Key Information

Effective Date: 14 November 2025
Controller: Curve Consulting Pte. Ltd.
Registered Office: 160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914
Contact Email: privacy@curvecontracts.com
Data Protection Officer (DPO) / Contact: Privacy Team, privacy@curvecontracts.com
Where this Policy applies: This policy applies to the Controller’s operations in Singapore and to users of the Website / Platform wherever located.
Jurisdiction / Applicable Law: Singapore / PDPA
Supervisory Authority: PDPC (Singapore)
Website / Platform: curvecontracts.com
Cookie & Tracking Policy: See Cookies section below
Marketing Channels Used: Email
Analytics & Advertising Partners: Google Analytics
International Data Transfer Mechanism: Standard Contractual Clauses (SCCs)
Data Retention Period: active account + 2 years; 6 years for tax records
Intended Audience / Age: Adults 18+
Privacy Request Form URL: None
Sensitive Data Collected: No
Third-Party Marketing Sharing: No
Market Research & Surveys: Disabled
Corporate Transactions Clause: Enabled

---

1. Important information and who we are

This Privacy Policy explains how the Controller collects and uses personal data in connection with your use of the Website / Platform, including any data you provide when you register for an account, purchase a product or service, subscribe to updates, or otherwise interact with us.

The Website / Platform is intended for the audience described in the Intended Audience / Age field in the Key Information, and we do not knowingly collect data from anyone outside that group.

The Controller, as set out in the Key Information section above, is responsible for your personal data. When this Privacy Policy refers to “we”, “us” or “our”, it means the Controller.

If you have any questions about this Privacy Policy or wish to exercise any of your privacy rights, please contact us using the Contact Email provided in the Key Information. If a Data Protection Officer (DPO) has been appointed, their details are also included in that section.

2. The types of personal data we collect about you

Personal data means any information about an individual from which that person can be identified.

The Controller may collect, use, store, and transfer different kinds of personal data about you in connection with your use of the Website / Platform and our related products or services. We group this data into the following categories: a. Identity Data — such as your first and last name, username or similar identifier, and, where relevant, date of birth or gender; b. Contact Data — including your billing or delivery address, email address, and telephone number; c. Financial Data — such as payment-card or bank-account details used to process transactions; d. Transaction Data — including details about payments to and from you and the products or services you have purchased; e. Technical Data — such as IP address, browser type and version, time-zone setting and location, operating system and platform, and other technology used to access the Website / Platform; f. Profile Data — such as your username and password, account settings, preferences, and feedback; g. Usage Data — information about how you interact with and use our Website / Platform, products, and services; and h. Marketing and Communications Data — your preferences for receiving marketing from us and your communication preferences.

We do not collect Sensitive Data (as defined by applicable law) unless the Sensitive Data Collected field states otherwise.

We may also collect aggregated or statistical data—such as analytics about traffic volumes or user engagement—which does not identify you.

3. How is your personal data collected?

(a) Your interactions with us

You may provide data when you: a. register for an account; b. subscribe to a service, newsletter, or updates; c. make a purchase; d. request marketing; e. respond to a survey or provide feedback; or f. contact us for support.

(b) Automated technologies or interactions

We automatically collect Technical Data using cookies and similar technologies.

See the Cookie Policy referenced in the Key Information.

(c) Third parties or publicly available sources

We may receive personal data from: a. analytics and advertising partners (e.g., Google Analytics); b. payment and cloud-hosting providers; or c. publicly available sources (e.g., business registries, social media platforms).

The Controller ensures these providers meet the requirements of the applicable law.

4. How we use your personal data

We use your personal data to: a. provide and manage your account; b. deliver products and services; c. process payments; d. communicate with you; e. improve and personalise the Website / Platform; f. send marketing where permitted; g. comply with legal obligations; h. conduct surveys if enabled; or i. secure, operate, and improve services.

Legal bases for processing

We rely on: a. Contract performance; b. Legitimate interests; and c. Consent, where required.

Data retention

We retain personal data according to the Data Retention Period in the Key Information.

Further information

If we rely on consent, you may withdraw it at any time via the Contact Email.

5. Direct marketing and opt-out

Marketing is sent only where permitted under applicable law.

You may opt out at any time by: a. using unsubscribe links; or b. contacting the Contact Email.

We still send necessary service-related messages.

We do not share your data with third parties for their own marketing unless the Key Information states otherwise.

6. Cookies

The Website / Platform uses cookies to: a. recognise you; b. remember preferences; c. analyse usage; and d. personalise your experience.

You may manage or disable cookies in your browser.

Where required, consent is collected for non-essential cookies.

7. Disclosures of your personal data

We may share your personal data with: a. Service Providers — cloud hosting, analytics, payment, communication providers; b. Professional Advisers — lawyers, accountants, auditors; c. Regulators or Authorities — where required by law; and d. Corporate Transactions — in connection with mergers, acquisitions, etc.

We do not sell or rent personal data.

8. International Transfers

We may transfer personal data outside your country.

Transfers use safeguards such as SCCs (as listed in the Key Information).

We ensure service providers handle data securely and in accordance with instructions.

9. Data Security

We implement technical and organisational measures such as: a. encryption; b. access controls; and c. secure storage.

We maintain breach-response procedures and will notify affected parties where required.

10. Data Retention

We retain data as long as necessary for: a. the purposes described in this Policy; b. legal or regulatory obligations; and c. dispute resolution.

When data is no longer needed, we securely delete, anonymise, or aggregate it.

11. Your Legal Rights

Depending on applicable law, you may have rights including: a. Access; b. Correction; c. Erasure; d. Restriction; e. Objection; f. Portability, and g. Withdraw consent.

Contact us via the Contact Email to exercise your rights.

We may verify your identity before fulfilling requests.

12. Contact Details

For questions or rights requests, contact the Controller using the Contact Email or write to the Registered Office.

13. Complaints

If you have concerns, contact us first.

If unresolved, you may contact the Supervisory Authority listed in the Key Information.

14. Changes to this Policy

We may update this Privacy Policy from time to time.

The most recent version is indicated by the Effective Date.

15. Third-Party Links

The Website / Platform may contain third-party links.

We do not control third-party websites and encourage you to review their privacy notices.