Data Protection Notice

This Data Protection Notice ("Notice”) explains how We Are DriveMe Pte. Ltd. ("we”, "us”, or "our”) collects, uses, discloses, and processes personal data in accordance with the Personal Data Protection Act 2012 ("PDPA”). This Notice applies to personal data in our possession or under our control, including data handled by organisations engaged by us for these purposes.

1. Personal Data

Customer: An individual who has contacted us to enquire about our goods or services; or has entered into a contract with us for the supply of goods or services.

Personal Data: Any data, whether true or not, that identifies a customer, either on its own or when combined with other information to which we have access.

We may collect personal data when you:

• Make a booking on our website, subscribe to our newsletter, complete forms, surveys, or agreements;
• Send us messages, queries, requests, feedback, or participate in events, roadshows, contests, or promotions;
• Use our mobile app, website, or services; or
• Provide your personal data for any other purpose.

Examples of personal data we may collect include: name, address, email, phone number, nationality, gender, date of birth, identification details (e.g., NRIC, passport, driver’s license), location, transaction history, device information, telematics data, and images captured during service use or events.

2. Collection, Use, and Disclosure

We generally collect personal data:

• Voluntarily from you or your authorised representative with your consent; or
• Without consent where permitted or required by law.

We may use your personal data for the following purposes:

• Providing and managing our goods and services;
• Building and maintaining our business relationship, including processing payments, recommending services, sending promotions, and improving our services;
• Verifying your identity;
• Responding to queries, complaints, requests, or feedback;
• Complying with laws, regulations, or codes of practice, or assisting regulatory authorities;
• Transmitting data to service providers, agents, or authorities for these purposes;
• Any other purposes for which you have provided the information; and
• Any incidental business purposes related to the above.

We may disclose personal data to:

• Third-party service providers or agents performing functions on our behalf; or
• Governmental or regulatory authorities, as required by law.

These purposes may continue to apply even after your relationship with us ends.

3. Legitimate Interests

We may collect, use, or disclose personal data without consent if it is necessary for our legitimate interests, provided this does not outweigh your interests or rights. This includes:

• Fraud detection and prevention;
• Debt recovery;
• Misuse prevention of services;
• Network analysis and credit analysis.

4. Consent Withdrawal

You may withdraw your consent at any time by writing to our Data Protection Officer (DPO). Withdrawal may affect our ability to provide services, and we will inform you of the consequences. We will generally process requests within 30 business days, and if a longer period is required, we will notify you. Withdrawal does not affect our right to collect, use, or disclose personal data where permitted by law.

5. Access and Correction

You may request:

• Access to your personal data; or
• Correction of any inaccuracies.

Submit your request in writing or via email to our DPO. A reasonable fee may apply for access requests. Requests will generally be processed within 30 business days.

6. Data Protection and Security

We implement appropriate administrative, physical, and technical safeguards, including:

• Authentication and access controls;
• Antivirus protection and software patching;
• Secure disposal of devices and storage media;
• Multi-factor authentication; and
• Regular security reviews and testing.

While we strive to protect your data, no system is completely secure.

7. Accuracy and Retention

You are responsible for ensuring your personal data is accurate and updated. Notify our Data Protection Officer (DPO) by emailing hello@driveme.sg of any changes. We retain personal data only as long as necessary to fulfil its purpose, comply with legal obligations, or enforce agreements. When data is no longer required, we will securely dispose of it.

8. Transfers Outside Singapore

We generally do not transfer personal data outside Singapore. If we do, we ensure that recipients provide a comparable level of protection under PDPA, through contracts or corporate rules where necessary.

9. Data Protection Officer (DPO)

For questions, feedback, or requests regarding your personal data, you can reach out to our DPO via email at hello@driveme.sg.

10. Changes to this Notice

We may update this Notice from time to time without prior notice. The latest version is always available on our website. Continued use of our services constitutes your acceptance of any updates.

Effective Date: 12/11/2025