Introduction

Protecting your personal information is a priority. This Privacy Policy explains how Astute Cybersecurity collects, uses, shares, and safeguards personal data, but not limited to the purposes described herein. We comply with the Singapore Personal Data Protection Act (PDPA) and other applicable privacy laws.

Before collecting your data, we will inform you of its purpose and obtain your consent, unless collection or use is legally permitted without consent.

Collection of Personal Data

We gather personal information through multiple channels to provide services, communicate effectively, and improve your experience, but not limited to the following scenarios:

• Use our products, services, or digital platforms
• Register accounts or request access to solutions
• Subscribe to newsletters, updates, or marketing communications
• Contact us for support, inquiries, or partnerships
• Apply for jobs or submit resumes
• Participate in surveys, contests, or events
• Engage with online content, social media, or advertisements
• Browse websites or apps (including cookies and tracking tools)
• Visit our offices or facilities
• Provide goods or services as a vendor, contractor, or partner

We may also receive personal data from third parties, publicly available sources, or referrals. If you submit personal data on behalf of someone else, you confirm that you have their consent.

Types of Personal Data

Depending on your interactions with Astute Cybersecurity, we may collect personal data, but not limited to, the following:

• Identification Data: Full Name as per NRIC, NRIC/FIN/passport number, contact information, date of birth, biometric data, IP addresses, device IDs, payment information
• Professional & Educational Data: Qualifications, employment history, and career-related information
• Interaction & Communication Data: Emails, call recordings, support notes, visitor logs, or CCTV footage
• Event & Media Data: Photos, videos, and recordings taken during events, potentially used for marketing, social media, or promotions
• Transactional & Service Data: Data generated or provided during service delivery
• Third-Party Data: Data from partners, agencies, credit bureaus, public records, or authorized individuals

We only collect personal data necessary for legitimate business, operational, or legal purposes.

How We Use Personal Data

Personal data is used to deliver services, ensure safety, comply with regulations, and enhance your experience, but not limited to the following purposes:

Customers

• Deliver services and process payments: Ensure seamless delivery of products and services, manage accounts, handle billing and payment processing, and respond efficiently to inquiries or service requests.
• Feedback and service improvement: Conduct surveys, gather feedback, analyze service usage, and personalize offerings to enhance the customer experience.
• Marketing and communications: Share promotions, event invitations, newsletters, and other marketing materials, with your consent or where legally permitted. Users may opt out at any time.
• Security and compliance: Monitor systems, prevent fraud, conduct audits, manage compliance, and address operational risks to protect customers and Astute Cybersecurity’s systems.
• Legal and regulatory obligations: Fulfil legal requirements, assist law enforcement or government authorities, and respond to lawful requests.

Suppliers & Subcontractors

• Due diligence and verification: Perform background checks, security clearances, and compliance checks as required by law, internal policies, or client obligations.
• Operational support: Facilitate the supply of goods and services, ensure safe access to Astute Cybersecurity’ or client premises, and manage communications related to service delivery.

Visitors

• Facility safety and security: Monitor access to premises, manage visitor logs, and respond to incidents or emergencies.
• Visitor communication: Contact visitors when necessary, regarding their visit, event participation, or any follow-up actions.

Website Visitors

• Inquiry management: Respond to questions or requests submitted via our websites, apps, or online platforms.
• Other uses: Any use of personal data beyond inquiries requires your consent, including marketing, analytics, or promotional purposes.

Job Applicants

• Application assessment: Evaluate your suitability for positions applied for, shortlist candidates, and communicate progress.
• Verification and reference checks: Conduct background, employment, educational, credit, or criminal checks as required to assess eligibility for employment.

Marketing Communications and Opt-Out

Users can opt out of marketing communications at any time, including newsletters, promotions, event invitations, and product updates.

Instructions for opting out are provided in the communications or can be done via contacting our Data Protection Officer.

Opting out does not affect service-related messages necessary for account management, billing, or operational purposes.

Opt-out requests are processed promptly but may take a short period to take full effect across all systems.

Consent will always be obtained for purposes not explicitly listed above.

Sharing Personal Data

Data may be shared, but not limited to, the following parties:

• Group companies: Within Astute Cybersecurity, personal data may be shared to support business operations, service delivery, and administrative purposes, while ensuring data protection in line with applicable laws.
• Business partners & vendors: Personal data may be shared with vendors or third parties assisting us in delivering products, services, or operational support. These partners are required to handle data securely and only for the agreed purposes.
• Clients: Data may be shared with our clients when necessary to fulfil contractual obligations, provide services, or coordinate operational requirements.
• Job agencies: Recruitment or talent agencies may receive personal data to assist with job applications, hiring processes, or other recruitment-related activities, strictly in accordance with consent provided.
• Regulatory & government authorities: Data may be disclosed when required by law or regulation.
• Financial institutions: Data may be shared with banks or financial institutions for purposes related to payments, credit evaluations, or other financial services, strictly limited to the necessary scope.
• Research institutions & credit bureaus: Personal data may be shared for market research, analysis, or creditworthiness assessments, subject to legal and contractual safeguards.

Transfer Data Overseas

Personal data may be transferred outside Singapore for operational, service, or analytical purposes, but only under strict safeguards to ensure protection equivalent to PDPA standards.

• Contractual Obligations: Overseas recipients are required to commit contractually to protect personal data and use it solely for specified purposes.
• Security Measures: Data is protected through encryption, secure transmission, and other technical safeguards to maintain confidentiality and integrity.
• Limited Access: Only authorized personnel of the overseas recipient can access the data, and access is monitored and restricted based on necessity.
• Oversight & Compliance: We periodically review and audit overseas partners to ensure ongoing compliance with our data protection requirements.

Accuracy & Security

We take reasonable steps to ensure personal data is accurate, complete, and up-to-date, but not limited to situations where it affects decision-making or third-party disclosure.

Protection measures include:

• Network, system, and database security controls
• Role-based access restrictions
• Verification procedures to prevent unauthorized access

These measures are regularly reviewed.

Withdrawal of Consent

You may withdraw consent for the use of your personal data at any time by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Processing may take time depending on the complexity of your request. We will notify you of any potential impact. Withdrawal of consent may limit our ability to provide certain services.

Rights to Access and Update Your Personal Data

You have the right to request access to the personal information we hold about you, including details on how your data has been used or disclosed in the past 12 months. You may also request corrections or updates to ensure that your information is accurate and complete.

You may submit your request to access or update your personal data in writing or via email to our Data Protection Officer at the contact details provided below.

A reasonable fee may be charged for providing access to personal data. We will inform you of any fees before processing your request.

During the process of handling your request, we may conduct verification checks to confirm your identity before granting access to or making changes to your personal data.

We aim to respond promptly. If we are unable to complete your request within 30 days, we will inform you in writing and provide an estimated timeframe for resolution.

In cases where we are unable to provide access to your data or make the requested corrections, we will generally explain the reason, except where exceptions apply under the Personal Data Protection Act (PDPA).

Data Retention

Personal data is retained only as long as necessary, but not limited to, fulfilling its original purpose or meeting legal obligations. After retention periods, data is securely destroyed. Anonymized data may be retained for analytics, research, or reporting.

Recruitment Data Privacy Consent

By submitting a job application, you consent to the collection, storage, and processing of personal and sensitive data, including but not limited to pre-employment checks such as education, employment history, references, credit, criminal, and medical checks. False or incomplete information may affect your application or employment.

Third-Party Products & Services

As we provide products and services from third-party brands, please note that their collection, use, and handling of personal data are governed by their own privacy policies, but not limited to product registration, support, or marketing. Users are encouraged to refer to the respective brands’ privacy policy listed on their websites.

Contact

For any requests or questions regarding our personal data protection policies and practices, you may reach out to our Data Protection Officer at: dpo@astutecybersecurity.com.sg

General

This Privacy Policy works alongside any other notices, agreements, or forms. Products and Services may have separate privacy policies, refer to their terms of use and product-specific policies.

We may update this policy periodically. The “last updated” date reflects the latest version. Continued use of our services constitutes acceptance.