Privacy Policy
1. Introduction
C-Suite AI Academy Pte. Ltd. ("C-Suite AI Academy", "we", "us", or "our") respects your privacy and is committed to protecting personal data in accordance with the Personal Data Protection Act 2012 of Singapore ("PDPA") and subsidiary legislation. This Privacy Policy explains what personal data we collect, why we collect it, how we use and disclose it, how long we retain it, and the rights available to you.
This policy applies to personal data collected through our website at csuiteaiacademy.one, through email and telephone communications, during programme enrolment and delivery, and through corporate contracts for private cohorts. By using our website or engaging our services, you acknowledge that you have read this Privacy Policy. Where consent is required under the PDPA, we will obtain it separately and clearly.
2. Data controller
The data controller responsible for your personal data is C-Suite AI Academy Pte. Ltd., registered in Singapore with UEN 202816739K, at 138 Market Street, #12-03 CapitaGreen, Singapore 048946. Privacy enquiries may be directed to [email protected] or +65 6941 5826.
3. Personal data we collect
We may collect the following categories of personal data depending on how you interact with us:
- Identity and contact data: name, job title, organisation, work email address, telephone number, business address, and national identification or passport number where required for invoicing or venue security.
- Enrolment and attendance data: programme selections, dietary or accessibility requirements, attendance records, assessment participation (where applicable), and certificates issued.
- Communication data: messages submitted through our contact form, email correspondence, call notes, and feedback surveys.
- Technical data: IP address, browser type, device identifiers, pages viewed, referral URLs, and cookie identifiers as described in our Cookie Policy.
- Payment data: billing contact details and transaction references. Payment card details are processed by our payment service provider; we do not store full card numbers on our servers.
- Corporate engagement data: for private cohorts, names of authorised signatories, purchase order numbers, and contractual terms.
Where you provide personal data about another individual (for example, registering a colleague), you represent that you have authority to do so and have informed that individual of this Privacy Policy.
4. How we collect personal data
We collect personal data directly from you when you complete forms on our website, enrol in programmes, attend seminars, communicate with admissions, or sign corporate agreements. We may collect data indirectly from your employer when they sponsor your attendance and submit roster information. Technical data is collected automatically through cookies and server logs when you browse our website, subject to your cookie preferences.
5. Purposes of collection, use, and disclosure
We collect, use, and disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances, including:
- Responding to enquiries and providing programme information;
- Processing enrolments, issuing invoices, and administering attendance;
- Delivering academy tracks and corporate services at CapitaGreen or client premises;
- Issuing certificates of completion and maintaining training records;
- Complying with legal obligations, including tax, accounting, and regulatory requests;
- Managing venue access and health and safety requirements;
- Sending service-related notices such as schedule changes or materials distribution;
- Sending marketing communications about programmes where you have opted in or where permitted under the PDPA;
- Improving our website and understanding aggregate visitor behaviour through analytics cookies where consented;
- Detecting and preventing fraud, abuse, and security incidents;
- Establishing, exercising, or defending legal claims.
We do not sell personal data to third parties. We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.
6. Legal bases and consent
Under the PDPA, we rely on consent, contractual necessity, legal obligation, and legitimate interests as appropriate. Contact form submissions require explicit PDPA consent via checkbox. Marketing emails require opt-in consent unless another PDPA exception applies. You may withdraw consent for marketing at any time without affecting lawful processing required to deliver programmes you have purchased.
7. Disclosure to third parties
We may disclose personal data to:
- Facilitators and guest speakers bound by confidentiality obligations, limited to data needed for delivery;
- IT service providers hosting our website, email, and customer relationship systems;
- Payment processors handling card transactions;
- Professional advisers including lawyers and accountants under duty of confidentiality;
- Venue operators at CapitaGreen for access control when required;
- Government authorities when required by law or court order.
Where personal data is transferred outside Singapore, we take steps reasonably required under the PDPA to ensure recipients provide a standard of protection comparable to the PDPA, including contractual clauses where appropriate.
8. Retention
We retain personal data only as long as necessary for the purposes collected and to meet legal, accounting, and reporting requirements. Enrolment records and certificates are typically retained for seven years after programme completion unless a longer period is required by law or active dispute. Contact form submissions are retained for twenty-four months unless an enquiry converts to enrolment. Marketing suppression lists are retained indefinitely to honour opt-out requests. Technical logs are rotated according to our hosting provider's schedule, generally not exceeding twelve months.
9. Security
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of personal data, including access controls, encrypted connections (HTTPS), password policies for internal systems, and confidentiality agreements with staff and facilitators. No method of transmission over the internet is completely secure; we cannot guarantee absolute security but we review incidents promptly and notify affected individuals and the Personal Data Protection Commission where required.
10. Your rights under the PDPA
Subject to exceptions under the PDPA, you may:
- Request access to personal data we hold about you;
- Request correction of inaccurate or incomplete personal data;
- Withdraw consent for processing that relies on consent;
- Request information about how your personal data has been used or disclosed within the past year.
Access and correction requests should be sent to [email protected]. We may charge a reasonable fee for manifestly unfounded or excessive requests. We respond within thirty days unless an extension is permitted. If you are dissatisfied with our response, you may contact the Personal Data Protection Commission of Singapore.
11. Cookies and analytics
Our website uses cookies as described in the Cookie Policy. Non-essential cookies are placed only after you accept them via our cookie banner. You may change preferences at any time by clearing site data or revisiting the banner controls after deleting local storage keys.
12. Children's data
Our programmes are intended for senior executives and professionals. We do not knowingly collect personal data from individuals under eighteen years of age. If you believe we have collected such data inadvertently, contact us and we will delete it promptly.
13. Third-party links
Our website may link to external sites such as government regulators or mapping services. We are not responsible for the privacy practices of those sites and encourage you to read their policies before providing personal data.
14. Marketing communications
We send programme updates and executive education newsletters only where you have opted in or where permitted under the PDPA for existing customers with a clear opt-out. Every marketing email includes an unsubscribe mechanism. Withdrawing marketing consent does not affect lawful processing for programme administration or legal compliance.
15. Automated decision-making
We do not use solely automated decision-making that produces legal or similarly significant effects on individuals. Contact-form spam filtering uses simple honeypot fields and server-side validation rather than profiling.
16. Changes to this policy
We may update this Privacy Policy to reflect legal, operational, or technological changes. Material updates will be posted on this page with a revised "Last updated" date. Continued use of our website after changes constitutes acknowledgement of the updated policy where permitted by law.
17. Contact
C-Suite AI Academy Pte. Ltd.
[email protected]
+65 6941 5826
138 Market Street, #12-03 CapitaGreen, Singapore 048946
15. Marketing communications
Where you opt in, we may send programme updates, cohort announcements, and executive AI insights relevant to senior leaders. You may withdraw consent at any time via unsubscribe links or by emailing privacycsuiteaiacademy.one. Withdrawal does not affect lawfulness of prior processing.
16. Programme attendance records
We maintain attendance logs, assessment notes, and completion records for quality assurance and certificate issuance. These records may include your organisation, job title, and participation in AI governance practicum exercises.
17. Payment data
Card payments are processed by PCI-compliant providers. We do not store full card numbers on our servers. Billing addresses are retained for invoice and tax compliance under Singapore regulations.
18. Data breach notification
In the event of a notifiable breach under PDPA, we will assess impact, contain the incident, notify affected individuals and the PDPC where required, and document remedial actions.
19. Third-party links
Our site may link to PDPC, ACRA, or tool vendor documentation. We are not responsible for third-party privacy practices. Review their policies before submitting data.
20. Employee and facilitator data
Staff and contractor personal data is processed under separate employment or services agreements with equivalent security standards.
21. Anonymised analytics
Aggregated, non-identifying statistics may be used to report cohort demographics to corporate sponsors with contractual authorisation. No individual executive is identified without consent.
22. Complaints process
Submit complaints to privacycsuiteaiacademy.one with subject line "Privacy complaint". We acknowledge within 5 business days and aim to resolve within 30 days.
23. Record of processing
We maintain an internal record of processing activities covering enquiry handling, registration, delivery, billing, and alumni communications as required by accountability principles under PDPA.
24. International participants
Regional executives attending Singapore sessions may have data transferred to Singapore as the primary processing location. Corporate contracts may specify additional transfer mechanisms.