Privacy Commitment - Singapore

The following is a brief summary of how Netskope complies with applicable data privacy laws in Singapore.

Singapore Personal Data Protection Act (PDPA) Supervisory Authority Our Commitment to Data Protection Key Definitions Your Rights Under the PDPA Our Responsibilities Our Compliance Measures

Singapore Personal Data Protection Act (PDPA)

The Singapore PDPA, introduced in 2012 and amended in 2020, serves as Singapore’s principal data protection framework. It governs the collection, use, disclosure, and care of personal data, ensuring that organizations handle such information responsibly while respecting individuals’ rights. In addition to PDPA, various subsidiary legislations have been issued. The PDPA applies to all organizations, regardless of location, that process the personal data of individuals residing in Singapore.

By adhering to the PDPA, we ensure the protection of personal data and comply with both legal and ethical standards, building trust with our stakeholders.

Supervisory Authority

Singapore’s data protection authority is the Personal Data Protection Commission (PDPC). The PDPC provides oversight, guidance, and support for both individuals and organizations.

Our Commitment to Data Protection

At Netskope, safeguarding personal data and ensuring compliance with privacy laws are our top priorities. Below, we explain our approach to data protection as it relates to Singapore privacy laws, your rights as an individual, and our responsibilities as a business.

Key Definitions

Personal Data: Data, whether true or not, about an individual who can be identified from that data or from that data and other information to which the organisation has or is likely to have access.
Processing: Carrying out of any operation or set of operations in relation to the personal data which includes recording or holding or organisation or adaptation or alteration or retrieval or combination or transmission or erasure or destruction.

Your Rights Under the PDPA

Under Singapore’s PDPA, individuals have several rights regarding their personal data, including:

Right to Access: Request access to the personal data we hold about you.
Right to Correction: Correct any inaccurate or incomplete information.
Right to Withdraw Consent: Withdraw consent for the collection, use, or disclosure of your personal data at any time, subject to certain exceptions.

To exercise these rights, please visit our Exercise Your Rights Section.

Our Responsibilities

As a data intermediary, Netskope processes personal data on behalf of our customers and in accordance with their instructions. Our key responsibilities as a data intermediary include:

We process personal data on behalf of our customers under clear contractual agreements, ensuring that all processing is conducted lawfully, fairly, and transparently.
We implement robust technical and organizational measures to safeguard personal data against unauthorized access, alteration, or loss.
We provide reasonable assistance to customers to help them meet their compliance needs. This may include working with customers to respond to third-party requests, providing information to demonstrate our security and privacy compliance measures, and helping customers complete risk assessments.

As a data controller, Netskope is responsible for processing personal data related to employees, marketing activities, training courses, website users, and more. In this capacity, we ensure that:

Data processing is done for legitimate and transparent purposes.
Transparency is maintained by informing individuals about data usage and ensuring their rights to access and correction.
Appropriate measures protect personal data from unauthorized access or loss.
We continually train our staff and review internal policies to ensure compliance with PDPA and promote a culture of data protection.
Procedures are in place to promptly report and address data breaches, including notifications to supervisory authority or affected individuals when required.

Our Compliance Measures

We maintain strict data protection practices, including:

Singapore-based data centers: Providing service selections to enable customers to restrict data location within the bounds of Singapore.
Data Protection Policies: Establishing clear and comprehensive internal policies consistent with PDPA privacy laws.
Employee Training: Annual training for all employees on data protection responsibilities.
Data Audits: Netskope undergoes annual SSAE-18 SOC 2 Type II attestation through an independent, third-party auditor.
Security Measures: Technical and organizational measures such as utilizing encryption, securing storage, and having strict access controls are implemented to ensure an appropriate level of security, taking into account the nature, scope, context, purpose of the processing, and the risks for the rights and freedoms of natural persons.
Third-Party Assurance: All partners and vendors undergo security reviews involving a risk assessment and vetting procedure to ensure our partners and vendors meet our high standards.
Breach Management: Privacy and Security Incident Response Plan is well documented, implemented, and regularly reviewed and tested.

This page provides a high-level overview of our data protection practices under Singapore’s data protection laws. We’re committed to protecting your data and ensuring transparency every step of the way.

If you have questions or concerns about how we handle your data, please contact our Data Protection Officer (DPO) at [email protected].

For more detailed information, please refer to our Privacy Policy or reach out to us directly.

Singapore Privacy Commitment