Privacy Policy
This Privacy Policy outlines how springboardasia.com ("we," "us," or "our") manages Personal Data in compliance with the Singapore Personal Data Protection Act 2012 (PDPA) and its subsequent amendments. We take our responsibilities under Singapore's privacy laws seriously and are committed to protecting the personal information entrusted to us.
1. Introduction
This policy applies to all Personal Data collected, used, disclosed, or processed by springboardasia.com. By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to springboardasia.com, as well as our respective representatives and/or agents, collecting, using, disclosing, and sharing your Personal Data in the manner set forth in this Privacy Policy.
2. What Constitutes Personal Data?
"Personal Data" refers to data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access.
Common examples of Personal Data we may collect include your:
-
Name
-
Contact details (e.g., email address, phone number, mailing address)
-
Employment history and educational background (if applying for a job)
-
Payment and billing information
-
IP address, cookies, and website usage data
Note: In compliance with updated PDPA guidelines, we do not collect or use National Registration Identity Card (NRIC) numbers, FINs, or passport numbers for general authentication or verification purposes.
3. Data Protection Officer (DPO)
In accordance with the Accountability Obligation under the PDPA, we have appointed a Data Protection Officer (DPO) to oversee our data protection compliance and management program.
If you have any inquiries, feedback, or requests regarding this policy or your Personal Data, you may contact our DPO at:
-
Email: dpo@springboardasia.com
-
Mailing Address: [Insert Singapore Registered Address]
-
Attention: Data Protection Officer
4. Collection of Personal Data
We generally collect Personal Data in the following ways:
-
When you submit forms on our website (e.g., contact forms, registration forms).
-
When you create an account or use our platform services.
-
When you interact with our customer support teams.
-
When you subscribe to our newsletters or marketing communications.
-
Automatically through cookies and tracking technologies when you browse springboardasia.com.
5. Purposes for Collection, Use, and Disclosure
Under the Purpose Limitation and Notification Obligations, we will clearly inform you of the purposes for which your data is collected. We collect and use your Personal Data only for the following primary purposes:
-
Providing, maintaining, and improving our services and website functionality.
-
Processing transactions and managing billing.
-
Responding to your queries, feedback, and customer service requests.
-
Sending technical notices, security alerts, and administrative messages.
-
With your explicit consent, sending marketing and promotional materials.
-
Complying with applicable legal, regulatory, and corporate governance requirements.
We will not use your Personal Data for any other purpose without your consent, unless permitted or required by law.
6. Consent and Withdrawal
Obtaining Consent: We will not collect, use, or disclose your Personal Data without your consent, except where authorised by the PDPA or other laws. By providing your data to us, you are deemed to have consented to the purposes outlined in this policy.
Withdrawing Consent: You may withdraw your consent for the collection, use, or disclosure of your Personal Data at any time by contacting our DPO. Please note that withdrawing consent may affect our ability to continue providing certain services or products to you. We will process your request within a reasonable timeframe and inform you of the likely consequences of the withdrawal.
7. Access and Correction
You have the right to request access to and correction of the Personal Data we hold about you.
-
Access: You may request to know what Personal Data we hold and how it has been used or disclosed within the past year.
-
Correction: If your data is inaccurate or incomplete, you may request that we update it.
To submit an access or correction request, please email our DPO. We may charge a reasonable administrative fee for access requests, which we will inform you of beforehand.
8. Accuracy of Personal Data
We make reasonable efforts to ensure that the Personal Data we collect is accurate and complete, particularly if the data is likely to be used to make a decision that affects you or is disclosed to another organisation. Please keep us updated of any changes to your personal information.
9. Protection and Security
We have implemented reasonable technical, administrative, and physical security measures to protect your Personal Data against unauthorized access, collection, use, disclosure, copying, modification, or similar risks.
Our safeguards include:
-
Encryption of data in transit and at rest.
-
Strict access controls limiting internal data access to authorized personnel only.
-
Regular security audits and vulnerability assessments.
-
Complete phase-out of NRIC-based authentication across all customer and internal platforms, substituting them with secure multi-factor authentication methods.
10. Retention Limitation
We will cease to retain your Personal Data, or anonymise it so that it can no longer be associated with you, as soon as it is reasonable to assume that the original purpose for collection is no longer being served by its retention, and retention is no longer necessary for legal or business purposes.
11. Transfer of Data Outside Singapore
If we transfer your Personal Data to countries or territories outside Singapore (e.g., for cloud storage or third-party processing), we will ensure that the recipient organisation is legally bound to provide a standard of protection comparable to that under the Singapore PDPA. This is typically achieved through legally binding corporate rules, standard contractual clauses, or recognized certifications (such as the Cross-Border Privacy Rules System).
heysara.sg
12. Data Breaches
In the unlikely event of a data breach that affects your Personal Data, we have a comprehensive incident response plan in place. If a breach is deemed to be of a significant scale or is likely to result in significant harm, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the mandatory data breach notification requirements under the PDPA.
13. Changes to this Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in legal or regulatory obligations, or how we handle personal data. Any changes will be published on this page with an updated "Effective Date." We encourage you to review this page periodically to stay informed about how we are protecting your information.