Privacy Policy

Last updated: January 1, 2020

Introduction

exA-Arcadia PTE. LTD. operates this website, ordering system, customer support channels, products, services, content, features, tools, and related online and offline business operations in order to provide our customers, business purchasers, consumers, distributors, operators, and other users with access to our products and related services (collectively, the “Services”).

This Privacy Policy describes how exA-Arcadia PTE. LTD. (“Company”, “we”, “us”, or “our”) collects, uses, discloses, transfers, stores, protects, and otherwise processes personal information when you visit, access, use, purchase from, communicate with, or otherwise interact with the Services.

Payment transactions are processed through Stripe and related payment infrastructure providers. Stripe may process payment-related personal information in accordance with its own terms and privacy notices.

If there is any inconsistency between our Terms of Service and this Privacy Policy concerning the collection, use, disclosure, transfer, retention, protection, or other processing of personal information, this Privacy Policy controls to the extent of that inconsistency.

Please read this Privacy Policy carefully. By using or accessing the Services, placing an order, creating an account, making payment, requesting support, or otherwise communicating with us, you acknowledge that you have read this Privacy Policy and understand how we collect, use, disclose, transfer, store, and otherwise process personal information as described in this Privacy Policy.

Scope and Applicable Privacy Laws

We are a Singapore-domiciled company and process personal information in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”) where applicable. Depending on where you are located, additional privacy, data protection, electronic communications, consumer protection, or similar laws may apply to certain processing activities.

Nothing in this Privacy Policy is intended to limit rights that cannot lawfully be limited under applicable privacy or data protection law. Where a right or obligation applies only in certain jurisdictions or circumstances, we will apply it only to the extent required by applicable law.

For the purposes of applicable data protection laws, exA-Arcadia PTE. LTD. is generally the organization responsible for the personal information it collects and processes in connection with the Services, except where another party, such as Stripe, independently determines the purposes and means of its own processing.

Personal Information We Collect or Process

When we use the term “personal information”, we mean information that identifies, relates to, describes, can reasonably be associated with, or can reasonably be linked to an identifiable individual. Personal information does not include information that has been anonymized, de-identified, aggregated, or otherwise processed so that it cannot reasonably identify or be linked to an individual.

Depending on how you interact with the Services, where you are located, the type of transaction involved, and what is permitted or required by applicable law, we may collect or process the following categories of personal information:

  • Contact details, including name, company name, billing address, shipping address, email address, telephone number, and other contact information.
  • Business purchaser information, including business name, trade name, company registration details, tax details, business address, role or title, commercial contact information, distributor or operator status, and other information used to assess purchaser classification or commercial eligibility.
  • Payment and transaction information, including order numbers, transaction identifiers, payment confirmation, payment status, fraud review information, chargeback or dispute status, billing details, shipping details, and payment method metadata. Full payment card numbers are processed by Stripe or other payment infrastructure providers and are not intentionally stored by us outside tokenized or processor-managed systems.
  • Account information, including username, password or password hash, authentication information, account preferences, account settings, saved addresses, order history, and security information.
  • Order and product interaction information, including items viewed, added to cart, ordered, purchased, returned, replaced, exchanged, canceled where permitted, or otherwise requested, as well as product compatibility inquiries and support history.
  • Communications with us, including information you provide in emails, support tickets, forms, telephone calls, messages, warranty or service inquiries, dispute communications, legal notices, and other correspondence.
  • Device and technical information, including IP address, browser type, operating system, device identifiers, network connection information, approximate location inferred from IP address, log files, diagnostic data, and other technical identifiers.
  • Usage information, including information about how and when you interact with or navigate the Services, pages viewed, links clicked, session information, referring pages, timestamps, feature usage, and related analytics information.
  • Security, fraud prevention, and compliance information, including risk signals, order verification data, anti-fraud checks, sanctions or denied-party screening results where applicable, chargeback records, suspicious activity indicators, and records used to protect the Services, our customers, and our business.
  • Information required by law or reasonably necessary for dispute handling, regulatory compliance, tax, accounting, audit, legal, export control, customs, or recordkeeping purposes.

Sources of Personal Information

We may collect personal information from the following sources:

  • Directly from you, including when you create an account, place an order, make payment, communicate with us, request support, submit forms, provide business verification details, or otherwise provide information to us.
  • Automatically through the Services, including from your device, browser, network connection, cookies, pixels, tags, log files, and similar technologies when you access or use the Services.
  • From payment processors and payment infrastructure providers, including Stripe, when they provide transaction status, payment confirmation, fraud review, dispute, chargeback, refund, or payment-related information to us.
  • From shipping, logistics, fulfillment, customs, or delivery providers when they provide delivery, tracking, address, customs, return, or shipment-related information.
  • From service providers, contractors, and vendors who support hosting, security, analytics, customer support, communications, fraud prevention, accounting, legal compliance, or operational functions.
  • From business partners, distributors, operators, or other third parties where they provide information relevant to orders, support, purchaser classification, fraud prevention, compliance, fulfillment, or business operations.
  • From public sources, government records, sanctions lists, business registries, or other sources where reasonably necessary for verification, compliance, fraud prevention, dispute handling, or enforcement of our rights.

How We Use Personal Information

Depending on how you interact with us and which Services you use, we may use personal information for the following purposes:

Provide, operate, tailor, and improve the Services. We use personal information to provide the Services, perform our contract with you, process orders, process payments through Stripe, arrange fulfillment and shipping, maintain and manage accounts, remember preferences, provide product information, respond to inquiries, provide support, administer returns or remedies where applicable, and improve the functionality, reliability, and usability of the Services.

Order processing and commercial operations. We use personal information to confirm orders, classify purchasers, verify business purchaser status where relevant, evaluate eligibility, manage 100% prepayment transactions, issue invoices or receipts, manage lead times, coordinate shipping, manage customs information, and maintain transaction records.

Payment, security, and fraud prevention. We use personal information to authenticate users, process and verify payments, detect and prevent fraudulent, unauthorized, unsafe, abusive, or malicious activity, investigate chargebacks or payment disputes, enforce order restrictions, protect accounts, secure the Services, and protect our rights and the rights of other users.

Marketing and communications. We may use personal information to send administrative communications, order updates, support messages, product announcements, promotional communications, and other communications permitted by law. Where required, we will obtain consent before sending marketing communications, and you may opt out of promotional communications as described below.

Customer support and relationship management. We use personal information to respond to questions, troubleshoot issues, provide after-sales support, communicate about products or services, maintain business relationships, and keep records of communications.

Legal, compliance, and enforcement purposes. We use personal information to comply with applicable laws, regulations, legal processes, accounting obligations, tax obligations, customs requirements, export control obligations, sanctions screening, regulatory requests, law enforcement requests, audits, litigation, dispute resolution, and to enforce or investigate possible violations of our terms, policies, or rights.

Analytics and service improvement. We may use personal information and usage information to understand how the Services are used, measure performance, identify errors, improve user experience, enhance security, and develop or improve products and services.

Cookies and Similar Technologies

We may use cookies, pixels, tags, local storage, log files, and similar technologies to operate the Services, remember preferences, maintain sessions, authenticate users, support checkout, measure traffic, understand usage, detect fraud, improve security, and perform analytics.

You may be able to adjust browser settings to refuse or disable cookies. If you disable certain cookies or similar technologies, some parts of the Services may not function properly, including account login, checkout, fraud prevention, or security features.

How We Disclose Personal Information

We may disclose personal information to third parties for legitimate business, operational, legal, and compliance purposes, subject to this Privacy Policy and applicable law. Such disclosures may include:

  • Payment processors and payment infrastructure providers, including Stripe, for payment processing, authentication, fraud prevention, refunds, disputes, chargebacks, and transaction security.
  • Shipping, logistics, customs, fulfillment, and delivery providers to fulfill orders, deliver products, process returns where applicable, manage customs, and provide tracking or delivery services.
  • Service providers and contractors who provide hosting, infrastructure, security, analytics, customer support, communications, email delivery, fraud prevention, accounting, tax, audit, legal, or operational services.
  • Professional advisors, including lawyers, accountants, auditors, insurers, consultants, and other advisors where reasonably necessary for business, legal, compliance, risk management, or dispute purposes.
  • Government authorities, regulators, courts, law enforcement, customs authorities, dispute resolution bodies, or other parties where required or permitted by law, legal process, regulatory request, or to protect rights and safety.
  • Affiliates, successors, or parties involved in a business transaction, including merger, acquisition, financing, restructuring, sale of assets, insolvency, or similar corporate transaction.
  • Other third parties where you direct us, request us, authorize us, or consent to the disclosure.

Stripe and Payment Processing

Payment transactions are processed through Stripe and related payment infrastructure providers. Stripe may collect, use, disclose, transfer, store, and otherwise process payment-related personal information, including payment card information, billing information, transaction data, device information, fraud signals, and authentication information, in accordance with its own terms, privacy notices, and legal obligations.

We receive transaction-related information from Stripe, such as payment status, payment confirmation, transaction identifiers, dispute or chargeback status, refund status, fraud review information, and related payment metadata. We do not intentionally store full payment card numbers on our own systems outside tokenized or processor-managed systems.

Your use of Stripe or any payment method may be subject to separate terms, privacy notices, rules, and requirements of Stripe, payment networks, card issuers, banks, and other payment infrastructure providers.

Third-Party Websites and Links

The Services may contain links to websites, platforms, tools, services, or resources operated by third parties. If you follow links to third-party sites or services not controlled by us, you should review their privacy policies, security practices, and terms of use.

We do not control and are not responsible for the privacy, security, accuracy, completeness, reliability, or practices of third-party websites, platforms, or services. Our inclusion of a link does not imply endorsement of the third party, its content, its products, or its practices.

Children’s Data

The Services and our products are intended primarily for business, commercial, arcade operator, distributor, reseller, professional, and adult users. The Services are not intended for children, and we do not knowingly collect personal information from children under the age of majority in their jurisdiction.

If you are a parent or guardian and believe that a child has provided personal information to us, please contact us using the contact details below. Where required by applicable law, we will take reasonable steps to delete such information or otherwise handle it in accordance with applicable law.

Security of Personal Information

We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.

However, no method of transmission over the internet, electronic storage, payment processing, or online communication is completely secure. We cannot guarantee perfect security. You should avoid sending sensitive or confidential information through unsecured channels and are responsible for keeping your account credentials secure.

Retention of Personal Information

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, process orders, support transactions, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, preserve business records, and satisfy accounting, tax, audit, regulatory, or legal requirements.

The specific retention period may vary depending on the type of information, the purpose for processing, applicable legal requirements, dispute or chargeback risk, operational needs, and whether deletion, anonymization, or aggregation is appropriate.

Your Rights and Choices

Depending on where you live and which laws apply, you may have some or all of the following rights in relation to your personal information. These rights are not absolute, may apply only in certain circumstances, and may be subject to exceptions under applicable law:

  • Right to access or know personal information we hold about you.
  • Right to request correction of inaccurate or incomplete personal information.
  • Right to request deletion of personal information, subject to legal and operational exceptions.
  • Right to withdraw consent where processing is based on consent, subject to legal or contractual consequences.
  • Right to object to or restrict certain processing activities where applicable.
  • Right to data portability where applicable.
  • Right to opt out of certain marketing communications.
  • Right to complain to us or, where applicable, to a relevant data protection authority.

To exercise rights available to you, contact us using the details below. We may need to verify your identity and authority before responding. We may decline or limit requests where permitted by applicable law, including where compliance would conflict with legal obligations, fraud prevention, dispute handling, security, accounting, tax, or recordkeeping requirements.

Marketing Communications

We may send marketing or promotional communications where permitted by law. You may opt out of promotional emails by using the unsubscribe mechanism in the email or by contacting us.

If you opt out of promotional communications, we may still send non-promotional communications, such as order confirmations, payment notices, account notices, support messages, legal notices, security alerts, and transaction-related communications.

International Transfers

We may transfer, store, access, or process personal information outside Singapore, including where our service providers, payment processors, logistics providers, infrastructure providers, professional advisors, or other recipients are located outside Singapore.

Where personal information is transferred outside Singapore, we will take steps required by applicable law to ensure that the transferred information receives a standard of protection comparable to that required under the PDPA, where the PDPA applies. Depending on the circumstances, such steps may include contractual protections, due diligence on service providers, technical and organizational measures, or reliance on other legally recognized transfer mechanisms.

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with specific cross-border transfer requirements, we will apply applicable transfer safeguards where required by law.

Complaints

If you have questions or complaints about how we process personal information, please contact us using the contact details below. We will review and respond to complaints as required by applicable law.

Depending on where you live, you may also have the right to contact or lodge a complaint with your local data protection authority or regulator.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices, systems, service providers, legal obligations, operational needs, or regulatory requirements.

We will post the revised Privacy Policy on the Services, update the “Last updated” date, and provide notice where required by applicable law. Your continued use of the Services after the revised Privacy Policy is posted indicates that you have read and understood the updated Privacy Policy, subject to any additional consent requirements under applicable law.

Contact

If you have questions about this Privacy Policy, our privacy practices, or your rights, please contact:

exA-Arcadia PTE. LTD.
Singapore
Email: legal at exa.ac

For the purposes of applicable data protection laws, exA-Arcadia PTE. LTD. is the organization responsible for personal information processed under this Privacy Policy, except where a third party independently determines its own processing purposes and means.