Icon

Announcement:

Request early access
KIROS Logo
RESOURCES

PDPA Compliance Statement

Last updated: 25 November 2025

Our Commitment to PDPA Compliance

Kiros Technology Pte. Ltd. ("Kiros") is fully committed to complying with Singapore's Personal Data Protection Act 2012 ("PDPA") and its amendments. We recognise the importance of protecting personal data and have implemented comprehensive policies, procedures, and technical safeguards to ensure compliance with all PDPA obligations.

PDPA Obligations and Our Compliance

1. Consent Obligation

PDPA Requirement: Organisations must obtain an individual's consent before collecting, using, or disclosing their personal data.

Our Compliance:

  • We obtain explicit consent during account registration
  • Consent forms clearly state the purposes of data collection
  • Users can withdraw consent at any time through account settings
  • We maintain records of all consent obtained

2. Purpose Limitation Obligation

PDPA Requirement: Organisations may collect, use, or disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances.

Our Compliance:

  • We clearly communicate all purposes of data collection in our Privacy Policy
  • We only use data for the specific purposes consented to by users
  • We seek additional consent if we need to use data for new purposes

3. Notification Obligation

PDPA Requirement: Organisations must inform individuals of the purposes for which their personal data is being collected, used, or disclosed.

Our Compliance:

  • Our Privacy Policy is prominently displayed and easily accessible
  • We provide clear notification at the point of data collection
  • We inform users of any changes to data processing purposes

4. Access and Correction Obligation

PDPA Requirement: Organisations must provide individuals with access to their personal data and allow them to correct any errors or omissions.

Our Compliance:

  • Users can access their personal data through account settings
  • Users can update and correct their information at any time
  • We respond to access requests within 30 days
  • We provide data in a structured, machine-readable format upon request

5. Accuracy Obligation

PDPA Requirement: Organisations must make reasonable efforts to ensure that personal data collected is accurate and complete.

Our Compliance:

  • We implement validation checks during data entry
  • We regularly prompt users to review and update their information
  • We correct inaccurate data promptly upon notification

6. Protection Obligation

PDPA Requirement: Organisations must protect personal data in their possession or control by making reasonable security arrangements.

Our Compliance:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication (MFA) for all accounts
  • Regular security audits and penetration testing
  • Role-based access controls (RBAC)
  • Secure data centres with ISO 27001 certification
  • Data Protection Trustmark (DPTM) certification
  • Regular employee training on data protection
  • Incident response plan and data breach notification procedures

7. Retention Limitation Obligation

PDPA Requirement: Organisations must cease to retain personal data when it is no longer needed for legal or business purposes.

Our Compliance:

  • We have defined retention periods for different types of data
  • We automatically delete or anonymise data after the retention period
  • Users can request deletion of their data at any time
  • We retain data only as long as necessary for service provision or legal compliance

8. Transfer Limitation Obligation

PDPA Requirement: Organisations must not transfer personal data outside Singapore unless certain conditions are met.

Our Compliance:

  • All data is stored on servers located in Singapore
  • If international transfers are necessary, we ensure adequate safeguards are in place
  • We use standard contractual clauses for third-party service providers
  • We obtain consent for international transfers where required

9. Openness Obligation

PDPA Requirement: Organisations must develop and implement policies and practices about personal data management and make information about these policies available upon request.

Our Compliance:

  • Our Privacy Policy is publicly available on our website
  • We provide clear contact information for data protection enquiries
  • We maintain a Data Protection Officer (DPO) who can be contacted at privacy@kiros.sg
  • We respond to enquiries about our data practices within 30 days

Data Breach Management

In accordance with the PDPA (Amendment) Act 2020, we have implemented a comprehensive data breach management framework:

  • Detection: 24/7 monitoring and intrusion detection systems
  • Assessment: Rapid assessment of breach severity and impact
  • Notification: Notification to PDPC within 72 hours for notifiable data breaches
  • Communication: Prompt notification to affected individuals
  • Remediation: Immediate action to contain and remediate breaches
  • Documentation: Comprehensive records of all data breaches and responses

Third-Party Data Processors

All third-party data processors engaged by Kiros are:

  • Carefully vetted for PDPA compliance
  • Bound by data processing agreements
  • Required to implement appropriate security measures
  • Prohibited from using data for unauthorised purposes
  • Subject to regular audits and compliance reviews

Employee Training and Awareness

All Kiros employees undergo regular PDPA training:

  • Mandatory PDPA training during onboarding
  • Annual refresher training on data protection
  • Role-specific training for employees handling sensitive data
  • Regular updates on changes to PDPA regulations
  • Confidentiality agreements and non-disclosure obligations

Accountability and Governance

We have established a robust data governance framework:

  • Designated Data Protection Officer (DPO)
  • Data Protection Committee overseeing compliance
  • Regular internal audits and compliance reviews
  • Data protection impact assessments (DPIAs) for new projects
  • Documented policies and procedures for all data processing activities
  • Continuous improvement of data protection practices

Your Rights and How to Exercise Them

Under the PDPA, you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Withdraw consent for data processing
  • Request data portability
  • Object to direct marketing
  • Lodge a complaint with the PDPC

To exercise these rights, please contact our Data Protection Officer at privacy@kiros.sg. We will respond to your request within 30 days.

Contact Information

Data Protection Officer:

  • Kiros Technology Pte. Ltd.
  • Email: privacy@kiros.sg
  • Singapore

Personal Data Protection Commission (PDPC)

Continuous Compliance

Kiros is committed to maintaining the highest standards of data protection. We continuously monitor changes to the PDPA and update our policies and practices accordingly. This PDPA Compliance Statement is reviewed and updated annually or whenever there are material changes to our data processing activities or applicable regulations.

Kiros

Intelligent AI assistant for smarter & efficient financial advisory.

Built by Advisors, for Advisors.

[ LINKS ]

FeaturesResourcesPrivacy PolicyTerms of Services

[ COMPANY ]

About UsCareersContact

[ RESOURCES ]

BlogResourcesPDPA Compliance

2026 © Kiros Technology Pte Ltd. All Rights Reserved.

email: hello@kiros.sg

KIROS