Privacy & Consent Policy – Empowered by Trainocate Holdings

Effective Date: 17 Sept 2025

1. Introduction

At Empowered by Trainocate Holdings, we are committed to safeguarding your privacy and ensuring transparency in how we collect, use, and protect your information in compliance with applicable laws, regulations, and rules in relation to personal data protection, including the Personal Data Protection Act 2012 (“PDPA”). This Privacy & Consent Policy explains how your data is handled when you use our platform and services.

By accessing or using Empowered, you acknowledge and consent to the practices described in this policy.

2. Information We Collect

In this Privacy & Consent Policy, “Personal Data” means data, regardless of whether true, about an individual who can be identified from that data, or from that data and other information to which we have or is likely to have access.

We may collect the following types of Personal Data:

A.Your Data

• Full name
• Email address
• Company and role (if applicable)
• WordPress user ID and login activity

B. Your Usage and Engagement Data

• Video viewing duration and frequency
• Engagement metrics (e.g., % watched, interactive responses)
• Pages visited, time spent on content, click interactions
• IP address, browser type, and device information

3. Why We Collect This Data

Your Personal Data is used to:

• Identify and authenticate platform users
• Track learning engagement and video completion
• Issue progress reports or certifications (where applicable)
• Improve platform performance and user experience
• Generate insights for internal training or reporting purposes
• Comply with regulatory and contractual requirements

4. SAFEGUARDS AND PROCEDURES

We will endeavor to implement the appropriate administrative and security safeguards and procedures in accordance with the applicable law and regulations to prevent the unauthorized or unlawful processing of your Personal Data and the accidental loss or destruction of, or damage to, your Personal Data. However, to the extent permissible under the applicable laws, we will not be held liable or responsible for any such unauthorized or unlawful processing of Personal Data, or accidental loss, destruction or damage of Personal Data that may be caused by third parties.

5. Data Sharing

We do not sell your data. Your Personal Data may be shared with:

• entities within the Trainocate Group, including our affiliated companies and subsidiaries in different jurisdictions, third party services provider and business partners who cooperate with us, including authorized dealers, distributors and suppliers
• potential or actual purchasers or investors (including their agents and advisors) in connection with any actual or proposed purchase or sale of business, disposal, merger or acquisition or re-organization of any part of our business
• Technology providers such as video analytics services (e.g., Vidyard), only for functionality and engagement tracking
• Your employer or sponsoring organization, for progress and compliance reports (if you are enrolled through corporate access)
• Authorities, where required by law or to enforce our policies

We will not provide or disclose your Personal Data to third parties other than the above persons without your prior consent, unless otherwise required by law.

6. Cross-border Transfer of Personal Data

Your Personal Data may be transferred to, stored or processed outside of Singapore. We will only transfer your Personal Data overseas in accordance with the PDPA and will ensure that overseas organizations we work with observe strict confidentiality and are subject to data protection obligations. In particular, we will ensure that the overseas organizations we transfer your Personal Data to will provide a standard of protection comparable to the protection under the PDPA (including by ensuring that such requirement is included in binding contracts with the recipients of the Personal Data so transferred or ensuring that such requirement is included in binding internal policies of Trainocate Holdings where the recipient will be a group company).

7. Use of Cookies & Trackers

We use cookies and similar technologies to:

• Maintain login sessions
• Analyze content engagement
• Personalize your user experience

You may manage cookies through your browser settings. However, disabling them may limit access to key platform features.

8. Data Storage & Retention

All personal data is stored on secure, encrypted servers. Personal Data is retained only as long as necessary for the above purposes or as required by applicable law.

To request deletion or correction of your data, please contact us at the details below.

9. Breach of Personal Data

In the event of a data breach of your Personal Data (“Breach”), we will promptly conduct an assessment of whether the Breach is notifiable to the Personal Data Protection Commission (“PDPC”) in accordance with the PDPA. If the Breach is notifiable to the PDPC, we will also notify you of the occurrence of the Breach in accordance with the PDPA.

10. Changes to The Privacy Policy

We reserve the right to modify and update this Privacy Policy at any time to ensure it is consistent with industry trends and/or any changes in legal or regulatory requirements.

11. Governing Law

This Privacy Policy shall be governed in all respects by the laws of Singapore.

12. Your Rights

You have the right to:

• Access and review your Personal Data
• Request corrections to any inaccurate data
• Withdraw consent at any time (note: this may affect access to certain services)
• Request deletion of your Personal Data

To exercise your rights, please contact our Data Protection Officer (“DPO”)

DPO:

email: global.marketing@trainocate.com.