Data Protection Policy

We, SOLVECUBE PTE LTD (fka) ICUBE CONSORTIUM PTE LTD , having its registered office at “#1908 Prudential Towers, 30 Cecil Street, Singapore – 049712”, represented by its members, hereinafter referred to as the “Company”.

This Data Protection and Privacy Policy (“Policy”) ensures steady commitment to your privacy with regard to the protection of your personal data. This Policy contains information related to your personal data within the Website https://solvecube.com/ (hereinafter collectively referred to as the “Platform/Solvecube”)

This Policy provides you with details about the manner in which your data is collected, used, disclosed, and / or stored by us. You are advised to read this Policy carefully. By visiting the Platform, we accept that you are voluntarily giving us your consent to collect, use, and disclose your personal data in accordance with this Policy.

If you do not agree to the terms of the policy, you may opt out by not using or accessing the Platform

Note: Our privacy policy may change at any time without prior notification. To make sure that you are aware of any changes, kindly review the policy periodically (at least quarterly).

This Policy is in compliance with the Personal Data Protection Act of Singapore as amended up to 2021, in addition to General Data Protection Regulation (GDPR) and any and all provisions that may read to the contrary shall be deemed to be void and unenforceable.

If you do not agree with the terms and conditions of our Privacy Policy, including in relation to the manner of collection or use of your information, please do not use or access the Site.

If you have any questions or concerns regarding this Privacy Policy, you should contact our Data Protection and Privacy Officer at [email protected].


  1. ‘You’, ‘Experts’, ‘Clients’, ‘User’, or any grammatical variations thereof shall mean any legal person or entity accessing or using the services provided on this Platform who is competent to enter into binding contracts as per the laws of Singapore.
  2. The terms ‘We’, ‘Us’, ‘Our’ shall mean the Platform and/or the Company, as the context so require
  3. The term ‘Service’ shall mean providing a platform that serves the needs of Clients, Management professionals, HR tech products, and users of HR products and management services.
  4. The terms ‘products’ and ‘projects’ refers to goods and services offered by the Company to Users in relation to Management services provided.

The above definitions may or may not be capitalized.


We are committed to respecting Your online privacy. We further recognize Your need for appropriate protection and management of any Personal Information You share with us. We may collect the following information:

  1. Personal data such as Name, E-mail address, Country, Company Name, Company Registered Address, Mobile number, LinkedIn Profiles and publicly available information from LinkedIn, Assessments that you may take voluntarily for improving the quality of services you receive, etc.
  2. Tracking information such as device type, IP address of your device and device ID, type and plug-in when connected to the Internet. This information may include the URL that you just came from (whether this URL is on a software application or not), which URL you next go to (whether this URL is on the software application or not), your computer browser information, and other information associated with your interaction with the Site
  3. Details of Website usage for analytics
  4. Other information we collect such as:
    1. This privacy policy also applies to data we collect from users who are not registered as members of this site, including, but not limited to, browsing behaviour, pages viewed etc. We also collect, and store personal information provided by you from time to time on the Site. We only collect and use such information from you that we consider necessary for achieving a seamless, efficient and safe experience, customized to your needs including:
      1. To facilitate a contract between Users and the Company to enable the provision of services opted for by you;
      2. To communicate necessary account and service related information from time to time;
      3. To allow you to receive quality customer care services;
      4. To comply with applicable laws, rules and regulations;
    2. Videos, Calls, Chats, Emails and other communications between Users and the Company, Service Providers or other Users are all recorded for the purpose of ensuring the services are provided to you seamlessly and efficiently. We also collect this data as proof of valid communications in case the same should be required during any Dispute Resolution Process.

Videos, Calls, Chats, Emails and other communications between Users and the Company, Service Providers or other Users are all recorded for the purpose of ensuring the services are provided to you seamlessly and efficiently. We also collect this data as proof of valid communications in case the same should be required during any Dispute Resolution Process.

The Company will not use your financial information for any purpose other than to complete a transaction with you. To the extent possible, we provide you the option of not divulging any specific information that you wish for us not to collect, store or use. You may also choose not to use a particular service or feature on the Site and opt out of any non-essential communications from the platform.

Further, transacting over the internet has inherent risks which can only be avoided by you following security practices yourself, such as not revealing account/login related information to any other person and informing our Customer Support Desk [email protected] about any suspicious activity or where your account has/may have been compromised.


We will not sell, share, or rent your personal information to any third party or use your email address/mobile number for unsolicited emails and/or SMS. Any emails and/or SMS sent by the Company will only be in connection with the provision of agreed services and products and this Policy, and in accordance with our Marketing requirement . In case you choose to unsubscribe from our services, you agree to provide us 60 working days to update our servers and remove your contact information from our mailing lists.


The information provided by you shall be used to provide and improve the service for you and all users.

  • For providing the services on the Platform and improving the same
  • For maintaining User Contracts
  • Verifying your identity
  • Managing the administrative and business operations of company
  • Audit Purpose
  • Responding and resolving data handling access, correction and withdrawal process
  • To assist in law enforcement and investigations by relevant authorities
  • Requesting feedback or participation in survey, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our [products / services], understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services

For more details about the nature of such communications, please refer to our Terms of Service . Further, your personal data and Sensitive Personal data may be collected and stored by Us for internal records. We use Your tracking information such as IP addresses, and or Device ID to help identify you and to gather broad demographic information. We will not sell, license, or trade Your personal information. We will not share your personal information with others unless they are acting under our instructions or we are required to do so by law. Information collected via Our server logs includes users’ IP addresses and the pages visited; this will be used to manage the web system and troubleshoot problems. We also use third-party analytics, tracking, optimization and targeting tools to understand how users engage with our Platform so that we can improve it and cater personalized content/ads according to their preferences. For analytics purposes, we will be anonymizing your personal data such that it cannot be traced back to you personally nor will you be reidentified with any derived data.


Before or at the time of collecting additional personal information other than that identified in this Policy, and for which we have identified the purpose, we will identify the purpose for which information is being collected via appropriate communication channels. If the same is not identified to you, you have the right to request the Company to elucidate the purpose of collection of said personal information, pending fulfilment of which you shall not be mandated to disclose any information whatsoever.

We will collect and use your personal information solely with the objective of fulfilling those purposes specified by us, within the scope of consent of the individual concerned or as required by law. We will only retain personal information as long as necessary for the fulfilment of those purposes. We will collect personal information by lawful and fair means. By agreeing to the terms of this Policy, you consent that the information collected from you is with your knowledge and consent.Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.


We use data collection devices such as “cookies” on certain pages of our Websites. “Cookies” are small files sited on your hard drive that assist us in providing customized services. We also offer certain features that are only available through the use of a “cookie”. Cookies can also help us provide information, which is targeted to your interests. Cookies may be used to identify logged in or registered users. Our Website uses session cookies to ensure that you have a good experience. These cookies contain a unique number, your ‘session ID’, which allows our server to recognize your computer and ‘remember’ what you’ve done on the Platform. The benefits of this are:

  1. You only need to log in once if you’re navigating secure areas of the site.
  2. Our server can distinguish between your computer and other users, so you can see the information that you have requested.

You can choose to accept or decline cookies by modifying your browser settings if you prefer. This may prevent you from taking full advantage of the Platform. We also use various third-party cookies for usage, behavioural, analytics and preferences data. The following are the different types of Cookies used on the Platform:

  1. Authentication cookies: To identify the user and share the content that he or she requested for.
  2. Functionality cookies: For customized user experience and resuming past course progress.
  3. Tracking, optimization and targeting cookies: To capture usage metric on device, operating system, browser etc. To capture behavioral metrics for better content delivery. To cater and suggest most suited products and services.

Some cookies we use are from third party companies to provide us with web analytics and intelligence about our websites and platforms. These companies collect information about your interaction with our websites and platforms. We use such information to compile statistics about visitors who interact with the websites, platforms and other companies’ online content, to gauge the effectiveness of our communications, and to provide more pertinent information to our visitors.

If you do not agree to our use of cookies and other technologies as set out in this Data Protection Policy, you should delete or disable the cookies associated with our websites and platforms by changing the settings on your browser accordingly. However, you may not be able to enter certain part(s) of our websites or platforms. This may also impact your user experience while on our websites or platforms.

Third-Party Sites: Our website may contain links to other websites operated by third parties. We are not responsible for the data protection policies or privacy practices of websites operated by third parties that are linked to our website. We recommend you learn about the policies and practices related to data of such third-party websites.


If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, the Company may contact you using such Singapore telephone number(s) (including via voice calls, text , fax or other means) with information about our products and services (including discounts and special offers).

In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other/new purposes for which we collect, use or disclose your personal data. If so, we will collect, use and disclose your personal data for these additional purposes as well, unless we have specifically notified you otherwise.

If you do not wish to receive any calls from us, please let us know and we shall act accordingly.


We use Google Analytics and other tracking and statistics software to help us to understand how you make use of our content and work out how we can make things better. These cookies follow your progress through our collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. This data is then stored by Google in order to create reports. These cookies do not store your personal data.

The information generated by the cookie about your use of the Website, including your IP address, may be transmitted to and stored by Google on servers in the United States. Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

The Google website contains further information about Analytics and a copy of Google’s privacy and data protection policy pages. We encourage you to visit them and update yourself on their policies.


In the process of providing relevant services to you, the Website may include advertisements, hyperlinks to other websites, applications, content or resources. We have no control over any other websites or resources, which are provided by companies or persons other than Us. You acknowledge and agree that we are not responsible for the availability of any such external sites or resources, and do not endorse any advertising, services/products or other materials on or available from such platform or resources. You acknowledge and agree that We are not liable for any loss or damage which may be incurred by you as a result of the availability of those external sites or resources, or as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products or other materials on, or available from, such websites or resources. These external websites and resource providers may have their own privacy policies governing the collection, storage, retention and disclosure of Your Personal Information that you may be subject to. We recommend that you enter the external Website and review their privacy and data protection policies.


Unless subject to an exemption, you have the following rights with respect to your personal data:

  1. The right to request a copy of your personal data which we hold about you;
  2. The right to request access or for any correction to any personal data if it is found to be inaccurate or out of date;
  3. The right to withdraw your consent to the processing at any time;
  4. The right to object to the processing of personal data;
  5. The right to lodge a complaint with a supervisory authority;
  6. The right to obtain information as to whether personal data are transferred to a third country or to an international organization;
  7. The right to control the emails received by you through the Platform;
  8. The right to request any non-personal data be removed where possible and anonymised from the personal data, which is required to maintain the contract between Users;
  9. The right to contact us in case any information about you on our Platform is found to be inaccurate or if you believe your information was processed illegitimately;
  10. Right to opt-out from sharing your personal data;
  11. Right to notify us about any data breach (Data Breach Notification);
  12. Right to port your data to another organization;

Where you hold an account with any of our service, you are entitled to a copy of all personal data which we hold in relation to you. You are also entitled to request that we restrict how we use your data in your account when you log in.


Except as otherwise expressly included in this Policy, this document only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties, whether they are on our Platform or on other sites throughout the Internet, different rules may apply to their use or disclosure of the information you disclose to them. To the extent that we use third party advertisers, they adhere to their own privacy and data protection policies. Since we do not control the privacy or data protection policies of the third parties, you must satisfy yourself to protection of your personal data before you disclose your personal information to others.


To provide our Services we may use the information we collect and host for the following general purposes:

  1. To provide customer services, including to create and manage user accounts, to resolve technical difficulties and to enable features;
  2. To customize offers and experiences, including advertising on our properties or third parties’ properties;
  3. To monitor general and individual user activity, such as keyword searches, postings and transactional activity, and to manage traffic on the Website;
  4. To contact our users, including for service matters, customer care or permitted marketing communications via any available communications channels;
  5. To adequately test and monitor use and de-bugging of our Platform;
  6. To undertake research initiatives and to perform analytics to improve our services;
  7. To enforce our Terms of Service including to combat fraud and abuse;
  8. For purposes of supporting and facilitating Dispute Resolution Procedures;

We use industry standard practices to protect your privacy and personal data. We may retain information that we collect and observe on our network only for as long as is required to fulfil the above business objectives or for legal purposes. Due to the existing regulatory environment, we cannot ensure that all of your private communications and other personally identifiable information will never be disclosed in ways not otherwise described in this Policy. By way of example (without limiting and foregoing), we may be forced to disclose information to the government, law enforcement agencies or third parties, after establishing the veracity of the request. Therefore, although we use industry standard practices to protect your privacy, we do not promise, and you should not expect, that your personally identifiable information or private communications would always remain private.

As a matter of policy, we do not sell or rent any personally identifiable information about you to any third party. However, the following example describes some of the ways that your personally identifiable information may be disclosed

  1. External Service Providers: There may be a number of services offered by external service providers that help you use our Platform. If you choose to use these optional services, and in the course of doing so, disclose information to the external service providers, and/or grant them permission to collect information about you, then their use of your information is governed by their privacy policy.
  2. Law and Order: We cooperate with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud and other rights. We can (and you authorize us to) disclose any information about you to law enforcement and other government officials as we, in our sole discretion, believe necessary or appropriate, in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose us or you to legal liability.

We only collect data necessary for fulfilling our product / service requirements. By submitting you data, you are deemed to have given your consent to our collection, use, disclosure, and storage of your personal data. Please let us know if you wish to withdraw or vary your consent. In the event any other use of your personal data is contemplated, we will notify you of the same.

  1. Personal data may be collected in the following ways:
    1. Form submission, including but not limited to application forms or other forms relating to any of our products or services which may be enquired about or purchased through the Company
    2. Any agreement or providing of other documentation or information in respect of your interactions with us, or when you use our services
    3. Interaction with our staff, including relationship managers and their assistants, example via telephone calls (which may be recorded), letters, fax, face-to-face meetings and emails
    4. Use of services provided through our online and other technology platforms, such as websites and apps, including when you establish any online accounts with us
    5. Request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional personal data, our promotions and other initiatives
    6. Contact by, and / or response to, our marketing representatives, agents and other service providers
    7. Information sought about you and receipt of your personal data from third parties in connection with your relationship with us, for example, from referrers, business partners, external or independent asset managers, public agencies or the relevant authorities
    8. Personal data through physical access, internet and information technology monitoring processes
    9. Personal data in connection with any investigation, litigation, registration or professional disciplinary matter, criminal prosecution, inquest or inquiry which may relate to you
    10. Direct submission by you of your personal data to us
  2. The Company need not collect your consent under the following circumstances. Where collection of personal

    1. For legal purpose such as compliance with regulations under IRAS, MOM, and all other relevant laws of Singapore
    2. Cannot be obtained in timely way
    3. Not reasonably be expected to withhold consent
    4. Is an emergency that threatens the life, health, or safety of the individual or another individual
    5. The Company has reasonable grounds to believe that the health or safety of the individual or another individual will be seriously affected
    6. For the purpose of contacting the next-of-kin or a friend of any injured, ill or deceased individual
    7. Is publicly available
    8. Is in national interest
    9. For artistic or literary purposes
    10. For archival or historical purposes (not for sensitive data)
    11. Any investigation or proceedings or in the public interest
    12. There is legitimate interest
    13. For business asset transactions
    14. For business improvement purposes
    15. For research purposes


At every stage prior to, during or after information collection, you have the right to access all personally identifiable information provided, rectify or alter all personally identifiable information provided, restrict the level of information to be retained as per your sole discretion and object to the retention, use and potential disclosure of the personally identifiable information. Please write in to our DPO at [email protected] to access or correct your personal data.

Individuals may be charged a reasonable fee per Access Request to defray minimum costs. This may also increase depending upon the extent and effort of procuring the personal data. The DPO will aim to provide the relevant data within 30 calendar days.

The DPO will always verify the identity of anyone making an Access Request before handing over any information.

Correction requests will be carried out within 30 calendar days. No charge will be levied for any correction requests
You have the right to request that we amend or update your personal data where it is inaccurate or incomplete. Kindly note that while we shall make a reasonable effort to ensure that the Personal Data we collect is accurate and complete, you are responsible for ensuring the accuracy of the Personal Data that you provide to us directly.

We will respond to your correction request as soon as reasonably possible. Should we not be able to perform the correction request within 30 days after receiving your request, we will inform you in writing via email on the time by which we will be able to perform your correction request. If we are unable to perform a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA or under any other applicable laws). If dissatisfied with the refusal to correct the personal data, individuals could email to DPO with other supporting documents to request for correction. DPO may assess the situation on case by case scenario.

Following registration, you can review and change the information you submitted at the stage of registration, except Email ID. An option for facilitating such change shall be present on the Platform and such change shall be facilitated by the User. If you change any information, we may or may not keep track of your old information. We will not retain in our files information you have requested to remove for certain circumstances, such as to resolve disputes, troubleshoot problems and enforce our terms and conditions. Such prior information shall be completely removed from our databases, including stored ‘back up’ systems. If you believe that any information, we are holding on you is incorrect or incomplete, or to remove your profile so that others cannot view it, the User needs to remediate, and promptly correct any such incorrect information.

We may contact you periodically to ensure that your personal data is up to date and accurate.

In the event of incomplete or inaccurate personal data is being provided, we will not be able to provide our response to your submission or to process your request or instruction. You may have a choice not to proceed with us. There is no consequences of withdrawing consent, either before or upon receiving the notice of withdrawal before giving effect to the withdrawal of consent..


When you sign up to become a Member, you will also be asked to choose a password. You are entirely responsible for maintaining the confidentiality of your password. It is important that you protect it against unauthorized access of your account and information by choosing your password carefully and keeping your password and computer secure by signing out after using our services.

You should not use the account, username, email address or password of another Member at any time or to disclose your password to any third party and immediately inform us if you gain control of such information. You are responsible for all actions taken with your login information and password, including fees. If you lose control of your password, you may lose substantial control over your personally identifiable information and may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately change your password. You agree to notify us at [email protected] immediately if you suspect any consistent unauthorized use of your account or access to your password even after changing it.


This policy helps to protect the Company from data security risks.

We use reasonable and appropriate physical, technical and administrative procedures to safeguard the information we collect and process. The following are the procedures we implement to safeguard your information:

    1. Administrative procedures;
      We adopt and implement internal personal data management plans and policies for the safe processing of personal data. We also implement access controls to ensure that only those who have a need to know a particular type of personal data is given access to that information.
    2. Physical procedures:
      The Company keeps all physical data (non-electronic and electronic forms in data storage devices) confidential and under lock and key. Only authorised personnel are allowed access to that data required for providing the product or service. All personnel data are marked confidential.
    3. Technical procedures:
      The Company will take reasonable efforts to protect personal data in our possession or our control by making reasonable security and IT arrangements with outsourced IT vendor with contractual agreement to adopt security measures and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Access of data is restricted to authorised personnel and to seniority of personnel. However, we cannot completely guarantee the security of any personal data we may have collected from or about you or prevent harmful code that enter our website. You should be aware of the risks associated with using websites and take necessary precautions.
      While all steps will be taken to protect your personal data, security of the information you transmit to us via the Internet or electronic communication or when you use our electronic services cannot be ensured. You should take every precaution to protect your personal data when you use such platforms. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.
      If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorised and/or fraudulent use of your username and password.
      In case of an unauthorised security intrusion that materially affects you, we will notify you as soon as possible and will, within a reasonable time, report on our response actions.


Our Data Protection Policy may change from time to time. The most current version of the policy will govern our use of your information and will always be at the Platform.

We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.


You have right to withdraw your consent at any time, where consent is the legal basis of the processing of your personal data. Kindly note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations in the course of or in connection with providing the service to you.

Upon reasonable notice being given by an individual, including client, representative, employee, job applicant, Domain Experts and general inquirer, of his/her withdrawal of any consent given or deemed to have been given in respect of our collection, use or disclosure of his personal data, we will inform the individual of the likely consequences of withdrawing consent. We will cease collecting, using or disclosing the personal data unless it is required or authorised under applicable laws within 30 days.

You may also request us to erase or to stop processing of all or some of your personal data. We will process such instruction whenever possible except if we are not able to do so and we shall provide explanation to you.

To withdraw your consent, or to request the download or delete your data with us for any or all our products & services at any time, please email to [email protected] from your registered email address.


We may transfer your personal data as necessary within the I-Cube Consortium group of companies and to other third parties. The recipients may be located in countries which do not provide the same level of data protection as the country in which you are located. We will take steps to ensure there is adequate protection for the transfer of your personal data in compliance with the applicable data protection laws. Where required by local law, we will request your consent to transfer your personal data.

In the event your data is transferred to another country, we will ensure that the data is transferred under appropriate certification schemes, recipient country has appropriate data protection laws, or at the very least, the recipient company has appropriate data protection policies.

With respect to transfers to third parties located in countries that do not provide an adequate level of data protection, we will take appropriate safeguards such as signing relying on approved codes of conduct or certification mechanisms or binding and enforceable commitments of the recipient. If you would like to receive more information about the appropriate safeguards and/or receive a copy of the relevant mechanism for your review, please contact [email protected]

18. Unsolicited Personal Data

In the event information is provided in hardcopy, softcopy, email or website without our specific collection of data, Solvecube will not retain any personal data and delete the email immediately.

19. Retention Policy

So long as you have a direct or indirect relationship with the Company, your personal data will be held and processed in accordance with this Policy. Once the relationship ends or you withdraw all your personal data, the Company will not retain your personal data unless there are legal and / or business reasons for so doing.

Personal data will be retained by the Company till purpose is fulfilled. This is subject to sectoral and other written laws which includes law relating to the sector the Company does business in, employment laws, CPF, income tax laws, Limitation Act, and other regulations thereunder.


If you have any questions or concerns regarding this Policy, please contact us by sending an e-mail to [email protected].

You may contact our Data Protection Officer if you have any enquiries, feedback, questions, or comments on our personal data protection policies and procedures, or if you wish to make any complaints or request, in the following manner:

Name of DPO Uma Jagadeesan
Contact No. +91 98410 59274
Email Address [email protected]
Address 1908 Prudential Towers, 30 Cecil Street, Singapore – 049712

Should there be a breach of data, the Data Protection Officer (DPO) will activate the Data Breach Management Plan as detailed below:

Step Action Responsibility


Report data breach incident to the DPO via email with the following details :

  • Date and time of event
  • Name of the person who reported the case
  • A brief description of the nature of the data breach



Data Breach Incident Form:

Initiate meeting (through phone, email or face to face) with the person who reported the case to collect tangible evidence of the case :-

  • Source of the data leakage – How did the person find out the case.
  • Nature of data leaked
  • Person(s) affected by the leak

DPO to record details of meeting in the Data Breach Incident Form and get the person who reported the case to sign on the form.

DPO & Person Concerned


Assessment Review:

Facts gathered and assess the level of risk of the data breach and propose corrective action (CA) and/or preventive action (PA) measures and present to the Senior Management Committee for approval of action. Senior Management Committee will escalate to Board of Directors/Shareholders if deemed necessary.

DPO to record the assessment in the Data Breach Incident Form. Update to DBMP activity log.




Upon approval by the Senior Management Committee, DPO to carry out the Corrective / Preventive Action and close the case.

Notify relevant parties involved, Sectoral Laws, PDPC, Data Controller + Data Intermediaries + Individuals.



Post Evaluation Review:

Explore root cause analysis and Post Breach action taken, the team will conduct review and Improve policy and procedures.