Privacy Policy

Aravest Personal Data Protection Policy

This Personal Data Protection Policy (“Policy”) outlines how Aravest Pte. Ltd. and its subsidiaries (collectively referred to as the “Aravest Group” or “Aravest”) manage your Personal Data (as defined below). We encourage you to read this Policy carefully to understand the purposes for which we collect, use, and disclose your Personal Data.

Applicability of Country-Specific Addendum

Depending on the country where your Personal Data is collected, used, disclosed, or processed, different country-specific addendum may apply. If your Personal Data is managed by us in a specific country, please review the relevant appendix applicable to you, as these terms supplement and form an integral part of this Policy. Note that there is no country-specific addendum for Singapore.

Please refer to the Appendices for the country-specific addendums for Korea and Australia.

Security Measures

The security of your Personal Data is crucial to us. We have implemented reasonable measures to protect your data from unauthorised access, disclosure, and similar risks. Access to your Personal Data is restricted to the relevant parties who need it for purposes specified in this Policy.

Consent and Interaction

By interacting with us — whether through email, phone, accessing Aravest websites, intranet, or portals, or submitting information — you consent to our collection, use, disclosure, and sharing of your Personal Data with our group companies, authorised service providers and relevant third parties as outlined in this Policy. If you do not agree with this Policy, please refrain from using Aravest websites, intranet, or portals.

Updates and Changes

Aravest may update this Policy from time to time to reflect future developments, industry trends, or changes in legal or regulatory requirements. By continuing to use our services, you agree to be bound by the updated terms.

Definitions and Collection of Personal Data

Personal Data refers to any data or information about you from which you can be identified either (a) from that data alone; or (b) from that data combined with other information.

Examples of such Personal Data which you may provide us include (depending on the nature of your interaction with us):

  1. your name, national registration identification number, passport number or other identification number, telephone number(s), mailing address, email address, facial image in a photograph or video recording, fingerprint and any other information relating to you which you have provided us in any form you may have submitted to us, or in other forms of interaction with you11;
  2. information about your use of our websites and services, including cookies, IP addresses, subscription account details and membership details;
  3. your employment history, education background, and income levels; and
  4. your payment related information, such as your bank account or card information, and your credit history.

Personal Data Collection

Generally, we collect, use, disclose, and process Personal Data in the following ways:

  1. when you submit forms or applications relating to any of our services, or submit any online queries, requests or feedback to us;
  2. when you interact with any of our staff, for example, via face-to-face meetings, business interactions in events, telephone calls, letters, online forms, social media platforms and emails;
  3. when you request that we contact you;
  4. when you are a representative of an organization or entity that is a client, vendor or service provider of Aravest Group, and that organization or entity provides us with your Personal Data.
  5. when you respond to our request for additional Personal Data;
  6. when you ask to be included in an email or other mailing list;
  7. when you respond to our market surveys;
  8. when you submit a job application;
  9. when we receive references from business partners and third parties, for example, where you have been referred by them; and
  10. when you submit your Personal Data to us for any other reason.

Purposes for the Collection, Use, Disclosure and Processing of Your Personal Data

Aravest Group typically collects, uses, discloses, and processes your Personal Data for the following purposes:

  1. facilitating investments, asset transactions (such as mergers, acquisitions or asset sales), fund raising, fund formations and other business agreements;
  2. addressing your queries, requests, and complaints;
  3. managing Aravest Group’s infrastructure and business operations, adhering to internal policies and procedures, and providing you with access to websites, systems, and infrastructure;
  4. matching any Personal Data we hold about you for any of the purposes listed here;
  5. verifying your identity and conducting background checks, as allowed by law and due diligence;
  6. conducting data analytics to improve systems and processes, manage risks and fraud, comply with regulatory requirements, gain investment insights, and enhance human resources processes;
  7. resolving disputes, preventing, detecting, and investigating non-compliance with laws, regulations, and internal corporate policies, including fraud and financial crimes, and managing other commercial risks and operational risks related to Aravest Group’s activities;
  8. protecting and enforcing our contractual and legal rights and obligations;
  9. conducting audits, reviews, and analyses of our internal processes;
  10. fulfilling Aravest Group’s legal, contractual, or regulatory obligations, including complying with laws, regulations, rules, codes of practice, or guidelines, and assisting law enforcement and investigations by relevant authorities;
  11. sharing certain such information within group companies for the purpose of providing higher value-adding services and products to customers; and
  12. any purposes reasonably related to the above.

The above purposes are not exhaustive, and depending on the nature of your relationship with us, we may collect, use and disclose your Personal Data for additional purposes which you will be notified of, in accordance with applicable terms and conditions.

Disclosure of Personal Data

Aravest will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed to the parties listed below (whether located in your local jurisdiction or overseas), for the purposes listed above (where applicable) to:

  1. other members of Aravest Group;
  2. professional advisors, third parties, agents or independent contractors that provide services to any member of Aravest Group (such as IT systems providers, platform providers, financial advisors, brokers, consultants (including lawyers and accountants));
  3. goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them), intermediaries, brokers, and other individuals and entities that partner with us;
  4. competent authorities (including any national and/or international regulatory or enforcement body, agency, court or other form of tribunal or tax authority) or their agents where Aravest Group is required or allowed to do so under applicable law or regulation;
  5. a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Aravest Group’s business, properties or assets under management, or any associated rights or interests, or to acquire a business or enter into a merger with it;
  6. credit reference agencies or other organizations that help us to conduct anti-money laundering and anti-terrorist financing checks and to detect fraud and other potential criminal activity;
  7. any person to whom disclosure is allowed or required by local or foreign law, regulation, or any other applicable instrument; and/or
  8. any other party to whom you authorise us to disclose your Personal Data.

Contact Us

For questions or feedback regarding your Personal Data or this Policy, or to withdraw consent or request access/corrections to your data, please contact:

  • To: Data Protection Officer
  • Email: dpo@aravest.com
  • Phone: +65 6317 6088

If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, Aravest may not be in a position to administer or comply with the relevant contractual agreement or arrangement in place. This may also adversely impact and affect your employment relationship or other agreements or arrangements with Aravest Group. Aravest’s legal rights and remedies in such event are expressly reserved.

Governing Law

This Policy is governed by the laws of Singapore.

Appendix I

Korea Addendum

We, ARA Korea Limited (the “Company”), place great importance on protecting the personal data of data subjects and disclose this privacy policy in accordance with Article 30 (Establishment and Disclosure of Privacy Policy) of the Personal Information Protection Act (“PIPA”) and Article 31 (Contents and Disclosure Method of Privacy Policy) of its Enforcement Decree.

  1. Purposes of Personal Information Processing
    1. Website Account Registration and Management
      We process personal information for purposes such as website account (membership) registration, usage of member-based services, identity verification under a limited real-name system, personal identification, prevention of unauthorized or fraudulent use, confirmation of account sign-up intent, verifying legal guardian consent when collecting personal data of children under 14, subsequent verification of the legal guardian, dispute resolution, handling of complaints, and providing necessary notifications.
    2. Development of New Services and Use for Advertising
      We process personal information for the development of new services, provision of customized services, display of advertisements based on demographic characteristics, assessment of service effectiveness, and generation of usage statistics regarding our services.
    3. Employee Recruitment and Human Resources Management
      We process personal information for employee recruitment, HR management, and other related purposes.
  2. Retention and Use Periods of Personal Information
    1. Website Account Registration and Management
      Personal information collected for website account (membership) registration and management is retained and used from the date of registration until the account is deactivated. After deactivation, such information is retained and used solely for the handling of accidents or investigations related to Section I, dispute resolution, responding to inquiries or complaints, and fulfilling legal obligations.
    2. New Service Development and Advertising
      Personal information collected for the development of new services and advertising is retained and used from the date consent is given until such consent is withdrawn. After consent withdrawal, the information is retained and used only for handling accidents or investigations related to Section I, dispute resolution, inquiries or complaints, and fulfilling legal obligations.
    3. Officers and Employees
      Even after the resignation of officers and employees, personal information is retained and used exclusively for accident prevention, investigations, dispute resolution, complaint handling, and compliance with legal obligations.
  3. Provision of Personal Information to Third Parties
    In principle, the Company processes personal information within the scope of the purposes specified in Section I and does not process it beyond that scope or provide it to third parties without the data subject’s prior consent. However, personal information may be used beyond its original scope or provided to third parties under the following circumstances, except where such disclosure might unduly infringe on the interests of the data subject or any third party:
    1. where the data subject has given prior consent to the disclosure or provision to third parties;
    2. where special provisions exist in other laws;
    3. where it is impossible to obtain prior consent due to the data subject’s inability to express intent or an unknown address, and it is clearly necessary for the urgent protection of life, body, or property of the data subject or a third party; or
    4. where the information is provided in a form that prevents identification of any individual, for purposes including statistics or academic research.
  4. Outsourcing of Personal Information Processing
    When entering into outsourcing agreements for personal information processing, the Company explicitly stipulates compliance with data protection laws, prohibition against unauthorized third-party provision of personal information, and allocation of responsibilities. These agreements are supervised and kept on record in written or electronic format.
  5. Rights of Data Subjects and Exercise Methods
    1. Data subjects may at any time exercise the following rights related to personal information protection:
      1. request to access personal information
      2. request correction if there are any inaccuracies
      3. request deletion
      4. request suspension of processing, etc.

        The exercise of these rights may be made through written requests, email, or fax to the Company. The Company shall respond without undue delay.
    2. The above rights may also be exercised by a data subject’s legal representative (in the case of a child under 14 or an authorized agent. In such cases, a power of attorney must be submitted.
    3. Notwithstanding Section V.1(i) and Section V.1(iii), the Company may refuse requests for access or suspension of processing if any of the following applies, after informing the data subject:
      1. where it is unavoidable for the purpose of complying with legal obligations or where special provisions exist in law;
      2. where there is a concern that another individual’s life or body could be harmed, or another individual’s property and other interests might be unfairly infringed; or
      3. where it becomes difficult to fulfill a contract (e.g., provide agreed services) if personal information is not processed, and the data subject has not clearly indicated their intention to terminate the contract.
  6. Categories of Personal Information Processed
    1. Minimum Necessary Information
      Pursuant to Section I, the Company collects only the minimum personal information necessary.
      Required Information: Name, Resident Registration Number (or date of birth), email address, contact details, address
    2. Automatically Collected Information
      While using the Company’s website, information such as IP addresses, cookies, service usage records, visitation logs, and records of misuse may be automatically collected.
    3. Sensitive Information
      In principle, the Company does not collect sensitive information that may infringe on the privacy of data subjects. If necessary, we obtain separate explicit consent for such collection and use it only for the purposes agreed upon.
    4. Collection Methods
      • Website, paper forms, fax, telephone, email
      • Collection via information-generating tools
  7. Destruction of Personal Information
    1. The Company shall, without delay, destroy personal information once the retention period has expired or the purpose of processing has been achieved, rendering the information unnecessary.
    2. Notwithstanding the above, if personal information must be continuously stored under the proviso clauses described in Section II, the Company may transfer the relevant data to a separate database (DB) or store it in a different physical location.
    3. Personal information stored in electronic file formats is irreversibly deleted so as not to be recoverable, and paper documents containing personal information are shredded or incinerated.
  8. Security Measures
    To prevent the loss, theft, leakage, alteration, or damage of personal information, the Company implements the following security safeguards:
    1. Administrative Measures: Internal management plan establishment and implementation, staff training, etc.
    2. Technical Measures: Management of access rights to personal information systems, encryption of unique identifiers, installation of security software.
    3. Physical Measures: Restricted access to computer rooms, data storage rooms, etc.
  9. Personal Information Protection Officer
    1. Data Protection Officer
      • Title: Compliance Officer
      • Name: Yuri Seo
    2. Personal Information Protection Department
      • Email: Chaewon.lim@aravest.com
      • Phone: +82 (2) 6956-1739

Governing Terms in Relation to Aravest Personal Data Protection Policy

In relation to personal data collected, processed and managed by the Company, where there is any inconsistency or conflict between this Korea Addendum and the Aravest Personal Data Protection Policy (the “Policy”), the terms of this Korea Addendum shall prevail to the extent of such inconsistency. Unless otherwise defined in this Korean Addendum, capitalized terms shall have the same meanings as those ascribed to them in the Policy.

Appendix II

Australia Addendum

We, Aravest Australia, place great importance on protecting the personal data of data subjects and disclose this privacy policy in accordance with the Privacy Act 1988 (Cth) including the Australian Privacy Principles in relation to dealings with all persons for which Aravest Australia acts as manager.

What Personal information is collected?

Aravest Australia will collect, use and store personal information that you provide in any manner to facilitate management services. Information may also be obtained through third parties.

However, we will only collect personal information about you that is reasonably necessary to enable us to provide the product or service that you require, or that we are required by law to collect.

The types of personal information we may collect include:

  • Name
  • e-mail, residential and postal address
  • date of birth
  • contact details
  • occupation
  • country of residence
  • bank account details
  • financial details
  • government identifiers such your Tax File Number (TFN)

How is it used?

The purposes for which Aravest Australia will use your personal information will depend upon the relationship that you have with Aravest Australia. In most circumstances your personal information will be used to:

Provide you with a financial or related service;

  • Monitor the quality of the service that we provide to you;
  • Improve, enhance and further our services; or
  • Comply with regulatory or legal requirements.

These laws and regulations include, but are not limited to, the Corporations Act 2001 (Cth), the Proceeds of Crime Act (1987), Financial Transaction Reports Act 1988 and the Anti-Money Laundering & Counter-Terrorism Act 2006.

How is it stored?

Your personal information will be stored in a secure environment in writing, electronically or both. You may obtain further details on the exact nature of where and how your information is stored by contacting our Privacy Officer whose details are provided below. With the exceptions detailed within this policy, your information will only be available to Aravest Australia employees on a need-to-know basis in order to perform their obligations and duties.

How can you access it?

Should you wish to know what personal information Aravest Australia holds on you, you may request to view this information by contacting our Privacy Officer:

  • Title: Compliance Manager
  • Name: Kristy.lee@aravest.com

The Privacy Officer will promptly investigate your privacy enquiry and provide you with appropriate answers where required. We may charge a reasonable fee for access to this information. Should you discover that any information is outdated, incorrect or incomplete you may request to have the personal information corrected and Aravest Australia will promptly update its records. You may also contact the Privacy Officer if you have any questions on our compliance with the Privacy Act 1988 (Cth) or if you wish to make a complaint about our handling of your personal information.

To whom might it be disclosed?

Any regulatory body which regulates Aravest Australia eg. ASIC, ATO, AUSTRAC;

  • Third party service providers eg. IT suppliers, compliance consultants, software providers (all reasonable steps are taken to ensure the security of personal information if disclosed to a third party); and
  • Any related bodies corporate of Aravest Australia.

Is sensitive personal information collected?

Generally Aravest Australia will not collect sensitive personal information. Sensitive personal information is information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, or health information.

Additional information

Further information on privacy in Australia may be obtained by visiting the website of the Office of the Australian Information Commissioner at: http://www.oaic.gov.au/

Governing Terms in Relation to Aravest Personal Data Protection Policy

In relation to personal data collected, processed and managed by Aravest Australia, where there is any inconsistency or conflict between this Australia Addendum and the Aravest Personal Data Protection Policy (the “Policy”), the terms of this Australia Addendum shall prevail to the extent of such inconsistency. Unless otherwise defined in this Australia Addendum, capitalized terms shall have the same meanings as those ascribed to them in the Policy.

  1. Under the Singapore Personal Data Protection Act 2012 (PDPA), information business contact information (including your name, designation, business telephone number/address/email address/fax number and any other similar information) is not covered under the data protection obligations of the PDPA.   ↩︎