Atc Finetr Software Pte. Ltd.

1. Introduction

Atc Finetr Software Pte. Ltd. ("Ascent," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information when you visit our website at www.ascentbusiness.com (the "Website").

This Privacy Policy explains:

• What information we collect about you
• How we use your information
• When and with whom we share your information
• How we protect your information
• Your rights and choices regarding your information
• How to contact us with questions or concerns

By using our Website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

2. About Atc Finetr Software Pte. Ltd.

Atc Finetr Software is a Singapore-headquartered Enterprise Risk & Resilience firm that provides AI and ML-driven platforms for financial services and related industries. Our products include:

• AutoResilience: Operational resilience management platform
• AutoRecon: Enterprise reconciliation software solution
• AutoEscrow: Escrow and trust account management solution

We operate across multiple jurisdictions including Singapore, India, UAE, and Saudi Arabia, serving clients in the financial services, banking, and related sectors.

3. Information We Collect

3.1 Information You Provide Directly

When you interact with our Website, we may collect the following information that you provide directly:

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information through cookies and similar technologies:

3.3 Information from Third Parties

We may receive information about you from third-party sources:

4. How We Use Your Information

We use your personal information for the following legitimate business purposes:

4.1 Service Provision and Customer Support

• Responding to inquiries and providing customer support
• Scheduling and conducting product demonstrations
• Processing requests for information, whitepapers, and resources
• Providing technical support and troubleshooting assistance
• Managing user accounts and access to restricted content

4.2 Marketing and Business Development

• Sending marketing communications about our products and services
• Nurturing leads through email campaigns and targeted content
• Inviting you to webinars, events, and industry conferences
• Personalizing website content and marketing messages
• Conducting market research and gathering feedback

4.3 Website Optimization and Analytics

• Analyzing website performance and user behavior
• Conducting A/B testing to improve user experience
• Optimizing content and navigation based on usage patterns
• Measuring the effectiveness of marketing campaigns
• Detecting and preventing fraud or security threats

4.4 Legal and Compliance Purposes

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Protecting our rights, property, and safety
• Enforcing our terms of service and other agreements
• Conducting internal audits and compliance reviews

4.5 Sub-Processor

To support our business operations and deliver services effectively, we may engage third-party service providers (“sub processors”) who process Personal Identifiable Information (PII) on our behalf. These sub processors are contractually bound to adhere to strict data protection and confidentiality obligations in line with applicable privacy laws and information security standards. We ensure that:

• Each sub processor undergoes a risk assessment prior to engagement.
• Data Processing Agreements (DPAs) are signed to define the scope, purpose, and security measures for data processing.
• Sub processors are only permitted to access PII necessary to perform the contracted services.
• Regular reviews and audits are conducted to monitor compliance with our privacy and security requirements.

A current list of our sub processors is as follows:

1. Microsoft
• ⁠Data Center Location: Indian Data Centers of Azure only (Pune, Mumbai, Chennai)
• Data field Stored: First Name, Last Name, Email, Mobile, Description
2. Zoho CRM
• Data Center Location: Zoho Data Center only (Chennai, Mumbai)
• Data field Stored: First Name, Last Name, Email, Mobile, Description, Message, I am interested in, Country, Company, Designation/Title

5. Legal Basis for Processing

Our legal basis for processing your personal information depends on the specific context and jurisdiction:

5.1 Consent

Where required by law, we process your information based on your explicit consent, particularly for:

• Marketing communications and newsletters
• Non-essential cookies and tracking technologies
• Optional data collection for enhanced services

5.2 Legitimate Interests

We may process your information based on our legitimate business interests, including:

• Providing and improving our services
• Marketing to existing and prospective customers
• Analyzing website performance and user behavior
• Detecting fraud and ensuring security

5.3 Contractual Necessity

We process information necessary to:

• Respond to your inquiries and service requests
• Provide customer support and technical assistance
• Fulfill our obligations under agreements with you

5.4 Legal Obligations

We process information to comply with:

• Applicable data protection laws
• Financial services regulations
• Court orders and legal process
• Tax and accounting requirements

6. Information Sharing and Disclosure

We may share your personal information in the following circumstances:

6.1 Service Providers and Vendors

We share information with trusted third-party service providers who assist us in operating our Website and business:

6.2 Business Partners

• Authorized resellers and implementation partners (with your consent)
• Joint venture partners for co-marketing activities
• Industry associations and conference organizers
• Integration partners and technology vendors

6.3 Legal and Regulatory Requirements

We may disclose your information when required or permitted by law:

• In response to legal process, court orders, or government requests
• To comply with applicable laws and regulations
• To protect our rights, property, or safety
• To investigate fraud or security incidents
• In connection with legal proceedings or disputes

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to appropriate confidentiality protections.

7. International Data Transfers

As a Singapore-headquartered company with global operations, we may transfer your personal information across international borders:

7.1 Transfer Mechanisms

• Adequacy Decisions: Transfers to countries with adequate data protection levels
• Standard Contractual Clauses: EU-approved data transfer agreements
• Binding Corporate Rules: Internal data transfer policies
• Consent: Explicit consent for specific transfers where required

7.2 Key Transfer Destinations

• Singapore: Our primary data processing location
• India: Development and support operations
• UAE: Regional sales and support
• United States: Cloud infrastructure and technology services
• European Union: Marketing and business development

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

8.1 General Retention Periods

• Marketing Communications: Until you unsubscribe or withdraw consent
• Customer Inquiries: 3 years from last interaction
• Website Analytics: 26 months (Google Analytics default)
• Legal Documentation: As required by applicable law (typically 7 years)

8.2 Factors Affecting Retention

• Legal and regulatory requirements
• Legitimate business purposes
• Customer relationship status
• Data subject requests for deletion
• Contractual obligations

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

9.1 Technical Safeguards

• Encryption of data in transit and at rest
• Multi-factor authentication for system access
• Regular security assessments and penetration testing
• Intrusion detection and monitoring systems
• Secure development practices and code reviews

9.2 Organizational Measures

• Staff training on data protection and privacy
• Role-based access controls and need-to-know principles
• Regular privacy impact assessments
• Incident response and breach notification procedures
• Vendor security assessments and contractual protections

9.3 Compliance Certifications

• ISO 27001 Information Security Management
• SOC 2 Type II compliance
• GDPR compliance framework
• Industry-specific security standards

10. Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

10.1 Access and Portability Rights

• Right to Access: Request a copy of the personal information we hold about you
• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Information: Understand how your data is being processed

10.2 Correction and Update Rights

• Right to Rectification: Correct inaccurate or incomplete information
• Right to Update: Modify your communication preferences
• Right to Supplement: Add missing information to your profile

10.3 Deletion and Restriction Rights

• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Limit how we use your information
• Right to Object: Opt out of certain types of processing

10.4 Consent and Communication Rights

• Right to Withdraw Consent: Withdraw previously given consent
• Right to Opt-Out: Unsubscribe from marketing communications
• Right to Cookie Control: Manage cookie preferences

10.5 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 15. We will respond to your request within the timeframes required by applicable law (typically 30 days).

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your website experience. For detailed information about our use of cookies, please refer to our separate Cookie Policy available at www.ascentbusiness.com/cookies.

11.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality
• Analytics Cookies: Help us understand website usage
• Marketing Cookies: Enable targeted advertising and personalization
• Functional Cookies: Enhance website features and user experience

11.2 Cookie Management

You can control cookies through:

• Our cookie consent banner and preference center
• Your browser settings and privacy controls
• Third-party opt-out mechanisms
• Industry-standard privacy tools

12. Third-Party Links and Services

Our Website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to these third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services you access through our Website.

13. Children's Privacy

Our Website and services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us immediately, and we will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated Privacy Policy on our Website
• Update the "Last Updated" date at the top of this policy
• Notify you via email if you have subscribed to our communications
• Provide prominent notice on our Website for significant changes
• Obtain new consent where required by applicable law

We encourage you to periodically review this Privacy Policy to stay informed about our privacy practices.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

15.1 Data Protection Officer

15.2 Regional Contacts

15.3 Supervisory Authorities

If you are located in the European Union and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

For residents of Singapore, you may contact the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.

16. Governing Law

This Privacy Policy is governed by the laws of Singapore. Any disputes arising under this Privacy Policy will be subject to the exclusive jurisdiction of the courts of Singapore, except where local law requires otherwise.