Skip to main content
SO2A

Privacy Policy

Effective Date: 01 May 2025

Data Protection Officer (DPO): Severine Chune, dpo@so2a.net

SO2A Pte. Ltd. ("SO2A," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA).

1. Personal Data We Collect

  • Contact details – name, email address, phone number
  • Business details – company name, website URL
  • Consent preferences captured through our SaaS platform
  • Information you voluntarily submit via forms, demo requests, or consultations

2. Purposes of Collection and Use

  • Answer enquiries and deliver requested services
  • Configure and run our consent-management SaaS platform
  • Perform PDPA audits, training, and advisory work
  • Send regulatory alerts or marketing messages only if you have given consent

3. Data Breach Notification

If a breach is likely to cause significant harm or affects 500 or more individuals, we will notify affected persons as soon as practicable and inform the Personal Data Protection Commission (PDPC) within three (3) calendar days, as required under Part 6A of the PDPA.

4. Disclosure to Third Parties

We do not sell personal data. We share it only with trusted service providers (e.g., hosting, email delivery) bound by equivalent data-protection obligations, or with regulators and courts where legally required.

5. Overseas Data Transfers

We generally do not transfer personal data outside Singapore. If a transfer is necessary, we will ensure the recipient provides a standard of protection comparable to the PDPA by using PDPC-approved contractual clauses.

6. Access and Correction

You may request access to, or correction of, your personal data in our possession by emailing privacy@so2a.net. We will respond as soon as reasonably possible. We do not charge for correction requests.

7. Withdrawal of Consent

You may withdraw consent at any time by emailing privacy@so2a.net. We will explain any resulting impact on service provision. Withdrawal will be processed within ten (10) business days and will not affect prior lawful processing.

8. Retention

We retain personal data only as long as necessary for the purposes above or as required by law, after which it is securely deleted or anonymised.

9. Security

We apply industry-standard technical and organisational measures such as encryption, access controls, and regular audits to protect your information.