TwairtOrtho Privacy Agreement

Introduction

Welcome to TwairtOrtho (hereinafter referred to as "this App" or "we"). This Privacy Agreement (hereinafter referred to as the "Agreement") is created by TMDV COCD COMPANY LIMITED (hereinafter referred to as the "Company" or "Data Controller") to explain how we collect, use, store, share, and protect your personal information (hereinafter referred to as "Personal Information") when you use this App, and to clarify your rights with respect to your Personal Information.

This Agreement applies to all services provided through the Loan App. Please read this Agreement carefully before using this App. If you do not agree to all or part of the terms of this Agreement, please do not use this App. Your continued use of this App will be deemed to indicate your full understanding and agreement to abide by all the terms of this Agreement.

I. Definitions

For ease of understanding, the key terms in this Agreement are defined as follows:

Personal Information: refers to information about an identified or identifiable natural person recorded electronically or otherwise (excluding anonymous information), including but not limited to name, ID/passport number, contact information, bank account information, financial status, device information, location information, etc.

Sensitive Personal Information: refers to personal information that, if disclosed or used illegally, could infringe upon personal dignity or endanger personal or property safety. This includes, but is not limited to, biometric information, financial account information, income/debt information, and transaction records. TMDV COCD COMPANY LIMITED, the controller of personal information, determines the purposes and methods of processing personal information.

II. Scope of Application

This Agreement applies to the processing of user personal information by the Data Controller through the following methods:

User registration, login, loan application, approval, repayment, account management, and other in-app services;

Communication with users (e.g., SMS, email, and in-app notifications);

Customer service, risk assessment, and anti-fraud monitoring;

III. Collection of Personal Information

We collect personal information based on the principles of lawfulness, legitimacy, and necessity. The specific types and methods of collection are as follows:

Personal Information Permissions:

Access: We only collect key data you voluntarily provide during the loan application process, such as your name, ID number, contact information, and bank card information.

Purpose: This information is primarily used for strict identity verification to confirm your authenticity and validity and ensure that you meet the basic loan application requirements. We will also conduct a comprehensive assessment based on your personal information to accurately match you with the most suitable loan plan. After the loan is disbursed, we will also use this information to provide you with timely and accurate repayment reminders.

Security: We use advanced encryption technology to store your personal information, ensuring multi-level security. Data will be encrypted and uploaded to our servers: https://api.twairtortho.com/

Location Permissions

Access: This app will access your device's obfuscated location information, such as latitude, longitude, and GPS location.

Purpose: By obtaining your location information, we can accurately determine your location and recommend loan products and services that meet local policies and market conditions. Furthermore, location information helps us determine the authenticity and security of transactions during critical stages such as risk assessment and post-loan management.

Safety Measures: This app only accesses location information when you use specific location-related service features and will never use it for any unrelated purposes. Data will be encrypted and uploaded to our servers: https://api.twairtortho.com/

Camera Permissions:

Access: This app will access your device's camera.

Purpose: Primarily used to take photos of important documents such as your ID card to help you quickly submit your loan application documents. In certain scenarios where enhanced security is required, camera permissions will also be used for facial recognition authentication, further strengthening account security and ensuring the authenticity of transactions.

Protection Measures: Camera permissions are only used when you initiate relevant operations. Photos taken are only used for the loan application process and are not at risk of leakage or misuse. Data will be encrypted and uploaded to the server: https://api.twairtortho.com/

App List Permission

Access: The app will access the list of apps installed on the user's device.

Purpose: By analyzing the list of apps installed on the user's device, we can identify dangerous and jailbroken apps that could compromise the user's financial security.

Protection Measures: We will anonymize the app list information and will never disclose the names of specific apps installed or other private information. Data will be encrypted and uploaded to our server: https://api.twairtortho.com/

SMS Permission

To ensure applicants are genuine and prevent loan fraud, TwairtOrtho needs to access some user SMS information. This information is primarily used to determine whether users are using real devices to conduct independent loan transactions and whether multiple loan transactions are made on the same device or phone number. If this occurs, it may be considered loan fraud.

At the same time, TwairtOrtho actively responds to Google's requirements for user personal privacy policy and only collects the following financial information:[Credit,fee,BDT,bKash,received,deposit,,atm,wallet ,টাকা,অভিনন্দন,টাকা সমন্বয়,ট্রানজ্যাকশন,সফল,Balance,Tk,cash,amount,TrxID,Debit,txnid,taka,uddokta,transaction,ref,account,money,loan,deducted,win,A/C,payment,fee,bill,purchase]This information will be used to evaluate the user's financial situation, and the credit model will grant the corresponding credit limit based on the user's financial activities. The collected information will be encrypted and uploaded to the server: https://api.twairtortho.com, and deleted regularly.

Contact Information Permission

Access: The app will access the emergency contact information provided by the user when applying for a loan.

Purpose: In an emergency, if we are unable to contact you directly, we may attempt to communicate with you through the emergency contact information you have specified. Additionally, contact information can be used as a supplementary factor in certain credit assessment models to provide a more comprehensive assessment of your creditworthiness.

Protection Measures: We encrypt and store contact information, use it only when necessary, and will not disclose it to third parties. Data will be encrypted and uploaded to our server: https://api.twairtortho.com/

Device Permissions

Access: This app will access your device's IMEI, MAC address, device model, operating system version, and other information.

Purpose: This information is primarily used for device identification to ensure the security of your account across different devices. It also helps us optimize the app's compatibility and performance across various devices, providing you with a better user experience.

Protection Measures: We use secure and reliable technology to collect and store device information and strictly restrict access rights to effectively prevent unauthorized access and use. Data will be encrypted and uploaded to our server: https://api.twairtortho.com/

How We Protect Your Information

Security Technical Measures: We utilize a range of advanced security technologies to protect your personal information, including but not limited to encryption (such as SSL/TLS) to encrypt sensitive data during transmission and storage, preventing theft or tampering during transmission and storage; access control technologies, through a strict user rights management system, ensure that only authorized personnel can access and process your personal information; and firewall technologies, which effectively defend against external network attacks and malware intrusion, ensuring the security of our servers and data systems.

Security Management System: We have established a comprehensive data security management system, formulated strict data security policies and operating procedures, and provide data security training to employees to ensure they understand and comply with relevant data protection laws and regulations, as well as internal company rules and regulations. We conduct rigorous audits and monitoring of data access, processing, and storage to promptly identify and address any potential data security risks.

Emergency Response Mechanism: We have established a contingency plan for data security incidents. In the event of a security incident such as data leakage, loss, or alteration, we will immediately activate our emergency response plan and take effective measures to respond and address the situation, including but not limited to promptly notifying affected users, reporting to relevant regulatory authorities, conducting investigations, and implementing remedial measures to minimize the impact of the security incident on you. Despite the aforementioned security measures, please understand that due to technological limitations and the possibility of malicious attacks, the cybersecurity environment is not completely secure. We will continue to work hard to improve and enhance our security measures to protect your personal information. If you discover any suspected security issues or believe your personal information may have been compromised, please contact us promptly. Contact information is provided at the end of this Privacy Policy.

User Rights Regarding Personal Information

You have the following rights with respect to your personal information. You may submit a request (providing your identification information) through the "Contact Us" section of this Agreement:

(I) Right of Access

You have the right to request a copy of your personal information (including details such as the purpose of collection, storage location, and sharing partners). We will respond within 14 business days (up to 30 days for complex cases).

(II) Right of Correction

If your personal information is inaccurate or incomplete, you have the right to request that we promptly correct it. If the error is due to our fault, we will bear the cost of correction.

(III) Right to erasure ("right to be forgotten")

You have the right to request that we delete your personal information in the following circumstances:

The personal information is no longer necessary for the purpose for which it was collected;

You withdraw your consent and there is no other legal basis for processing;

You object to the processing (and there is no overriding legitimate interest);

The personal information is processed unlawfully;

If you wish to delete your personal information, please contact our customer service in a timely manner and we will do our best to serve you. You can also delete your personal information yourself through the "Cancel Account" function in our application. After submitting for review, we will anonymize and delete your personal information within 24 hours.

(4) Right to restriction of processing

You have the right to request that we suspend the processing of your personal information (for example, if you object to the purpose of collection or have doubts about the accuracy of the data) until the dispute is resolved.

(5) Right to data portability

You have the right to request that we export your personal information into a common format (such as CSV or JSON) for transmission to other service providers (where technically feasible).

Privacy Protection for Minors

This app is intended for use only by users 18 years of age and older (or the legal age of majority in Thailand). We do not actively collect personal information from minors. If we discover that a minor is using our services without authorization, we will immediately delete the relevant information and contact their guardian.

We may update this Agreement due to business adjustments, legal changes, or technological upgrades. The updated Agreement will be prominently posted on the platform (e.g., an in-app pop-up window, official website notification), and will indicate the effective date. If the update involves significant changes to your rights (e.g., expanding the scope of data sharing), we will additionally notify you via SMS or email.Your continued use of the Service constitutes your agreement to the updated Agreement.

If you have any questions or comments regarding this Agreement, or need to exercise your personal information rights, please contact us through the following means:

Company Name: TMDV COCD COMPANY LIMITED

Email: [tmdcodecompany@gmail.com]

TMDV COCD COMPANY LIMITED