Bontake

1. Introduction

Bontake Pte Ltd (“Bontake”) (UEN No. [insert number]) and its affiliates recognise the importance of managing, protecting, and processing your personal data or information or sensitive personal data (“Personal Data”) responsibly. Personal Data is defined under Section 2 of the Personal Data Protection Act, 2012 (Singapore) (“PDPA”).

This Privacy Policy (also referred to as “Privacy Notice” or “Privacy Statement”) sets out how we collect, use, process, and transfer Personal Data, as well as your rights and choices regarding your Personal Data in connection with Bontake’s Services and Platform in Singapore.

2. Scope

This Privacy Policy applies to:

All our employees (current and prospective), customers (current and prospective), as well as visitors to our website (collectively “You” or “Your”).
Customer employees (i.e., Users), but only in situations where Bontake directly collects their Personal Data.
Personal Data collected to provide You access to our Services and Bontake Platform.

This Privacy Policy does not apply to:

Customers who use Bontake solely as a service provider.
Customer employees (Users) whose data is collected by their employer. For these cases, the employer (our Customer) is the Data Controller, and Bontake acts as the Data Processor. Please refer to your employer’s privacy policy.
Anonymized, de-identified, or aggregate data.
Business contact information shared strictly for business transactions with Bontake.
Business contact information provided to Bontake via third parties for Service and Platform use.

In some instances, Bontake may combine data You provide with data received from Customers for the purposes described in this Privacy Policy.

3. Bontake as Service Provider / Processor

Our Customers are corporate entities who use Bontake’s Services via the Bontake Platform. In this context, Bontake acts as a Data Processor and processes Data only on Customer instructions.

Any queries regarding User data management in such cases will be redirected to the Customer (the Data Controller).

4. When Data May Be Collected

We may collect Data in the following circumstances (not exhaustive):

Request for demo of Bontake Platform and Services
Online sign-up and onboarding to Bontake Platform
Access, use, and administration of Bontake Services (including Beta features)
Marketing communications, promotions, or newsletters
Customer support requests, feedback, or queries
Participation in surveys, promotions, or referral activities
Visits to our website or office premises (via cookies, logs, or sign-ins)
Interaction with our sales, account management, or events

If you provide Personal Data about another individual, you confirm you are authorised to do so and have obtained their consent.

5. Data Collected by Bontake

Categories of Data collected include:

From Customers (business contact information):

First name, last name
Business email and phone number
Job title / function
Business address

From Users (via Service access):

Same business contact details as above
Usage-related data: payment methods, spend details, identification information (depending on subscribed Service features)
User preferences: marketing choices, selected Services, feedback

From interactions with Bontake:

Customer care calls and recordings
Emails, chat, or messages
Error reports or diagnostic data

From third parties:

Government agencies or authorised partners providing Data on your behalf

6. Children’s Data

Bontake Services are not intended for individuals under 18. If such data is collected in error, Bontake will delete it. If children’s data is indirectly collected (e.g., as dependents of employees), parental consent will be required.

7. Website Visitor Information

When you visit our website:

We may collect registration details for events, demos, or accounts.
We use cookies and similar technologies to track preferences and activities.
We may log device/IP details for troubleshooting and analytics.

Please see our Cookie Policy for more information.

8. Multifactor Authentication

For security, Bontake may require multi-factor authentication (MFA). This may involve collection of additional information such as email, mobile number, or verification tokens.

9. How We Use or Process Your Personal Data

We use Personal Data for purposes including:

Account set-up and administration
Service delivery and support
Customisation and personalisation of the Platform
Backups, storage, and disaster recovery
Customer communications and marketing (with consent)
Security, fraud detection, and compliance checks
Regulatory compliance and legal obligations
Research, analytics, and product improvement

10. Disclosure and Sharing

Bontake may share Personal Data with:

Bontake Group companies and affiliates
Professional advisers and auditors
Service providers, contractors, or agents
Regulators or legal authorities where required
Parties You authorise (e.g., legal representatives)

We do not sell Personal Data.

11. International Data Transfers

Bontake is based in Singapore but operates globally. Data may be transferred outside your jurisdiction for processing. Where this occurs, Bontake ensures adequate safeguards consistent with PDPA or higher standards.

For Data processed on behalf of Customers, cross-border transfer responsibilities rest with the Customer (the Data Controller).

12. Your Rights as Data Subject

Depending on jurisdiction, You may have rights including:

Right to know how Your data is used
Right to access and receive a copy of Your Data
Right to correct or update inaccurate Data
Right to request deletion of Data (Right to be Forgotten)
Right to restrict or object to processing
Right to data portability
Right to withdraw consent at any time
Right to lodge complaints with PDPC Singapore

To exercise your rights, please contact our Data Protection Officer at dpo@bontake.com. Upon receiving a verified request for erasure, we will pseudonymize personally identifiable information (e.g., user names, emails) in our live systems. Please note that core transactional data (amounts, dates, entity IDs) and associated audit logs will be retained in their anonymized form to comply with our legal and financial record-keeping obligations, which may override the right to erasure.

For Users under Customer accounts, please refer to your employer’s privacy policy and direct requests to your employer.

13. Contact

For privacy queries or rights requests:

📧 dpo@bontake.com

📍 Bontake Pte Ltd, [Insert Address], Singapore

For Service-related support:

📧 support@bontake.com

14. Request Management

We aim to respond within 7 business days and resolve within 21 business days. Complex requests may take longer, and we will inform you of updates.

15. Security Measures

Bontake implements ISO 27001-level security standards and uses technical and organisational measures to protect Personal Data from unauthorised access or disclosure.

16. Retention of Data

We retain Personal Data only as long as necessary for the purposes for which it was collected or as required by law. Our standard retention periods are as follows:

Financial Records & Reconciliation Reports: Retained for a minimum of 7 years to comply with statutory audit and tax regulations.
Audit Logs: Retained for a minimum of 7 years to ensure a complete and auditable history of system activities.
User Account Information: Retained for the duration of the account's active status and for 12 months post-termination, after which it is pseudonymized.
AI Decision Logs: Retained for 18 months for model performance analysis, audit, and troubleshooting purposes, after which they are anonymized and aggregated.

After the applicable retention period, data will be securely and permanently deleted or anonymised.

17. Modifications

We may revise this Privacy Policy at any time. Updates will be posted on the Bontake Platform, and continued use of our Services implies acceptance.