Privacy Policy

Introduction

cognisspaer is committed to protecting the privacy and security of personal data we collect and process. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our services.

We comply with Singapore's Personal Data Protection Act 2012 (PDPA) and other applicable data protection regulations. By using our services or providing us with your personal data, you consent to the practices described in this policy.

Data We Collect

Personal Information

When you contact us or engage our services, we may collect the following personal data:

• Contact information: name, email address, phone number, business address
• Professional information: company name, job title, industry sector
• Project details: technical requirements, business objectives, existing systems information
• Communication records: correspondence via email, phone, or in-person meetings
• Payment information: billing details for service engagements (processed via secure third-party payment processors)

Technical Data

When you visit our website, we automatically collect certain technical information:

• IP address and geographic location
• Browser type and version
• Device information and operating system
• Pages visited and time spent on our website
• Referral sources and navigation patterns
• Cookie data (see our Cookie Policy for details)

How We Use Your Data

We collect and process personal data only for legitimate business purposes:

Service Delivery

• Responding to enquiries about our AI consulting and development services
• Assessing project feasibility and preparing engagement proposals
• Executing consulting engagements and delivering contracted services
• Providing technical support and project communication
• Processing payments and maintaining financial records

Business Operations

• Maintaining client relationship management systems
• Improving our services based on feedback and project outcomes
• Conducting internal analysis and business planning
• Meeting legal and regulatory compliance requirements

Communication

• Sending service-related notifications and updates
• Responding to your requests and correspondence
• Sharing relevant industry insights or technical updates (with consent)

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities
• Contract: When processing is necessary to deliver services you have engaged us for
• Legitimate Interest: When we have a legitimate business interest that does not override your rights
• Legal Obligation: When we must process data to comply with Singapore laws and regulations

Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:

Service Providers

We engage trusted third-party service providers to support our operations, including:

• Cloud hosting and infrastructure providers
• Payment processors
• Customer relationship management systems
• Email communication platforms
• Analytics services

These providers are contractually obligated to protect your data and use it only for the specific services they provide to us.

Legal Requirements

We may disclose personal data when required to:

• Comply with applicable laws and regulations
• Respond to lawful requests from government authorities
• Enforce our terms and conditions
• Protect our rights, property, or safety, or that of our clients

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction:

• Encryption of data in transit and at rest using industry-standard protocols
• Access controls limiting data access to authorised personnel only
• Regular security assessments and penetration testing
• Secure backup procedures and disaster recovery planning
• Employee training on data protection and confidentiality
• Secure development practices for AI systems handling client data

While we employ robust security measures, no system is completely secure. We encourage you to protect your account credentials and contact us immediately if you suspect any unauthorised access.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal requirements:

• Client data: Retained for the duration of the engagement plus 7 years for compliance and potential legal claims
• Enquiry data: Retained for up to 2 years to facilitate follow-up and potential future engagement
• Financial records: Retained for 7 years in accordance with Singapore tax and accounting requirements
• Website analytics: Retained for 26 months for performance analysis

When data is no longer required, we securely delete or anonymise it according to our data disposal procedures.

Your Rights

Under Singapore's PDPA and applicable data protection laws, you have the following rights:

• Right to Access: Request copies of personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Withdraw Consent: Withdraw consent for processing activities where consent is the legal basis
• Right to Data Portability: Receive personal data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Erasure: Request deletion of personal data in certain circumstances

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Cookies and Tracking

Our website uses cookies and similar tracking technologies. For detailed information about our cookie practices, including types of cookies used and how to manage your preferences, please review our Cookie Policy.

International Data Transfers

We primarily process data within Singapore. If data must be transferred outside Singapore (for example, to cloud service providers with international infrastructure), we ensure adequate safeguards are in place, including contractual clauses requiring equivalent data protection standards. We do not transfer personal data to jurisdictions without adequate data protection frameworks.

Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from someone under 18, we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by updating the "Last Updated" date and, where appropriate, by email. We encourage you to review this policy periodically. Continued use of our services after changes indicates acceptance of the updated policy.

Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact us: