Business Partner Privacy Policy

Effective Date: June 1st, 2026

This Privacy Policy describes how BALI WATER SPORTS, operated by AURORA FX TECHNOLOGY LLP (collectively referred to as “we”, “us”, or “our”), processes Personal Data of (prospective) activity providers, tour operators, business partners, content creators, and other collaborators offering their services or engaging in partnerships with us or users of our Supplier Portal or Partner Portal (hereinafter collectively referred to as “Business Partners” or “you”).

“Personal Data” refers to any information associated with an identified or identifiable individual. This can include data that you provide to us or data that we collect about you during your interaction with our platform as outlined below. Please note that this data is only considered as “Personal Data” when concerning a natural person, not when concerning a legal person or entity.

This privacy policy has been drafted, and shall be construed, in the English language. Any translation of the privacy policy is solely for reference. In the event of an inconsistency between the English language version and a translated version, the English language version of the privacy policy shall prevail.

Controller Details

The Controller responsible for processing your Personal Data in accordance with the Singapore Personal Data Protection Act (PDPA) and the Indonesian Personal Data Protection Act (UU PDP) is:

  • Controller: AURORA FX TECHNOLOGY LLP (Operating BALI WATER SPORTS)
  • Entity Registration (UEN): T24LL0524D
  • Address: 7030 ANG MO KIO AVENUE 5, #08-106 NORTHSTAR @ AMK, SINGAPORE 569880

Data Processing Activities

The personal data we collect in regards to Business Partners depends on their interactions with us and the products, services, and features they use.

Supplier & Partner Onboarding

In the course of our collaboration with Business Partners, we may handle your personal data or that of your designated contacts. The purposes of this processing are, in particular, communication regarding products, services, and projects, e.g., to process inquiries from the Business Partner, as well as the initiation, execution, and administration of (contractual) business relationships, e.g., to process orders for products and services, to collect payments, for accounting, billing, and collection purposes, and to maintain business relationships. If the contact person is not directly our (prospective) Business Partner, we process this data based on our legitimate interest in communicating with the Business Partner personnel.

Registration and Account Creation – Supplier Portal / Partner Portal

We may collect the following information during the registration process for the Supplier Portal or the Partner Portal (hereinafter collectively referred to as “the Portals”), which may contain Personal Data:

  • Login information: Email address, passwords.
  • Business role: How you want to work with us (e.g., as a supplier, partner, travel agency, content creator).
  • Contact information: Name, email address, or telephone number.
  • Financial Data: Such as bank details, bank account number, or other payment information.
  • Business information: Such as company name, company address, commercial registration number, managing director details, insurance details, and tax/VAT identification number.

We use this personal data to set up and manage your Supplier account or Partner account, to perform our contractual business relationship, and to comply with financial, tax, and other statutory or regulatory requirements. If the contact person is not directly our (prospective) Business Partner, we process this data based on our legitimate interest in communicating with the Partner personnel.

Supplier Messaging and Communication via the Platform

We may offer Suppliers different means to communicate with Customers before or after a booking. Any communication sent or received through our platform (including any Personal Data that it might contain) may be accessed and stored by us. In this case, the processing is carried out to detect and prevent fraud as well as the misuse of our services.

Support Services

We may also collect Personal Data while providing support services. This includes any Personal Data that Business Partners choose to share with us in support tickets, dashboard chats, or emails. If Business Partners engage with us over the phone, we collect their phone number and any other information they might provide during the call. The processing of this personal data is necessary to provide our support services to the Business Partners under our commercial relationship. If the contact person is not directly our (prospective) Business Partner, we act in our legitimate interest in communicating with the Partner personnel.

Identity Verification & Fraud Prevention

During the registration process, Business Partners must complete an identity verification for fraud prevention and compliance purposes, which may be conducted by our designated identity verification service providers (such as Persona Identities, Inc. or equivalent regional verification partners).

The provider may collect the following information to verify your identity on our behalf:

  • Business information: Legal company name, business registration number, name(s) of managing director(s), phone number, and email address.
  • Government ID: The government ID (such as a Passport, KTP, or corporate license) that you upload for verification.
  • Selfie: The photo of yourself that you take and upload for verification.
  • Biometric data: During the verification process, the system scans your selfie and government ID photo to confirm that the facial geometry matches in both images.

Before collecting this information, we or our verification partners will obtain explicit consent where required by applicable data protection regulations.

Please note that the information collected may vary depending on your legal status (e.g., individual trader or registered corporate entity) and your location. In our legitimate interest in preventing fraud, we may also collect device information, including IP address, device type, operating system, browser, and location data. To enable the verification partner to link your verification with your platform account, we may provide them with your unique platform User ID.

Payment Processing

In order to process payments and merchant payouts, we may share any financial or business information you provide during your registration with our appointed financial institutions, banks, or payment service gateways. The specific provider used will depend on your location, chosen payment method, and the currency you select for your payouts. This processing of personal data is conducted to fulfill our contractual remittance obligations to you.

Surveys and Marketing Communication

We may use Personal Data for B2B communications, including providing information about the platform (e.g., updates to the Portals), sending newsletters, partner surveys, or other operational marketing communications. You can unsubscribe at any time via the unsubscribe link in every marketing communication or via your account preferences dashboard. We process your personal data based on our legitimate interest in promoting our platform services, improving partner engagement, and enhancing the functionality of our marketplace.

Recipients of Personal Data

Beyond the cases described above, your personal data may be shared with the following third parties:

  • Subsidiaries and Affiliates: We may share your personal information with our corporate subsidiaries and affiliates to facilitate the provision of platform operations, localized services, and system connectivity.
  • Third-Party Service Providers: We may share your personal information with third-party service providers who assist us in delivering our marketplace services, including payment processing gateways, IT infrastructure and cloud hosting, B2B marketing systems, analytics tools, and customer service software. These providers are contractually bound to protect your data and use it solely for the purposes specified by us.
  • Customers: We may share your relevant operational or personal information as a Supplier with customers who have booked an experience with you to facilitate the fulfillment of the booking and provide local support services.
  • Legal and Regulatory Authorities: We may be required to disclose partner personal data to legal, judicial, and regulatory authorities upon request or as required by law, especially in matters related to financial compliance, anti-money laundering (AML) laws, tax filings, fraud prevention, and customer safety.
  • Financial Institutions: We may be required to disclose personal data, such as ID copies, dates of birth, and places of birth provided during the verification process, to corporate banks or financial clearing institutions to fulfill compliance obligations related to payments made to Business Partners.

When transferring data across international borders (such as between Indonesia, Singapore, or other regional operations), we establish appropriate technical, structural, and administrative safeguards to ensure your personal data receives an adequate level of data protection in line with regional regulatory requirements.

Information Collected from Other Sources

We may collect personal or business information from publicly available sources, business registries, or third-party lead providers to reach out to potential Business Partners and explore tour collaboration opportunities.

In legal compliance or insolvency matters, we may receive information relating to Business Partners from insolvency administrators, liquidators, courts, or other public authorities. Similarly, law enforcement or tax authorities may provide us with additional information about Business Partners if involved in an active regulatory investigation.

Furthermore, in certain instances and as permitted by applicable law, we may collect data through third-party sources for fraud detection and prevention, risk management, and platform compliance purposes. Additionally, we may receive personal information from social media networks when you interact with our official brand handles, posts, or marketing content.

Data Retention

We will retain personal data for as long as deemed necessary to manage our business relationship with the Business Partner, to ensure the secure provision of services to Customers, to comply with applicable tax, corporate, and accounting records laws, to resolve disputes or legal claims with any parties, and as otherwise necessary to securely conduct our marketplace business.

Improvement and Analytics

We use information provided to us or collected when you interact with our platform for analytical purposes. This is part of our drive to improve our platform products and services, and to enhance the experience for travelers and operators alike.

This data can also be used for software testing purposes, system troubleshooting, and to improve the overall functionality and quality of our online marketplace. We may use analytics to optimize supplier activity content, enhance search functionality, and develop new platform features—such as AI-powered translation systems and insights dashboards—that help our Business Partners manage and grow their operations. We also invite Business Partners to participate in surveys, provide platform feedback, and conduct other market research from time to time to better understand your experience.

Tracking Technologies

We use cookies and other tracking technologies, such as web pixels and server-to-server data sharing, to improve our services, enhance your dashboard browsing experience, understand how you interact with our Portals, and measure marketing campaigns. Approved third-party service infrastructure tools may also use these technologies in connection with platform analytics and optimization. You can manage your tracking and cookie preferences via your browser or account settings at any time.

Your Data Protection Rights

You have specific legal rights with regard to the processing of your Personal Data under applicable data protection laws (including the Singapore PDPA and Indonesian UU PDP). To exercise your rights or if you have questions regarding this Privacy Policy, you can contact us through the designated support contact forms in your portal dashboard or by reaching out directly to our privacy compliance team at our corporate address.

  • Right to Access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to a copy of the personal data.
  • Right to Rectification: You have the right to have any inaccurate or outdated personal data about you rectified and to have any incomplete personal data completed.
  • Right to Erasure (“Right to be Forgotten”): You have the right to request that personal data about you be deleted without undue delay under certain circumstances, such as when the personal data is no longer necessary in relation to the purposes for which it was collected, subject to applicable regulatory data retention laws.
  • Right to Restriction of Processing: You have the right to restrict or limit the processing of your personal data under certain conditions, such as if you contest the accuracy of the data or if the processing is deemed unlawful.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to request the transmission of those data to another data controller without hindrance, where technically feasible.
  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on legitimate business interests, including any data processed for direct marketing purposes.
  • Right to Complain: You have the right to contact a competent data protection supervisory authority or regulatory body in your jurisdiction in the event of unresolved processing complaints.

Automated Decision-Making & Right to Appeal: Automated decision-making refers to the process of making decisions based on data entered into a system without human involvement. Biometric identity verification is performed using automated validation software and may result in an automated approval or denial of your identity match. If you create an account for our Supplier Portal and your verification status is denied by the automated tool, you have the right to file an appeal by contacting us through our support desk to request a manual review of your verification case.