Privacy Policy

Organisation Solutions Pte. Ltd. 

Last Updated: March 2 2026

1. Introduction 

Organisation Solutions Pte. Ltd. ("Organisation Solutions," "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our assessment platform (the "Platform"), professional services, and website. 

We are incorporated in Singapore and operate in accordance with the Personal Data Protection Act 2012 ("PDPA"). Where we process personal data of individuals in the European Economic Area ("EEA") or United Kingdom ("UK"), we also comply with the General Data Protection Regulation ("GDPR"). 

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services. 

2. Data Controller 

Organisation Solutions is the data controller responsible for your personal data. Our contact details are: 

Organisation Solutions Pte. Ltd. 

60 Paya Lebar Road, #07-54 

Paya Lebar Square 

Singapore 409051 

Email: success@organisationsolutions.com 

In some cases, we act as a data processor on behalf of our enterprise clients (the "Client"), who act as the data controller. In such cases, the Client's privacy policy will also apply to the processing of your personal data. 

3. Information We Collect 

3.1 Information You Provide 

We collect information that you voluntarily provide to us, which may include: 

  • Account Information: Name, email address, job title, organization name, and login credentials when you create an account. 

  • Assessment Data: Responses to assessment questions, scores, and any information you provide during assessments, including leadership assessments, 360-degree feedback instruments, team surveys, and other assessment tools. 

  • Professional Services Information: Information shared during coaching, consulting, or training engagements. 

  • Communication Data: Records of correspondence when you contact us or participate in surveys. 

  • Demographic Information: Optional information such as location, background, or other details you choose to provide for analysis purposes. 

3.2 Information Collected Automatically 

When you access our Platform or website, we automatically collect: 

  • Device Information: IP address, browser type, operating system, and device identifiers. 

  • Usage Data: Pages viewed, features used, time spent on the Platform, and navigation patterns. 

  • Log Data: Access times, error logs, and referring URLs. 

3.3 Information from Third Parties 

We may receive information about you from your employer or organization (our Client), such as your name and email address to set up your assessment or provide services. We may also receive information from 360-degree feedback participants who provide ratings and comments about you. 

4. How We Use Your Information 

We use your personal data for the following purposes: 

  • Service Delivery: To provide assessments, generate reports, deliver coaching and consulting services, and manage your account. 

  • Platform Operation: To operate, maintain, and improve our Platform and Services. 

  • Communication: To send you service-related communications, respond to inquiries, and provide customer support. 

  • Research and Development: To conduct research, analyze trends, and improve our assessment instruments and methodologies using anonymized and aggregated data (see Section 5 below). 

  • Marketing: With your consent, to send you information about our learning community events, newsletters, and other offerings. 

  • Legal Compliance: To comply with applicable laws, regulations, and legal processes. 

  • Security: To protect the security and integrity of our Services and prevent fraud or misuse. 

5. Research and Anonymized Data 

By using our Services, you grant Organisation Solutions a perpetual, irrevocable, royalty-free license to use anonymized and aggregated Assessment Data for research, benchmarking, product development, academic publications, and other legitimate business purposes. 

Anonymization means that all personal identifiers are removed and the data is processed in a manner that does not and cannot identify any individual respondent, user, or client organization. We may publish research findings, statistical analyses, and reports derived from anonymized data without further consent, provided that no individual or organization can be identified from such publications. 

This research license survives termination of your use of the Services. The purpose of this research is to advance the science of leadership development, validate our assessment instruments, and contribute to the broader professional and academic community. 

6. Legal Basis for Processing 

We process your personal data based on the following legal grounds: 

  • Contractual Necessity: Processing is necessary to perform our contract with you or your organization (e.g., delivering assessments, generating reports). 

  • Consent: Where you have given consent for specific processing activities (e.g., marketing communications, optional demographic data collection). 

  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our Services, conducting research with anonymized data, and ensuring security, provided these interests are not overridden by your rights. 

  • Legal Obligation: Processing is necessary to comply with applicable laws and regulations. 

7. Data Sharing and Disclosure 

We may share your personal data with the following categories of recipients: 

  • Your Organization: Assessment results and reports may be shared with designated recipients within your organization as authorized by your employer (our Client). Individual assessment results are shared only with you and those you or your organization have authorized. 

  • Service Providers: Third-party vendors who assist us in operating our business, including cloud hosting providers, payment processors, and analytics services. These providers are contractually obligated to protect your data. 

  • Professional Advisors: Lawyers, accountants, and other advisors in connection with legal, accounting, or consulting services. 

  • Legal Requirements: When required by law, court order, or governmental authority, or to protect our rights, property, or safety. 

  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. 

We do not sell your personal data to third parties. 

8. Third-Party Service Providers (Sub-processors) 

We use third-party service providers (sub-processors) to assist in providing the Services. These providers process personal data on our behalf for purposes such as cloud infrastructure, customer relationship management, payment processing, and analytics. 

A current list of our sub-processors, including their names, locations, and purposes, is available at [INSERT SUB-PROCESSOR LIST URL]. We will update this list when we engage new sub-processors and will provide notice of material changes in accordance with applicable data protection laws. 

Our assessment platform is developed and operated in-house by Organisation Solutions. All service providers are bound by data processing agreements that require them to protect your data in accordance with this Privacy Policy and applicable law. 

9. International Data Transfers 

Organisation Solutions is based in Singapore. Your personal data may be transferred to, stored, and processed in countries outside of your country of residence, including Singapore and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. 

9.1 Where We Transfer Data 

Your data may be transferred to: 

  • Singapore: Where our primary operations and assessment platform are located. 

  • United States: Where certain cloud infrastructure providers and service providers may process data. 

  • Other Jurisdictions: Where our consultants, coaches, or service providers are located to deliver services to you. 

9.2 Safeguards for International Transfers 

When we transfer personal data internationally, we implement appropriate safeguards to ensure your data remains protected: 

  • Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs when transferring data from the EEA/UK to countries without an adequacy decision. 

  • Adequacy Decisions: We may transfer data to countries that have been recognized by relevant authorities as providing adequate data protection (e.g., Singapore has been recognized by the UK as providing adequate protection). 

  • Data Processing Agreements: All third-party processors are bound by contractual obligations to protect your data and comply with applicable data protection laws. 

  • Security Measures: All international transfers are protected by encryption in transit and at rest, as described in Section 11. 

  • Consent: Where required and where other safeguards are not available, we may seek your explicit consent for specific transfers. 

9.3 Transfers Under PDPA 

Under Singapore's PDPA, we ensure that recipients of personal data outside Singapore are bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA. This may include contractual arrangements or ensuring the recipient is subject to laws substantially similar to the PDPA. 

9.4 Your Rights Regarding International Transfers 

You may request information about the safeguards we have in place for international transfers by contacting us at success@organisationsolutions.com. You may also request a copy of the relevant SCCs or other transfer mechanisms we use. 

10. Data Retention 

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our standard retention periods are: 

  • Assessment Data: Retained for three (3) years from the date of the assessment to allow clients to request reports and for research purposes, unless a longer period is agreed with your organization. 

  • Account Information: Retained for the duration of your account and for a reasonable period thereafter for legal and audit purposes. 

  • Anonymized Research Data: May be retained indefinitely as it no longer constitutes personal data. 

  • Marketing Data: Retained until you withdraw consent or opt out of communications. 

After the applicable retention period, personal data will be securely deleted or anonymized in accordance with our data deletion procedures. 

11. Data Security 

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: 

  • Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. 

  • Access Controls: Role-based access controls ensure that only authorized personnel can access personal data on a need-to-know basis. 

  • Security Certifications: We maintain SOC 2 Type II compliance and regularly undergo independent security audits. 

  • Employee Training: All employees receive regular training on data protection and security practices. 

  • Incident Response: We maintain incident response procedures to address any security breaches promptly. 

12. Your Rights 

Subject to applicable law, you have the following rights regarding your personal data: 

  • Right of Access: You may request a copy of the personal data we hold about you. 

  • Right to Rectification: You may request that we correct inaccurate or incomplete personal data. 

  • Right to Erasure: You may request that we delete your personal data in certain circumstances. 

  • Right to Restrict Processing: You may request that we limit how we use your personal data. 

  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used format, or to have it transferred to another controller where technically feasible. 

  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes. 

  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. 

To exercise any of these rights, please contact us at success@organisationsolutions.com. We will respond to your request within the timeframes required by applicable law (generally 30 days under PDPA, or one month under GDPR). We may need to verify your identity before processing your request. 

Please note that certain rights may be limited where we have an overriding legitimate interest or legal obligation, or where the data has been anonymized for research purposes. 

13. Cookies and Tracking Technologies 

Our website and Platform use cookies and similar tracking technologies to enhance your experience, analyze usage, and support our operations. Cookies are small text files stored on your device that help us recognize you and remember your preferences. 

We use the following types of cookies: 

  • Essential Cookies: Required for the operation of our Platform, including authentication and security. 

  • Analytical Cookies: Help us understand how visitors interact with our website and Platform to improve performance. 

  • Functional Cookies: Remember your preferences and settings to provide a personalized experience. 

Cookie preferences are managed through our consent management platform provided by Osano. You can adjust your cookie preferences at any time by clicking the cookie settings link in our website footer or through the consent banner displayed when you first visit our site. 

14. Data Breach Notification 

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection authorities and affected individuals in accordance with applicable law. Under PDPA, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required. Under GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach where feasible. 

15. Children's Privacy 

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such information. 

16. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on our website with a revised "Last Updated" date. Material changes will be communicated to you via email or through a notice on our Platform. Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy. 

17. Contact Us 

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: 

Organisation Solutions Pte. Ltd. 

60 Paya Lebar Road, #07-54 

Paya Lebar Square 

Singapore 409051 

Email: success@organisationsolutions.com 

If you are not satisfied with our response to your concern, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore at https://www.pdpc.gov.sg, or with your local data protection authority if you are located in the EEA or UK. 

18. Governing Law 

This Privacy Policy is governed by the laws of the Republic of Singapore. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Singapore, without prejudice to your rights under applicable data protection laws to lodge complaints with relevant supervisory authorities.