Privacy Statement

About Privacy

Covalent Capital currently operates in Singapore, China, Hong Kong, Australia and Europe and therein should comply with the data protection governance of these jurisdictions. 

In Singapore, the Personal Data Protection Act (PDPA) in place, governs the collection, use, and disclosure of personal data in the country. This includes but is not limited to obtaining consent from individuals before collecting, using or disclosing personal data unless an exception applies.

In Australia, the Privacy Act 1988, regulates the handling of personal information by Australian government agencies and private sector organizations. Additionally, the Australian Privacy Principles (APPs) provide the framework for the collection, use, storage, and disclosure of personal information.

In Hong Kong, the Personal Data (Privacy) Ordinance (PDPO) in place to regulate the collection, processing, and use of personal data

In Europe, the General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation that came into effect on May 25, 2018, in the European Union (EU). It imposes stringent requirements on businesses that collect, process, and handle personal data of EU residents. The regulation applies to both EU-based businesses and non-EU businesses that offer goods or services to EU residents or monitor their behavior.

Our Privacy Statement

The purpose of this article is to define Covalent Capital’s approach to complying with and defining the relevant disclaimers that are required on the platform to be compliant to data protection governance frameworks across Singapore, Australia, Hong Kong and Europe jurisdictions for Covalent Capital’s OMAS platform. 

OMAS is a full lifecycle platform for capital markets platform that offers real-time information, intelligent algorithms, advanced analytics and a powerful database that enables its users support through each stage of the new issue process.

Approach

The below steps define Covalent’s approach to ensuring compliance to these data protection governance frameworks for OMAS.

1. Data Mapping and Inventory:

Personal Data definition

Covalent Capital requires its users to provide these 4 fields (collectively “Personal Data) in order create, manage and enable specific features for a User’s account on OMAS,

  • Name
    This is required in order to associate the username to a natural person.
  • Corporate Email Address
    This is required as it is used as the username as well as to validate that the user is indeed from the Organization they say they are from. Emails generated by the platform are sent to this email address, including but not limited to, One Time Password and Forgot Password emails.
  • Mobile Phone Number
    This is required as it is used when the platform generates a One Time Password (OTP) for Forgot Password requests. The mobile number registered will be the recipient that will receive the OTP.
  • Role
    This is required as different roles provide the User with different features on the platform. It is also vital in order to maintain logical data separation between different User views.
  • Company
    This is required in order to record the actual Organization that the user has represented themselves to be.

2. Purpose and Use of collected Personal Data

This data will be provided by the users who would like to have an account on OMAS.  The purpose of collecting the data is to,

Data Attributes

Purpose

Name

  • Personalization of OMAS generated emails and to identify the account to a natural person/s
  • When required, allow the Covalent Capital technical support team to contact the users who might be facing issues while using the platform.

Corporate email address

  • Create a unique user account on the OMAS platform
  • When required and initiated by the User, the One Time Password (OTP) is sent to the corporate email address registered on the OMAS platform.
  • When required, allow the Covalent Capital technical support team to contact the users who might be facing issues while using the platform. 
  • When initiated, the OMAS platform sends a weekly newsletter to the users of the OMAS platform.

Mobile Phone Number

  • When required and initiated by the User, the One Time Password (OTP) is sent to the mobile phone number registered on the OMAS platform.
  • When required, allow the Covalent Capital technical support team to contact the users who might be facing issues while using the platform.

Role

  • Establishing the user’s role in the Organization is extremely crucial for Covalent Capital to embed restriction of views that is expected during a new bond issuance process.
  • When required, allow the Covalent Capital technical support team to contact the users who might be facing issues while using the platform.

Organization

  • Each user is mapped to an Organization in order define an Organization specific view for the user

Once the information is collected, the data resides in Covalent Capital’s database that resides in AWS cloud, specifically in the Singapore region but with multi zone redundancy.

3. Lawful Basis for Processing:

Covalent Capital processing of Personal Data is allowed by law. 

The legal basis for processing of Personal data for personalized services is Article 6 para. 1 lit. (b) of the GDPR permitting the processing of personal data for the purposes of the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request.

This contract is established by user’s consent for the Terms and Conditions of the OMAS service when the User signs up to the platform. Where available, this is further extended through the Terms and Conditions of the executed Service Agreements with Covalent Capital by the Organization that the user is employed with.

4. Consent Mechanism

By logging into or consenting to the Terms and Conditions of the OMAS service upon signing up to the platform and further extended with the executed formal contractual agreement with the Organization that the user is employed with, a user agrees to the following,

a. Collection of the data attributes as described in Section 2 above.

b. Use of the data attributes as described in Section 2 above.

c. Disclose the data attributes as described in Section 2 above.

d. Care of the data attributes as described in Section 2 above.

User may revoke consent by contacting help@covacap.com via the User’s registered email address.

Note that should a user choose not to provide consent, the services offered by Covalent Capital will not be availed to the user.

5. Data Subject Rights

Covalent Capital’s OMAS provides users with the ability to update their mobile number via the platform. To do so,

  • Login to OMAS
  • Go to the Profile dropdown (located at the top right hand corner of OMAS)
  • Click on Edit Profile > Update your mobile number > Save.

For amendments to all other Personal Data attributes, please contact help@covacap.com

Under applicable data protection laws, and subject to the terms of consent as elaborated in Section 4, the User will have rights
• of access to, rectification of, and/or erasure of your Personal Data
• to restrict or object to its processing;
• to tell Us that you do not wish to receive marketing information; and
• (in some circumstances) to require certain of your Personal Data to be transferred to you or a third party, which you can exercise by contacting Covalent Capital at help@covacap.com

To the extent Covalent Capital’s processing of User’s Personal Data is based on User’s consent, User’s also have the right to withdraw their consent, without affecting the lawfulness of Covalent Capital processing based on your consent before its withdrawal.

To exercise User’s rights, they can contact Covalent Capital at help@covacap.com. Users can also lodge a complaint about Covalent Capital’s processing of User’s Personal Data with a data protection authority.

6. Data Retention and Deletion:

Covalent Capital follows the following retention periods for the data attributes provided by the User.

Data Attributes

Retention Period

Name

Corporate Email Address

Mobile Phone Number

Role

Organization

As long as necessary to carry out services related to Covalent Capital’s relationship with you and 7 years thereafter from the date that the relationship ceases.

Covalent Capital’s OMAS has within it audit logs that captures actions conducted by the User for any bookbuild type activity. For regulatory purposes, data attributes critical to enable this feature will be retained for 7 years.

7. Data Security

Covalent Capital takes the security of the users personal information seriously and have implemented reasonable and appropriate measures to protect it from unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption: Covalent Capital uses industry-standard encryption technologies to protect data transmitted between user’s devices and our systems.

Access Controls: Access to user’s personal information is restricted to authorized personnel who need access to perform their duties. All employees undergo training on data protection and privacy.

Firewalls and Network Security: Covalent Capital employs firewalls and up-to-date security practices to prevent unauthorized access to our networks.

Regular Security Audits: Covalent Capital conducts regular security audits to identify and address potential vulnerabilities in our systems.

Data Breach Response Plan: In the event of a data breach, Covalent Capital has established a response plan to promptly investigate, notify affected individuals and authorities, and take necessary steps to remedy the situation.

User’s Role in Protecting their Information

While Covalent Capital has take significant steps to protect users personal information, users also play a crucial role in ensuring its security. Here are some practices users can adopt:

Password Protection: Choose strong, unique passwords and change them regularly. Do not share your login credentials.

Device Security: Keep your devices secure by using up-to-date antivirus software and ensuring your operating system and applications are regularly updated.

Be Mindful of Phishing: Be cautious about unsolicited emails or communications, especially those requesting personal information.

8. Data Protection Officer

Covalent Capital has appointed a Data Protection Officer (DPO)  who oversees our data protection efforts and ensures compliance with applicable data protection laws and regulations.  The User may contact our DPO via dpo@covacap.com.