Blogs
1. Introduction
Spindle Pte Ltd (“Spindle”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal data entrusted to us.
This Privacy Policy explains how we collect, use, disclose, store and protect personal data in accordance with:
· Singapore Personal Data Protection Act 2012 (“PDPA”)
· EU General Data Protection Regulation (“GDPR”)
· Applicable data protection and privacy laws in jurisdictions in which we operate
This Policy applies to individuals who interact with Spindle through our websites, platforms, APIs, services, events, training programmes, recruitment processes and business relationships.
2. Who We Are
Spindle Pte Ltd is a technology company incorporated in Singapore. We design and deliver enterprise-grade quantum computing and AI software platforms, optimisation APIs, research, consulting and training services for organisations across APAC, Europe and other global markets.
3. Scope of this Policy
This Policy applies where Spindle acts as: • an ‘Organisation’ under the PDPA, and • a ‘Data Controller’ under GDPR/UK GDPR for personal data, including: · Website visitors (www.spindlequantum.com)
· Business contacts and partners
· Platform and API users
· Event and training participants
· Job applicants and candidates
Where Spindle processes personal data on behalf of enterprise customers as part of our platforms, APIs or managed services, Spindle acts as a Data Processor and processes such data strictly in accordance with customer instructions and contractual obligations, including applicable Data Processing Agreements.
4. Personal Data We Collect
4.1 Data You Provide Directly
We may collect:
· Name, business email, phone number
· Job title, organisation, business address
· Account credentials and authentication data
· Support queries and correspondence
· Event, training and webinar registration details
· Recruitment and application information
4.2 Data Collected Automatically
When you use our websites or platforms, we may collect:
· IP address, browser type, device identifiers
· Usage logs, access timestamps, pages viewed
· Platform telemetry and performance data
· Cookies and similar technologies
We do not intentionally collect special category data (e.g., biometric, health, or race information) unless legally permitted and explicitly disclosed.
5. How We Use Personal Data
We process personal data for legitimate business purposes including:
· Delivering and operating our platforms, APIs and services
· Account creation, authentication and access management
· Customer support and service delivery
· Contract administration and billing
· Security, fraud prevention and system integrity
· Research, product development and service improvement
· Marketing communications (based on prior consent where legally required, or legitimate interest where permitted under applicable law)
· Events, training and professional engagement
· Compliance with legal and regulatory obligations
We do not sell personal data.
6. Legal Basis for Processing
6.1 Singapore (PDPA)
We process personal data based on:
• Consent
• Deemed consent (e.g., contractual necessity, notification, business improvement)
• Exceptions under the PDPA (e.g., legitimate interests exception under PDPA Section 17, but must include balancing test)
• Compliance with legal requirements
6.2 European Union & UK (GDPR)
For EU and UK residents, we process personal data on the basis of:
· Contractual necessity
· Legal obligation
· Legitimate interests
· Consent (where required)
7. Disclosure of Personal Data
We may disclose personal data to:
· We may disclose personal data within Spindle Pte Ltd and to authorised service providers
· Cloud hosting and infrastructure providers
· Technology and security vendors
· Payment, audit, legal and professional advisors
· Regulators or law enforcement authorities where required
All service providers are contractually bound to protect personal data and process it only in accordance with our instructions.
8. Cloud Hosting & Data Residency
Spindle’s services are hosted on secure, enterprise-grade cloud infrastructure operated by leading global cloud providers. Data residency options may be available depending on service tier and hosting provider capabilities. We provide back-to-back Data Residency compliance with these Cloud service providers.
All hosting environments are governed by the Cloud Providers in accordance with strict access controls, encryption, monitoring and security policies.
9. International Data Transfers
Personal data may be transferred outside Singapore and the EU for service delivery, support and infrastructure operations. Where such transfers occur, Spindle ensures appropriate safeguards are in place, including:
· Contractual data protection clauses
· EU Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Agreement (IDTA) or UK Addendum.
· Equivalent protection mechanisms under applicable law
10. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy or as required by law. Specific retention periods vary depending on data type and will be disclosed upon request.
Retention periods are determined based on:
· Contractual requirements
· Legal and regulatory obligations
· Legitimate business needs
Upon termination of services, personal data processed on behalf of customers will be returned or securely deleted in accordance with contractual terms.
11. Data Security
Spindle maintains a comprehensive information security programme aligned with widely recognised industry security practices. This includes:
· Encryption of data in transit and at rest
· Role-based access controls
· Identity and access management
· Security monitoring and incident detection
· Vulnerability management and testing
· Incident response and recovery procedures
We conduct periodic security reviews and audits to ensure ongoing compliance and resilience.
12. Data Breach Notification
In the event of a data breach affecting personal data, Spindle will notify affected customers and relevant regulators in accordance with applicable data protection laws and contractual obligations, including notifying relevant EU/UK regulators within 72 hours where required under GDPR/UK GDPR
13. Your Rights
13.1 Singapore (PDPA)
You may request:
· Access to your personal data
· Correction of inaccurate data
· Withdrawal of consent (subject to legal and contractual limitations)
13.2 European Union & UK (GDPR)
You may have the right to:
· Access, rectification and erasure
· Restriction or objection to processing
· Data portability
· Withdrawal of consent
You also have the right to be informed of the purposes for collection, and to request data portability where applicable.
Requests may be submitted to: dilips@spindle.sg
14. Cookies and Tracking Technologies
We use cookies and similar technologies to:
· Enable website functionality
· Improve user experience
· Analyse usage patterns
· Maintain security
You may control cookies through your browser settings. For users in the EU/UK, we obtain prior consent for non-essential cookies in accordance with the ePrivacy Directive
15. Data Protection Governance
Spindle has appointed a Data Protection Officer (DPO) in accordance with the Singapore PDPA. All privacy and data protection matters are overseen by our appointed Data Protection Officer (DPO).
Spindle is regulated under the Singapore Personal Data Protection Act and subject to oversight by the Personal Data Protection Commission (PDPC) of Singapore.
Enterprise customers may enter into a Data Processing Agreement (DPA) with Spindle governing the processing of personal data under applicable data protection laws.
16. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology or business operations. Updates will be published on our website with a revised effective date.
17. Contact Us
For privacy enquiries, data access requests, corrections, or complaints, please contact:
Spindle Privacy Office
Email: dilips@spindle.sg
Company: Spindle Pte Ltd
Registered Office: 138, Market Street, #24-01, Singapore 048946
