Privacy Statement

Effective Date: July 2025

Certisec Pte. Ltd. (“Certisec”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of individuals in accordance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”), Singapore Personal Data Protection Act (“PDPA”), the California Consumer Privacy Act (“CCPA”), the U.S. Health Insurance Portability and Accountability Act (“HIPAA”) where applicable, and other regional data protection laws.

1. Scope of this Privacy Statement

This Privacy Statement applies to personal data collected through:

Our websites

• Mobile applications
• Email communications
• Events and webinars
• Client engagements
• Third-party integrations or partnerships

This statement applies to all individuals whose data we process, including website visitors, customers, partners, vendors, and job applicants.

2. What Personal Data We Collect

Depending on the nature of your interaction with us, we may collect the following categories of personal data:

• Identity Data: Name, job title, company name, ID numbers
• Contact Data: Email address, phone number, mailing address
• Technical Data: IP address, browser type, operating system, geolocation, cookies and tracking data
• Transactional Data: Payment history, service usage, customer support interactions
• Health Data (if applicable): Only when required under HIPAA or other legal frameworks and with explicit consent
• Marketing and Communication Preferences
• Employment and Recruitment Data: CV, academic history, employment history

3. How We Collect Personal Data

We collect data in the following ways:

• Directly from you (e.g., when you fill out forms, email us, or subscribe to our services)
• Automatically through cookies and similar technologies
• From third parties (e.g., business partners, analytics providers, background checks for FCRA compliance)

4. Legal Bases for Processing (GDPR)

We process your personal data under one or more of the following lawful bases:

• Your consent
• Performance of a contract
• Legal obligation
• Vital interests
• Legitimate interests pursued by Certisec or a third party (e.g., improving our services)

5. Use of Personal Data

We use personal data for the following purposes:

• To provide and manage our services
• To communicate with you (e.g., customer service, updates, newsletters)
• To conduct business analytics and service improvements
• For legal and regulatory compliance (e.g., audits, financial reporting)
• For cybersecurity, risk management, and fraud prevention
• To conduct marketing (with your consent, where required)

6. Data Sharing and International Transfers

Your data may be shared with:

• Our affiliated companies and service providers
• Government or regulatory authorities (when required by law)
• Third parties in connection with mergers, acquisitions, or sale of assets

We may transfer your personal data outside of your country of residence, including to countries that may not offer the same level of data protection. In such cases, we ensure that appropriate safeguards (such as Standard Contractual Clauses or other approved mechanisms) are in place.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Ensure website functionality
• Analyze site usage
• Customize user experiences
• Serve targeted ads (where applicable)

You can control the use of cookies through your browser settings. For more information, see our [Cookie Policy].

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations. Upon expiration of the retention period, data is securely deleted or anonymized.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

Under GDPR, PDPA, CCPA, and similar laws: 

• Access to your personal data
• Correction of inaccurate data
• Erasure (“right to be forgotten”)
• Restriction of processing
• Data portability
• Objection to processing or marketing
• Withdrawal of consent

Under HIPAA:

• Right to access health records
• Right to request amendments
• Right to an accounting of disclosures

To exercise your rights, please contact us using the details below.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption
• Access controls
• Regular security assessments
• Staff training on data protection

For sensitive data (e.g., health or payment information), we use industry-standard safeguards including encryption and secure transmission protocols.

11. Children’s Privacy

Our website and services are not intended for individuals under the age of 16. We do not knowingly collect data from children. If we learn that we have collected personal data from a child without verifiable parental consent, we will take appropriate action to delete such information.

12. Data Breaches

In the event of a data breach involving your personal data, we will notify you and relevant authorities in accordance with applicable laws such as GDPR, PDPA, and HIPAA.

13. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy statements before sharing personal data.

14. Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices or legal requirements. We will post the updated version on our website with a revised "Effective Date".

15. Contact Us

If you have any questions, concerns, or requests related to your personal data or this Privacy Statement, you may contact our Data Protection Officer (DPO) at:

Certisec Pte. Ltd.
60 Paya Lebar Road, #07-54, Paya Lebar Square Singapore 409051
Email: Info@certisec.com.sg
Phone:+65 8849 3941

For EU residents: You may also lodge a complaint with your local Data Protection Authority.