Privacy Policy
- Last updated: November 2024
Table of Content
1. Introduction
This Privacy Policy applies to all data processed by Knowledge Catalyst Pte. Ltd. (“Knowledge Catalyst”, “we”, “us”, or “our”), a company registered in Singapore. It offers multi-ecosystem services, including Cross-Border Trade Finance, Sustainability, Health and insurance, and Talent platforms. These platforms serve B2G, B2B, B2B2C, and individual users, with additional provisions for public access.
We are committed to complying with the General Data Protection Regulation (GDPR), the Personal Data Protection Act 2012 (PDPA) of Singapore, the US Standard Contractual Clauses (SCC), the Binding Corporate Rules (BCR), and the ISO standards (27001 and 27701).
This Privacy Policy outlines the data we collect, how we process it, and your rights.
2. Scope
This Privacy Policy covers:
- B2G (Business-to-Government): Data shared between government entities and government
- B2B (Business-to-Business): Data exchanged between businesses for secure transactions, credential management, and
- B2B2C (Business-to-Business-to-Consumer): Data shared between businesses and consumers, such as educational institutions and their
- Individual Users: Data from individuals using the platform, including employees and
- Public Access: Data made available for public consumption under applicable
By using our services, you consent to collecting and using your data under this policy, which is aligned with our Terms of Use, which may be updated periodically.
3. Data We Collect
We collect personal data provided voluntarily, automatically collected through cookies, or shared by third parties. Data types include:
- Personal Identifiers: Name, email, national ID numbers, and
- Contact Information: Phone numbers, email addresses, and postal
- Financial Data: Payment details, transaction
- Health Data: Medical records and healthcare data (relevant to Health & Insurance Ecosystem).
- Business Data: Trade documentation, certifications, and
- Technical Data: IP addresses, device details, browser types, time zone settings, and browser plug-in
- Usage Data: Platform interactions, user preferences, and logs of
- Third-Party Data: Data received from integrated services like social logins or external platforms (Google, Facebook, LinkedIn).
4. How We Use Your Data
We process your data for the following purposes:
- Service Delivery: To provide platform access, process payments, and manage user
- Legal Compliance: To meet obligations under GDPR, PDPA, US SCC, and other applicable
- Platform Security: To monitor and enhance security, prevent fraud, and ensure compliance with
- Analytics and Business Improvement: For analysis, research, and service
- Marketing: With your consent, for sending promotional materials or
- Public Access Data: Public-facing data can be accessed for analytics or
5. Data Sharing and Disclosure
We may share your data under the following conditions:
5.1 Third-Party Service Providers
We engage trusted third-party service providers to assist with services such as:
- Payment Processing: For handling
- Cloud Hosting: For secure data storage and
- Analytics Providers: These are used to analyze usage data and improve the
All third parties adhere to strict contractual obligations and maintain security measures aligned with ISO 27001 and 27701 standards.
5.2 Government Authorities and Compliance
Where required by law, we may disclose personal data to government authorities to comply with regulatory obligations or respond to legal requests. This is relevant, particularly in B2G scenarios where government agencies may require data exchange.
5.3 Business Partners
We share data with business partners for joint service delivery, such as trade finance providers or credential verification partners. All parties involved must comply with applicable data protection laws and maintain security standards.
5.4 International Transfers
When transferring data internationally, we implement Standard Contractual Clauses (SCCs) or rely on Binding Corporate Rules (BCRs) to ensure lawful data transfer in compliance with GDPR and PDPA. We take all necessary measures to ensure that your personal data is secure and processed in accordance with applicable privacy laws.
5.5 Public Data
For data that is publicly accessible on the platform, users are made aware that other users can view such data. We process and disclose public access data under the terms in the Acceptable Use Policy and relevant legal requirements.
6. International Data Transfers
In some cases, personal data may be transferred to and processed in countries outside of Singapore or the European Economic Area (EEA). We ensure compliance with international data protection laws by using SCCs, BCRs, or other lawful transfer mechanisms. These transfers are carried out in line with GDPR standards and the PDPA in Singapore.
7. Legal Basis for Processing Personal Data
We rely on the following legal bases for processing your personal data, as required by GDPR and PDPA:
Data Type | Purpose of Processing | Legal Basis (GDPR) | Legal Basis (PDPA) |
---|---|---|---|
Account Data | Account creation, user authentication, service access | Contractual necessity (Art. 6(1)(b)) | Contractual necessity |
Payment Data | Processing payments and transactions | Contractual necessity (Art. 6(1)(b)) | Contractual necessity |
Health Data | Managing health-related services | Explicit consent (Art. 9(2)(a)) | Consent |
Technical Data | Platform security and performance monitoring | Legitimate interest (Art. 6(1)(f)) | Legitimate interest |
Usage Data | Analytics and improvement of user experience | Legitimate interest (Art. 6(1)(f)) | Legitimate interest |
Marketing Data | Sending promotional materials | Consent (Art. 6(1)(a)) | Consent |
Third-Party Data | Data from social logins, partners, and integrations | Legitimate interest/Consent (Art. 6(1)(a).(f)) | Consent |
8. Data Retention
We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including legal, contractual, or business needs. After the retention period expires, we will securely delete or anonymize your data. Data retention schedules comply with ISO 27001 standards and relevant legal requirements.
9. Data Breach Notification Clause (Aligned with Singapore PDPA)
This Data Breach Notification clause is aligned with the Singapore Personal Data Protection Act 2012 (PDPA) requirements and its accompanying regulations, including the Personal Data Protection (Notification of Data Breaches) Regulations 2021. It governs how we respond to and manage data breaches involving personal data.
Definitions
- “Data breach” refers to:
- The unauthorized access, collection, use, disclosure, copying, modification, or disposal of personal data; or
- The loss of any storage medium or device on which personal data is stored under circumstances where unauthorized access, collection, use, disclosure, copying, modification, or disposal of personal data is likely to
- “Affected individual” refers to any individual whose personal data is impacted by a data
Notification to the Personal Data Protection Commission (PDPC)
Where required under the PDPA, we will notify the PDPC of a data breach as soon as practicable, but by three (3) calendar days from the day we assess the breach as a notifiable data breach.
Our notification to the PDPC will include the details required under the Personal Data Protection (Notification of Data Breaches) Regulations 2021.
Notification to Affected Individuals
Where required under the PDPA, we will notify affected individuals of a notifiable data breach as soon as practicable, either at the same time as or after notifying the PDPC.
The notification to affected individuals will include the following:
- A description of the data breach and the types of personal data
- Steps that affected individuals can take to mitigate potential
- Contact information for further
The notification will be delivered via reasonable means, such as email, and the affected individuals are responsible for ensuring their contact details are accurate and updated in our systems.
Obligations as a Data Intermediary
If we process personal data on behalf of another organization (“Customer”) and believe a data breach has occurred, we will notify the Customer of the breach without undue delay.
The Customer, as the data controller, is solely responsible for:
- Assessing whether the breach is a notifiable data breach under the
- Notifying affected individuals, if
- Notifying the PDPC, if
We will cooperate with the Customer to ensure reasonable coordination regarding the content of public statements or notifications to affected individuals and supervisory authorities.
Limitation of Liability
- Our notification obligations do not imply acknowledgment of fault or liability for the data breach except where required by
- We are not responsible for breaches caused by:
- The actions or omissions of the Customer or affected
- System components that are managed or controlled by the Customer or affected
Delivery of Notifications
- Notifications to affected individuals will be delivered via methods we choose, such as
- Notifications to Customers will be sent to designated administrators through reasonable means, such as The Customer is responsible for ensuring accurate contact details and secure communications at all times.
10. Data Security
We implement state-of-the-art security measures to protect personal data from unauthorized access, loss, or misuse. Our practices comply with ISO 27001 and 27701 standards, ensuring data protection in cloud and on-premise environments. We safeguard personal information using encryption, firewalls, secure access controls, and regular security audits.
11. Your Rights
You have the right to:
- Access: Request access to the personal data we hold about
- Rectification: Request correction of inaccurate or incomplete
- Erasure: Request deletion of personal
- Restriction: Request limitations on data
- Portability: Request to receive your data in a portable
- Objection: Object to data processing for marketing purposes or on the grounds of legitimate
- Withdraw Consent: Where consent is the legal basis for processing, you may withdraw it at any
To exercise your rights, please contact our Data Protection Officer (DPO) at dpo(at)knowledgecatalyst.io.
12. Public Access and Data Usage
For publicly accessible data, users acknowledge that such data can be viewed and processed by other users in accordance with our Acceptable Use Policy. We take reasonable measures to protect public data but cannot be held responsible for misuse by third parties beyond our control.
13. Changes to This Privacy Policy
We may modify this Privacy Policy from time to time to reflect changes in our data processing practices or legal obligations. Significant updates will be communicated through our platform or via email. Your continued use of the platform following any changes indicates your acceptance of the revised policy.
14. Governing Law and Dispute Resolution
14.1. This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Singapore. Any disputes or claims arising out of or in connection with this policy will be subject to the exclusive jurisdiction of the courts of Knowledge Catalyst reserves the right to enforce its rights under this policy in other jurisdictions where necessary.
14.2. Dispute Resolution Process
- Before initiating legal action, the parties agree to attempt to resolve any disputes through good-faith
15. Contact Information
For inquiries related to this Privacy Policy or to exercise your data rights, please contact:
Knowledge Catalyst Pte. Ltd.
Attn: Data Protection Officer
71 Ayer Rajah Crescent, #04-11, Singapore 139951
Email: dpo(at)knowledgecatalyst.io
For general inquiries, please contact us at policy(at)knowledgecatalyst.io
Last Updated: November 2024