Scaling-Up! Ventures Pte. Ltd. (“Scaling-Up! Ventures”, “we”, “us”, or “our”) is committed to protecting the personal data of individuals who interact with us. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA, as amended 2021-2025) of Singapore, SS 714:2025, and the January 2026 Model AI Framework, as well as associated guidance issued by the Personal Data Protection Commission (PDPC).

By using our website at scalingupventures.com, submitting enquiries through our forms, or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

What Personal Data We Collect

We may collect the following types of personal data:

Information you provide directly:

• Full name
• Email address
• Phone number
• Company name and job title
• Business details submitted through our application form at scalingupventures.com/apply/
• Any other information you choose to share with us through email, phone calls, or in-person meetings

Information collected automatically:

• IP address and browser type
• Pages visited, time spent on pages, and navigation paths on our website
• Device type and operating system
• Referring website or source
• Cookie data and similar tracking technologies (see “Cookies and Tracking Technologies” below)

Information from third-party platforms:

• Aggregated analytics from our LinkedIn company page
• Aggregated analytics from our Facebook page
• Google Analytics (GA4) website usage data

We do not collect personal data from third-party social media platforms at an individual level. The analytics data we access from LinkedIn and Facebook is aggregated and anonymised by those platforms.

How We Use Your Personal Data

We collect and use your personal data for the following purposes:

1. Responding to enquiries – To follow up on applications submitted through scalingupventures.com/apply/ and other contact forms
2. Delivering our services – To provide strategy consulting services including Business re:Imagine, Organisation re:Design, People re:Energise, Growth Culture Design, Science of Sales, Plan to Win, and Playing to Win Masterclass engagements
3. Communication – To send you information about our services, events, workshops, and content that may be relevant to your business
4. Email marketing – To send newsletters and updates to subscribers who have opted in
5. Website improvement – To analyse website usage patterns and improve user experience through Google Analytics (GA4)
6. Legal and regulatory compliance – To comply with applicable laws, regulations, and legal processes

We will not use your personal data for purposes beyond what is stated here without first obtaining your consent, unless permitted or required by law.

Legal Basis and Consent

Under the PDPA, we collect and use your personal data based on the following:

• Explicit Consent – When you submit your details through our application form, subscribe to our newsletter, or contact us, you consent to the collection and use of your data for the stated purposes.
• Contractual necessity – When we need your data to deliver consulting services you have engaged us for.
• Legitimate business purposes – For internal analytics and service improvement, subject to a documented Legitimate Interests Assessment, where the data is used in aggregated or anonymised form.
• Deemed Consent by Notification – Where individuals are notified of a purpose and do not opt out within the prescribed window, as permitted under the PDPA.

You may withdraw your consent at any time by contacting us at the details provided in the “Contact Us” section below. Please note that withdrawing consent may affect our ability to provide certain services to you. We will inform you of the likely consequences of withdrawing your consent before processing your request.

Disclosure to Third Parties

We do not sell, rent, or trade your personal data to any third party.

We may share your personal data with the following categories of third parties, only to the extent necessary for the purposes described in this policy:

• Service providers – Website hosting providers, email marketing platforms, CRM systems (e.g., HubSpot), and IT service providers who assist in our business operations
• Analytics providers – Google (Google Analytics GA4) for website usage analysis
• Professional advisors – Accountants, lawyers, or auditors where required
• Government and regulatory bodies – Where required by law or legal process

All third-party service providers are required to protect your personal data in a manner consistent with this policy and applicable laws.

Cross-Border Data Transfers

Personal data shall not be transferred outside of Singapore unless the recipient jurisdiction provides a standard of protection comparable to the PDPA. For transfers to regional entities (e.g., in Vietnam, Indonesia, or Thailand), we utilise the ASEAN Model Contractual Clauses (MCCs) as the default contractual instrument to ensure adequate protection.

AI and Automated Decision-Making

Scaling-Up! Ventures may use AI-based tools and agents as part of our operations. All AI agents deployed by the organisation adhere to the “Human-in-the-loop” principle. No final decision regarding a data subject’s legal rights or financial status is made solely by an autonomous AI system without human oversight.

We maintain records to explain, upon request, how an AI agent arrived at a specific data-driven output that affects you.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your browsing experience and analyse website traffic.

Types of cookies we use:

• Strictly necessary cookies – Required for the website to function properly (e.g., session management). These cannot be disabled.
• Analytics cookies – Google Analytics (GA4) cookies that help us understand how visitors use our website. These collect anonymised data including pages visited, time on site, and traffic sources.
• Third-party cookies – Cookies set by embedded content or plugins on our WordPress website, such as social media sharing buttons.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is set. Please note that disabling cookies may affect the functionality of our website. For more information on managing cookies, visit www.aboutcookies.org.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

• Marketing leads and enquiry data – Retained for up to 3 years after our last interaction, then deleted or anonymised
• Client project data – Returned or deleted within 6 months after the project ends, unless the contract requires otherwise
• Email subscriber data – Retained until you unsubscribe or withdraw consent
• Website analytics data – Retained in anonymised, aggregated form as configured in our Google Analytics account (default: 14 months)

When personal data is no longer required, we will securely delete or anonymise it.

Your Rights Under the PDPA

Under the PDPA, you have the right to:

1. Access – Request access to the personal data we hold about you and information about how it has been used or disclosed in the past year
2. Correction – Request correction of any personal data that is inaccurate, incomplete, or outdated
3. Withdrawal of consent – Withdraw your consent for the collection, use, or disclosure of your personal data at any time, subject to legal and contractual restrictions
4. Data portability – Request the transfer of your personal data to another organisation in a structured, commonly used, and machine-readable format, where the data is in our possession or under our control

To exercise any of these rights, please contact us using the details in the “Contact Us” section below. We will respond to your request within 30 business days. We may charge a reasonable fee to cover the cost of responding to a data access request, and we will inform you of any applicable fee before proceeding.

Do Not Call Registry

If you have registered your Singapore telephone number with the Do Not Call (DNC) Registry, we will not send you marketing messages via phone calls, SMS, or fax unless:

• You have given us clear and unambiguous consent to do so, or
• The message falls within an exemption under the PDPA

If you have previously given consent and wish to withdraw it, you may do so by contacting us at the details below.

Protection of Personal Data

We implement reasonable security measures to protect your personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include:

• Multi-factor authentication (MFA) on all work accounts
• Use of encryption for data transmission where appropriate
• Limiting access to personal data to authorised personnel on a need-to-know basis
• Regular review of our data protection practices

No method of transmission over the internet or electronic storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

Data Breach Notification

In the event of a notifiable data breach – one that is likely to result in significant harm to affected individuals or involves more than 500 individuals – we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required under the PDPA, as soon as practicable and within 3 calendar days (72 hours) of assessing that the breach is notifiable.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any updates will be posted on this page with a revised effective date. We encourage you to review this policy periodically.