Privacy Policy

Introduction

• This Privacy Notice (“Notice”) outlines how Freemansland Consultancy Pte Ltd (“FMC”, “we”, or “us”) handles data about individual contacts of our service subscribers (“you” or “your”). These practices apply when you interact with us, subscribe to our services, and use our websites and digital offerings that reference this Notice (the “Services”).

Scope of this Notice

This notice applies specifically to FMC as the data controller for personal data collected to fulfil our services. For example, this applies when we acquire contractual data from your company (“Client”) for our Services. This notice applies when we process data on behalf of our clients as a service provider or processor, not as a controller, during their use of our Services. For inquiries about how our clients manage your data, please contact them directly.

As we strive to demonstrate accountability, as a data intermediary, we are responsible for ensuring that our data processing activities comply with the PDPA Act 2020. We have implemented the following measures to demonstrate out accountability:

• ● Data Protection Policy: Our comprehensive data protection policy outlines our approach to data management and protection, aligned with the PDPA’s 11 obligations.
• ● Role and Responsibilities: We have designated a DPO who is responsible for overseeing our data protection activities and ensuring compliance with the PDPA. We have identified Data Controller and Data Processors.
• ● Data Subject Rights: We have designated the representatives and layers of access for requests, rectifications, erasure, processing requests, data portability and objections requests.
• ● Regular Reviews and Assessments: We conduct regular reviews and assessments of our data protection practices to identify and address any risks or vulnerabilities.
• ● Data Impact Assessment Test: We conduct PIAs for high-risk data processing activities to assess the potential impact on individuals’ rights and freedoms and to implement appropriate safeguards.
• ● Data Protection Management Plan: We have developed a comprehensive data protection management plan that is inclusive of the organisation strategies and procedures in managing personal data in compliance with data protection laws for PDPA.
• ● Data Minimization: We collect and process only the personal data that is necessary for the purposes specified in this Privacy Policy.
• ● Data Monitoring and Review: We have established a process for regularly monitoring and reviewing DPMP to ensure the effectiveness and compliance with the PDPA.

Purpose of this Notice

This notice informs our clients about how we collect, use, disclose, store and process personal data provided to or acquired by us when you purchase and use the Services. By subscribing to, using our Services, or providing us with your information, you acknowledge and agree to the procedures and policies described in this notice.

Disagreement with this Notice

If you disagree with this Notice, please inform us that you do not consent to providing your personal data. Offering any business contact information (BCI) to us for business purposes will not be considered personal data under this notice. Additionally, you may not register for or use the Services where this Notice is presented or linked.

Consent and Collection of Your Personal Data

By using our Services, subscribing, or providing us with your information, you consent to the data collection and usage practices outlined in this Privacy Notice.

We collect and use various types of data to fulfil our services and improve the user experience of our “Clients” end consumers.

This includes:

• ● Personal Data:Information like Name, Email address, and contact number, collected when you register for an account or interact using our Services.
• ● Chatbot Interaction Data:Queries asked, responses given, and interaction patterns collected during chatbot interactions with end consumers. This data helps us improve chatbot functionality and user experience, as well as provide analytics to our B2B clients.
• ● Usage Data:Information automatically collected about your device (e.g., IP address, browser type) and your use of our Services (e.g., pages visited, time spent, product recommendations).

How we may use your Personal Data

We may use your Personal Data for the following purposes, always in compliance with a lawful basis under the PDPA Act 2020:

• ● Fulfilling Legal Obligations and Service Contracts: We use your data to deliver the Services you have subscribed to and meet our legal and contractual obligations.
• ● Enhancing Chatbot Services: Chatbot interaction data helps us train and improve the chatbot algorithms, ensuring a more effective user experience.
• ● Providing Analytics to Clients:If your data is captured during an interaction with our solution on another business’s platform, we may use aggregated interaction data to provide analytics and customer insights to your client (the business you interacted with). We will never share your individual data without your explicit consent.
• ● Providing and Maintaining Our Service: We use your data to manage accounts, monitor service usage, and offer technical support.
• ● Communications: We may contact you with service updates, important information, or marketing communications based on your preferences. You can opt out of marketing communications at any time.
• ● Data Analysis and Improvement: We may use the data to understand trends, improve our Services and marketing efforts, and ensure a positive user experience.

Transfer of Your Personal Data

We may share your Personal Data in limited circumstances, always under a lawful basis and with appropriate safeguards:

• ● Required by Law: We may be required to transfer your data to government authorities or regulatory bodies if legally mandated.
• ● Essential for Service Delivery:In certain cases, transferring your data to a third-party service provider outside of Singapore may be necessary to deliver our Services effectively.
• ● Boundaries: All data shall remain in the Singapore server and shall not be transferred out of the boundaries.

Retention of Your Personal Data

We retain your Personal Data for the following periods: We retain personal data provided by Clients and their customers strictly for a period of six (6) months from the conclusion of our business relationship or the completion of the services provided, whichever occurs earlier.

• ● After the six (6) months retention period, all personal data will be securely purged from our systems, except where retention is necessary:
• ● To comply with legal obligations
• ● To resolve any disputes; or
• ● To enforce our contractual rights.
• ● Beyond these exceptions, all data will be anonymized or securely destroyed.

Notification

Upon the expiry of the six (6) months retention period, we will notify the Client in writing or electronically to confirm the following actions:

• 1. The intended purge of all personal data related to the Client and their customers from our systems.
• 2. A summary of the data being purged, if applicable, for the Client’s records.

Clients will have seven (7) business days from the date of notification to request an extension or specify alternate data retention needs, subject to applicable legal or contractual requirements. If no response is received, the data will be securely purged as scheduled.

Protection of Your Personal Data

We take the security of your Personal Data seriously. We implement a variety of measures to protect your data, including:

• ● Encryption:
  • o At Rest: We use AES-256 encryption for all data stored within Google Cloud Storage, managed by Google.
  • o In Transit: We mandate the use of HTTPS with TLS encryption for all data transmitted to and from Google Cloud Storage.

• ● Access Controls:
  • o We have strict network security policies that prevent unauthorized access to databases and storage buckets.
  • o All database passwords are securely stored using a password manager and are accessible only to authorized services.
  • o Production and development environments are segregated, with developers having no direct access to production databases. Only app-generated queries are executed.
• ● Data Masking:(For Enterprise Clients)
  • o We offer an option for complete PII masking with software deployed on the client’s cloud infrastructure. This is implemented during a custom integration cycle.

Disposal of Your Personal Data

We will securely dispose of your Personal Data by deleting it from our SQL database upon request or when it’s no longer required.

• ● Secure destruction:For physical storage media, we may securely destroy them using methods such as shredding or incineration.

Access and Correction

You have the right to access, correct, or delete your Personal Data. You can:

• ● Update your information through your account settings (if applicable).
• ● Contact us at dpo@aiflow.sg to request access to, correct, or deletion of your data.

We will respond to your request within seven (7) business days. For complex corrections, we may provide a quote for the estimated time needed. A fee of $25 SGD per hour may apply for such requests. However, you will not be charged for any basic access or deletion requests.

Disclosure of Your Personal Data

We may share your Personal Data in the following situations:

• ● Buisness Transcation: If we are involved in a merger, acquisition, joint venture, or asset sale, your data may be transferred to the new owner. We will provide notice of such transfer.
• ● Law Enforcement: We may disclose your data if required by law or to comply with a valid legal request from public authorities.
• ● Legal Obligations: We may disclose your data to protect our rights, prevent wrongdoing, or protect the safety of users or the public.

Other terms and conditions

While we strive to protect your data, no method of transmission or storage is 100% secure. We use commercially reasonable measures to protect your data, but we cannot guarantee absolute security.

Links to Other Websites

Our Services may contain links to third-party websites. Clicking on these links will direct you to their websites. We are not responsible for the content, privacy practices, or security of these third-party websites.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the updated policy on this page. We may also send you an email or provide a prominent notice within our Services. Kindly see the Last update: for the privacy notices.

Last Updated:3rd February 2025

If you have any questions about this Privacy Policy, You can contact us:

• Data Protection Officer: Tung Kai Sheng
• Data Protection Officer Number: +6586684687
• Data Protection Officer Email: dpo@aiflow.sg