PDPA Compliance

Last updated: 1 January 2026

1. Our Commitment

Workboat Trading Pte Ltd ("WBT") is fully committed to complying with the Personal Data Protection Act 2012 (PDPA) of Singapore. We have implemented comprehensive data protection policies and practices to ensure that all personal data entrusted to us is handled responsibly and lawfully.

2. Data Protection Officer

WBT has appointed a Data Protection Officer (DPO) to oversee our PDPA compliance. The DPO is responsible for:

• Ensuring compliance with the PDPA and related regulations.
• Developing and maintaining data protection policies.
• Handling data access and correction requests.
• Managing data breach response procedures.
• Conducting staff training on data protection obligations.

3. Consent

We obtain your consent before collecting, using, or disclosing your personal data, unless an exception under the PDPA applies. Consent may be obtained through:

• Account registration and KYB verification forms.
• Newsletter subscription opt-ins.
• Cookie consent mechanisms on the Platform.
• Transaction-related agreements and documentation.

You may withdraw consent at any time by contacting our DPO. Withdrawal of consent may affect our ability to provide certain services.

4. Purpose Limitation

We collect and use personal data only for purposes that a reasonable person would consider appropriate in the circumstances, including:

• Providing marketplace and transaction services.
• Identity verification and fraud prevention.
• Communicating service updates and market insights.
• Improving Platform functionality and user experience.
• Complying with legal and regulatory requirements.

5. Data Protection Measures

WBT implements reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, or similar risks. Our measures include:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Multi-factor authentication for platform access.
• Role-based access controls for staff and administrators.
• Regular security audits and vulnerability assessments.
• Secure data centres with ISO 27001 certification.

6. Access and Correction

You have the right to request access to your personal data held by WBT and to request corrections if the data is inaccurate, incomplete, or outdated. To make a request:

• Email our DPO at ops@wbtsingapore.com.
• Include your full name, account email, and details of your request.
• We will respond within 30 business days.

7. Data Breach Management

In the event of a data breach that is likely to result in significant harm, WBT will notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable, in accordance with the mandatory data breach notification requirements under the PDPA.

8. Do Not Call Registry

WBT complies with Singapore's Do Not Call (DNC) Registry provisions. We will not send marketing messages to Singapore telephone numbers registered on the DNC Registry unless we have obtained your clear and unambiguous consent.

9. AI Governance & Transparency

In accordance with the 2024/2025 PDPC updates on AI Recommendation and Decision Systems:

• Transparency: We disclose the use of sub-processors (Gemini/Antigravity) for AI-driven features.
• Human Oversight: We maintain a "Human-in-the-Loop" policy for critical decisions involving personal data, ensuring that automated systems do not operate without human intervention for high-impact outcomes.
• Data Minimization: We ensure that only necessary data is processed by our AI systems, and we do not use proprietary user data for training base models.

10. Retention and Disposal

Personal data is retained only for as long as it is needed for business or legal purposes. When data is no longer required, it is securely disposed of through deletion or anonymisation.

Contact

For PDPA-related queries or requests, contact our Data Protection Officer at ops@wbtsingapore.com or write to:

Data Protection Officer
Workboat Trading Pte Ltd
160 Robinson Road 14-04
Singapore 098634