Privacy Statement

1. Enhanced Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The retention periods vary depending on the type of information and purpose:

  • Customer account information: Retained for the duration of our service relationship plus 7 years after termination for legal and regulatory compliance

  • Marketing and communication data: Retained until you withdraw consent or opt-out, or for a maximum of 3 years from last interaction

  • Technical service data: Retained for the duration of service provision plus 2 years for support and improvement purposes

  • Legal and compliance records: Retained in accordance with applicable legal requirements, typically 7 years from creation

  • Financial and billing records: Retained for 7 years after final payment or termination of services

When personal information is no longer required, we will securely delete or anonymise it in accordance with our data destruction procedures.

2. Consent and Legal Basis Clarification

We process your personal information based on the following legal grounds:

Consent: For the following purposes, we rely on your explicit consent:

  • Direct marketing communications and promotional materials

  • Non-essential cookies and tracking technologies

  • Participation in surveys and market research

  • Event invitations and networking activities

You may withdraw your consent at any time at privacy@foundry8.tech.

Contract Performance: We process your personal information to:

  • Provide our contracted services to you

  • Manage your account and billing

  • Respond to your service requests and support inquiries

Legitimate Business Interests: We may process your personal information based on our legitimate interests to:

  • Improve our services and develop new offerings

  • Conduct security monitoring and fraud prevention

  • Maintain business records and internal administration

  • Comply with legal obligations and regulatory requirements

We have assessed that these legitimate interests are not overridden by your privacy rights and freedoms.

3. International Data Transfers

International transfer of personal information:

As part of our international enterprise services, we may transfer your personal information to countries outside Singapore, including to our service providers and business partners located overseas.

When we transfer your personal information internationally, we ensure adequate protection through:

  • Adequacy decisions: Transfers to countries that the Personal Data Protection Commission Singapore (PDPC) has determined provide adequate data protection

  • Standard contractual clauses: Use of approved contractual terms that provide appropriate safeguards

  • Binding corporate rules: Internal policies that ensure consistent data protection standards across our organisation

  • Your explicit consent: Where other safeguards are not available, we will seek your explicit consent for the transfer

Countries to which we may transfer your personal information include:

  • Singapore

  • Malaysia

  • Vietnam

  • India

  • United States (under appropriate transfer mechanisms)

You have the right to request information about the safeguards we use for international transfers by contacting us at privacy@foundry8.tech.

4. Enhanced Third-Party Sharing Provisions

Third-party compliance and safeguards

When we share your personal information with third parties, we:

  • Conduct due diligence on their data protection practices and capabilities

  • Implement contractual safeguards requiring them to protect your information in accordance with Singapore's PDPA

  • Limit data sharing to what is necessary for the specified purpose

  • Monitor compliance through regular reviews and audits where appropriate

  • Require notification of any data breaches or security incidents

Additional third-party categories:

Third-party type

Information shared

Safeguards

Cloud service providers

Technical data, service configurations

Data processing agreements, encryption requirements

IT support vendors

System logs, technical information

Limited access, confidentiality agreements

Regulatory authorities

Information as legally required

Compliance with legal obligations

Business partners

Contact information, service details

Mutual data protection agreements

5. Data Subject Rights and Procedures

How to exercise your rights:

Right to Access: You can request information about what personal information we hold about you, how we use it, and who we share it with.

Right to Correction: You can request correction of inaccurate or incomplete personal information.

Right to Withdraw Consent: You can withdraw consent for marketing communications and other consent-based processing at any time.

Right to Data Portability: You can request your personal information in a structured, commonly used format.

How you should contact us:

  1. Submit a request to privacy@foundry8.tech with your full name and contact details

  2. Verify your identity by providing identification documents as requested

  3. Specify your request clearly, including the specific information or action required

  4. Receive our response within 30 days (or as required by applicable law)

We do not charge fees for reasonable requests but may charge administrative fees for excessive or repetitive requests.

6. Breach Notification and Incident Response

In the event of a data breach that poses a risk to your personal information, we will:

  • Assess the breach and take immediate steps to contain it

  • Notify the PDPC within 72 hours where required by law

  • Inform affected individuals without undue delay if the breach poses a high risk to your rights and freedoms

  • Provide clear information about the nature of the breach and steps being taken

  • Take remedial action to prevent future occurrences

7. Governance and Compliance

For matters relating to data protection and privacy, you may contact our Data Protection Officer at privacy@foundry8.tech.

This Privacy Statement and our processing of your personal information are governed by Singapore law, including the Personal Data Protection Act 2012 and its regulations.

8. Cookies and Online Tracking

We use cookies and similar technologies to:

  • Essential cookies: Enable basic website functionality (no consent required)

  • Performance cookies: Analyse website usage and improve user experience

  • Marketing cookies: Deliver targeted advertising and measure campaign effectiveness

Your cookie choices:

  • Browser settings: Configure your browser to block or delete cookies

  • Third-party opt-outs: Visit third-party websites to opt out of their tracking

9. Updates and Changes

We may update this Privacy Statement to reflect:

  • Changes in our business practices

  • Updates to applicable laws and regulations

  • Improvements to our data protection measures

Notification of changes:

  • Material changes: We will notify you by email or prominent website notice

  • Minor updates: We will update the effective date and post the revised statement online

  • Consent for new purposes: We will seek your consent before using your personal information for significantly different purposes

Current version: v1.0   |   Effective date: 24 June 2025