Privacy Policy

(Last updated: 20 March 2023)

This policy sets out:

1. The information we collect about you when you visit our website, use our products or services or otherwise interact with us;

2. How we use, share, store and secure the information; and

3. How you may access and control the information.

    

    

In this policy, “X0PA AI” or “we” refers to X0PA Ai Pte Ltd of 20 Ayer Rajah Crescent, #09-28, Singapore (together with our subsidiaries, our holding company and subsidiaries of our holding company from time to time) and “Platform” means our website at https://www.x0pa.com. In this policy, “personal information” refers to any data, information, or combination of data and information that is provided by you to us, or through your use of our products or services, that relates to an identifiable individual.

1. What information we collect about you

1. We collect the following types of information about you:

1. Account and profile information that you provide when you register for an account or sign up for our products or services, for example name, title, email address and company details, which includes data provided in the CV/resume which is uploaded and parsed by the Platform (collectively, “Account Data”);

2. Information you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, “Support Data”);

3. Communication, marketing and other preferences that you provide us when you participate in a survey or a questionnaire that we send you (collectively, “Preference Data”);

4. Details of any transactions, purchases or orders that you’ve made with us (collectively, “Transaction Data”);

5. Information about your device or connection, for example your internet protocol (IP) address, log-in data, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our products or services and information we collect through cookies and other data collection technologies. Please read our Cookies Policy for details. (collectively, “Technical Data”); and

6. Information about your use of or visit to our Platform, for example your clickstream to, through, and from our Platform, products you viewed, used, or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) or methods to browse away from the page (collectively, “Usage Data”).

1. We collect the above information when you provide it to us or when you use or visit our Platform. We may also receive information about you from other sources, including LinkedIn only when it is made publicly available or through your express consent.

1. We only collect the information when you have specifically consented to the use for the stated purposes. With the exception where data is collected without your consent pursuant to an exception under the PDPA and GDPR.

1. We do not collect sensitive data or special category data about you. This includes details about your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health or sexual orientation. The exception being the sensitive data or special category is collected for the sole purpose of identifying and mitigating potential bias in the features within the Platform.

2. Third Party Processors
   Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
   Digital Marketing Service Providers
   We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
   (i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

2. How we use information we collect

1. We only use your personal information where the law allows us to. We use your personal information only where:

1. It is needed to perform the contract we have entered into (or are about to enter into) with you, including to operate our products or services, to provide customer support and personalised features and to protect the safety and security of our Platform;

2. It satisfies a legitimate interest which is not overridden by your fundamental rights or data protection interests, for example for research and development, and in order to protect our legal rights and interests;

3. You’ve given us consent to do so for a specific purpose, for example we may send you direct marketing materials or publish your information as part of our testimonials or customer stories to promote our products or services with your permission; or

4. We need to comply with a legal or regulatory obligation.

1. If you have given us consent to use your personal information for a specific purpose, you have the right to withdraw your consent any time by contacting us (please refer to paragraph 10 for contact information), but please note this will not affect any use of your information that has already taken place. You also have the right to request access to the personal information provided to us, as well as the rights to correct and update the personal information. You can also enquire about the retention period and purpose of the personal information provided to us.

1. We do not share your personal information with any company outside our group for marketing purposes, unless with your express specific consent to do so.

1. For visitors to or users of our Platform who are located in the European Union, we have set out our legal basis for processing your personal information in the “Legal Basis for Processing” section below.

3. How we share information we collect

1. We do not share your personal information with any third party except in the following limited circumstances:

1. We may share your personal information with our subsidiaries, our holding company and its subsidiaries for the purposes stated in this policy;

2. We may share your personal information with our third-party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing, and other similar services;

3. We may disclose your personal information to third parties if we are legally required to do so, such as in response to legal process, including subpoenas, court orders or warrants, or to regulatory authorities or law enforcement agencies;

4. We may share your personal information with third parties in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law; and

5. We may share your personal information with third parties with your consent or at your direction, such as when you choose to share information or publicly post content or a review.

1. We may also aggregate or de-identify your personal information in such a way as to ensure that you are not identified or identifiable from it. We may use this aggregated or de-identified data to analyze trends, for research and development purposes, and for other business purposes.

1. If you use any third-party software in connection with our products or services, for example any third-party software that our Platform integrates with, you might give the third-party software provider access to your account and information. Policies and procedures of third-party software providers are not controlled by us and this policy does not cover how your information is collected or used by third-party software providers. We encourage you to review the privacy policies of third-party software providers before you use the third-party software.

1. Our Platform may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.

4. How we store and secure information we collect

1. We use appropriate technical, organizational and administrative measures to protect any personal information we hold from unauthorized access, misuse, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.

1. We use data hosting service providers based in Singapore to host the information we collect.

1. We have adopted the following measures to protect the security and integrity of your personal information:

1. Information is encrypted using TLS/SSL technology;

2. Access to your personal information is restricted to personnel or service providers on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality; and

3. Our information collection, storage and processing practices are reviewed regularly.

1. We have put in place procedures to manage any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

1. While we implement safeguards designed to protect your information, please note that no transmission of information on the internet is completely secure. We cannot guarantee that your information, during transmission through the internet or while stored on our systems or processed by us, is absolutely safe and secure.

1. We only retain personal information for so long as it is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. After such time, we will delete or anonymise your information or, if this is not possible, we will securely store your information and isolate it from further use. We periodically review the basis and appropriateness of our data retention policy.

1. In the event where we are acting as a Data Intermediary to process personal data on behalf of our customers, we will comply with the customer’s (Data Controller) instructions with respect to their retention policies. The Data Controller is responsible for determining the retention period of personal data and we must follow these instructions. We will inform the Data Controller if we become aware of any breach or loss of personal data during the retention period as soon as practically possible. We will also inform the Data Controller if there is a need to extend the retention period of personal data beyond the original retention period.

5. Your rights

1. You have the right to:

1. Be informed of what we do with your personal information and how long your personal information will be kept by us;

2. Request a copy of the personal information we hold about you;

3. Require us to correct any inaccuracy or error in any personal information we hold about you;

4. Request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure for record keeping purposes, to complete transactions, or to comply with our legal obligations);

5. Object to or restrict the processing by us of your personal information (including for marketing purposes);

6. Request to receive some of your personal information in a structured, commonly used, and machine readable format and request that we transfer such information to another party; and

7. Withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. However, if you withdraw consent, we may not be able to provide the product or service you have requested.

1. In the event where we are acting as a Data Intermediary, when you would like to access, update, or correct any personal data that X0PA may hold about you as a Data Intermediary, please contact the Data Controller for the relevant platform. We will assist the Data Controller in fulfilling the request where required. Please note that we may require additional information from you to verify your identity before we can process your request. X0PA will not be responsible for any delays or inability to respond to your request that may result from your failure to provide complete or accurate information.

1. In the event where we are acting as a Data Intermediary, when you would like to withdraw your consent for the collection, use, or disclosure of your personal data, please contact the Data Controller directly. We will only process the request upon instruction by the Data Controller. If you contacted us for the withdrawal request, we will inform the Data Controller of your request as we are a Data Intermediary processing personal data on behalf of the Data Controller. Please note that withdrawing your consent may affect our ability to provide you with certain services or may result in the termination of our services to you. We will inform you of any consequences of withdrawing your consent for the collection, use, or disclosure of your personal data upon receiving your request.

1. You may opt out of receiving marketing materials from us by using the unsubscribe link in our communications, by updating your preferences within your account on our Platform, or by contacting us. Please note, however, that even if you opt out of receiving marketing materials from us, you will continue to receive notifications or information from us that are necessary for the use of our products or services.

1. As a security measure, we may need specific information from you to help us confirm your identity when processing your privacy requests or when you exercise your rights.

1. Any request under paragraph 5.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request to access the personal information may involve substantial effort to perform the request.

1. We will respond to all legitimate requests within one (1) month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests.

6. Accuracy

1. We generally rely on personal data provided by you. In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer at the contact details provided in paragraph 10. We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date, taking into account its intended use. Where possible, we will validate the information provided by you using generally accepted practices and guidelines.

7. Transfer of Personal Data Outside Singapore

1. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

8. Changes to this Policy

1. We may amend this policy from time to time by posting the updated policy on our Platform. By continuing to use our Platform after the changes come into effect, you agree to be bound by the revised policy.

9. Policy towards children

1. Our products and services are not directed to individuals under 12. We do not knowingly collect personal information from individuals under 12. If we become aware that an individual under 12 has provided us with personal information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 12.

10. Contact us

1. Please contact us at dpo@x0pa.com or submit any written request to:

X0PA AI Pte Ltd

20 Ayer Rajah Crescent,

#09-28, Singapore 139964.

Attn: Data Protection Officer

 

1. Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.

Legal basis

• To perform our contract with you

• Legitimate interest to recover debts due to us

• Legitimate interest to improve our Platform, products, and services

• Consent, which you may withdraw any time

Processing purpose

• Register you as a user on our Platform

• Enable you to use our products and services

• Process your payments

• Collect overdue amounts

• Notify you about changes to our products, services, or terms

• Administer and maintain safety and security of our Platform

• Study usage of our products or services

• Gather feedback on our products, services, or features

• Provide information on products or services that may be of interest to you

Type of data processed

• Account Data

• Transaction Data

• Support Data

• Technical Data

• Preference Data

• User Content