Collybus

Privacy Policy

INTRODUCTION

This Privacy Policy (the "Policy") explains how Collybus Pte Ltd ("Collybus" "we" "us" "our"), a company incorporated in Singapore with Company No 202420599E, collects, processes, and protects your personal data when you use our platform and services.

Collybus is committed to handling your personal data lawfully, fairly, and in a transparent manner, in compliance with the Personal Data Protection Act 2012 (PDPA) of Singapore, the General Data Protection Regulation (GDPR) for individuals in the European Union, and applicable Australian privacy regulations.

Data Controller

Collybus Pte Ltd is the data controller responsible for your personal data. If you have any questions about this Policy or wish to exercise your rights, please contact us:

Collybus Pte Ltd
49 Duxton Road #02-01
Singapore 089513
Email: support@collybus.co

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes at any time by emailing us.

We may update this Policy periodically. Any changes will be posted on our website or communicated via email.

Personal Data We Collect

We collect and process personal data that you provide directly to us or that we obtain through our interactions with you in the course of our business. "Personal Data" means any information that can identify an individual. This may include:

  • Name, title, and occupation;
  • Contact information (e.g., email address, phone number);
  • Postal address and other contact details;
  • Information and documentation provided to us for due diligence, Know-Your-Customer ("KYC"), or Anti-Money Laundering (AML) checks;
  • Any additional data provided during account registration, correspondence, or when using our platform or services.

We only collect personal data necessary for the purposes outlined in this Policy.

Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

  • Service Delivery & Communication: To communicate with you about the services we offer, respond to your inquiries, and provide relevant updates about our platform and activities.
  • Compliance & Regulatory Obligations: To conduct KYC, AML checks, and meet our legal, regulatory, and compliance obligations under applicable laws in Singapore, Australia, the EU, and other jurisdictions.
  • Business Operations & Record-Keeping: To maintain proper records, including administrative and operational records, consistent with legal requirements and best practices.
  • Marketing & Updates (Where Applicable): To send you communications that may interest you, subject to obtaining your consent where required by law, and always providing an opt-out option.

We rely on one or more of the following legal bases under GDPR and corresponding principles under PDPA and Australian privacy regulations:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  • Performance of a Contract: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Where processing is necessary for us to comply with legal or regulatory obligations.
  • Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party), provided that your fundamental rights and interests do not override those interests.

If we need to process your personal data for a purpose unrelated to the original reason for collection, we will inform you and explain the legal basis that allows us to do so.

International Data Transfers

We operate primarily from Singapore, but our services and related data processing activities may require transferring your personal data outside your country of residence, including to jurisdictions that may have different data protection standards.

For EU residents, we will ensure such transfers comply with GDPR, employing appropriate safeguards such as EU-approved certifications, standard contractual clauses, or transferring data to entities participating in recognized frameworks offering adequate protection.

Data Protection in Singapore (PDPA)

Under the PDPA, we have appointed a Data Protection Officer (DPO) responsible for ensuring compliance with Singapore's data protection requirements. If you have any queries or concerns related to our data practices under PDPA, please contact us at the email provided above.

Marketing Communications

We may send marketing communications if you have requested such updates or if we have a legitimate interest in informing you of our services and believe it would be of interest to you. If required by local law, we will seek your explicit consent before sending marketing materials. You have the right to opt out of receiving marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

We do not sell or share your personal data with third parties for their own marketing purposes.

Who We Share Information With

We may share your personal data with trusted third parties, where necessary, including:

  • Service Providers: IT support, system administration, cloud hosting, or data storage services;
  • Professional Advisers: Lawyers, auditors, custodians, prime brokers, and insurers supporting our business operations;
  • Regulatory Authorities: Regulators, government bodies, and tax authorities, as required by law.

We require all third parties to respect the security and confidentiality of your personal data and only process it according to our instructions and applicable law.

Security Measures

We take reasonable technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Access to personal data is restricted to employees and partners with a business need to know. We have procedures to deal with suspected personal data breaches and will notify you and any relevant regulator where legally required.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or regulatory requirements. Generally, we keep client records for up to five (5) years after the end of the client relationship, or longer if required by law or regulation.

Your Rights

If you are located in the EU, you have rights under GDPR, including the right to request access, rectification, erasure, restriction, or portability of your personal data. You may also have the right to object to certain processing or withdraw consent where processing is based on consent. To exercise your rights, please contact us at the email address provided above. We may request additional information to confirm your identity before fulfilling your request.

If you believe we have not addressed your data protection concerns, you have the right to lodge a complaint with a relevant data protection authority in your jurisdiction.

Cookies

Our website uses cookies to enhance user experience and analyze site usage (e.g., through Google Analytics). Cookies are small pieces of data stored on your device. You can adjust your browser settings to refuse cookies; however, some site features may not function properly without them. By using our website, you consent to our use of cookies. For more information, including how Google may use your data, consult Google's Privacy Policy. You can opt out of Google Analytics by using a browser add-on available from Google.

Contact Us

For any questions, requests, or concerns about this Privacy Policy or our handling of your personal data, please contact:

Collybus Pte Ltd
49 Duxton Road #02-01
Singapore 089513
Email: support@collybus.co