Privacy Policy

Table of Content

1.  Introduction

This Privacy Policy applies to all data processed by Knowledge Catalyst Pte. Ltd. (“Knowledge Catalyst”, “we”, “us”, or “our”), a company registered in Singapore. It offers multi-ecosystem services, including Cross-Border Trade Finance, Sustainability, Health and insurance, and Talent platforms. These platforms serve B2G, B2B, B2B2C, and individual users, with additional provisions for public access.

We are committed to complying with the General Data Protection Regulation (GDPR), the Personal Data Protection Act 2012 (PDPA) of Singapore, the US Standard Contractual Clauses (SCC), the Binding Corporate Rules (BCR), and the ISO standards (27001 and 27701).

This Privacy Policy outlines the data we collect, how we process it, and your rights.

2.  Scope

This Privacy Policy covers:

  • B2G (Business-to-Government): Data shared between government entities and government
  • B2B (Business-to-Business): Data exchanged between businesses for secure transactions, credential management, and
  • B2B2C (Business-to-Business-to-Consumer): Data shared between businesses and consumers, such as educational institutions and their
  • Individual Users: Data from individuals using the platform, including employees and
  • Public Access: Data made available for public consumption under applicable

By using our services, you consent to collecting and using your data under this policy, which is aligned with our Terms of Use, which may be updated periodically.

3.  Data We Collect

We collect personal data provided voluntarily, automatically collected through cookies, or shared by third parties. Data types include:

  • Personal Identifiers: Name, email, national ID numbers, and
  • Contact Information: Phone numbers, email addresses, and postal
  • Financial Data: Payment details, transaction
  • Health Data: Medical records and healthcare data (relevant to Health & Insurance Ecosystem).
  • Business Data: Trade documentation, certifications, and
  • Technical Data: IP addresses, device details, browser types, time zone settings, and browser plug-in
  • Usage Data: Platform interactions, user preferences, and logs of
  • Third-Party Data: Data received from integrated services like social logins or external platforms (Google, Facebook, LinkedIn).

4.  How We Use Your Data

We process your data for the following purposes:

  • Service Delivery: To provide platform access, process payments, and manage user
  • Legal Compliance: To meet obligations under GDPR, PDPA, US SCC, and other applicable
  • Platform Security: To monitor and enhance security, prevent fraud, and ensure compliance with
  • Analytics and Business Improvement: For analysis, research, and service
  • Marketing: With your consent, for sending promotional materials or
  • Public Access Data: Public-facing data can be accessed for analytics or

5.  Data Sharing and Disclosure

We may share your data under the following conditions:

5.1  Third-Party Service Providers

We engage trusted third-party service providers to assist with services such as:

  • Payment Processing: For handling
  • Cloud Hosting: For secure data storage and
  • Analytics Providers: These are used to analyze usage data and improve the

All third parties adhere to strict contractual obligations and maintain security measures aligned with ISO 27001 and 27701 standards.

5.2  Government Authorities and Compliance

Where required by law, we may disclose personal data to government authorities to comply with regulatory obligations or respond to legal requests. This is relevant, particularly in B2G scenarios where government agencies may require data exchange.

5.3  Business Partners

We share data with business partners for joint service delivery, such as trade finance providers or credential verification partners. All parties involved must comply with applicable data protection laws and maintain security standards.

5.4  International Transfers

When transferring data internationally, we implement Standard Contractual Clauses (SCCs) or rely on Binding Corporate Rules (BCRs) to ensure lawful data transfer in compliance with GDPR and PDPA. We take all necessary measures to ensure that your personal data is secure and processed in accordance with applicable privacy laws.

5.5  Public Data

For data that is publicly accessible on the platform, users are made aware that other users can view such data. We process and disclose public access data under the terms in the Acceptable Use Policy and relevant legal requirements.

6.  International Data Transfers

In some cases, personal data may be transferred to and processed in countries outside of Singapore or the European Economic Area (EEA). We ensure compliance with international data protection laws by using SCCs, BCRs, or other lawful transfer mechanisms. These transfers are carried out in line with GDPR standards and the PDPA in Singapore.

7.  Legal Basis for Processing Personal Data

We rely on the following legal bases for processing your personal data, as required by GDPR and PDPA:

Data TypePurpose of ProcessingLegal Basis (GDPR)Legal Basis (PDPA)
Account DataAccount creation, user authentication, service accessContractual necessity (Art. 6(1)(b))Contractual necessity
Payment DataProcessing payments and transactionsContractual necessity (Art. 6(1)(b))Contractual necessity
Health DataManaging health-related servicesExplicit consent (Art. 9(2)(a))Consent
Technical DataPlatform security and performance monitoringLegitimate interest (Art. 6(1)(f))Legitimate interest
Usage DataAnalytics and improvement of user experienceLegitimate interest (Art. 6(1)(f))Legitimate interest
Marketing DataSending promotional materialsConsent (Art. 6(1)(a))Consent
Third-Party DataData from social logins, partners, and integrationsLegitimate interest/Consent (Art. 6(1)(a).(f))Consent


8.  Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including legal, contractual, or business needs. After the retention period expires, we will securely delete or anonymize your data. Data retention schedules comply with ISO 27001 standards and relevant legal requirements.

9.  Data Breach Notification Clause (Aligned with Singapore PDPA)

This Data Breach Notification clause is aligned with the Singapore Personal Data Protection Act 2012 (PDPA) requirements and its accompanying regulations, including the Personal Data Protection (Notification of Data Breaches) Regulations 2021. It governs how we respond to and manage data breaches involving personal data.

Definitions

  1. “Data breach” refers to:
    • The unauthorized access, collection, use, disclosure, copying, modification, or disposal of personal data; or
    • The loss of any storage medium or device on which personal data is stored under circumstances where unauthorized access, collection, use, disclosure, copying, modification, or disposal of personal data is likely to
  2. “Affected individual” refers to any individual whose personal data is impacted by a data

Notification to the Personal Data Protection Commission (PDPC)

Where required under the PDPA, we will notify the PDPC of a data breach as soon as practicable, but by three (3) calendar days from the day we assess the breach as a notifiable data breach.

Our notification to the PDPC will include the details required under the Personal Data Protection (Notification of Data Breaches) Regulations 2021.

Notification to Affected Individuals

Where required under the PDPA, we will notify affected individuals of a notifiable data breach as soon as practicable, either at the same time as or after notifying the PDPC.

The notification to affected individuals will include the following:

  1. A description of the data breach and the types of personal data
  2. Steps that affected individuals can take to mitigate potential
  3. Contact information for further

The notification will be delivered via reasonable means, such as email, and the affected individuals are responsible for ensuring their contact details are accurate and updated in our systems.

Obligations as a Data Intermediary

If we process personal data on behalf of another organization (“Customer”) and believe a data breach has occurred, we will notify the Customer of the breach without undue delay.

The Customer, as the data controller, is solely responsible for:

  1. Assessing whether the breach is a notifiable data breach under the
  2. Notifying affected individuals, if
  3. Notifying the PDPC, if

We will cooperate with the Customer to ensure reasonable coordination regarding the content of public statements or notifications to affected individuals and supervisory authorities.

Limitation of Liability

  1. Our notification obligations do not imply acknowledgment of fault or liability for the data breach except where required by
  2. We are not responsible for breaches caused by:
    • The actions or omissions of the Customer or affected
    • System components that are managed or controlled by the Customer or affected

Delivery of Notifications

  • Notifications to affected individuals will be delivered via methods we choose, such as
  • Notifications to Customers will be sent to designated administrators through reasonable means, such as The Customer is responsible for ensuring accurate contact details and secure communications at all times.

10.  Data Security

We implement state-of-the-art security measures to protect personal data from unauthorized access, loss, or misuse. Our practices comply with ISO 27001 and 27701 standards, ensuring data protection in cloud and on-premise environments. We safeguard personal information using encryption, firewalls, secure access controls, and regular security audits.

11.  Your Rights

You have the right to:

  • Access: Request access to the personal data we hold about
  • Rectification: Request correction of inaccurate or incomplete
  • Erasure: Request deletion of personal
  • Restriction: Request limitations on data
  • Portability: Request to receive your data in a portable
  • Objection: Object to data processing for marketing purposes or on the grounds of legitimate
  • Withdraw Consent: Where consent is the legal basis for processing, you may withdraw it at any

To exercise your rights, please contact our Data Protection Officer (DPO) at dpo(at)knowledgecatalyst.io.

12.  Public Access and Data Usage

For publicly accessible data, users acknowledge that such data can be viewed and processed by other users in accordance with our Acceptable Use Policy. We take reasonable measures to protect public data but cannot be held responsible for misuse by third parties beyond our control.

13.  Changes to This Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in our data processing practices or legal obligations. Significant updates will be communicated through our platform or via email. Your continued use of the platform following any changes indicates your acceptance of the revised policy.

14.  Governing Law and Dispute Resolution

14.1. This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Singapore. Any disputes or claims arising out of or in connection with this policy will be subject to the exclusive jurisdiction of the courts of Knowledge Catalyst reserves the right to enforce its rights under this policy in other jurisdictions where necessary.

14.2.  Dispute Resolution Process

  • Before initiating legal action, the parties agree to attempt to resolve any disputes through good-faith

15.  Contact Information

For inquiries related to this Privacy Policy or to exercise your data rights, please contact:

Knowledge Catalyst Pte. Ltd.

Attn: Data Protection Officer

71 Ayer Rajah Crescent, #04-11, Singapore 139951

Email: dpo(at)knowledgecatalyst.io

For general inquiries, please contact us at policy(at)knowledgecatalyst.io

 

Last Updated: November 2024