LXA Privacy Notice

Last updated: 23 April 2025

Introduction

LXA Capital Pte Ltd (“LXA”) is fully committed to safeguarding the privacy of its customers and stakeholders. The success of our business depends on our ability to maintain the trust of our customers and stakeholders, of which data privacy and security is a core pillar. 

This Privacy Notice is intended to describe:

• what information we collect 

• how we collect the information

• why we collect the information and how it may be used

• with whom it may be shared

• how we protect your information

• how you can contact us for matters relating to your personal information

This Privacy Notice shall at all times be in accordance and subject to the Singapore Personal Data Protection Act (PDPA). 

This Privacy Notice supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which LXA may have at law to collect, use or disclose your Personal Data.

What Information We Collect

LXA only collects personal data necessary to meet the specified purpose. We will clearly notify you before collecting your personal data, whether the collection is carried out by us or through third parties acting on our behalf. 

We collect information about investors to conduct Customer Due Diligence (CDD) and to provide investor support. These may include 

• Identifying information 

• Residence information

• Contact information 

• Income and employment information

The specific information we collect depends on the products and services that we offer you, or that you have expressed an interest to use or apply for. 

In addition, we also collect information about borrowers and guarantors of the mortgage assets that we, and the funds we manage, invest in. These may include 

• Identifying information 

• Contact information

• Financial information

• Income and employment information 

• Subject property information 

Finally, we collect information from job applicants. This information may include an applicant’s resume, cover letter, references, and other information relevant to the job application.

How We Collect the Information

LXA adopts an opt-in consent approach rather than an opt-out approach. Information may be provided to us by you directly, through your proxies, through third-party data sources and/or from the use of the LXA platform and services.

1) Information provided by you

We may collect information directly from you through our website or through other channels such as phone, email, SMS, WhatsApp, and other messaging and information sharing services. By providing this information you affirm that the information you provide is accurate to the best of your knowledge, and that you are authorised to provide this information, in case you are providing information on behalf of an entity other than yourself. 

Generally, when LXA requests for personal information in the course of providing you a service and/or product and where you provide us with such personal information, there is implied consent that you agree to provide us with your personal information in order for us to provide you with the requested service and/or product. 

2) Information provided by your proxies

We may collect information through your authorised representatives acting on your behalf (e.g., financial advisors, legal representatives).  

3) Information from third parties

We may obtain information about you via Singpass Myinfo with your authorization. We may also obtain information about you from third-party data sources, including but not limited to Anti-Money Laundering (AML) screening platforms, background check services, and other service providers and websites. 

4) Information from use of LXA platform and services

We may collect information about your activities on our website, as is standard for most companies with an Internet presence today. This information includes your IP address, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us and the referring website address.

A cookie is a text file made up of letters and numbers that allow us to distinguish your browser/device from another user's browser/device. This text file is stored on your computer's hard disk, or other memory, for the purpose of keeping records when you visit a website. You may choose to delete this cookie at any time by clearing the cache in your browser. 

In some cases where we haven't obtained your consent, LXA might still need to collect, use, or disclose your personal information if it's permitted by an exception in the PDPA or another law. We will clearly communicate this to you if it occurs.

Why We Collect the Information and How It May Be Used

We use the information collected to deliver the products and services that you requested (or have expressed an interest in), and to provide customer support to you.   

• We use identifying information about the investor to conduct Customer Due Diligence and to certify that investors meet our eligibility requirements for investment

• We use contact information to provide relevant and timely customer support to you, and to provide notices pertaining to your account and investment

• We use aggregated information with non personal identifiable information (non-PII) to conduct internal research and analysis on fund performance and risk  

• We use information about the borrower, guarantors and other loan information to ascertain the credit quality of the mortgage assets we invest in and the borrowers’ ability to repay

• We use the information collected from job applicants to process and evaluate applications for employment, and to communicate with applicants about their application status.

With Whom We Share Your Information 

LXA does not share your personal information with others except as indicated below, or when we inform you and give you an opportunity to opt out of having your personal information shared. 

1) Authorised Service Providers

We may share your personal information with our authorised service providers that perform certain services on our behalf in connection with your purchase interest for our products and services.

These service providers include, but are not limited to, data providers, technology providers, fund administrators, auditors, custodian banks and other fiduciary partners. These service providers may have access to personal information needed to perform their functions, but are not permitted to share or use such information for any other purpose.

2) Legal and Regulatory Agencies

We are also obligated under prevailing regulations to disclose information collected to law enforcement agencies and other relevant regulatory authorities. These may include, 

• a response to a subpoena or similar investigative demand, a court order or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.

• instances when we believe disclosure is appropriate in connection with efforts to investigate, prevent or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees or others; to comply with applicable law or cooperate with law enforcement

• instances in connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, asset sale or in the unlikely event of bankruptcy.

How We Protect Your Information

LXA has in place various security procedures, technical and organisational measures to safeguard your information including the detection and prevention against hacking and other malware intrusions to our IT systems.

• Data Encryption Electronic data is encrypted at rest and in transit between application servers and the database. The encryption standard we use is AES-256, which is a widely recognized as industry standard 

• Data Anonymization Data will be anonymized when aggregated and shared with investors or for internal portfolio analysis. No personally identifiable information (PII) will be made available for such purposes. 

• Data Retention Data will be retained while the fund subscription and mortgage asset are in-force and plus an additional 5 years in accordance with Singapore’s record keeping requirements 

• Access control Access to data and documents are secured internally via Single Sign-On (SSO) and transparent management of internal user access groups. 

• Physical security Physical devices used by all LXA staff and employees are secured by Mobile Device Management and endpoint security software that enables remote monitoring and erasing of the device. Our physical offices are secured via physical access control mechanisms. 

• Training and awareness LXA employees also undergo periodic security awareness programmes to create awareness in information security so that employees are able to identify and respond appropriately to security risks.

LXA fully expects to comply with all applicable regulatory requirements relating to the protection of customer information (including the requirements under the Notice on Technology Risk Management (FSM-N21 issued by the Monetary Authority of Singapore) and is ISO-27001:2022 certified.

While we use all reasonable efforts to safeguard your information, you should be aware that the use of the Internet can never be entirely secure and for this reason we cannot guarantee the security or integrity of any information which is transferred from you or to you via the Internet. You should also be mindful that you are responsible for keeping your access rights confidential and secure at all times.

How You Can Contact Us

LXA seeks to ensure that the information we collect is accurate, its use is authorised, and that the information is stored in a secure and safe manner. You can contact our Data Protection Officer at dpo@lxa.sg should you like to report unauthorised use of your information, withdraw consent to information previously given, correct inaccurate information, remove your data on file, or for any other matters pertaining to your data privacy and security. 

Please note that we will need to verify your identity, and we will only be able to disclose your personal data to you. Please also note that all requests to have personal data removed from our databases or physical storage facilities will be entertained and performed within the company’s reasonable abilities and subject to the prevailing regulatory and business requirements.

Changes to this Privacy Notice

We will occasionally update this Privacy Notice to reflect changes in our practices and services. When we post changes to this Privacy Notice, we will revise the "last updated" date at the top of this Privacy Notice. If we make any material changes in the way we collect, use, and/or share personal information that may impact you, we will notify you by sending an e-mail to the e-mail address you most recently provided us in your account, profile or registration (unless we do not have such an e-mail address), and/or by prominently posting notice of the changes on our website. We will also communicate these changes to all relevant internal and external stakeholders as soon as reasonably possible. We recommend that you check our website from time to time to inform yourself of any changes in this Privacy Notice or any of our other policies.