GetOffers

GETOFFERS PRIVACY POLICY

Last Updated: 10 June 2026

This version of the Privacy Policy applies to Users who register or first accept it on or after 10 June 2026. Users whose accounts were created and who accepted a prior version of the Privacy Policy before that date continue to be governed by the version in force at the time of their acceptance, until they expressly accept this version or are otherwise notified of a change in accordance with the "Changes" section below.

INTRODUCTION AND SCOPE

This Privacy Policy describes how GETTRANSFER APAC PTE. LTD. ("GetOffers," "Company," "we," or "us"), a private company limited by shares incorporated under the laws of the Republic of Singapore, UEN 202300325D, with its registered address at 68 Circular Road, #02-01, Singapore 049422, collects, uses, discloses, and protects the personal data of users of the GetOffers service available at www.getoffers.com (the "Platform").

This Privacy Policy is an integral part of the GetOffers Terms of Service and is incorporated therein by reference. Capitalized terms used but not defined herein have the meanings given to them in the Terms of Service.

This Privacy Policy is provided in accordance with the requirements of the Personal Data Protection Act 2012 of Singapore (No. 26 of 2012) (the "PDPA"), the Electronic Transactions Act 2010 of Singapore, and other applicable law. For Users located in the European Economic Area (EEA), the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) may apply in addition to the PDPA to the extent provided in Article 3 GDPR; the baseline data protection regime applicable to GetOffers is the PDPA.

For purposes of this Privacy Policy, GETTRANSFER APAC PTE. LTD. is the organisation responsible for personal data under the PDPA and acts as the data controller — the entity that, alone or jointly with others, determines the purposes and means of processing personal data. In accordance with section 11(3) of the PDPA, GetOffers has designated a Data Protection Officer (DPO), who may be contacted at: [email protected] (attn: Data Protection Officer).

DEFINITIONS

The following definitions apply for purposes of this Privacy Policy:

"Consumer" means a natural person using the Platform; under the PDPA, the rights and obligations described in this Privacy Policy apply to individuals regardless of residence, save where a specific law provides otherwise.

"Personal data" means, as defined in section 2(1) of the PDPA, data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the Company has or is likely to have access; it does not include anonymised data.

"Processing" means any operation or set of operations performed on personal data, including collection, use, storage, disclosure, analysis, deletion, or modification.

Russian Federation Residents. Where the User is a resident of the Russian Federation and Federal Law No. 152-FZ "On Personal Data" applies, cross-border transfer of personal data to the Republic of Singapore and to other jurisdictions in which GetOffers' service providers are located is carried out on the basis of the User's prior written consent in the form required by Article 12 of Law 152-FZ. Such consent is collected separately at registration. The User may withdraw consent at any time, in which case continued participation in the Loyalty Program may be limited or impossible, and GetOffers will inform the User of any such consequence at the point of withdrawal.

"Sensitive data" means personal data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, status as transgender or nonbinary, citizenship or immigration status; genetic or biometric data; personal data of a known child; or precise geolocation data.

"Sale of personal data" means the exchange of personal data for monetary or other valuable consideration by the controller to a third party, as used in this Privacy Policy.

"Targeted advertising" means displaying advertisements to a consumer where the advertisement is selected based on personal data obtained or inferred from that consumer's activities over time and across non-affiliated websites or online applications, as used in this Privacy Policy.

"Profiling" means any form of automated processing performed on personal data to evaluate, analyze, or predict personal aspects related to an identified or identifiable individual, as used in this Privacy Policy.

CATEGORIES OF PERSONAL DATA COLLECTED

In connection with the operation of the Platform and the provision of the GetOffers Service, we collect the following categories of personal data:

3.1. Data provided directly by the User:

  • Full name;
  • Email address;
  • Phone number;
  • Billing address;
  • Account login credentials (username and password);
  • Booking preferences and travel-related details submitted during the order placement process, which may include passport or other travel document information required by carriers, hotels, or other Service Providers in connection with specific Eligible Services.

Note on payment data: GetOffers does not collect, store, or process payment card numbers or other primary payment credentials. All payment data is entered directly by the User on the applicable Partner Platform's payment interface and is subject to that Partner Platform's privacy and security practices.

3.2. Data collected automatically through use of the Platform:

  • Device identifiers and technical information (IP address, browser type, operating system);
  • Log data and usage data generated through interaction with the Platform;
  • Cookies and similar tracking technologies, to the extent disclosed in our Cookie Policy.

3.3. Data received from Partner Platforms and third parties:

  • Booking confirmation details and order status information transmitted by Partner Platforms in connection with the processing of a User's order, across all categories of Eligible Services including transportation, accommodation, airline ticketing, tours, activities, and other travel-related services;
  • Confirmation of payment completion transmitted by Partner Platforms (not including full payment card data or financial account details).

Note on Partner Payment Terms data: Where a User has entered into an agreement with a Partner Platform providing for deferred payment, a credit limit, or other special payment conditions, GetOffers may receive from the Partner Platform limited confirmation data necessary to display order status to the User (e.g., confirmation that a booking has been accepted under deferred payment terms). GetOffers does not receive, store, or process the financial terms, credit limit amounts, or repayment schedules associated with such agreements.

We limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which it is processed, consistent with the Purpose Limitation Obligation under section 18 of the PDPA.

3.4. Data related to the Loyalty Program (where the User participates).

We collect and generate the following additional categories of personal data linked to the User's account:

  • (i) Loyalty Program account data, including Bonus Points balance (Pending, Available, and Lost sub-balances), current Partner Tier, Tier-qualification window, Tier upgrade and downgrade dates, expiry dates of Bonus Points, and Lifetime Platinum indicators where applicable;
  • (ii) Loyalty Program transaction history, including Bonus Point accruals and deductions per booking, source booking reference, GMV per qualifying booking, service category, monthly and lifetime aggregates, and reason codes for each transaction;
  • (iii) behavioural analytics generated by the Loyalty Program, including propensity scores for cross-sell between service categories, response signals to in-product nudges (welcome pop-up, email, in-app prompt), Tier-change trigger events, and a log of "Lost opportunities" recording bookings on which the User did not capture an otherwise-eligible bonus;
  • (iv) Loyalty Program communications, including the content of help-desk tickets, chat messages, and emails exchanged in connection with the program;
  • (v) Loyalty Program-tracking identifiers used to attribute bookings and behaviours to the User's Loyalty Program account across sessions and devices.

PURPOSES OF PROCESSING PERSONAL DATA

We process personal data for the following purposes:

4.1. Providing the GetOffers Service, including processing booking requests, assembling Service Packages and Custom Orders, transmitting tender and order information to Partner Platforms, and facilitating the User's connection to Partner Platforms' booking and payment interfaces across all categories of Eligible Services including transportation, accommodation, airline ticketing, tours, activities, and other travel-related services;

4.2. Transmitting booking and User identification information to Partner Platforms, and facilitating payment transactions to the extent necessary to process the User's order on the applicable Partner Platform;

4.3. Sending electronic booking confirmations and other transactional communications consistent with the Electronic Transactions Act 2010 of Singapore;

4.4. Creating and maintaining User accounts and authenticating account access;

Loyalty Program Data. Bonus Points data, Tier history, transaction logs, and behavioural analytics generated by the Loyalty Program are retained for the duration of the User's participation in the program plus three (3) years after account closure or program exit, in order to handle disputes, respond to tax and consumer-protection enquiries, and comply with statutory limitation periods. Where the User has earned Lifetime Platinum status, a minimal record sufficient to verify and honour that entitlement (account identifier, Lifetime status flag, and date of attainment) may be retained indefinitely; the User may at any time request deletion of the Lifetime record, in which case the entitlement will be forfeited, and GetOffers will confirm this consequence before acting on the request. Fraud-prevention records related to the Loyalty Program may be retained for up to seven (7) years.

4.5. Responding to User inquiries, claims, cancellation requests, and requests to exercise consumer rights;

4.6. Complying with applicable legal obligations, including obligations under the applicable law referenced in the Terms of Service;

4.7. Detecting, investigating, and preventing fraudulent use of Platform or other prohibited activities under Section 10 of the Terms of Service;

4.8. Improving the functionality and security of the Platform.

We do not process personal data for purposes that are incompatible with those disclosed in this Privacy Policy without first obtaining the User's consent, in accordance with the Consent and Purpose Limitation Obligations under sections 13 to 18 of the PDPA.

4.9. Operating the Loyalty Program — registering the User in the program, maintaining the program account, computing Bonus Points balance, calculating Partner Tier, applying the rules of the Loyalty Program, recognising Lifetime Platinum, and processing accruals, redemptions, expiries, reversals, and adjustments.

4.10. Sending operational notifications related to the Loyalty Program — including transition of Bonus Points from Pending to Available, Tier changes, Bonus Points expiry, expiry of the Welcome Gold Trial (including reminders at T-7 and T-1 days), confirmations of redemptions and reversals, and security-related messages. Such notifications are necessary to operate the Loyalty Program and cannot be opted out of while the User remains a program participant.

4.11. Sending marketing communications related to the Loyalty Program — where the User has given prior express consent, to send promotional messages including the welcome pop-up at registration, cross-sell prompts, category-specific offers, co-marketing communications associated with Platinum benefits, and re-engagement nudges. Marketing consent for each channel (email, in-app push, in-app pop-up, SMS) is given separately and may be withdrawn at any time, free of charge, via the unsubscribe link in each message, via account preferences, or by contacting GetOffers.

4.12. Conducting Loyalty Program analytics — to measure program effectiveness, model behavioural propensities, segment members for tailored communications, and improve the program design.

4.13. Preventing fraud and abuse of the Loyalty Program — to detect and prevent manipulation, including artificial inflation of GMV, sham bookings, multi-account abuse, collusion, and other forms of program abuse, and to investigate suspected breaches of the Loyalty Program terms.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

5.1. Categories of third parties to whom personal data may be disclosed:

  • Partner Platforms — third-party online platforms through which Eligible Services are made available, to the extent necessary to process the User's booking or order on the applicable platform. Partner Platforms may include providers of transportation, accommodation, airline ticketing, tours, activities, boat and yacht rentals, and other travel-related services. The current list of Partner Platforms is available on the Platform. Personal data disclosed to Partner Platforms may also be used by them to evaluate the User's eligibility for Partner Payment Terms (deferred payment, credit limits, or other special payment conditions) in accordance with the Partner Platform's own policies;
  • Service Providers — individual or corporate providers of Eligible Services through Partner Platforms, to the extent necessary for service fulfillment;
  • Law enforcement and regulatory authorities — where disclosure is required by applicable law, court order, or governmental authority;
  • Successors in interest — in connection with a merger, acquisition, reorganization, or other corporate transaction, to the extent permitted by applicable law, including the business asset transaction provisions of the PDPA.

Note: GetOffers does not disclose User personal data to payment processors on its own behalf, as GetOffers does not process payments. Any disclosure of data to a payment processor occurs directly between the User and the applicable Partner Platform.

5.2. GetOffers does not sell personal data. Disclosure of personal data to a Partner Platform for the purpose of fulfilling a service affirmatively requested by the User is made with the User's consent and solely for the performance of that service, and is not a sale of personal data.

5.3. GetOffers does not use personal data for targeted advertising, as used in this Privacy Policy.

5.4. Partner Platforms are legally independent entities. GETTRANSFER APAC PTE. LTD. is not responsible for the data processing practices of Partner Platforms. Users are encouraged to review the privacy policies of the applicable Partner Platforms prior to placing an order and prior to entering into any Partner Payment Terms arrangement.

CROSS-BORDER DATA TRANSFERS

6.1. Overview.

In connection with the provision of the GetOffers Service, personal data collected from Users may be transferred to, stored in, accessed from, and processed in countries other than the Republic of Singapore. This occurs because certain Partner Platforms may be incorporated and operate outside Singapore.

GetOffers maintains reasonable technical, administrative, and physical security measures to protect the confidentiality, integrity, and accessibility of personal data regardless of where that data is processed, in accordance with the Protection Obligation under section 24 of the PDPA.

6.2. Identification of Overseas Recipients.

Users are advised to review the privacy policies of the applicable Partner Platforms directly, as those entities may act as independent controllers with respect to personal data processed on their platforms and are subject to the data protection law of their respective jurisdictions.

6.3. Nature of Personal Data Transferred.

Personal data transferred to overseas Partner Platforms in connection with a User's booking or order may include, depending on the service requested, the following categories of data:

  • Full name;
  • Email address;
  • Phone number;
  • Booking and order details;
  • Travel document information where required by the Service Provider.

The transfer of personal data to a Partner Platform is limited to what is necessary to fulfill the specific service affirmatively requested by the User, consistent with the Purpose Limitation Obligation under section 18 of the PDPA. GetOffers does not transfer payment card data or financial account information to Partner Platforms, as such data is entered by the User directly on the Partner Platform.

6.4. Transfer Limitation Under the PDPA.

In accordance with the Transfer Limitation Obligation under section 26 of the PDPA, GetOffers does not transfer personal data to a country or territory outside Singapore except in accordance with the requirements prescribed under the PDPA, so as to ensure that the transferred personal data is accorded a standard of protection comparable to that under the PDPA. Transfers of personal data to Partner Platforms are made for the sole purpose of processing the User's booking or order, with the User's consent, and subject to the contractual safeguards described in Section 6.5.

GetOffers does not transfer personal data to overseas recipients for the purposes of targeted advertising, sale of personal data, or profiling, as those terms are used in this Privacy Policy.

6.5. Contractual Safeguards with Overseas Recipients.

In accordance with section 26 of the PDPA and the Personal Data Protection Regulations 2021, GetOffers enters into written agreements with Partner Platforms and other third parties that receive personal data from GetOffers. Such agreements require recipients to: process personal data only for the purposes for which it was disclosed; implement reasonable security measures to protect personal data; assist GetOffers in responding to consumer rights requests to the extent applicable; and comply with applicable data protection law.

GetOffers will not be liable for the independent misconduct of an overseas recipient where GetOffers had no knowledge that the recipient violated or would violate applicable law, to the extent permitted by applicable law.

6.6. Partner Platforms Established in the European Union.

With respect to Partner Platforms established in the European Union — including www.gettransfer.com, incorporated in the Republic of Cyprus — personal data transferred from GetOffers to such platforms may be subject to the requirements of the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679). Such Partner Platforms act as independent controllers under the GDPR with respect to personal data processed on their own platforms.

Users who are residents of the European Economic Area (EEA) and who have questions about the processing of their personal data by EU-established Partner Platforms are encouraged to contact those platforms directly and to review their respective privacy policies and GDPR disclosures.

6.7. Security of Transferred Data.

Personal data transferred to overseas recipients is subject to the same reasonable technical, administrative, and physical security measures described in Section 8 of this Privacy Policy, to the extent within GetOffers' control. GetOffers takes reasonable steps to verify that overseas recipients maintain appropriate security practices as a condition of data disclosure.

6.8. Consumer Rights with Respect to Transferred Data.

The consumer rights described in Section 10 of this Privacy Policy apply with respect to personal data transferred to overseas recipients to the extent that such data remains within GetOffers' control or custody. Where personal data has been transferred to an independent third-party controller (including an overseas Partner Platform), the User may need to exercise relevant rights directly with that controller pursuant to the applicable Partner Platform's privacy policy.

SENSITIVE DATA

GetOffers does not intentionally collect sensitive data as described in this Privacy Policy. To the extent any sensitive data is incidentally submitted by a User, GetOffers will process such data only upon obtaining the User's explicit consent, in accordance with the Consent Obligation under sections 13 to 17 of the PDPA and applicable PDPC guidance.

AUTOMATED DECISION-MAKING IN THE LOYALTY PROGRAM

The following decisions in the Loyalty Program are made by automated means without human intervention: (i) calculation of the User's Bonus Points balance (accrual, deduction, expiry, reversal); (ii) determination of the User's Partner Tier (upgrades, downgrades, recognition of Lifetime Platinum); and (iii) selection and timing of in-product nudges. These decisions are based on the rules of the Loyalty Program published in the Agreement and on the data described in Section 3.4.

Loyalty Program — Operational vs. Marketing Communications. Operational notifications related to the Loyalty Program (Bonus Point status changes, Tier changes, Welcome Gold Trial reminders, expiry warnings, security messages) are sent to the User as part of the operation of the program and cannot be opted out of while the User remains a participant. Marketing communications related to the Loyalty Program (welcome pop-up at registration, cross-sell prompts, category-specific offers, co-marketing communications) are sent only where the User has given prior express consent, given separately for each marketing channel (email, in-app push, in-app pop-up, SMS). Marketing consent may be withdrawn at any time, free of charge, via the unsubscribe link in each message, via the User's account preferences, or by contacting GetOffers at the address set out in "Contact Information" below.

Where applicable law affords the User a right to human review of automated decisions, the User may request such review by contacting GetOffers at the address set out in "Contact Information" below. GetOffers will arrange for a member of the Loyalty Program team to review the decision and respond within a reasonable time and in any event without undue delay.

DATA SECURITY

GetOffers implements reasonable technical, administrative, and physical security measures to protect the confidentiality, integrity, and accessibility of personal data against unauthorized access, disclosure, alteration, or destruction, in accordance with the Protection Obligation under section 24 of the PDPA.

DATA RETENTION

GetOffers retains personal data only for as long as necessary to fulfill the purposes set forth in Section 4 of this Privacy Policy, or as required by applicable law. Upon expiration of the applicable retention period, personal data is deleted or anonymised in accordance with the Retention Limitation Obligation under section 25 of the PDPA.

USER RIGHTS UNDER THE PDPA

In accordance with the PDPA, Users have the following rights with respect to their personal data processed by GetOffers:

10.1. Right to Access. The right to request access to personal data about the User that is in GetOffers' possession or under its control, and information about the ways in which that personal data has been or may have been used or disclosed within a year before the request, subject to the exceptions in section 21 of, and the Fifth Schedule to, the PDPA.

10.2. Right to Correct. The right to correct inaccuracies in the consumer's personal data, taking into account the nature of the data and the purposes of processing (section 22 of the PDPA).

10.3. Right to Withdraw Consent; Cessation of Retention. The right to withdraw, on reasonable notice, any consent given in respect of the collection, use, or disclosure of personal data (section 16 of the PDPA); upon withdrawal, GetOffers will cease, and cause its data intermediaries to cease, the relevant collection, use, or disclosure, and will inform the User of the likely consequences of withdrawal. GetOffers will also cease to retain personal data, or anonymise it, as soon as retention is no longer necessary for any legal or business purpose (section 25 of the PDPA).

10.4. Data Portability. The data portability provisions of the PDPA (Part 6A) have been enacted but are not yet in force; pending their commencement, GetOffers will, on request and where technically feasible, provide the User with a copy of the User's personal data in a structured, commonly used, machine-readable format.

10.5. Right to a List of Third Parties. The right to obtain a list of the categories of third parties to which GetOffers has disclosed the consumer's personal data (provided voluntarily as a matter of transparency; this is not a statutory PDPA right).

10.6. Right to Opt Out of Marketing. The right to opt out at any time of marketing communications, free of charge, and the protections of the Do Not Call provisions in Part 9 of the PDPA in respect of marketing messages sent to Singapore telephone numbers. GetOffers also honours opt-outs from targeted advertising, sale of personal data, and profiling as described in this Privacy Policy.

10.7. Authorized Agents. A consumer may designate a person validly authorized to act on the consumer's behalf to exercise the consumer's rights, in accordance with the PDPA and regulations made thereunder.

10.8. Children. In the case of processing personal data of a known child, the parent or legal guardian may exercise consumer rights on the child's behalf (in accordance with the PDPA and applicable PDPC advisory guidelines).

HOW TO EXERCISE YOUR RIGHTS

To exercise any of the rights described in Section 10 of this Privacy Policy, consumers may submit a request to GetOffers using the contact information provided in the "Contact Information" section below.

11.1. Response time. GetOffers will respond to a verified consumer request without undue delay and as soon as reasonably possible. If GetOffers is unable to respond to an access or correction request within thirty (30) days after receipt, it will inform the consumer in writing within that period of the time by which it will be able to respond, in accordance with the PDPA and the Personal Data Protection Regulations 2021.

11.2. Declining a request. If GetOffers declines to take action on a consumer's request, GetOffers will notify the consumer of the reason for declining and provide instructions for how to appeal the decision, together with the reasons for declining, to the extent required by the PDPA.

11.3. Appeals. If a consumer's request is denied, the consumer may appeal the decision by submitting a written appeal to the contact address in the "Contact Information" section. GetOffers will respond to the appeal within sixty (60) days. If GetOffers upholds the denial on appeal, the consumer may lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC) at www.pdpc.gov.sg.

11.4. Authentication. GetOffers will use commercially reasonable means to authenticate requests under Sections 10.1–10.5. GetOffers is not required to authenticate opt-out requests but may deny an opt-out request if it has a good faith, reasonable, and documented belief that the request is fraudulent, consistent with the PDPA.

11.5. Fee. GetOffers may charge a reasonable fee for responding to an access request, as permitted by the PDPA, in which case the consumer will be informed of the estimated fee in advance. GetOffers reserves the right to decline to act on a request that is manifestly unfounded, excessive, or repetitive, consistent with applicable law.

GLOBAL PRIVACY CONTROLS AND UNIVERSAL OPT-OUT MECHANISMS

As a matter of good practice (this is not a statutory PDPA requirement), GetOffers recognizes and honors Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOMs) as a valid means by which a consumer may opt out of the processing of personal data for targeted advertising and the sale of personal data.

ELECTRONIC COMMUNICATIONS

All confirmations, notices, and other communications sent by GetOffers to Users in electronic form — including booking confirmations sent by email — have the same legal effect as written communications on paper, in accordance with the Electronic Transactions Act 2010 of Singapore.

CONTACT INFORMATION

To exercise consumer rights, submit a privacy-related inquiry, or file a complaint regarding this Privacy Policy, Users may contact GetOffers at:

GETTRANSFER APAC PTE. LTD., 68 Circular Road, #02-01, Singapore 049422

Email: [email protected]. Data Protection Officer (PDPA s.11(3)): [email protected] (attn: Data Protection Officer)

To submit a complaint directly to the data protection regulator regarding a potential violation of the PDPA, Users may contact:

Personal Data Protection Commission, Singapore (PDPC) — www.pdpc.gov.sg

CHANGES TO THIS PRIVACY POLICY

GetOffers reserves the right to update this Privacy Policy from time to time. Material changes will be communicated to Users by posting the updated Privacy Policy on the Platform and/or by email notification no less than thirty (30) calendar days before the changes take effect, consistent with Section 12 of the Terms of Service.

Continued use of the Service following the effective date of any changes constitutes the User's acceptance of the updated Privacy Policy.

GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Singapore, including the Personal Data Protection Act 2012 (No. 26 of 2012). For Users located in the European Economic Area, mandatory provisions of the GDPR may apply in addition.