Asia’s No.1 Restaurant Reservation Platform

This Privacy Policy (hereinafter referred to as "this Policy") is intended to explain how FunNow Limited and its global subsidiaries, affiliates, and commonly controlled entities (collectively, "FUNNOW," "we," "us," or "the Company") collect, use, process, and disclose your personal data through your use of all brand services under our umbrella.

This Policy applies to all our brands, including but not limited to the official websites and mobile applications (collectively, "the Platform") of brands such as FunNow, Eatigo, TableApp, and Niceday, as well as all related products, features, and services we provide (collectively, "the Service").

This Policy applies to our consumers, business partners, suppliers, and service providers (collectively, "you" or "your").

To provide global technical support and localized professional services, your personal data is managed by the following entities acting as Joint Data Controllers:

The Parent Company (FunNow Limited): Primarily responsible for global platform development, maintenance, management of the global AWS cloud infrastructure, and overarching information security controls.
Local Operating Entities: As specified in the User Terms, responsible for transaction processing, local customer support, and fulfilling specific tax and legal obligations in your jurisdiction. These entities are directly responsible for the processing of personal data within their operational scope.

Cross-Border Data Transfer

Although the local operating entities are the primary data controllers, your personal data may still be transferred, stored, or processed in regions outside of your country for global operations, system administration, data backup, or providing comprehensive services. Regarding the international transfer of data stored on AWS cloud services, please be informed that your personal data will be transferred to and processed in Japan. When conducting such transfers, we will take necessary protective measures to ensure that your personal data is protected in accordance with applicable legal requirements.

This Policy applies to personal data in our possession or under our control, including personal data collected, used, disclosed, or processed by organizations we engage. In accordance with the terms below regarding the transfer of personal data, this data may be processed in countries other than where it was collected.

Definition of Personal Data

"Personal Data" refers to any information that can be used to identify you or that makes you identifiable, including but not limited to your name, gender, telephone number, bank and credit card information, date of birth, email address, and your image.

We generally collect, use, disclose, or process your personal data in accordance with this Policy, based on your consent or as permitted by applicable law, in the following circumstances:

When required to comply with legal requirements;
When necessary to provide services to you;
When necessary to enter into or perform a contract with you;
For the legitimate interests of us or any other person, including but not limited to the purposes set out in this Policy.

Announcement and Effectiveness

Please read this Policy carefully. By accessing and using our Platform, you consent to the collection, processing, use, and disclosure of your personal information as set out in this Policy. If you do not agree with this Policy, please do not access or use our Platform or Service.

We may revise this Policy from time to time without prior notice. You can determine if a revision has been made by referring to the last updated date listed at the top of this page. Your continued use of our Platform or Service signifies your acknowledgement and acceptance of such changes.

Collection Of Personal Data

We collect Personal Data about you in the ways listed below. We may also combine Personal Data collected via these various channels:

1. Provided by You

We collect your Personal Data when you provide it to us. For example, when you:

Complete a user profile or register an account with us (such as your name, contact information, and other identification information where needed);
Provide information relating to a contract with us as a Merchant Partner;
Interact with our social media pages (such as your social media account ID, profile photo, and any other publicly available data);
Participate in contests or events organized by us (such as the pictures, audio, or videos you may submit, which may include images of yourself);
Verify your identity through various means (such as social media logins, submission of selfie images, or independently verified payment card information); and
Fill up demographic information in surveys (such as your age, gender, and other information you may volunteer, such as your marital status, occupation, and income information).

2. Through Use of Services

We collect your Personal Data when you access our Platform or use our Services. Personal Data may be collected through the normal operation or use of our Platform and Services. Some examples are:

Your location information;
Feedback, ratings, and comments;
Transaction information (such as payment method);
Information about how you interacted with our Platform or Services (such as features used and content viewed);
Device information (such as hardware model and serial number, IP addresses, file and app names and versions, GPS location, IMEI number, and advertising identifiers, or any information that may indicate device or app modification);
Personal Data you enter in messages when you use our in-app communication features; and
Personal Data that may be captured through your interaction with us, our agents (such as your image or voice or both, and their related metadata).

Please note that some information is collected passively, for example, by our servers or through cookies and similar tracking technologies. More information on the use of cookies and these technologies can be found in the 'Cookies' section.

3. From Other Sources

We may collect Personal Data, including but not limited to your name, contact information, and other identification information, where needed, from other sources. Such sources include:

Referral programmes;
Our business partners, such as Merchant Partners, payment providers;
Credit bureaus, alternative credit scoring agencies, and any other credit reporting organizations;
Publicly available (including governmental) sources of data;
When our users add you as an emergency contact;
When our users add you as a recipient or beneficiary of any use of our Services;
When you use our in-app chat; and
Our marketing services providers or partners.

Sensitive Personal Data

Some of the Personal Data that we collect may be sensitive in nature. This may include Personal Data pertaining to your bank and credit card information, date of birth, email address, and your image. We collect sensitive Personal Data only with your consent and/or in strict compliance with applicable laws. In the event that you are required to furnish any documentation or information to us for any purpose which may contain such sensitive Personal Data (which is not required for that Purpose), you agree to redact such sensitive Personal Data before providing such documentation or information to us.

Third Party Data & Minors

In some situations, you may provide Personal Data of other individuals (such as your spouse, family members or friends) to us. For example, you may add them as your emergency contact when you use the in-app chat or when you add them as recipients or beneficiaries of any use of our Services. If you provide us with their Personal Data, you represent and warrant that you have obtained their consent for their Personal Data to be collected, used, and disclosed as set out in this Privacy Policy.

As a parent or legal guardian, please do not allow minors under your care to submit Personal Data to us. If such Personal Data of a minor is disclosed to us, you hereby consent to the processing of the minor's Personal Data and accept and agree to be bound by this Policy and take responsibility for his or her actions.

Conditions for Collection

We generally do not collect your Personal Data unless:

It is provided to us voluntarily by you directly or via a third party who has been duly authorized by you to disclose your Personal data to us (your "authorized representative") after you (or your authorized representative) have been notified of the Purposes for which the data is collected, and you (or your authorized representative) have provided written consent to the collection and usage of your Personal Data for those Purposes; or
The collection and use of Personal Data without consent is permitted or required by applicable laws.

We shall seek your consent before collecting any additional personal data and before using your Personal Data for a purpose which has not been notified to you (except where permitted or authorized by law).

Use Of Personal Data

We may use your Personal Data to provide Services to you, for Marketing and promotions, for legal and regulatory compliance, and also to ensure the safety and security of our Platform (each as "Purpose" and collectively "Purposes").

1. Providing Services

We may use your Personal Data to provide Services to you, which may include:

Creation, administration, updating & management of your account with us;
Conduct of due diligence checks and risk assessments/analysis (in the case of our Merchant Partners);
Communication and transmission of your requested services to our Merchant Partners and vice versa;
Validation of your requested services and processing of payments or credit transactions;
Verification of your identity and age (where necessary);
Responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
Invitation to participate in our surveys and studies;
Personalization of your experience on our Platform (such as to identify your preferences or otherwise personalize your experience on our Platform);
Making your experience on our Platform more seamless, such as automatically filling in your registration information (such as your name or phone number) from one Service to another Service or when you participate in our surveys;
Verification and management of your eligibility for or application of promotions, rewards, participation in loyalty programmes or marketing activities;
Publishing of content submitted by you (such as a review or comment);
Any other incidental purposes related to or in connection with the above, including for data analytics;
Any other purposes for which you have provided the information.

2. Marketing and Promotions

We may use your Personal Data for Marketing and promotions, which may include:

Sending you marketing information regarding customized products, services, or events presented in the form of consolidated campaigns (which may involve the aggregation of information from multiple merchants and may be related to your personal data);
Providing promotional information from our partners, sponsors, and advertisers, provided that marketing communications focused on a single partner will only be sent if you have a prior transaction or consumption history with that specific Merchant. Otherwise, such information will be provided through consolidated multi-merchant formats;
Sending you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings;
Notification, invitation, and management of your participation in our events or activities;
Any other incidental purposes related to or in connection with the above.

We may communicate such marketing to you by various means, where applicable (including by SMS, chat, and social media applications (e.g., WhatsApp, Telegram, LINE, Viber, WeChat, Facebook, Instagram, X), push notification, call, and by email).

You may opt out of receiving marketing communications at any time by clicking the unsubscribe link provided in our emails, replying unsubscribe to SMS messages, or by contacting us directly at our customer support chat via app/web. Please note that while you may opt out of marketing or promotion communications, we may still send you account and / or service-related messages (such as two-factor authentication, information on your transactions, rewards, etc.).

3. Legal, Regulatory & Security

We may use your Personal Data for legal and regulatory compliance and also to ensure the safety and security of our Platform. This may include:

Monitoring compliance & enforcement of our Terms of Service or other agreements;
Protection of our rights or property in the event of a claim or dispute;
Performance of internal operations on our Platform necessary to ensure safety and security, including troubleshooting software bugs and operational problems, conducting data analysis, testing and research, monitoring and analyzing usage and activity trends;
Protection of the security or integrity of the Services and any facilities or equipment used to make the Services available;
Compliance with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
Any other incidental purposes related to or in connection with the above.

The Purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you or to comply with applicable laws).

We use anonymized data for testing, research, analysis, and product development.

LINE Notification Messages

If the service you booked or purchased is located in Taiwan, our Taiwan operating entity, Zoek Inc., may send important messages to you via LINE Notification Messages. Even if you have not added our company's LINE account as a friend, the purchaser can still receive FunNow's LINE Notification Messages.

The notification messages sent by our company/service are limited to effective and important information for you. Messages for advertising or other purposes will not be sent.

Conditions to receive messages:

The phone number registered to your LINE account matches the phone number collected by our company/service.
The LINE account has agreed to receive notification messages in the LINE app settings.
The LINE account has not blocked the LINE Official Account from sending the messages.

To change or cancel receiving LINE Notification Messages:

In the LINE app, tap 'Home' > 'Settings'.
Tap 'Privacy'.
Tap 'Provide usage data'.
Tap 'LINE Notification Messages'.
Switch 'Allow LINE Notification Messages' on or off.

If you turn off 'Allow LINE Notification Messages', you will no longer receive any Notification Messages from any corporate or certified official accounts.

Disclosure Of Personal Data

We need to share Personal Data with various parties for the Purposes. We need to share your Personal Data with our business partners and service providers which may include:

Merchant Partners, vendors, consultants, marketing partners;
Payment processors and facilitators;
Service providers who perform identity verification services;
Background check and anti-money laundering service providers;
Cloud storage providers, document storage and management providers;
Advertising and marketing partners and platform providers;
Data analytics provider and research partners, including those performing surveys or research projects in partnership with us or on our behalf;
Insurance and financing partners;

We share your Personal Data with our subsidiaries, associated companies, and affiliates only under the following specific circumstances, adhering to the principle of "data minimization":

Operational and Technical Entrustment (Internal Processing): To maintain platform functionality and provide global customer support, system resources are shared between the Parent Company and its subsidiaries. Such activities are internal technical collaborations necessary for the "performance of the contract" and are subject to strict internal access controls and data processing agreements.
Fulfillment of Cross-Border Services: When you book services outside your home country, we share only the Personal Data strictly necessary (e.g., name, contact number, booking details) with the relevant local operating entity to complete the transaction.
Marketing and Commercial Use (Subject to Separate Consent): If your Personal Data is shared with affiliates for marketing purposes unrelated to the primary service, we will obtain your explicit consent through an independent checkbox or other prominent means on the App or website.

We may share your Personal Data with our legal advisors, law enforcement officials, government authorities and other third parties. This may take place to fulfill the legal and compliance requirements, or any of the following circumstances:

Where this is subject to a legitimate court order or regulatory request; or
Where it is necessary to respond to an emergency that threatens the life, health or safety of a person; or
Where it is necessary in the public interest (e.g. in a public health crisis, for contact tracing and safeguarding our community).

We may share your Personal Data with other parties, in connection with any acquisitions, sales, mergers, joint ventures, consolidation, restructuring, financing or any other type of business transactions. Your Personal Data will however remain subject to our obligations made in any pre-existing Privacy Policy that you have agreed to.

Withdrawing Your Consent

The consent that you provide for the collection, processing, use and disclosure of your Personal Data will remain valid until it is withdrawn by you in writing. You may withdraw consent and request us to stop collecting, processing, using and/or disclosing your Personal Data for any or all of the Purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require a reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you, and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing.

Please note that withdrawing consent does not affect our right to continue to collect, process, use and disclose Personal Data where such collection, processing, use and disclosure without consent is permitted or required under applicable laws i.e. if you request that we stop disclosing your information, there may be circumstances where this is not possible (e.g. if we receive a court order or regulatory request).

Access To And Correction Of Personal Data

If you wish to make:

An access request for access to a copy of the Personal Data which we hold about you or information about how we use or disclose your Personal Data, or
A correction request to correct or update any of your Personal Data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. In general, our response will be within ten (10) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the applicable laws).

Protection Of Personal Data

To safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as:

Minimized collection of Personal Data;
Authentication and access controls (such as good password practices, need-to-know basis for data disclosure, etc.);
Encryption of data, data anonymization;
Up-to-date antivirus protection, regular patching of the operating system and other software;
Securely erase storage media in devices before disposal;
Web security measures against risks;
Usage of one time password (OTP)/2 factor authentication (2FA)/multi-factor authentication (MFA) to secure access; and
Security review and testing are performed regularly.

We encrypt your bank and credit card information when held in storage and when transmitting.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accuracy Of Personal Data

We generally rely on Personal Data provided by you (or your authorized representative). In order to ensure that your Personal Data is current, complete and accurate, please update us if there are changes to your Personal Data by informing our Data Protection Officer in writing or via email at the contact details provided below. If the Personal data submitted by you is not complete, inaccurate or incorrect, this may result in our inability to provide you with the Services you have requested.

Retention Of Personal Data

We may retain your Personal Data for as long as it is necessary to fulfill the Purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your Personal data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the Purpose for which the Personal Data was collected and is no longer necessary for legal or business purposes.

Once your Personal Data is no longer necessary for the Services or Purposes, or we no longer have a legal or business purpose for retaining your Personal Data, we take steps to erase, destroy, anonymize or prevent access or use of such Personal Data for any purpose other than compliance with this Policy, or for purposes of safety, security, fraud prevention and detection, in accordance with the requirements of applicable laws.

Transfers Of Personal Data

Your Personal Data may be transferred from your Home Country to other jurisdictions (Alternate Countries) where we, our affiliates, or our trusted service providers operate to support the Services we provide to you. We recognize that data protection laws differ significantly across these locations.

To provide clarity, key destinations where your Personal Data may be stored or processed include Japan (specifically for data stored on AWS cloud services), Singapore, the United States, Malaysia, and Taiwan. The primary categories of recipients who may access your data to support the Services include essential partners such as cloud service providers, payment processors, push notification providers, marketing and analytics platforms, messaging services, and CRM systems.

We ensure that all cross-border transfers have a valid legal basis under applicable law. For transfers necessary to provide the Services to you, we rely on that necessity where permitted by local law. For other transfers, or where specifically required, we may rely on your explicit consent.

We provide transparency about our transfers as outlined in this Policy. Where local law mandates specific additional information before a transfer occurs (particularly for consent-based transfers, such as details on destination country protections or risks), we will provide this information at the appropriate time through relevant channels.

Where required by applicable data protection laws to legitimize a cross-border transfer, we implement appropriate safeguards tailored to each jurisdiction's requirements. This typically involves using legally binding agreements (like Data Processing Agreements or Standard Contractual Clauses, adapted as needed) with recipients. These agreements are designed to meet specific local standards where applicable, such as ensuring 'comparable protection' levels, incorporating principles from recommended model clauses, meeting specific requirements for outsourcing agreements, ensuring APPI-equivalent measures are maintained, or aligning with specific local regulations for contractual clauses and transfer mechanisms.

We take reasonable technical and organizational steps to ensure your Personal Data remains secure and is handled responsibly. Furthermore, we require our affiliates, service providers, and partners, through contractual obligations, to implement and maintain appropriate security measures to protect your data in accordance with applicable standards, regardless of where the processing takes place.

More specific details regarding the categories of recipients and, where feasible, the specific countries or territories where your Personal Data may be transferred can be provided. This information is available upon request, particularly where such a mechanism is specified by local regulations or as supplementary information to enhance transparency.

Additional Rights You May Exercise

In addition to your rights of access, correction, and withdrawal of consent, and where permitted by applicable laws, you may also have the right to:

Request Erasure of Your Personal Data: You may request that we delete or anonymize your Personal Data in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, or if you have withdrawn your consent. We will assess your request in accordance with our legal obligations and internal policies. Please note that certain data may need to be retained for legal or business reasons, such as compliance with applicable laws or for dispute resolution.
Request Data Portability: You may request a copy of certain Personal Data in a structured, commonly used, and machine-readable format, and request that we transmit this data to another organization where it is technically feasible to do so. This right may apply only to Personal Data you have provided to us and which is processed by automated means, and only where we are processing your data based on your consent or a contract with you.
Object to or Request Restrictions on Processing: You may object to the processing of your Personal Data for specific purposes, such as direct marketing or profiling. You may also request that we restrict the processing of your data in certain circumstances (for example, while a correction request is pending). We will assess these requests in accordance with applicable law.

To exercise any of the above rights, please contact our Data Protection Officer in writing or via email at the contact details provided in this Privacy Policy.

Data Protection Officer

You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:

Email Address: CorpDev@myfunnow.com

Cookies Statement

We and third parties with whom we partner, may use cookies, web beacons, tags, scripts, local shared objects such as HTML5, advertising identifiers and similar technologies (such as software development kits (SDKs), which have similar functions to cookies and which may be installed on our Platform to allow partners to collect certain information about your interaction with our Platform) (collectively, "Cookies") in connection with your use of our Platform and Services, which may be persistent or stored only during an individual session on your browsers or devices.

Cookies may have unique identifiers and reside, among other places, on your computer or mobile device, in emails we send to you, and on our Platform. Cookies may be used for various purposes such as:

To provide the essential, basic functions of the use of our Platform and Services;
Authenticate you, or remember your user preferences and settings;
Delivering and measuring the effectiveness of advertising campaigns, such as by measuring the number of views or clickthroughs;
Analyze site traffic and trends;
Serve you relevant advertisements across other apps and websites owned by other companies (whether by us or by other advertisers); and
Enhance user interface and experience by generally understanding the online behaviors and interests of users who interact with our Platform and Services.

We may allow third parties to use Cookies on our Platform to collect the same type of Personal Data for the same Purposes we do. Third parties may be able to associate Personal Data they collect with other Personal Data they have about you from other sources. We do not necessarily have access to or control over the Cookies they use.

You have the right to choose to disable, block or deactivate cookies via appropriate settings or delete your browsing history or clear the cache on your internet browser or device. The settings may be contained within the "History", "Preferences", "Settings" or "Privacy" section of your internet browsers, or you can change the privacy settings of your device, subject to certain device operating system versions. If you have any questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.

Please note that however refusal or removal of some cookies could affect the availability, functionality or use of our Platform and Services for example turning off location-sharing may affect certain features that we offer.

Prevailing Language

In the event of a dispute as to the Privacy Policy or inconsistencies with translated versions, the English version shall prevail unless otherwise stipulated by local laws.