Legal

Privacy Policy

Last updated: 1 May 2025

This Privacy Policy explains how AIForward Pte. Ltd. (UEN 201847291B) (“AIForward”, “we”, “us”) collects, uses, discloses, and protects personal data in accordance with the Personal Data Protection Act 2012 of Singapore (PDPA), as amended and in force from May 2025, and other applicable laws in jurisdictions where we operate.

1. Data controller

AIForward Pte. Ltd.
8 Marina View, #43-01 Asia Square Tower 1, Singapore 018960
Email: [email protected]
Phone: +65 6221 8934
Data Protection Officer: [email protected]

2. Personal data we collect

Depending on your relationship with us, we may collect the following categories of personal data:

  • Identity and contact data: name, job title, company name, email address, telephone number, postal address.
  • Business and programme data: team size, budget range, solution interests, consultation preferences, messages submitted via our contact form.
  • Account and usage data: login credentials (stored in hashed form), activity within AIForward platforms, support correspondence, and programme milestone records.
  • Technical data: IP address, browser type, device identifiers, referral URLs, and cookie identifiers when you visit aiforward.one or use our services.
  • Payment data: billing contact details and transaction references processed by third-party payment providers (we do not store full payment card numbers).
  • AI and model-related data: where you engage our machine learning services, we may process datasets you provide under separate data processing agreements, subject to confidentiality and purpose limitation.

3. Purposes of collection, use, and disclosure

We collect, use, and disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances, including:

  • Responding to enquiries and providing AI transformation, adoption, and consulting services;
  • Delivering solutions from our collection and managing Growth Forward and enterprise programmes;
  • Administering contracts, invoicing in SGD, and customer success activities;
  • Improving our website, products, security, and user experience;
  • Sending service notices, programme updates, and marketing communications where permitted;
  • Complying with legal obligations, regulatory requests, audits, and dispute resolution;
  • Recruitment and employment administration (where applicable).

We may disclose personal data to trusted service providers (cloud hosting, analytics, email delivery, payment processing, professional advisers) who process data on our instructions. We require such parties to implement appropriate technical and organisational safeguards. We may also disclose data to regulators or law enforcement where required by Singapore law.

4. Consent and notification obligation

Under the PDPA (May 2025 framework), we notify you of the purposes for which personal data is collected on or before collection. Where consent is required as the legal basis, we seek clear and informed consent. You may withdraw consent for marketing at any time by emailing [email protected] or using unsubscribe links in our emails. Withdrawal does not affect processing already lawfully performed or processing based on other permitted grounds such as contractual necessity or legal obligation.

5. Legitimate interests and business purposes

Where permitted under the PDPA, we may rely on legitimate business purposes for processing that is necessary for our operations and not disproportionate to your interests — for example, fraud prevention, network security, and aggregated analytics that do not identify individuals.

6. Cookies and similar technologies

Our website uses:

  • Essential cookies: required for security, load balancing, and remembering cookie consent choices stored in localStorage.
  • Analytics cookies (with consent): to understand how visitors use aiforward.one and improve content.

When you first visit our site, a cookie banner allows you to accept all cookies or continue with essential cookies only. Your choice is stored locally under the key aiforward_cookie_consent. You may change browser settings to block cookies; some features may not function correctly.

7. Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Typical retention periods:

  • Contact form submissions: up to 24 months unless a client relationship continues;
  • Client and programme records: duration of contract plus 7 years for business records;
  • Marketing suppression lists: indefinitely where required to honour opt-out requests;
  • Server logs: up to 12 months unless needed for security investigations.

8. Cross-border transfers

As an APAC-focused provider, we may transfer personal data to service providers or affiliates outside Singapore. Where we do so, we ensure that the recipient provides a standard of protection comparable to that under the PDPA, including contractual clauses approved under PDPA transfer requirements effective May 2025.

9. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including access controls, encryption in transit (TLS), encryption at rest where applicable, staff training, and incident response procedures. No method of transmission over the Internet is completely secure; we encourage you to use strong credentials and report suspected breaches promptly.

10. Data breach notification

In the event of a data breach that is likely to result in significant harm or affect a significant number of individuals, we will assess the incident promptly and, where required under the PDPA and guidance issued from May 2025, notify the Personal Data Protection Commission (PDPC) and affected individuals without undue delay.

11. Your rights

Subject to exceptions under the PDPA, you may:

  • Request access to personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Withdraw consent for processing based on consent;
  • Request information about how your data has been used or disclosed in the past year.

We may charge a reasonable fee for manifestly unfounded or excessive access requests. We will respond within the timelines prescribed by the PDPA.

12. Do Not Call Registry

Where we send marketing messages to Singapore telephone numbers, we check against the Do Not Call Registry unless you have provided clear and unambiguous consent for such messages or an applicable exception applies.

13. Children

Our services are directed at business users. We do not knowingly collect personal data from individuals under 18 without parental or guardian consent. Contact us if you believe we have collected such data in error.

14. Third-party links

Our website may link to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal data.

15. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. Material updates will be posted on this page with a revised “Last updated” date. Continued use of our services after changes constitutes acceptance where permitted by law.

16. Contact and complaints

For privacy enquiries or to exercise your rights, contact our Data Protection Officer at [email protected] or write to the address in Section 1. If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore at www.pdpc.gov.sg.