This Policy is issued by CBL Data Recovery (S) Pte Ltd and CBL Data Recovery SG Pte Ltd. It explains how we handle the collection, use, and processing of personally identifiable information (“Personal Data”) in connection with our services. For the purposes of this Policy, the terms “CBL,” “we,” “our,” or “us” refer collectively to CBL Data Recovery (S) Pte Ltd or CBL Data Recovery SG Pte Ltd, depending on which entity you are interacting with.

We may update this Policy from time to time to reflect changes in our data protection practices or to comply with legal or regulatory requirements. We encourage you to review this page periodically to stay informed about how we manage and protect your Personal Data.

Scope of Applicability

This Policy applies to individuals both within and outside of our organization with whom we engage. This includes our customers, representatives of corporate clients, website visitors, business partners, service providers, job applicants, and other individuals who interact with our services. It outlines how CBL Data Recovery (S) Pte Ltd and CBL Data Recovery SG Pte Ltd collect, use, disclose, transfer, store, and otherwise process your personal data in connection with our data recovery services (collectively referred to as the “Service” or “Services”).

Processing of Personal Data

1.1 Collection of Personal Data

We may collect personal data through various channels, including but not limited to:

• Direct interactions: When you contact us via phone, email, online forms, or when you provide us with your business card, submit a service request, or apply for a job with us.
• Service-related interactions: When we engage with individual or corporate clients, their representatives, partners, vendors, or visitors to deliver our data recovery services or for employment-related purposes.
• Website and digital platforms: When you visit our website, engage with our social media channels, register an inquiry, or use features on our digital platforms.
• Third-party content and cookies: When you engage with third-party content, advertisements, or plugins on our website, we may receive personal data from those third-party providers.
• External sources: We may receive information from third parties such as law enforcement agencies, regulatory bodies, or credit reference services where legally permitted.
• Identity verification: When personal data is required to verify the identity of individuals collecting devices or recovered data on behalf of registered clients.

1.2 Categories of Personal Data

Depending on your interaction with us, the types of personal data we may collect include:

• Personal information: Full name
• Contact details: Phone number, email address, and billing or shipping address
• Consent records: Documentation of consent provided through correspondence or forms (where applicable)
• Payment details: Transaction records, invoice information, billing addresses, bank account numbers, and cardholder/account holder information (where applicable)
• Feedback and reviews: Opinions, reviews, or feedback voluntarily provided to us or shared publicly on social platforms regarding our services
• Employment-related data: Information provided during job applications such as employment history, qualifications, certifications, reference numbers, and supporting documents
• Corporate client data: Information relating to individuals representing organizations, including name, company name, designation, email address, and contact number
• Compliance-related data: Information obtained from fraud prevention checks, business directories, authorized individuals acting on your behalf, or regulatory reporting requirements

Purpose of Processing Personal Data

We may collect, use, and process your personal data for the following purposes:

• Service Provisioning:

To facilitate service assessments, perform data recovery services, generate and manage invoices and payments, and respond to enquiries or requests from individuals and authorized representatives.

• Service Improvement:

To enhance and develop our products and services, personalize user experiences, conduct market research and analysis, and improve service delivery and operational efficiency.

• Marketing and Customer Engagement:

To send marketing communications via phone calls, SMS, email, and digital channels to inform you about relevant products, services, promotions, training content, events, and loyalty programs you may be eligible for or interested in.

• Security and Fraud Prevention:

To verify identities, address service-related security issues, prevent and detect fraudulent activities or unauthorized access, and ensure the safety and integrity of storage devices entrusted to us.

• Legal and Regulatory Compliance:

To comply with applicable laws and regulations, respond to law enforcement, judicial, or regulatory authorities, and fulfill other legal obligations.

• Financial and Business Administration:

To support business operations such as accounting, finance, auditing, vendor management, and general administrative functions related to our service offerings.

• Legal Claims and Disputes:

To manage or respond to legal claims or disputes, including investigating facts, reviewing evidence, supporting legal processes, and exercising or defending our legal rights.

Legal Justification for Processing Personal Data

Disclosure of Personal Data

We  may disclose your personal data to other parties when necessary to fulfill our contractual obligations, support legitimate business operations, comply with legal requirements, or based on your consent where applicable. These disclosures may include:

• Individuals or corporate representatives, such as your authorized personnel or appointed representatives, and where relevant, your employer (if services are provided on their behalf);
• Legal and regulatory authorities, when required by law, or to report actual or suspected violations of laws or regulations;
• Professional advisors engaged by us, including auditors, accountants, legal counsel, and consultants—subject to strict confidentiality agreements;
• Third-party service providers acting on our behalf, such as payment processors, courier or logistics companies, technology vendors, IT support providers, customer feedback/survey platforms, or live chat support operators;
• Government bodies, law enforcement agencies, regulatory authorities, or the courts, where necessary for legal proceedings, law enforcement, or to protect and assert our legal rights;
• Prospective buyers or successors, in connection with any sale, transfer, merger, or restructuring of our business or assets, in accordance with applicable data protection laws;
• Third-party platforms and content providers, when you interact with embedded third-party features (such as social media plugins, advertisements, or external content) on our website. Your personal data may be shared with the relevant provider, and we recommend reviewing their respective privacy policies before engaging with their content.

• Transfer of Personal Data
• Your personal data may be transferred within our affiliated entities and to third parties, as outlined in the “Disclosure of Personal Data” section above, in connection with the purposes described in this Policy. Where necessary, and in compliance with applicable laws, personal data may also be transferred outside of Singapore—either based on your explicit consent or to fulfill a specific service request made by you.

Retention of Personal Data

We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required or permitted under applicable laws and regulations. If data is needed to respond to legal requests, regulatory investigations, or the initiation of judicial or disciplinary proceedings, it may be retained for the duration of such processes, including any appeal periods.

Once personal data is no longer required, we will take appropriate steps to securely delete it from our systems or anonymize it so that it can no longer be used to identify any individual.

Protection of Personal Data

We are committed to safeguarding your personal data. We have implemented appropriate technical, physical, and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized access, disclosure, or other forms of unlawful processing, in accordance with Singapore’s Personal Data Protection Act (PDPA).

Specifically:

• We regularly review our data handling practices—including how personal data is collected, stored, and processed—to detect and prevent unauthorized access, misuse, or tampering.
• Access to personal data is granted strictly on a need-to-know basis to authorized CBL employees and approved service providers, who are bound by confidentiality obligations. Any breach of these obligations may result in disciplinary action or termination of engagement.
• We carefully select and engage with business partners and third-party service providers who demonstrate strong commitments to data protection. These partners may be subject to data protection agreements, audits, or security assessments.
• Ongoing training and awareness programs are conducted to educate staff on data protection policies, cybersecurity hygiene, and their responsibilities under the PDPA.
• While we do not encourage the transmission of sensitive data via public networks unless necessary or requested by you, we will take reasonable precautions to protect data transferred over the internet. However, as no transmission method is completely secure, we cannot guarantee the absolute security of such data and you accept the associated risks when choosing to transmit data online.

Your Rights Under the Personal Data Protection Act (PDPA)

In accordance with Singapore’s Personal Data Protection Act (PDPA), you may have certain rights relating to your personal data. These rights help ensure transparency and give you control over how your personal data is handled. Subject to legal and regulatory requirements, your rights may include:

• Right to Access: You may request access to the personal data we hold about you, as well as information on how it has been used or disclosed within the past year.
• Right to Correction: If any personal data we hold is inaccurate or incomplete, you may request that we correct or update the information accordingly.
• Right to Withdrawal of Consent: You may withdraw your consent for the collection, use, or disclosure of your personal data at any time. However, this may affect our ability to provide certain services to you.
• Right to Restrict Processing: You may request us to limit the use or disclosure of your personal data under specific circumstances, such as during the verification of a correction request.
• Right to Object to Processing: Where permitted under applicable laws, you may object to our processing of your personal data based on your specific situation.
• Right to Data Portability (where applicable): Subject to certain conditions, you may request to receive your personal data in a machine-readable format or have it transferred to another organization.

If you wish to exercise any of these rights, you may do so by contacting us using the information provided in the Contact Us section of this Policy.

If you believe that your personal data has been mishandled or your rights have been violated, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore.

Third-Party Websites and Social Media Platforms

Our services and website may include links to third-party websites or social media platforms such as Facebook, Instagram, LinkedIn, TikTok, and others. You may choose to access these platforms to view marketing content, promotional updates, or other materials published by CBL Data Recovery Singapore.

Please note that we do not control the privacy policies or data protection practices of these third parties, and they are not governed by this Privacy Policy. As such, we do not accept responsibility for how these external platforms collect, use, or disclose your personal data.

We strongly encourage you to review the privacy policies of any third-party website or service before providing them with your personal data.

CONTROLLER DETAILS

Contact Us

If you have any questions or concerns about this Privacy Policy or how your personal data is being handled, please feel free to contact us at [email protected]. You may also visit our office—location details are available on our Contact Page