Momentum Spark Pte. Ltd. ("Company," "we," "us," or "our") values privacy and is dedicated to managing personal data responsibly and in compliance with applicable laws and regulations. This Privacy Policy outlines how we collect, use, share, and protect your data across all interactions with our platforms and services.
This Privacy Policy applies to all website visitors, potential customers, and users of our services. It is designed to be future-proof and encompass new features or services we may introduce.
1. Scope of this Policy
This Privacy Policy governs:
- The collection and processing of personal data through our websites, platforms, and related services.
- The rights and obligations of individuals and entities interacting with our services.
This Privacy Policy does not apply to Customers who have signed separate agreements (e.g., Terms of Use) that include specific privacy provisions.
2. Key Definitions
- Personal Data: Information relating to an identified or identifiable individual as defined under applicable data protection laws.
- Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, or deletion.
- Controller: The entity determining the purposes and means of processing personal data.
- Processor: The entity processing personal data on behalf of a Controller.
- Cookies: Small text files placed on a user’s device to track activity or enable functionality.
3. Data Collection and Use
We collect and process personal data for specific, legitimate purposes, as outlined below:
3.1 Categories of Data Collected
- Directly Provided Data: Names, email addresses, contact numbers, billing information, job titles, username and password (if any), and other information submitted during account registration or service interaction. Candidates may complete a job interview through our Services which can include information such as work history, skills, experience, abilities, work style and other responses to questions, as well as submissions through a variety of types of media including video/audio interviews and the like.
- Automatically Collected Data: IP addresses, browser types, operating systems, geographic locations, session durations, and interaction logs.
- Derived Data: Analytical insights derived from user behavior, platform usage, and preferences.
3.2 Purposes of Data Processing
We process personal data to:
- Provide Services: Facilitate access, functionality, and user experience on our platforms.
- Support Operations: Respond to inquiries, process payments, manage accounts, and troubleshoot technical issues.
- Enhance Offerings: Develop new features, improve existing services, and conduct research and analytics.
- Ensure Compliance: Fulfil legal obligations, such as data retention, security audits, and regulatory reporting.
3.3 Legal Bases for Processing
We process personal data based on:
- Consent: As obtained through opt-ins for specific activities (e.g., marketing).
- Contractual Necessity: To deliver services agreed upon with users or clients.
- Legitimate Interests: For internal improvements, fraud prevention, and maintaining security.
- Legal Obligations: To comply with applicable laws and respond to lawful requests.
4. Data Sharing and Transfers
4.1 Sharing Personal Data
We share personal data only when necessary and in accordance with this Privacy Policy:
- With Sub-processors: Trusted third parties that provide essential support services, such as hosting, analytics, and payment processing. All sub-processors are bound by data protection obligations.
- With Affiliates: Entities within our corporate group for shared service delivery and operational efficiency.
- For Legal Compliance: With regulators, courts, or law enforcement if required by applicable laws.
4.2 International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA) or other jurisdictions with strict data protection laws, we ensure adequate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.
4.3 Onward Transfers
Sub-processors located in third countries are required to comply with contractual terms ensuring equivalent data protection standards.
5. Data Retention
We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy or as required by law. Specific retention periods include:
- Operational Data: Retained for the duration of the service relationship and a reasonable period thereafter to address inquiries or disputes.
- Legal Retention: Retained in compliance with legal obligations (e.g., tax records, regulatory requirements).
- Backup and Archival Data: Retained as part of disaster recovery and system integrity plans, with strict access controls.
Upon termination of the data retention period, data will be securely deleted, anonymized, or de-identified.
6. Your Rights
Depending on applicable laws, you may exercise the following rights:
6.1 Access and Transparency
Request a copy of the personal data we hold about you, including details of how it is processed.
6.2 Rectification and Erasure
- Correct inaccuracies or update incomplete data.
- Request deletion of your data, subject to applicable legal or contractual restrictions.
6.3 Restriction and Objection
- Restrict certain types of data processing.
- Object to processing based on legitimate interests or for direct marketing purposes.
6.4 Data Portability
Receive a copy of your personal data in a commonly used, machine-readable format.
6.5 Consent Withdrawal
Withdraw previously given consent without affecting the lawfulness of processing before withdrawal.
Requests may be submitted via legal@kitahq.com . We may require verification of your identity before processing your request.
7. Security Measures
We take the security of personal data seriously and implement robust measures, including:
- Encryption: Protecting data in transit and at rest using industry-standard encryption methods.
- Access Control: Ensuring only authorized personnel can access personal data on a need-to-know basis.
- Monitoring: Continuous monitoring of systems to detect and respond to potential threats.
- Incident Response: Established protocols to manage data breaches, including notifying affected parties and regulators as required by law.
We regularly review and update our security policies to align with SOC 2 standards and evolving best practices.
8. Cookies and Tracking
We use Cookies and similar technologies for site functionality, analytics, and marketing purposes. Essential Cookies are required for the platform’s operation, while non-essential Cookies require user consent.
For more information, refer to our Cookies Policy.
9. Security Measures
We implement stringent technical and organizational measures to protect Personal Data, including:
- Encryption of data in transit and at rest.
- Regular SOC 2-aligned audits and assessments.
- Access controls based on the principle of least privilege.
10. Data Breach Notification
In the event of a data breach affecting your Personal Data, we will notify you and relevant authorities in accordance with applicable laws.
11. Children’s Data
Our Services are not intended for individuals under the age of 18. We do not knowingly process data of minors without verifiable consent.
12. Updates to this Policy
We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. Updates will be effective upon posting on our website. Continued use of our Services indicates acceptance of the updated terms.
13. Contact Information
For questions or concerns about this Privacy Policy, contact us at:
- Email: legal@kitahq.com
