Privacy Policy

Last updated: July 4, 2026

Introduction

This Privacy Policy is used to inform visitors and users regarding our policies with regard to the collection, use, and disclosure of personally identifiable information such as your name, e-mail address, shipping address, phone number, credit card information and other data, whether true or not, that identifies you as an individual ("Personal Data"); and governs the usage of our Site which comprises of https://www.tkdgroup.sg, https://tkfin.sg and https://banco.sg and its related sub-domains, social media pages and any related applications (including mobile applications) and includes their respective internet-based services, features, content, and functionality (the "Services"). We may add further websites and platforms to this Privacy Policy from time to time. By using the Site, accepting the Terms of Use, and/or making any use of the Services through the Site, you also agree to this Privacy Policy. If you do not agree to this Privacy Policy, you must not use the Site.

The terms "we," "us," "our," refer to TKNEST PTE. LTD., a wholly owned subsidiary of TKDigital Holdings Pte Ltd and our affiliates. We are committed to protecting your privacy and complying with the Personal Data Protection Act 2012 of Singapore, as amended from time to time (including by the Personal Data Protection (Amendment) Act 2020) ("PDPA"). Consequently, we will only collect, record, hold, store, disclose, transfer and use your Personal Data as outlined in this Privacy Policy.

01.What information do we collect?

We may collect and process the following information from you:

You are under no obligation to provide the information to us. However, if you choose to withhold the information or to revoke permission for us to receive the information, we may be unable to provide certain aspects of our Services to you.

NRIC and other national identification numbers

We collect and retain NRIC, FIN, passport or other national identification numbers only where required under applicable law, or where necessary to accurately verify your identity to a high degree of fidelity, in line with the PDPC's Advisory Guidelines on the PDPA for NRIC and Other National Identification Numbers. We do not use NRIC or FIN numbers as user IDs or passwords, or as a means of authenticating your identity for access to our Services.

Third Parties

By providing us with any information relating to a third party (e.g. information of your spouse, children, parents, customers and/or employees), you represent to us that you have obtained the consent of the third party to provide us with their information, and have ensured that the third party is aware of, understands and accepts the terms of this Privacy Policy for the respective purposes.

Other Data

We want to inform you that whenever you use our Services, data may be gathered through tracking of your online Service usage. For example, we may capture the IP address of the device you use to connect to the online service, the type of operating system and browser you use, and information about the site you came from, the parts of our online service you access, and the site you visit next. We or our third-party service providers may also use cookies, web beacons or other technologies to collect and store other information about your visit to, or use of, the Services. In addition, we may later associate the usage and other information we collect online with Personal Data about you. In case of an error in the Site, we may collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol ("IP") address, device name, operating system version, the configuration of the mobile application when utilizing our Service, the time and date of your use of the Service, and other statistics.

Legal Age

These Services do not address anyone under the age of 18. We do not knowingly collect Personal Data personally identifiable information from persons under 18 years old. In the case we discover that a person under 18 has provided us with Personal Data, we will immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us so that we will be able to carry out the necessary actions.

02.Your interactions with others

This Site is primarily an informational corporate website. Where features allow you to submit enquiries or otherwise interact with us or our group platforms, they are provided for that purpose. Please use common sense and exercise good judgement when sharing information.

We generally do not monitor or remove the information which you share and such information may remain available on our Services after your account has been deactivated, terminated or is otherwise closed. You are responsible for the information you choose to share on the Site.

03.How do we store, protect and retain your information?

We maintain control of your information and protect your information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Our security arrangements are reviewed on an ongoing basis and are designed to satisfy the Protection Obligation under section 24 of the PDPA.

We maintain a data breach management plan. If we have reason to believe that a data breach affecting your Personal Data has occurred, we will assess the breach expeditiously. Where the breach is assessed to be notifiable under Part 6A of the PDPA — that is, where it results in, or is likely to result in, significant harm to affected individuals, or is of a significant scale (affecting 500 or more individuals) — we will notify the Personal Data Protection Commission ("PDPC") as soon as practicable, and in any event no later than three (3) calendar days after completing that assessment, and will also notify affected individuals where the breach is likely to result in significant harm to them, unless an exception under the PDPA applies.

We retain Personal Data only for as long as it remains necessary for the purposes for which it was collected, or as otherwise required or permitted by applicable law (for example, record-keeping requirements under tax, accounting, financial services or anti-money-laundering rules). In accordance with the Retention Limitation Obligation under section 25 of the PDPA, we will cease to retain Personal Data, or anonymise it, as soon as it is reasonable to assume that retention no longer serves the purpose for which the data was collected and is no longer necessary for legal or business purposes.

04.How do we use your information?

We may use the information collected and received from you for the following purposes:

Where we send you marketing messages, we do so in accordance with the PDPA and the Spam Control Act 2007 of Singapore: each marketing email or message will identify us as the sender and contain a functioning unsubscribe facility, and we will give effect to unsubscribe requests within the statutory timeframe. Before sending specified messages (voice calls, text or fax messages) to a Singapore telephone number for marketing purposes, we will check the relevant Do Not Call registers maintained under Part 9 of the PDPA, unless we have your clear and unambiguous consent in written or other accessible form, or another applicable exemption applies.

05.Automated and AI-assisted processing

Some of our Services use artificial intelligence, machine learning and other automated systems to support recommendations, decisions and workflows. Where we use your Personal Data to develop, train, test, monitor or operate such systems, we do so in accordance with the PDPC's Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems, including by: relying on appropriate legal bases under the PDPA (such as consent, or the business improvement and research exceptions where applicable); using anonymised or de-identified data where practicable; and maintaining meaningful human oversight over outputs and decisions that could have a legal or similarly significant effect on you. You may contact our Data Protection Officer (see Section 12) for further information on how automated systems within our Services use Personal Data.

06.Sharing your information

We may share information about you in the following ways:

We respect your privacy and will not sell your Personal Data to any third party such as list brokers, mail-order businesses, or telemarketers. We may disclose data and aggregate statistics about users of our Services and sales to prospective partners, advertisers, sponsors and other reputable third parties in order to describe the Services, deliver targeted advertisements or for other lawful purposes, but these data and statistics will not include information which can be used to identify you.

07.Links to third party websites

We may provide links to websites that are owned or operated by other companies ("third-party websites"). When you use a link online to visit a third-party website, you will be subject to that website's privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use and security practices of the linked third-party website before providing any information on that website.

08.Transfer of information

By using the Services, you authorise us to use your information in Singapore and other countries where we operate for the purposes mentioned above. Where we transfer your Personal Data outside Singapore, we will comply with the Transfer Limitation Obligation under section 26 of the PDPA: we will only transfer Personal Data overseas where we have taken appropriate steps to ensure the recipient is bound by legally enforceable obligations (such as contractual safeguards, binding corporate rules or applicable certifications) to provide the transferred Personal Data a standard of protection comparable to that under the PDPA.

09.Tracking technologies

The Site uses tracking technologies on our Services. These enable us to understand how you use our Services which, in turn, helps us to provide and improve them. Some of the data collected through these technologies (such as IP addresses or device identifiers) may, alone or in combination with other data, constitute Personal Data; where it does, it will be handled in accordance with this Privacy Policy and the PDPA. Below are some examples of the tracking technologies used on our Services:

10.Accessing and updating your information

You can update your information through your account profile settings. If you believe that Personal Data we hold about you is incorrect, incomplete or inaccurate, you may request us to amend it.

Additionally, you may request access to any Personal Data that we hold about you at any time by contacting our Data Protection Officer at it@tkdgroup.sg. We will respond to access and correction requests as soon as reasonably possible. If we are unable to respond to an access request within thirty (30) days after receiving it, we will inform you in writing of the time by which we will be able to respond. We may charge you a reasonable fee to cover our administrative and other costs in responding to an access request, and will provide you with a written estimate of the fee beforehand. We will not charge for simply making the request and will not charge for making any corrections to your Personal Data.

There may be instances where we cannot grant you access to the Personal Data that we hold, or must refuse access, as provided for under the PDPA. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for the refusal as required under the PDPA.

11.Withdrawal of consent & complaints

You may withdraw any consent you have given (or are deemed to have given) for the collection, use or disclosure of your Personal Data at any time by giving us reasonable notice via our Data Protection Officer at it@tkdgroup.sg. Upon receiving your request, we will inform you of the likely consequences of the withdrawal (for example, that we may no longer be able to provide certain Services to you) and, unless an exception under the PDPA applies, will cease — and cause our data intermediaries and agents to cease — collecting, using or disclosing your Personal Data within a reasonable time.

If you have any complaint about our collection, use or disclosure of your Personal Data, please contact our Data Protection Officer first so that we can attempt to resolve the matter. If you are not satisfied with our response, you may lodge a complaint with the PDPC at www.pdpc.gov.sg.

12.Data Protection Officer

In compliance with section 11(3) of the PDPA, we have appointed a Data Protection Officer ("DPO") to oversee our data protection compliance and to make information about our data protection policies and practices available on request. Our DPO can be contacted at it@tkdgroup.sg (please mark your message "Attn: Data Protection Officer").

13.Visiting our Site from outside Singapore

This Privacy Policy is intended to cover collection and use of information on our Site within Singapore. If you are visiting our Site from outside Singapore, please be aware that your information may be transferred to, stored and processed in Singapore where our servers are located and our central database is operated. The data protection and other laws of Singapore and other countries might not be as comprehensive as those in your country. Please be assured that we seek to take reasonable steps to ensure that your privacy is protected. By using our Services, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.

14.European Union privacy rights

Under the General Data Protection Regulation (Regulation EU 2016/679) (also known as GDPR), if you are an individual protected by the GDPR you may have certain rights as a data subject. To request information about or avail yourself of those rights, please send an email to it@tkdgroup.sg with "GDPR Request" in the subject line. In the email please describe, with specificity, the GDPR right you are requesting assistance with. Please note additional information may be requested prior to initiation of a request and that we reserve the right to charge a fee with respect to certain requests. Upon completion of our review, you will be notified if your request has been granted, denied, or exemptions apply.

15.Changes to our Privacy Policy

We will occasionally update this Privacy Policy to reflect changes in our practices and Services. If we make any material changes in the way we collect, use, and/or share personal data that may impact you, we will notify you by sending an e-mail to the e-mail address you most recently provided us in your account, profile or registration (unless we do not have such an e-mail address), and/or by prominently posting notice of the changes on our Site. We recommend that you check our Site from time to time to inform yourself of any changes in this Privacy Policy or any of our other policies.