Privacy Policy
1. Introduction
Provenance Software PTE LTD ("we," "our," or "us"), a company incorporated in Singapore (UEN: 202412345A), is committed to protecting your privacy and personal information in accordance with the Personal Data Protection Act 2012 ("PDPA") and other applicable laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our VeriPass platform and related services.
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:
- Contact information (name, email address, phone number, company name)
- Account credentials and authentication information
- Professional information (job title, department, business role)
- Communication preferences and history
- Payment and billing information (processed securely through third-party providers)
2.2 Business Information
In connection with our supply chain compliance services, we may collect:
- Supply chain data and documentation
- Compliance reports and audit information
- Material provenance and tracking data
- Regulatory compliance documentation
- Third-party supplier information
2.3 Technical Information
We automatically collect certain technical information, including:
- IP addresses and device identifiers
- Browser type and operating system
- Usage patterns and platform interactions
- Log files and system performance data
- Cookies and similar tracking technologies
3. How We Use Your Information
We use collected information for the following purposes:
- Providing and maintaining our VeriPass platform and services
- Processing compliance reports and supply chain analysis
- Communicating with you about our services and support
- Billing and payment processing
- Improving our platform functionality and user experience
- Ensuring security and preventing fraud
- Complying with legal and regulatory requirements
- Conducting business analytics and research (anonymized data)
4. Information Sharing and Disclosure
We do not sell your personal information. We may share information in the following circumstances:
4.1 Service Providers
We work with trusted third-party service providers who assist us in operating our platform, including cloud hosting, payment processing, and customer support services.
4.2 Legal Requirements
We may disclose information when required by law, court order, or government regulation, or to protect our rights, property, or safety.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.
4.4 Consent
We may share information with your explicit consent for specific purposes not covered in this policy.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption of data in transit and at rest
- Access controls and authentication systems
- Regular security audits and monitoring
- Employee training on data protection practices
- Compliance with ISO 27001 and other security standards
6. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations. Specific retention periods include:
- Account information: For the duration of your account plus 7 years
- Compliance data: As required by applicable regulations (typically 5-10 years)
- Communication records: 3 years from last interaction
- Technical logs: 1-2 years for security and performance purposes
7. Your Rights Under Singapore PDPA
Under Singapore's Personal Data Protection Act, you have the following rights:
- Right to Access: Request access to your personal data in our possession
- Right to Correction: Request correction of inaccurate or incomplete personal data
- Right to Withdraw Consent: Withdraw consent for collection, use, or disclosure of personal data (subject to legal and contractual restrictions)
- Right to Data Portability: Request transfer of your data in a commonly used machine-readable format
- Right to Object: Object to processing for direct marketing purposes
To exercise these rights, please contact us using the methods provided in this policy. We will respond within 30 days of receiving a valid request, as required under the PDPA.
8. International Data Transfers
As a Singapore-based company, we may transfer your personal data outside Singapore to provide our services. In accordance with the PDPA, we ensure appropriate safeguards are in place through:
- Transfers to countries with adequacy decisions under Singapore law
- Standard contractual clauses approved by the Personal Data Protection Commission
- Binding corporate rules and appropriate contractual obligations
- Your explicit consent for specific transfers where required
We will not transfer your personal data to any country or organisation unless adequate protection is ensured.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. You can control cookie settings through your browser preferences. Essential cookies required for platform functionality cannot be disabled.
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through email or platform notifications. Continued use of our services after changes become effective constitutes acceptance of the updated policy.
12. Data Protection Officer and Contact Information
For questions about this Privacy Policy, to exercise your rights under the PDPA, or to make a complaint, please contact our Data Protection Officer:
- Email: Use the contact form on our main website
- Phone: +855 15 633 310 (business hours)
- Address: Provenance Software PTE LTD, Singapore
We will respond to privacy-related inquiries within 30 days of receipt, as required under the PDPA.
If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission Singapore at www.pdpc.gov.sg.