1. About this policy
This privacy policy applies to Altstake Pte. Ltd. (operating as RockX) and affiliated organizations that have adopted this policy. It outlines how personal data is collected, used, disclosed, and processed when individuals access RockX applications and services.
- Personal data collection requires consent or a lawful basis.
- The policy covers our websites, mobile apps, and web-based applications.
- Cross-jurisdictional data transfers are permitted under this policy.
- Third-party websites linked from RockX are governed by their own privacy policies.
Individuals with concerns about their data can contact our Data Protection Officer via our contact page. Individuals to whom the GDPR applies may lodge complaints with their European supervisory authority.
2. Amendments to this privacy policy
RockX reserves the right to amend this policy without prior notice. Updated versions supersede earlier versions and apply retroactively. Significant changes affecting user rights will be communicated via prominent website notices or by email where available.
3. What personal data we collect
Personal data means information identifying a natural person, such as names, addresses, contact details, identification numbers, financial information, transactional data, and images.
Collection occurs through:
- Voluntary user provision
- Third-party sources
- Digital technologies and service usage
Users may decline to provide data, though this may prevent service fulfillment. When providing the personal data of others, users must confirm those individuals have consented and accepted this policy. Users are responsible for the accuracy and completeness of their information. Our applications are not intended to be accessed or used by children, minors, or persons who are not of legal age.
4. How we collect personal data
Personal data collection channels include:
- Account registration
- Application access and usage
- Third-party authorization
- Contractual agreements
- Communications (email, phone, social media, face-to-face)
- Event attendance
- Mailing list enrollment
Third-party sources for data collection include authorized providers, business partners, family and friends, and public agencies.
5. What we do with your personal data
Lawful basis for processing
- Voluntary user provision
- User consent
- Legal or regulatory compliance
- Legitimate business interests
- Transaction or service performance
General purposes include transaction facilitation, application usage support, business asset transactions, customer communications, dispute resolution, administrative functions, product development, security protection, regulatory compliance, and third-party management.
Legitimate business interests include relationship management, corporate restructuring, policy compliance, rights protection, terms enforcement, investor relations, and business acquisition support.
Marketing uses require explicit consent. Users may withdraw consent at any time. Law enforcement requests may authorize processing without user knowledge or consent. Personal data relevant to an investigation is retained until resolution.
6. Use of automated data collection technologies
Cookie types and uses
- Session cookies: store temporary identifiers, deleted when the browser closes.
- Persistent cookies: remember user preferences.
- Third-party cookies: placed by external parties across multiple sites.
Cookie purposes
- Strictly necessary (essential functionality)
- Functionality (preference remembrance)
- Performance and analytics (usage improvement via Google Analytics)
- Targeting and advertising (personalized ads)
- Social media (content sharing)
Users can refuse or delete cookies through browser settings, though this may limit feature access. Mobile users can enable “do not track” through device settings. A Google Analytics opt-out is available at the designated link. Other tracking technologies include social widgets and local shared objects (flash cookies).
7. Disclosure of personal data
Personal data may be disclosed to:
- Related parties providing services
- Third-party service providers (technology, insurance, professional services)
- Third parties fulfilling user-requested products or services
- Marketing and cross-promotion partners
- Government and law enforcement authorities
- Prospective business purchasers
- Legal claim defendants
Contracts with third parties ensure data protection consistent with applicable laws.
8. Transfer of personal data to other countries
RockX transfers personal data across jurisdictions to support the stated purposes. International transfers maintain protection levels no less stringent than the originating jurisdiction. EU transfers use Model Clauses or EU Commission adequacy decisions where required by law.
9. Security and retention of personal data
RockX takes reasonable precautions to safeguard data but disclaims liability for unauthorized access beyond its control, including hacking or cybercrime. No warranties guarantee that systems are safe from malware or that data transmission is secure.
Personal data is retained for the fulfillment of purposes and legal obligations (including litigation limitation periods). Data may be retained longer where legally required. Anonymized data may be retained and used without restriction.
10. Your rights
Depending on your jurisdiction, you may exercise rights including:
- Access: obtain copies of personal data held about you.
- Correction: request correction of inaccurate data.
- Erasure: request deletion of data under certain circumstances.
- Restriction: withdraw consent or suspend processing.
- Portability: request transfer of data to other parties.
- Objection: challenge processing based on legitimate interests.
Requests should be directed to our Data Protection Officer via our contact page. Processing fees may apply where permitted by law. RockX may refuse requests (such as erasure for claim-related data) or continue processing based on compelling legitimate grounds.
