructions with which we are able to comply. If this provision is invoked, we will not be liable to you under the Agreement for any failure to perform the applicable Subscription Services until such time as you issue new lawful Instructions with regard to the Processing.

c. Security. We will implement and maintain appropriate technical and organizational measures to protect Personal Data from Personal Data Breaches, as described under Annex 2 to this DPA (“Security Measures”). Notwithstanding any provision to the contrary, we may modify or update the Security Measures at our discretion provided that such modification or update does not result in a material degradation in the protection offered by the Security Measures.

d. Confidentiality. We will ensure that any personnel whom we authorize to Process Personal Data on our behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that Personal Data.

e. Personal Data Breaches. We will notify you without undue delay after we become aware of any Personal Data Breach and will provide timely information relating to the Personal Data Breach as it becomes known or reasonably requested by you. At your request, we will promptly provide you with such reasonable assistance as necessary to enable you to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if you are required to do so under Data Protection Laws.

f. Deletion or Return of Personal Data. We will delete or return all Customer Data, including Personal Data (including copies thereof) Processed pursuant to this DPA, on termination or expiration of your Subscription Service in accordance with the procedures set out in our Product Specific Terms. This term will apply except where we are required by applicable law to retain some or all of the Customer Data, or where we have archived Customer Data on back-up systems, which data we will securely isolate and protect from any further Processing and delete in accordance with our deletion practices. You may request the deletion of your AlphaGeo account after expiration or termination of your subscription by sending a request to [email protected]. All idle accounts are automatically deactivated after 90 days (about 3 months). If inactivity exceeds 365 days (about 12 months), the account will automatically be deleted from our systems. This is aligned with AlphaGeo’s Inactive User Management Policy as well as its Logical Access and Policy and Procedures.

4. Data Subject Requests

The Subscription Service provides you with a number of controls that you can use to retrieve, correct, delete or restrict Personal Data, which you can use to assist it in connection with its obligations under Data Protection Laws, including your obligations relating to responding to requests from Data Subjects to exercise their rights under applicable Data Protection Laws (“Data Subject Requests”).

To the extent that you are unable to independently address a Data Subject Request through the Subscription Service, then upon your written request we will provide reasonable assistance to you to respond to any Data Subject Requests or requests from data protection authorities relating to the Processing of Personal Data under the Agreement. You will reimburse us for the commercially reasonable costs arising from this assistance.

If a Data Subject Request or other communication regarding the Processing of Personal Data under the Agreement is made directly to us, we will promptly inform you and will advise the Data Subject to submit their request to you. You will be solely responsible for responding substantively to any such Data Subject Requests or communications involving Personal Data.

5. Sub-Processors

You agree we may engage Sub-Processors to Process Personal Data on your behalf, and we do so in three ways. First, we may engage Sub-Processors to assist us with hosting and infrastructure. Second, we may engage with Sub-Processors to support business operations. Third, we may engage with AlphaGeo Affiliates as Sub-Processors for service and support. Some Sub-Processors will apply to you as default, and some Sub-Processors will apply only if you opt-in.

We have currently appointed, as Sub-Processors, the third parties and AlphaGeo Affiliates listed in Annex 3 to this DPA.

We will give you the opportunity to object to the engagement of new Sub-Processors on reasonable grounds relating to the protection of Personal Data within 30 days of notifying you. If you do notify us of such an objection, the parties will discuss your concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, we will, at our sole discretion, either not appoint the new Sub-Processor, or permit you to suspend or terminate the affected Subscription Service in accordance with the termination provisions of the Agreement without liability to either party (but without prejudice to any fees incurred by you prior to suspension or termination).

Where we engage Sub-Processors, we will impose data protection terms on the Sub-Processors that provide at least the same level of protection for Personal Data as those in this DPA, to the extent applicable to the nature of the services provided by such Sub-Processors. We will remain responsible for each Sub-Processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-Processor that cause us to breach any of its obligations under this DPA.

6. Data Transfers

You acknowledge and agree that we may access and Process Personal Data on a global basis as necessary to provide the Subscription Service in accordance with the Agreement, and in particular that Personal Data may be transferred to and Processed by AlphaGeo, Inc. in the United States and to other jurisdictions where AlphaGeo Affiliates and Sub-Processors have operations. Wherever Personal Data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of Data Protection Laws.

7. Demonstration of Compliance

We will make all information reasonably necessary to demonstrate compliance with this DPA available to you and allow for and contribute to audits, including inspections conducted by you or your auditor in order to assess compliance with this DPA, where required by applicable law. You acknowledge and agree that you will exercise your audit rights under this DPA by instructing us to comply with the audit measures described in this ‘Demonstration of Compliance’ section. You acknowledge that the Subscription Service is hosted by our hosting Sub-Processors who maintain independently validated security programs (including SOC 2 and ISO 27001) and that our systems are audited annually as part of SOC 2 compliance and regularly tested by independent third party penetration testing firms. Upon request, we will supply (on a confidential basis) our SOC 2 report and summary copies of our penetration testing report(s) to you so that you can verify our compliance with this DPA. Further, at your written request, we will provide written responses (on a confidential basis) to all reasonable requests for information made by you necessary to confirm our compliance with this DPA, provided that you will not exercise this right more than once per calendar year unless you have reasonable grounds to suspect non-compliance with the DPA.

8. Additional Provisions for European Data

a. Scope. This “Additional Provisions for European Data” section will apply only with respect to European Data.

b. Roles of the Parties. When Processing European Data in accordance with your Instructions, the parties acknowledge and agree that you are acting as the Controller of European Data (either as the Controller, or as a Processor on behalf of another Controller) and we are the Processor under the Agreement.

c. Instructions. If we believe that your Instruction infringes European Data Protection Laws (where applicable), we will inform you without delay.

d. Data Protection Impact Assessments and Consultation with Supervisory Authorities. To the extent that the required information is reasonably available to us, and you do not otherwise have access to the required information, we will provide reasonable assistance to you with any data protection impact assessments, and prior consultations with supervisory authorities (for example, the French Data Protection Agency (CNIL), the Berlin Data Protection Authority (BlnBDI) and the UK Information Commissioner’s Office (ICO)) or other competent data privacy authorities to the extent required by European Data Protection Laws.

f. Transfer Mechanisms for Data Transfers.

(A) AlphaGeo will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) (i) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including the Data Privacy Framework; (ii) to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws; or (iii) to a recipient that has executed the Standard Contractual Clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws.

(B) You acknowledge that in connection with the performance of the Subscription Services, AlphaGeo Global PTE LTD is a recipient of European Data in the United States. To the extent that AlphaGeo Global PTE LTD receives European Data in the United States, AlphaGeo Global PTE LTD will comply with the following:

(1) Data Privacy Framework. AlphaGeo Global PTE LTD will use the Data Privacy Framework to lawfully receive European Data in the United States and ensure that it provides at least the same level of protection to such European Data as is required by the Data Privacy Framework Principles and will let you know if it is unable to comply with this requirement.

(2) Standard Contractual Clauses. If European Data Protection Laws require that appropriate safeguards are put in place (for example, if the Data Privacy Framework does not cover the transfer to AlphaGeo Global PTE LTD and/or the Data Privacy Framework is invalidated), the Standard Contractual Clauses will be incorporated by reference and form part of the Agreement as follows:

(a) In relation to European Data that is subject to the GDPR (i) Customer is the “data exporter” and AlphaGeo, Inc. is the “data importer”; (ii) the Module Two terms apply to the extent the Customer is a Controller of European Data and the Module Three terms apply to the extent the Customer is a Processor of European Data; (iii) in Clause 7, the optional docking clause applies; (iv) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the ‘Sub-Processors’ section of this DPA; (v) in Clause 11, the optional language is deleted; (vi) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be determined in accordance with the ‘Contracting Entity; Applicable Law; Notice’ section of the Jurisdiction Specific Terms or, if such section does not specify an EU Member State, the Republic of Ireland (without reference to conflicts of law principles); (vii) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; (viii) the supervisory authority that will act as competent supervisory authority will be determined in accordance with GDPR; and (ix) if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA the Standard Contractual Clauses will prevail to the extent of such conflict.

(b) In relation to European Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Annexes of this DPA and Table 4 will be deemed completed by selecting “neither party”; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.

(c) In relation to European Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) references to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss DPA; (ii) references to “EU,” “Union” and “Member State law” will be interpreted as references to Swiss law; and (iii) references to the “competent supervisory authority” and “competent courts” will be replaced with the “the Swiss Federal Data Protection and Information Commissioner ” and the “relevant courts in Switzerland.”

(d) You agree that by complying with our obligations under the ‘Sub-Processors’ section of this DPA, AlphaGeo Global PTE LTD fulfills its obligations under Section 9 of the Standard Contractual Clauses. For the purposes of Clause 9(c) of the Standard Contractual Clauses, you acknowledge that we may be restricted from disclosing Sub-Processor agreements but we will use reasonable efforts to require any Sub-Processor we appoint to permit it to disclose the Sub-Processor agreement to you and will provide (on a confidential basis) all information we reasonably can. You also acknowledge and agree that you will exercise your audit rights under Clause 8.9 of the Standard Contractual Clauses by instructing us to comply with the measures described in the ‘Demonstration of Compliance’ section of this DPA.

(e) Where the AlphaGeo contracting entity under the Agreement is not AlphaGeo Global PTE LTD such contracting entity (not AlphaGeo Global PTE LTD) will remain fully and solely responsible and liable to you for the performance of the Standard Contractual Clauses by AlphaGeo, Inc., and you will direct any instructions, claims or enquiries in relation to the Standard Contractual Clauses to such contracting entity. If AlphaGeo cannot comply with its obligations under the Standard Contractual Clauses or is breach of any warranties under the Standard Contractual Clauses or UK Addendum (as applicable) for any reason, and you intend to suspend the transfer of European Data to AlphaGeo or terminate the Standard Contractual Clauses ,or UK Addendum, you agree to provide us with reasonable notice to enable us to cure such non-compliance and reasonably cooperate with us to identify what additional safeguards, if any, may be implemented to remedy such non-compliance. If we have not or cannot cure the non-compliance, you may suspend or terminate the affected part of the Subscription Service in accordance with the Agreement without liability to either party (but without prejudice to any fees you have incurred prior to such suspension or termination).

(C) Alternative Transfer Mechanism. In the event that AlphaGeo is required to adopt an alternative transfer mechanism for European Data, in addition to or other than the mechanisms described in sub-section (B) above, such alternative transfer mechanism will apply automatically instead of the mechanisms described in this DPA (but only to the extent such alternative transfer mechanism complies with European Data Protection Laws), and you agree to execute such other documents or take such action as may be reasonably necessary to give legal effect such alternative transfer mechanism.

9. Additional Provisions for California Personal Information

a. Scope. The ‘Additional Provisions for California Personal Information’ section of the DPA will apply only with respect to California Personal Information.

b. Roles of the Parties. When processing California Personal Information in accordance with your Instructions, the parties acknowledge and agree that you are a Business, and we are a Service Provider for the purposes of the CCPA.

c. Responsibilities. We certify that we will Process California Personal Information as a Service Provider strictly for the purpose of performing the Subscription Services and Consulting Services under the Agreement (the “Business Purpose”) or as otherwise permitted by the CCPA, including as described in the “Usage Data” section of our Privacy Policy. Further, we certify we i) will not Sell or Share California Personal Information; (ii) will not Process California Personal Information outside the direct business relationship between the parties, unless required by applicable law; and (iii) will not combine the California Personal Information included in Customer Data with personal information that we collect or receive from another source (other than information we receive from another source in connection with our obligations as a Service Provider under the Agreement).

d. Compliance. We will (i) comply with obligations applicable to us as a Service Provider under the CCPA and (ii) provide California Personal Information with the same level of privacy protection as is required by the CCPA. We will notify you if we make a determination that we can no longer meet our obligations as a Service Provider under the CCPA.

e. CCPA Audits. You will have the right to take reasonable and appropriate steps to help ensure that we use California Personal Information in a manner consistent with Customer’s obligations under the CCPA. Upon notice, you will have the right to take reasonable and appropriate steps in accordance with the Agreement to stop and remediate unauthorized use of California Personal Information.

f. Not a Sale. The parties acknowledge and agree that the disclosure of California Personal Information by the Customer to AlphaGeo does not form part of any monetary or other valuable consideration exchanged between the parties.

10. General Provisions

a. Amendments. Notwithstanding anything else to the contrary in the Agreement and without prejudice to the “Compliance with Instructions” or “Security” sections of this DPA, we reserve the right to make any updates and changes to this DPA and the terms that apply in the “Amendment; No Waiver” section of the General Terms will apply.

b. Severability. If any individual provisions of this DPA are determined to be invalid or unenforceable, the validity and enforceability of the other provisions of this DPA will not be affected.

c. Limitation of Liability. Each party and each of their Affiliates’ liability, taken in aggregate, arising out of or related to this DPA (including any other DPAs between the parties) and the Standard Contractual Clauses, where applicable, whether in contract, tort or under any other theory of liability, will be subject to the limitations and exclusions of liability set out in the “Limitation of Liability” section of the General Terms and any reference in such section to the liability of a party means aggregate liability of that party and all of its Affiliates under the Agreement (including this DPA). For the avoidance of doubt, if AlphaGeo, Inc. is not a party to the Agreement, the “Limitation of Liability” section of the General Terms will apply as between you and AlphaGeo, Inc., and in such respect any references to “AlphaGeo,” “we,” “us” or “our” will include both AlphaGeo Global PTE LTD. and the AlphaGeo entity that is a party to the Agreement. In no event will either party’s liability be limited with respect to any individual’s data protection rights under this DPA (including any other DPAs between the parties and the Standard Contractual Clauses, where applicable) or otherwise.

d. Governing Law. This DPA will be governed by and construed in accordance with the ‘Contracting Entity; ‘Applicable Law; Notice’ sections of the Jurisdiction Specific Terms, unless required otherwise by Data Protection Laws.

11. Parties to this DPA

a. Permitted Affiliates. By signing the Agreement, you enter into this DPA (including, where applicable, the Standard Contractual Clauses) on behalf of yourself and in the name and on behalf of your Permitted Affiliates. For the purposes of this DPA only, and except where indicated otherwise, the terms “Customer,” “you” and “your” will include you and such Permitted Affiliates.

b. Authorization. The legal entity agreeing to this DPA as Customer represents that it is authorized to agree to and enter into this DPA for and on behalf of itself and, as applicable, each of its Permitted Affiliates.

c. Remedies. The parties agree that (i) solely the Customer entity that is the contracting party to the Agreement will exercise any right or seek any remedy any Permitted Affiliate may have under this DPA on behalf of its Affiliates, and (ii) the Customer entity that is the contracting party to the Agreement will exercise any such rights under this DPA not separately for each Permitted Affiliate individually but in a combined manner for itself and all of its Permitted Affiliates together. The Customer entity that is the contracting entity is responsible for coordinating all Instructions, authorizations and communications with us under the DPA and will be entitled to make and receive any communications related to this DPA on behalf of its Permitted Affiliates.

d. Other rights. The parties agree that you will, when reviewing our compliance with this DPA pursuant to the ‘Demonstration of Compliance’ section, take all reasonable measures to limit any impact on us and our Affiliates by combining several audit requests carried out on behalf of the Customer entity that is the contracting party to the Agreement and all of its Permitted Affiliates in one single audit.

Annex 1 – Details of Processing

A. List of Parties

Data exporter:

Name: The Customer, as defined in the AlphaGeo Customer Terms and Conditions (on behalf of itself and Permitted Affiliates)

Address: The Customer’s address, as set out in the Order Form

Contact person’s name, position and contact details: The Customer’s contact details, as set out in the Order Form and/or as set out in the Customer’s AlphaGeo Account

Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer’s use of the AlphaGeo Services under the AlphaGeo Customer Terms and Conditions

Role (controller/processor): Controller (either as the Controller; or acting in the capacity of a Controller, as a Processor, on behalf of another Controller)

Data importer:

Name: AlphaGeo Global PTE LTD

Address: 101 Upper Cross Street, #05-16, People’s Park Centre, Singapore, 058357.

Contact person’s name, position and contact details: Mark Langan, Chief Operating Officer, AlphaGeo Global PTE LTD, 101 Upper Cross Street, #05-16, People’s Park Centre, Singapore, 058357.

Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer’s use of the AlphaGeo Services under the AlphaGeo Terms and Conditions

Role (controller/processor): Processor

B. Description of Transfer

Categories of Data Subjects whose Personal Data is Transferred

You may submit Personal Data in the course of using the Subscription Service, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:

Your Contacts and other end users including your employees, contractors, collaborators, customers, prospects, suppliers and subcontractors. Data Subjects may also include individuals attempting to communicate with or transfer Personal Data to your end users.

Categories of Personal Data Transferred

You may submit Personal Data to the Subscription Services, the extent of which is determined and controlled by you in your sole discretion, and which may include but is not limited to the following categories of Personal Data:

Contact Information (as defined in the General Terms).
Any other Personal Data submitted by, sent to, or received by you, or your end users, via the Subscription Service.

Sensitive Data transferred and applied restrictions or safeguards

The processing of Sensitive Data is subject to the scope limitations, restrictions, and safeguards mutually agreed upon by the parties, as reflected in the Agreement.

Frequency of the transfer

Continuous

Nature of the Processing

Personal Data will be Processed in accordance with the Agreement (including this DPA) and may be subject to the following Processing activities:

Storage and other Processing necessary to provide, maintain and improve the Subscription Services provided to you; and/or
Disclosure in accordance with the Agreement (including this DPA) and/or as compelled by applicable laws.

Purpose of the transfer and further processing

We will Process Personal Data as necessary to provide the Subscription Services pursuant to the Agreement, as further specified in the Order Form, and as further instructed by you in your use of the Subscription Services.

Period for which Personal Data will be retained

Subject to the ‘Deletion or Return of Personal Data’ section of this DPA, we will Process Personal Data for the duration of the Agreement, unless otherwise agreed in writing.

Annex 2 – Security Measures

We currently observe the Security Measures described in this Annex 2. All capitalized terms not otherwise defined herein will have the meanings as set forth in the General Terms. For more information on these security measures, please refer to AlphaGeo’s Security Overview available at https://alphageo.ai/security.

a) Information Security Policy

We maintain and adhere to an internal, written Information Security Policy. You can visit httsp://alphageo.ai/security, which provides an overview of our security standards.

b) Access Control

i) Preventing Unauthorized Product Access

Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors.

Physical and environmental security: We host our product infrastructure with multi-tenant, outsourced infrastructure providers. We do not own or maintain hardware located at the outsourced infrastructure providers’ data centers. Production servers and client-facing applications are logically and physically secured from our internal corporate information systems. The infrastructure providers’ physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications.

Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data.

Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set.

Application Programming Interface (API) access: Product APIs may only be accessed using private app tokens.

ii) Preventing Unauthorized Product Use

We implement industry standard access controls and detection capabilities for the internal networks that support its products.

Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the product infrastructure. The technical measures implemented differ between infrastructure providers and include Virtual Private Cloud (VPC) implementations, security group assignment, and traditional firewall rules.

Intrusion detection and prevention: We implement a Web Application Firewall (WAF) solution to protect hosted customer accounts and data. The WAF is designed to identify and prevent attacks against publicly available network services.

Static code analysis: Code stored in our source code repositories is checked for best practices and identifiable software flaws using automated tooling.

Endpoint Hardening: Endpoints are hardened in accordance with industry standard practice. Workstations are protected using anti-malware and endpoint detection & response tools, receiving regular definition and signature updates.

iii) Limitations of Privilege & Authorization Requirements

Privileged Access Management: Privileged access in our product environment is controlled, monitored, and removed in a timely fashion through “just in time access” (or “JITA”) controls. Non-personal accounts used for system access are stored in a secure vault with additional controls governing privilege elevation and account check out processes.

Product access: A subset of our employees have access to the products and to customer data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective customer support, product development and research, to troubleshoot potential problems, to detect and respond to security incidents and implement data security. Access is enabled through JITA requests for access; all such requests are logged. Employees are granted access by role, and reviews of high risk privilege grants are initiated daily. Administrative or high risk access permissions are reviewed at least once every six months.

c) Transmission Control

In-transit: We require HTTPS encryption (also referred to as SSL or TLS) on all login interfaces and for free on every customer site hosted on the AlphaGeo products. Our HTTPS implementation uses industry standard algorithms and certificates.

At-rest: We store user passwords following policies that follow industry standard practices for security. We take a layered approach of at-rest encryption technologies to ensure Customer data and Customer-identified Permitted Sensitive Data are appropriately encrypted.

d) Incident Management, Logging, and Monitoring

Incident Response Plan: We maintain a written Incident Response Plan and other necessary processes and procedures to fulfill the standards and obligations reflected therein.

Detection: We designed our infrastructure to log extensive information about the system behavior, traffic received, system authentication, and other application requests. Internal systems aggregate log data and alert appropriate employees of malicious, unintended, or anomalous activities. Our personnel, including security, operations, and support personnel, are responsive to known incidents.

Response and tracking: We maintain a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, we will take appropriate steps to minimize product and Customer damage or unauthorized disclosure. Notification to you will be in accordance with the terms of the Agreement.

e) Availability Control

Infrastructure availability: The infrastructure providers use commercially reasonable efforts to ensure a minimum of 99.95% uptime. The providers maintain a minimum of N+1 redundancy to power, network, and heating, ventilation and air conditioning (HVAC) services.

Fault tolerance: Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Customer data is backed up to multiple durable data stores and replicated across multiple availability zones.

Online replicas and backups: Where feasible, production databases are designed to replicate data between no less than 1 primary and 1 secondary instance. All databases are backed up and maintained using at least industry standard methods.

Disaster Recovery Plans: We maintain and regularly test disaster recovery plans to help ensure availability of information following interruption to, or failure of, critical business processes.

Our products are designed to ensure redundancy and seamless failover. The server instances that support the products are also architected with a goal to prevent single points of failure. This design assists our operations in maintaining and updating the product applications and backend while limiting downtime.

f) Vulnerability Management Program

Vulnerability Remediation Schedule: We maintain a vulnerability remediation schedule aligned with industry standards. We take a risk-based approach to determining a vulnerability’s applicability, likelihood, and impact in our environment.

Vulnerability scanning: We perform daily vulnerability scanning on our products using technology and detection standards aligned with industry standards.

Penetration testing: We maintain relationships with industry-recognized penetration testing service providers for penetration testing of both the AlphaGeo web application and internal corporate network infrastructure at least annually. The intent of these penetration tests is to identify security vulnerabilities and mitigate the risk and business impact they pose to the in-scope systems.

g) Personnel Management

We staff qualified personnel to develop, maintain, and enhance our security program. We train all employees on security policy, processes, and standards relevant to their role and in accordance with industry practice.

Background checks: Where permitted by applicable law, AlphaGeo employees undergo a third-party background or reference check. In the United States, employment offers are contingent upon the results of a third-party background check. All AlphaGeo employees are required to conduct themselves in a manner consistent with company guidelines, non-disclosure requirements, and ethical standards.

Annex 3 – Sub-Processors

To help AlphaGeo deliver the Subscription Service, we engage Sub-Processors to assist with our data processing activities:

1. Infrastructure Sub-Processors

To help AlphaGeo deliver the Subscription Service, we engage Sub-Processors to support our infrastructure. By agreeing to the DPA, you agree all of these Sub-Processors may have access to Customer Data.

Third Party Sub-Processor

Purpose

Applicable Service

US Data Center Sub-Processor Location: United States

EU Data Center Sub-Processor Location: EU or Other

Asia Pacific Data Center Sub-Processor Location: APAC or Other

Amazon Web Services, Inc.

Hosting & Infrastructure

Used as an on-demand cloud computing platform and API

Not in use

Singapore

Snowflake, Inc.

Infrastructure

Data warehouse solution which serves as the repository of data.

N/A

2. Business Operations Sub-Processors

To help AlphaGeo deliver the Subscription Service, we engage Sub-Processors to support our general business operations. By agreeing to the DPA, you agree all of these Sub-Processors may have access to Customer Data.

HubSpot	Customer relationship management	Customer contact data handling	(AWS) United States East Region	(AWS) Germany Region	N/A
Microsoft Inc	Cloud hosting provider	Chat and file storage	Various	Various	Various
Stripe, Inc.	Payment Processor	Used to support Commerce Hub products and services	Various	N/A	N/A
Xero	Accounting Software	Used for customer/ client invoicing	(AWS) United States East Region	N/A	N/A
Google Analytics	Analytics service	Advertising data processing	Various	Various	Various
GitHub	Developer platform	Code storage and management	Various	Various	Various

3. AlphaGeo Global PTE LTD Affiliate Sub-Processors

To help AlphaGeo deliver the Subscription Service, we engage AlphaGeo Affiliates as Sub-Processors to assist with our data processing activities. By agreeing to the DPA you agree all of these Sub-Processors may have access to Customer Data.

AlphaGeoSub-Processor	Purpose	Location
AlphaGeo USA LLC	Services & Support	United States
AlphaGeo Singapore Ptd Ltd	Services & Support	Singapore

Legal Items & Disclosures

Annex 1 – Details of Processing

Annex 2 – Security Measures

Annex 3 – Sub-Processors

Contact Us

resources

newsletter