GoAspire - AI-Powered Team Assessment Platform

1. Introduction

GoAspire Sdn Bhd ("GoAspire", "we", "us", or "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 ("PDPA") of Malaysia, the Personal Data Protection Act 2012 of Singapore, the Privacy Act 1988 (Cth) of Australia, and all other applicable data protection laws in the jurisdictions where we operate. This Privacy Notice explains how we collect, use, disclose, and protect your personal data when you use our WorkStyles assessment platform and related services ("Services").

2. Personal Data We Collect

We may collect the following categories of personal data:

Identity Information: Name, job title, department, organisation
Contact Information: Email address
Assessment Data: Responses to WorkStyles assessment questions, behavioural preferences, workplace style profiles
Technical Data: IP address, browser type, device information, usage data
Account Data: Username, password (encrypted), account preferences

3. Purpose of Processing

We process your personal data for the following purposes:

To provide and administer the WorkStyles assessment and related services
To generate individual and team reports based on assessment results
To improve our services, assessment methodology, and user experience
To communicate with you regarding your account and our services
To comply with legal and regulatory requirements
To create anonymised, aggregated data for research and benchmarking purposes

4. Disclosure of Personal Data

We may disclose your personal data to:

Your Organisation: If you are using the Services through an employer or organisation, relevant team reports and insights may be shared with authorised personnel within that organisation
Certified Facilitators: Trained facilitators who conduct workshops may access your assessment results to provide guidance
Service Providers: Third-party vendors who assist with hosting, analytics, or technical support, under strict confidentiality agreements
Legal Requirements: When required by law or to protect the rights, property, or safety of GoAspire, our users, or others

We do not sell your personal data to third parties.

5. Data Security

We implement appropriate security measures to protect your personal data, including:

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Role-based access controls
Secure cloud infrastructure hosted on AWS (Singapore region)
Regular security reviews and updates

6. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Assessment data is retained for the duration of your account. Upon account deletion or contract termination, your personal data will be securely deleted or anonymised within 90 days, unless retention is required for legal purposes.

7. Your Rights Under PDPA

Under the PDPA, you have the following rights:

Right of Access: You may request access to your personal data held by us
Right of Correction: You may request correction of any inaccurate, incomplete, or misleading personal data
Right to Withdraw Consent: You may withdraw your consent to the processing of your personal data at any time
Right to Limit Processing: You may request that we limit the processing of your personal data for certain purposes

To exercise these rights, please contact us at [email protected]. We will respond to your request within 21 days as required by the PDPA. A fee may apply for access requests.

8. Data Breach Notification

In the event of a personal data breach that causes or is likely to cause significant harm, we will notify the Personal Data Protection Commissioner and affected individuals in accordance with the PDPA requirements.

9. Cross-Border Data Transfer

Your personal data may be transferred to and processed in countries outside Malaysia where our service providers are located. We ensure that any such transfer is conducted in compliance with the PDPA and that adequate safeguards are in place to protect your personal data.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse site performance, and understand how you interact with our Services. You can manage cookie preferences through your browser settings.

11. Changes to This Notice

We may update this Privacy Notice from time to time. We will notify you of any material changes by posting the updated notice on our website. Your continued use of the Services after such changes constitutes acceptance of the updated notice.

12. Contact Us

If you have any questions about this Privacy Notice or wish to exercise your rights, please contact us:

Email: [email protected]

Address:

GoAspire Sdn Bhd

Kuala Lumpur, Malaysia

13. Governing Language

This Privacy Notice is provided in both English and Bahasa Malaysia. In the event of any inconsistency between the English and Bahasa Malaysia versions, the English version shall prevail.

14. Supplementary Notice for Australian Users

14.1 Applicability — This section applies if you are located in Australia and supplements the main Privacy Notice above. Where this section conflicts with the main notice, this section prevails for Australian users. 14.2 Governing Law — In addition to Malaysia's PDPA, GoAspire complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) when handling personal information of Australian individuals. 14.3 Anonymity and Pseudonymity — APP 2 provides you with the option of not identifying yourself or using a pseudonym. However, due to the nature of our Services (workplace preference assessments linked to your identity for team reporting), it is impracticable for us to provide the Services on an anonymous or pseudonymous basis. 14.4 Cross-Border Disclosure — Your personal information may be disclosed to recipients in Malaysia and processed on servers in Singapore (AWS ap-southeast-1). GoAspire takes reasonable steps to ensure overseas recipients handle your information in accordance with the APPs, as required by APP 8. 14.5 Access and Correction — You may request access to, or correction of, your personal information under APPs 12 and 13. Contact us at [email protected]. We will respond within 30 days. 14.6 Data Quality — GoAspire takes reasonable steps to ensure personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant, as required by APP 10. 14.7 Complaints — If you believe we have breached the APPs, you may lodge a complaint with us at [email protected]. We will investigate and respond within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. 14.8 Notifiable Data Breaches — GoAspire complies with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach involving your personal information, we will notify you and the Australian Information Commissioner as required by law.

15. Supplementary Notice for Singapore Users

15.1 Applicability — This section applies if you are located in Singapore and supplements the main Privacy Notice above. Where this section conflicts with the main notice, this section prevails for Singapore users. 15.2 Data Protection Officer — GoAspire has designated a Data Protection Officer as required under Section 11(3) of the PDPA 2012. The DPO is contactable at [email protected]. 15.3 Consent — Where you participate in the WorkStyles assessment through your employer or organisation, your consent to the collection, use, and disclosure of personal data described in this notice may be deemed consent under the PDPA 2012, as your participation is voluntary and for a purpose that is reasonably expected. 15.4 Cross-Border Transfer — Your personal data may be transferred to and processed in Malaysia. GoAspire ensures that recipients of your personal data outside Singapore provide a standard of protection comparable to that under the PDPA 2012, as required by Section 26. 15.5 Access and Correction — You may request access to, or correction of, your personal data held by GoAspire. Contact us at [email protected]. We will respond within 30 days. 15.6 Retention — GoAspire retains your personal data only for as long as necessary to fulfil the purposes described in this notice, or as required by law. Data will be disposed of in accordance with Section 6 of the main notice. 15.7 Do Not Call — GoAspire does not conduct telemarketing calls or send marketing messages to Singapore telephone numbers. Do Not Call Registry obligations under Part IX of the PDPA 2012 are not triggered by our Services. 15.8 Data Breach Notification — In the event of a notifiable data breach, GoAspire will notify the Personal Data Protection Commission (PDPC) within 3 calendar days of assessing the breach as notifiable, and affected individuals as soon as practicable, in accordance with the PDPA 2012 (as amended 2021). 15.9 Complaints — If you have a complaint regarding our handling of your personal data, please contact us at [email protected]. We will investigate and respond within 30 days. If you are not satisfied, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.