1. Introduction

ScaleX Business Private Limited and ScaleX Fintel LLC (referred to as “we,” “our,” or “us”) is committed to protecting and respecting your privacy. This policy outlines how we collect, use, disclose, process, and protect your personal data in compliance with applicable data protection laws, including:

  • Singapore’s Personal Data Protection Act 2012 (PDPA)
  • India’s Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Middle East laws, including the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection

By providing us with your personal data, you consent to its collection, use, and disclosure as described in this policy.

2. Definitions

Personal Data:

  • In Singapore (PDPA): “Data, whether true or not, about an individual who can be identified – (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”
  • In India (DPDP Act): “Any data about an individual who is identifiable by or in relation to such data.”
  • In the UAE (Federal Decree-Law No. 45 of 2021): “Any data that identifies or could identify a natural person by reference to an identifier.”

3. Collection of Information

We collect personal data necessary for providing our corporate services and to comply with legal and regulatory requirements. This includes:

  • Full name
  • Copy of identification documents (e.g., NRIC, passport, Aadhaar, Emirates ID)
  • Contact details (e.g., telephone number, email address, residential address)
  • Photographs or videos (e.g., for identification verification)
  • Signatures
  • Other personal data as required by government or regulatory agencies

3.1 Automatic Collection

Our website and applications automatically collect non-personal data, such as:

  • IP addresses
  • Browser types
  • Device information
  • Traffic patterns and visit times

This data helps improve our services and user experience.

3.2 Usage of Collected Data

We collect and use your data for the following purposes:

  • Facilitating corporate services, including statutory filings and regulatory compliance
  • Disclosing information to government bodies such as ACRA (Singapore), MCA (India), and other statutory authorities in the Middle East
  • Communicating with clients regarding services via email, applications, or social media platforms
  • Sending updates about new services or offers (with prior consent)

We process your personal data under the following legal bases:

  • Consent: When you provide us with explicit consent for specified purposes.
  • Legal Obligation: To comply with applicable laws, regulations, or court orders.
  • Contractual Necessity: To fulfil our contractual obligations to you.

5. Disclosure of Information

We may disclose your personal data to the following entities, as necessary:

  • Government agencies and statutory bodies (e.g., ACRA, MCA, or UAE authorities)
  • Professional advisors (e.g., lawyers, accountants, auditors)
  • Third-party service providers (e.g., IT service providers, cloud storage providers)
  • Business partners and agents acting on our behalf
  • Credit bureaus for credit evaluation or debt recovery

We ensure that these entities adhere to appropriate data protection standards.

6. Data Retention

We retain personal data as long as:

  • It is required for providing our services
  • It is mandated by applicable laws and regulations (e.g., tax or audit purposes)

Once the retention period expires, we securely dispose of or anonymize the data.

7. Data Security

We implement robust physical, electronic, and managerial measures to protect your personal data against unauthorized access, alteration, or loss. Examples include:

  • Secure servers
  • Encrypted communication
  • Regular security audits
  • Restricted access to authorized personnel only

8. Rights of Individuals

Depending on your jurisdiction, you may have the following rights:

  • Access and Correction: Request access to your personal data and correct inaccuracies.
  • Data Portability: Receive your data in a structured, commonly used format.
  • Erasure: Request deletion of your personal data where permissible.
  • Withdrawal of Consent: Withdraw consent for processing activities reliant on consent.

For inquiries or requests, contact our Data Protection Officer (details provided below).

9. Cross-Border Data Transfers

When transferring personal data outside Singapore, India, or the Middle East, we ensure that:

  • The recipient country offers comparable data protection standards.
  • Adequate safeguards, such as contractual clauses or binding corporate rules, are in place.

10. Changes to this Policy

We may update this policy to reflect changes in legal requirements or our practices. Updated versions will be published on our website. We encourage you to review this policy periodically.

11. Contact Us

For queries or complaints regarding this policy, contact our Data Protection Officer at:

  • Email: dpo@scalexbusiness.com
  • Phone: +91 80959 99770
  • Address: ScaleX Loop, Embassy Golf Links Road, Challaghatta, Bengaluru, Karnataka 560071