Data Protection Policy

Part 1: Overview The purpose of this document is to set out TruNeura’s procedures for the protection of the Personal Data of individuals under the company’s custody or possession. It contains essential information about how and why TruNeura collects, stores, uses, discloses, transfers, and disposes of Potential Customers, Customers, Partners, Employees/Contractors, and Health Practitioners (henceforth collectively referred to as “users” or “users and prospects”) Personal Data.This Policy takes into consideration Singapore’s Personal Data Protection Act 2012 (“PDPA”), including any amendment, replacement or re-enactment thereof for the time being in force and including any statutory instruments, rules, regulations, orders, notices, directions, consents or permissions as enacted by the authority currently charged with enforcing the provisions of the PDPA: the Personal Data Protection Commission (“PDPC”).This policy also takes into consideration applicable laws and regulations (“applicable laws”) in any relevant jurisdiction relating to the use or processing of Personal Data including: (i) the California Consumer Privacy Act (“CCPA”), (ii) the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR” or “GDPR”), (iii) the Swiss Federal Act on Data Protection, (iv) the EU GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”); (v) the UK Data Protection Act 2018; and (vi) the Privacy and Electronic Communications (EC Directive) Regulations 2003; in each case, as updated, amended or replaced from time to time. The terms “Data Subject”, “Personal Data”, “Personal Data Breach”, “processing”, “processor,” “controller,” and “supervisory authority” shall have the meanings set forth in the GDPR.

Part 2: Singapore Personal Data Protection Act
The PDPA establishes a data protection law in Singapore that comprises various rules governing the collection, storage use, and disclosure, transfer access to, correction, care and disposal of individuals’ Personal Data by organizations. It recognizes both the rights of individuals to protect their Personal Data, including rights of access and correction and disposal, and the needs of organizations to collect, use or disclose Personal Data for legitimate and reasonable purposes. TruNeura intends to comply with all applicable provisions covering data protection by implementing suitable procedures as outlined throughout the remainder of this Policy.

Part 3: Data Protection Policy
This Policy sets out the basis upon which TruNeura may collect, use, disclose, store, transfer and dispose or otherwise Process Personal Data of our Health Practitioners, Prospects, Users, Employees and Contractors in accordance with the PDPA and other applicable laws. This Policy applies to Personal Data in our possession or under our control, including Personal Data in the possession of organizations which we have engaged for the above Purposes.

Part 4: Definitions Throughout this Policy, unless there is something in the subject or context inconsistent therewith, the following terms shall have the following meanings:“Affiliates” means an entity which is directly or indirectly controlled by TruNeura. An entity that otherwise qualifies under this definition is included within the meaning of Affiliate even though it qualifies after this Policy comes into effect.“Third Party Service Providers” or “Partners” means any third-party provider or vendor appointed by TruNeura to assist in delivery of the Services for TruNeura’s Practitioners or Users;“Potential customer” or “Prospect” means any individual who has contacted TruNeura through any means to find out more about any goods or Services we provide;“Health Practitioner” is anyone who uses the TruNeura Pro platform to provide services to Users or Prospects“Data Protection Officer” or “DPO” refers to the individual appointed by TruNeura to carry out the specific duties described in section 19 of this Policy;“Employee/Contractor” means all individuals who may or have entered into a contract of service with TruNeura and shall include all current and former Employees;“TruNeura” means TruNeura Pte Ltd, a company incorporated in Singapore and registered office address of 160, Robinson Road, #14-04, Singapore 068914;“Customer” means any Prospective Customer who has entered into a contract with TruNeura for the supply of Our Services;“Personal Data” refers to data, whether true or not, about Prospects, Users, Employees and Contractors who can be identified from that data; or from that data and other information to which TruNeura has or is likely to have access;Without limitation to the generality of section 4.8 of this Policy, for the purposes of TruNeura’s day-to-day activities and the various specific lawful purposes as set out in the PDPA, TruNeura will be specifically Processing Prospect Customers, Users, Employees and Contractors Personal Data of the following nature:identity card/passport numbers; fingerprints; names; dates of birth; gender; Nationalities; ages; marital status; photographs; telephone numbers; residential addresses; email addresses; debit/credit card information and bank details; and occupations.Without limitation to the generality of the Personal Data described at section 4.9 and without prejudice to the specificity of the Personal Data described at section 4.10, for the purposes of TruNeura’s day-to-day activities and the various specific lawful purposes as set out in the PDPA and other applicable legislation, TruNeura will be specifically Processing sensitive Personal Data of the following nature:Blood biomarker or digital biomarker data (collectively referred to “biomarkers” henceforth) relayed to us by a Third Party Prospect or User’s blood test results from tests done by TruNeura laboratory partners or other institutions.Prospects or Users may also upload previously existing blood test results or other collections of markers or survey data obtained via their health practitioner, wearable device or insurance company.We may use Prospect or User’s biomarker data in a de-identified, aggregated way for TruNeura research.3.10.2 (DBA) information is data related to a Prospect or User’s genotype for a specific set of genes related to healthy aging, nutrition, weight, sleep and physical activity.TruNeura will receive Prospect or User’s genetic or microbiome information from our specialist partners when a Prospect or User buys a third party TruNeura connected DNA or other biomarker testing product.When a Prospect or User purchases a testing kit, a Prospect or User will collect a marker sample using the provided collection kit and send it to our partners for marker extraction and analysis.If a Prospect or User purchases a genetics add-on service, a Prospect or User will provide a Prospect or User genetic data from DNA tests that a Prospect or User has previously had done.TruNeura and its partners analyze Prospect or User’s biomarker data using an algorithm that determines a Prospect or User’s genetic or other potential for certain traits. TruNeura may use Prospect or User’s aggregated de-identified genetic data for research and development to improve future products. For research that we hope to publish in scientific publications, we will request separate permission through a Research Consent document to use Prospect or User’s de-identified Genetic Information.Any Research Consent is optional and voluntary. A Prospect or User will not be required to agree to a Research Consent document in order to use the Platform or Services. Self-Reported Information includes information provided by the Prospect or User in TruNeura questionnaires or in any other website surveys or forms, such as sex, body weight, height, diet, etc. we may use Prospects or Users Self-Reported Information in a de-identified way for research.User Content is all information other than Genetic Information or Self-Reported Information provided by Users of the TruNeura Services and transmitted, whether publicly or privately, to TruNeura. User content may include data, text, software, music, audio, photographs, graphics, video, messages, or other materials. For example, User content includes comments made on TruNeura blogs and emails to User support.Behavior Information is information on how a User uses our Platform (e.g. browser type, domains, page views, app usage etc.). We may collect this information through log files, cookies, and web beacon, analytical and advertising technologies.TruNeura may collect non-Personal Information about a User when a User interacts with our Platform. Non-Personal Information may include User browser name, type of computer, and the files a User viewed on the Platform. Clickstream data, (i.e. a list of pages or URLs visited), and technical information about how a User connects to the Platform, such as the operating system and the internet service providers used. We may, in some cases, need to review this automatically collected data in combination with specific registration information to identify and resolve issues for individual Users, detect fraud, etc. To the extent that we link this non-Personal Information with User Personal Information, this Policy governs our use of such information.“Platform” means a platform that uses artificial intelligence to learn about people and their behaviors in order to help them make intentional choices about their health including sleep, exercise, nutrition and work/life balance.“Policy” means this data protection policy created by TruNeura, as may be revised, modified or otherwise updated from time to time.“Processing” in relation to Personal Data means the carrying out of any operation or set of operations in relation to the Personal Data and includes any of the following: Collection; recording; holding; organization, adaptation and alteration; retrieval; combination; transmission; or erasure or destruction.“Services” means TruNeura’s Platform services including, but not limited to: AI insights and coaching for preventive health and optimizing longevity, positive habit creation, various assessments and activity/status scoring. Off the platform, TruNeura will partner up with practitioners, other platforms and medical entities to leverage their offerings in order to provide an integrated health and longevity service to its clients.Other terms used in this Policy shall have the meanings given to them in the PDPA and other applicable laws.

Part 5: TruNeura’s Personal Data Inventory
TruNeura utilizes a Data Inventory Map (“DIM”). The DIM is an inventory of the Personal Data in the possession or under the control of TruNeura. This is an integral part of the Data Protection Management Program (“DPMP”) that we maintain to ensure compliance with the PDPA.

Part 6: Collection of Personal Data
For explanatory purposes, TruNeura collects Personal Data of its Prospects and Users in the following ways:When a Prospect submits any form, including but not limited to User inquiry forms or other forms relating to any of our Services;When a Prospect or User has a conversation with our Chatbot service, or a TruNeura affiliated coach;When a Prospect or User enters into any agreement or provides other documentation or information in respect of their interactions with us, or when they use our Services;When a user connects a third party data source (e.g. a wearable device) to our platform When a Prospect or User interacts with our staff, including TruNeura service officers, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms and emails;Via interaction with our websites or use Services on our websites and Platform;Via a request that TruNeura contacts a Prospective Customer or request that a Prospective Customer be included in an email or other mailing list;When a Prospective Customer or User responds to our promotions, initiatives or to any request for additional Personal Data;Via submission of an employment application or when provision of documents or information including a resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;When a Prospect or User is contacted by, and responds to, TruNeura marketing representatives and TruNeura service officers;When TruNeura seeks information about, and receives Personal Data in connection with a relationship with us, including for our products and Services or job applications, for example, from business partners, public agencies, ex-employer, referral intermediaries and the relevant authorities; or When a Prospect or User submits their Personal Data to us for any other reasons.When an individual browses our website, the individual generally does so anonymously. Please see Part 15 below for information on cookies and other technologies which we have implemented on our website and apps. We do not, at our website, automatically collect Personal Data unless a Prospect provides such information to us. If a Prospect or User provides us with any Personal Data relating to a third party (e.g. information of their spouse, children, parents, and/or employees), by submitting such information to TruNeura, they represent to TruNeura that they have obtained the consent of the third party to provide TruNeura with their Personal Data for the respective purposes.Prospects and Users should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on a Prospect or User’s part to do so may result in TruNeura’s inability to provide the Services requested, or delays in providing Services requested, or processing applications. Unless otherwise permitted under the provisions of the PDPA, or any other laws, regulations and guidelines, TruNeura shall not collect Personal Data without the consent of the Prospect or User.

Part 7: Processing of Personal Data
As a legal requirement under the PDPA, TruNeura is required to ensure all Prospects, Users, Employees and Contractors Personal Data is Processed in such a way that at least one of the following bases applies:The Prospect, User, Employee/Contractor has given consent to the Processing of his or her Personal Data for one or more specific purposes;The Processing is necessary for the performance of a contract to which the User, Employee or Contractor is party with TruNeura or in order to take steps at the request of the Prospect, User, Employee or Contractor prior to entering into a contract with TruNeura;The Processing is necessary for compliance with a legal obligation to which we are subject;The Processing is necessary for the protection of the vital interests of the Prospect, User, Employee or Contractor or another natural person; or the Processing is necessary for the purposes of the legitimate interests pursued by TruNeura or by a third party.

Part 8: Purposes of Processing Personal Data
TruNeura collects, uses and discloses Personal Data of Prospects, Users, Employees/Contractors (including former Prospects, Users, Employees and Employees/Contractors) unless otherwise required under the PDPA) for the following purposes:Prospect and User service and support (including but not limited to Prospect and User relationship management, screenings or checkups, contacting a Prospect or User regarding medical reports and results, providing follow-up calls, providing a Prospect or User with administrative support;Administering and processing Prospect and User requests including creating and maintaining profiles of our Prospects and Users in our system database for administrative purposes (including tracking Prospects and Users attendance at various TruNeura Affiliates’ facilities);Personalizing Prospect and User experiences at TruNeura’s touchpoints and conducting market research, understanding and analyzing Prospect and User behavior, location, preferences and demographics in order to improve our service offerings;Liaising with third party specialists including medical personnel such as doctors, clinics, hospitals and/or medical institutions in relation to Prospect and User health care (including by providing them with access to Prospect and User Personal Data with a Prospect and User’s permission);Uses our mobile applications (such as the TruNeura app) or online registration and payments systems, displaying a Prospect and User’s biomarker data, sending a Prospect or User health-related notifications, and facilitating the provision of our services to a Prospect or User; or Purposes which are reasonably related to the aforesaid.If an individual is a prospective or confirmed Third Party Provider of TruNeura, their Personal Data will be processed for the following purposes:Assessing Third Party Provider organization’s suitability as an external service provider or vendor for TruNeura;Managing project tenders and quotations, processing orders or managing the supply of Services;Creating and maintaining profiles of our Third Party Provider in our system database;Processing and payment of Third Party Provider invoices and bills;Facilities management (including but not limited to issuing visitor access passes and facilitating security clearance);And/or any other purposes which are reasonably related to the aforesaid.Where an Employee or Freelancer submits an application to us as a candidate for employment, contractor, internships or scholarships, their Personal Data will be Processed by TruNeura for the following purposes:Conducting interviews;Processing an Employee or Freelancer’s application (including but not limited to pre-recruitment checks involving Employee or Freelancer’s qualifications and facilitating interviews);Obtaining references and for background screening;Assessing Employee or Freelancer’s suitability for the position applied for;Enrolling successful candidates as our Employees and Freelancers and facilitating human resource planning and management (including but not limited to preparing letters of employment, name cards and building access passes); and/or any other purposes which are reasonably related to the aforesaid.Where an individual is an existing Employee or Freelancer of TruNeura, their Personal Data will be Processed by TruNeura for the following purposes:Remuneration reviewing salaries and bonuses, conducting salary benchmarking reviews, staff appraisals and evaluation, as well as recognizing individuals for their services and conferring awards;Staff orientation and entry processing;Administrative and support processes relating to the Employees or Freelancers employment, including its management and termination, as well as staff benefits, including travel, manpower, business continuity and logistics management or support, processing expense claims, medical insurance applications, medical screenings and immunizations, leave administration, long-term incentive plans, training, learning and talent development, and planning and organizing corporate events;Providing an Employee or Freelancer with tools and/or facilities to enable or facilitate the performance of his/her duties;Facilitating professional accreditation and complying with compliance audits;Compiling and publishing internal directories and emergency contact lists for business continuity;Managing corporate social responsibility projects;Conducting analytics and research for human resource planning and management, and for TruNeura to review, develop, optimize and Improve work-related practices, environment and productivity;Ensuring that the administrative and business operations of TruNeura function in a secure, efficient and effective manner (including but not limited to examining or monitoring any computer software and/or hardware installed within TruNeura, Employee or Freelancer work emails and personal digital and storage devices);Compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks or surveillance and investigation);Administering cessation processes; and/or any other purposes which are reasonably related to the aforesaid.In additional to the general purposes of Processing of Prospects, Users, Third Party Providers, Employees and Freelancers Personal Data as stated within section 8 of this Policy, TruNeura also Processes Personal Data of its Prospects, Users, Employees and Freelancers for the following additional purposes:Taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring Prospect, User, Employee and Freelancer photographs and/or testimonials in our articles and publicity materials;Providing or marketing services and benefits to a Prospects and Users, including promotions, service upgrades, loyalty, reward and/or Usership programs (including affiliate programs) and sending of healthcare-related updates, event invitations, newsletters and marketing and promotional information to a Prospect or User pursuant to such Usership programs);Organizing roadshows, tours, campaigns (including health check or vaccination campaigns) and promotional or events and administering contests and competitions;Matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of Services;Sending details of services, clinic updates, health-related information and rewards, either to our Prospect or Users generally, or which we have identified may be of interest to a Prospect;Conducting market research, aggregating and analyzing Prospect and User profiles and data to determine health-related patterns and trends, understanding and analyzing Prospect and User behavior, location, preferences and demographics for us to offer a Prospect or User other products and services as well as special offers and marketing programmes which may be relevant to a Prospect or User’s preferences and profile; and/or any other purposes which are reasonably related to the aforesaid.If a Prospect or User has provided us with Singapore telephone number(s) and have indicated consent to receiving marketing or promotional information via the Singapore telephone number(s), then from time to time, TruNeura may contact the Prospect or User using such Singapore telephone number(s) (including via voice calls, text, social media, fax or other means) with information about our products and services.In relation to particular Services or in a Prospect or User’s interactions with us, we may also have specifically notified a Prospect or User of other purposes for which we collect, use or disclose their Personal Data. If so, we will collect, use and disclose the Prospect or User’s Personal Data for these additional purposes as well, unless we have specifically notified a Prospect or User otherwise.Unless permitted under the PDPA or any other laws, regulations and guidelines, TruNeura shall not use or disclose the Personal Data for any other purpose, without first identifying and documenting the other purpose and obtaining the consent of the affected Prospect, User, Employee or Freelancer.The purposes listed in the above sections may continue to apply even in situations where a User, Employee or Freelancer’s relationship with TruNeura (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with a User, Employee or Freelancer).

Part 9: Withdrawal of Consent onsent received expressly or impliedly by a Prospect, User, Employee or Freelancer of TruNeura for Personal Data Processing purposes stated within Part 7 of this Policy will remain valid until such time that it is withdrawn by a Prospect, User, Employee or Freelancer in writing addressed to TruNeura’s Data Protection Officer whose details are to be found within section 19.3 of this Policy.Upon receipt of a Prospect, User, Employee or Freelancer’s written request to withdraw their consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 30 business days of receiving it.If consent is withdrawn by an Employee or Freelancer, TruNeura may need to discontinue his/her employment with the company. If consent is withdrawn by a Prospect or User, TruNeura may no longer be able to provide the requested products or services and our relationship with the Prospect or User may have to be terminated. Withdrawing consent does not affect TruNeura’s right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.A Prospect or User may delete their account at any time by accessing our App or by visiting http://www.TruNeura.com Once deleted, a Prospect or User’s data, including a Prospect or User’s account, username, or any other related content, cannot be restored.Content a Prospect or User has shared with others, exported from the service, or that others have copied may also remain visible after a Prospect or User has deleted a Prospect or User account or deleted the information from their own profile. A Prospect or User’s public profiles may be displayed in search engine results until the search engine refreshes its cache.

Part 10: Protection of Personal Data TruNeura places great importance on ensuring the security of our Prospects, Users, Employees and Freelancers Personal Data against risks of unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. TruNeura has implemented security measures which include appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of Personal Data by us, and disclosing Personal Data both internally and to our authorized third party service providers and agents only on a need-to-know basis.TruNeura will regularly review and implement appropriate security measures when processing and retaining Personal Data. While acknowledging that security cannot be guaranteed and that no method of transmission over the Internet or method of electronic storage is completely secure, TruNeura strives to protect the security of our information and is constantly reviewing and enhancing the company’s information security measures. Employees of TruNeura are required to handle the Personal Data securely and with strict confidentiality, failing which they may be subject to disciplinary action. Further, TruNeura will impose compliance with data confidentiality requirements on our agents, third party service providers, consultants and professional advisors in our working relationships and/ or agreements with these parties.TruNeura’s Users should recognize that protecting Personal Information is their responsibility. We ask all Users to safeguard User’s password, secret questions and answers, and other authentication information a User uses to access our Services. Users should not disclose their authentication information to any third party. Users should also immediately notify us of any unauthorized use of a Users password. We cannot secure Personal Information that a Customer or User releases on their own or that a User requests us to release. A User may choose to disclose, through other means not associated with us, any part of their Personal Information and/or Genetic Information. A User may share this information with friends or family Users, groups of individuals, third-party service providers, doctors or other health care professionals, or other individuals. We recommend that all Users make such choices carefully.

Part 11: Disclosure of Personal Data
TruNeura and its Affiliates will take reasonable steps to protect Personal Data against unauthorized disclosure. Subject to the provisions of any applicable law, Personal Data may be disclosed, for the purposes listed in Section 8 of this Policy to the following entities or parties, whether they are located overseas or in Singapore: Amongst TruNeura group Users and Affiliates (including their coaching staff and medical practitioners);companies providing services relating to insurance to TruNeura;Agents contractors, sub-contractors or third party service providers who provide operational services to TruNeura, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, call centre, security, or other services to TruNeura;Vendors or third party service providers and our marketing and business partners in connection with marketing promotions, products and services;Our corporate Users.Any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);External credit card companies, other financial institutions and their respective service providers; our advisers such as consultants, auditors and lawyers;Relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority (including the Ministry of Health); and/or any other party to whom a User authorizes us to disclose Personal Data to.

Part 12: Access and Correction to Personal Data
A User may make a request to access his/her Personal Data which is in TruNeura’s possession or control. The User must complete a data access request (“DAR”) form which a User may fill out providing all necessary information as prescribed in the DAR form. We do not charge a fee for a DAR request in normal circumstances although we may charge a reasonable fee for further copies of information already provided or for requests that are manifesting unfounded or excessive, particularly where those requests are repetitive.TruNeura aims to revert within 30 days from the receipt of the DAR request. If TruNeura is unable to comply with the DAR requirements within the said time frame, TruNeura will have to inform the User the reasonably soonest time by which a response will be provided in relation to the request.A User may make a request for correction of his/her Personal Data which is in TruNeura’s possession or control. The User should contact TruNeura’s Data Protection Officer whose details are contained within section 19 of this Policy.A User may make a request for transfer of his/her Personal Data which is in TruNeura’s possession or control. The User should contact TruNeura’s Data Protection Officer whose details are contained within section 19 of this Policy. To the extent required by PDPA, upon request by a User, TruNeura shall provide information relating to how the User’s Personal Data has been or may have been used or disclosed within a year before the date of such request. TruNeura may also provide a standard list of possible third parties as part of its response to all access requests for information relating to the disclosure of Personal Data during such a period.Employees who wish to access or correct their Personal Data should contact the HR Department of TruNeura. Potential Employees who were subsequently not employed by TruNeura or former Employees of TruNeura should complete the DAR/DCR form as mentioned in section 10 above (as the case may be).TruNeura may not be able to provide access to all of the Personal Data that we hold about an individual. For example, TruNeura may not provide access to Personal Data if such provision could reveal Personal Data about another individual, if such information is subject to legal privilege or if provision will be contrary to national interest or where such refusal is permitted under the PDPA. If access to Personal Data cannot be provided, the reasons for denying access will be provided to User within 30 days of receipt of the DAR form, subject to any legal or regulatory constraints.

Part 13: Retention and Disposal of Personal Data
TruNeura retains such Personal Data as may be required for business or legal purposes, and such purposes do vary according to the circumstances.TruNeura does not retain Personal Data (and in particular sensitive personal data) for any longer than necessary. The length of time over which Personal Data may be retained is dependent upon the circumstances including why the personal information was obtained in the first place.Whilst TruNeura will securely dispose of or anonymize Personal Data which it can reasonably determine is no longer needed and does not generally hold on to Personal Data “just in case”, it is in the interests of any caregiver or person treating a Prospect or User to be able to refer to a complete set of biomarker records to avoid risks to health and safety of a Prospect or User.With respect to the biomarker records of a Prospect or User, unless specific contrary instructions from the Prospect or User are received, TruNeura may (but is not obliged to) retain such medical records for as long as TruNeura may be potentially consulted for further follow up by (or on behalf of) the Prospect or User even where such consultation may not occur until after a substantial period of time or there is no current or present indication that the Prospect or User may well return for further consultation or follow up.A Prospect or User has the right to request that we dispose of the Personal Data we hold about them in the following circumstances:Where it is no longer necessary for us to retain that personal data having regard to the purpose for which it was originally collected or processed;Where the Prospect or User wishes to withdraw consent to holding and Processing of Personal Data previously given to TruNeura;Where the Prospect or User objects to us holding and Processing their Personal Data and no overriding legitimate interest permitting TruNeura to continue doing so exists;The Personal Data of the Prospect or User has been Processed unlawfully; or TruNeura needs to dispose the personal data in order to comply with a particular legal obligation.Unless TruNeura has reasonable grounds for refusing to erase Personal Data, all erasure requests shall be complied with within one month from the receipt of the Prospect or User’s request. In the event that any Personal Data that is to be disposed in response to a Prospect or User’s request has been disclosed to Affiliates or third parties, those Affiliates or third parties will be informed of the disposal unless to do so is impossible or would require disproportionate effort.

Part 14: Storage of Personal Data TruNeura will ensure that all electronic copies of Prospects and Users Personal Data will be stored securely using passwords and appropriate data encryption. Suitable backups will be made of all Personal Data that is stored electronically. We will store two (2) backup copies on different storage media. All backups will also be encrypted.Prospects and Users Personal Data will not be transferred to any device personally belonging to any personnel of TruNeura.

Part 15: Use of Cookies, Web Beacons and Similar Technologies
When a Prospect or User visits or interacts with out sites, Services, TruNeura or our authorized service providers may use cookies, web beacons, and other similar technologies for collecting and storing information to help provide Prospects and Users with a better, faster and safer web experience. The information collected by us or our authorized service providers may recognize a visitor as a unique user and may collect information such as how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).The use of cookies, web beacons and similar technologies by us on our website has different functions. They are either necessary for the functioning of our Services, help us improve our performance, or serve to provide a User with extra functionalities. They may also be used to deliver content that is more relevant to a User’s interests, or to target advertising to a Prospect or User on or off our sites.Cookies – Small text files (typically made up of letters and numbers) placed in the memory of a Prospect or Users browser or device when a Prospect or User visits a website or views a message. Cookies allow a website to recognize a particular device or browser. There are several types of cookies: Session cookies expire at the end of a Prospect or User’s browser session and allow us to link a Prospect or User’s actions during that particular browser session. Persistent cookies are stored on a Prospect or User’s devices in between browser sessions, allowing us to reUser a Prospect or User’s preferences or actions across multiple sites. First party cookies are set by the site a Prospect or User is visiting. Third party cookies are set by a third-party site separate from the site a Prospect or User is visiting. Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser a Prospect or User uses will need to be set separately and different browsers offer different functionality and options.Web beacons – small graphic images (also known as “pixel tags” or “clear GIFs”) may be included on our sites and services. Web beacons typically work in conjunction with cookies to profile each unique user and user behavior.Similar technologies – technologies that store information in Prospect or User’s browser or device utilizing local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all Prospect or User’s browsers.We offer certain site features and services that are available only through the use of these technologies. Prospects and Users are always free to block, delete, or disable these technologies based on their browser functionalities. However, if a Prospect or User declines cookies or other similar technologies, a Prospect of User may not be able to take advantage of certain site features or service tools. For more information on how a Prospect or User can block, delete, or disable these technologies, please review browser settings.Our website may contain links to other websites operated by third parties, including for example our business partners. We are not responsible for the data protection practices of websites operated by third parties that are linked to our website. We encourage Prospects and Users to learn about the data protection practices of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once a Prospect or User has left our website, a Prospect or User should check the applicable Data Privacy Policy of the third party website to determine how they will handle any information they collect from a Prospect or User.

Part 16: Transfers of Personal Data outside of Singapore
TruNeura currently processes all user data at cloud service providers based the Netherlands or Singapore. Users unilaterally determine what personally identifiable (PII) data they share with TruNeura.We will take steps to ensure that Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.By using our Services and submitting Personal Data, a prospect or user agrees to the transfer, storage, and/or processing of a Prospect or User’s Personal Data in Singapore or the Netherlands. Where and as required, we will seek a Prospect or User’s express consent as outlined in this Policy.

Part 17: Training
We will ensure that all personnel of TruNeura receive adequate training as to their data protection responsibilities and as to how to act and respond as and when they receive requests for matters such as subject access requests, objections and requests for erasure and rectification. Those whose roles require regular access to Personal Data, or who are responsible for implementing this Policy or responding to subject access requests under this policy, will receive additional training to help them understand their duties and hot to comply with them.

Part 18: Data Breaches
A data breach is any loss of data or information in whatever form it is held and by whatever means the data was lost including data that is destroyed or rendered unusable. It may take many different forms, including:Loss or theft of data or equipment on which Personal Data is stored;Unauthorized access to or use of Personal Data either by a User of staff or third party such as from hacking;Loss of data resulting from an equipment or systems (including hardware and software) failure;Human error, such as accidental deletion or alteration of data; and/orDeliberate attacks on IT systems, such as hacking, viruses and phishing scams.TruNeura will ensure that any data breach which results, or is likely to result in, significant harm to an affected individual or is otherwise of a significant scale is notified within seventy-two (72) hours to the PDPC and within a reasonable amount of time as may be practicable to all Prospects or Users affected by the data breach.

Part 19: Data protection management program (“DPMP”) and Data Protection Officer
Under the PDPA, organizations are required to develop and implement policies and practices that are necessary for the organization to comply with the PDPA (i.e. Personal Data protection policies and practices). The DPMP is a data protection framework that helps organizations establish a robust data protection infrastructure. It covers management policies and processes for the handling of Personal Data, as well as defining roles and responsibilities of the people in the company in relation to Personal Data protection. As a company incorporated in Singapore, TruNeura is required by the PDPA to designate one or more individuals to act as the data protection officer (“DPO”) of the company. The DPO is in charge of ensuring that the organisation complies with the PDPA. This is part of the Accountability Obligation of organisations under the PDPA.Mr. Guillaume Belanger has been appointed as our DPO, and is also TruNeura’s EU-based representative. He is responsible for informing and advising us on our data protection obligations, for monitoring compliance and for ensuring that we comply with our obligations in accordance with this Policy. Comments or queries concerning this Policy should be addressed to him at +6531293788 or at support@TruNeura.comThe DPO will deal with issues relating to this Policy and the application of data protection law including:Issues relating to the correct lawful basis to be applied to Personal Data collected, held or processed and in particular when consent or legitimate interest is being relied upon;Issues relating to the use to which data can be put having regard to the purpose for which it was acquired;Issues relating to the periods for which Personal Data is retained;Privacy notices and when these are required;Subject access requests as set out in Part V of the PDPA;Actual or suspected data breaches or issues relating to security arrangements;Sharing data with third parties and transferring data from outside Singapore;Where processing uses new technologies and is likely to result in a high risk to the rights and freedoms of natural persons and a data protection impact assessment is required;In relation to automated processing, including profiling or automated decision making; andIn relation to information which is deemed to be special category data or data relating to children (for the avoidance of doubt, TruNeura’s products and services are not designed and aimed at children under the age of 18 and it is TruNeura’s policy to immediately delete children’s Personal Data where this is discovered to be the case).

Part 20: Sub-processors
The Customer provides its prior, general authorization for TruNeura to appoint Processors to process the Customer Personal Data, provided that TruNeura shall ensure that the terms on which it appoints such processors comply with Data Protection Laws, and are consistent with the obligations imposed on TruNeura. TruNeura shall remain responsible for the acts and omission of any such Processor as if they were the acts and omissions of TruNeura.TruNeura has currently appointed, as Sub-Processors, the third parties listed in the table below. TruNeura will notify Customer if TruNeura adds or replaces any Sub-Processors listed in the table below least 30 days prior to any such changes.Customers can opt-in to receive such emails by contacting support@TruNeura.com.TruNeura will include substantially the same protections for Customer Personal Data as those in the DPA.

Page last updated on 7/5/2024

Join Waitlist
Join Waitlist
Contact Our Team
Join Waitlist
Contact Us