Data Protection Notice

Introduction

At Nautilus SIP Pte Ltd (“Nautilus”,“we”,“us”, or “our”), we are committed to protecting your personal data and respecting your privacy.

As a Singapore-based provider of cloudcommunication and contactcenter solutions, we help businesses stay connected with secure, innovative voice technologies. We recognise that the responsible use of personal data is essential to maintaining the trust of our customers, partners, employees, and other stakeholders. This Data Protection Notice (“Notice”) outlines how we collect, use, disclose, and safeguard personal data in accordance with the Personal Data Protection Act 2012 (PDPA) and other applicable laws.

This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations that we may engage to collect, use, disclose, or process data on our behalf. Where applicable, we take reasonable steps to comply with relevant data protection requirements.

Types of Personal Data We Collect

Depending on your interaction with us, the personal data we collect may include:

  • Contact information (e.g., name, address, phone number, email )
  • Identification details (e.g., NRIC, FIN, or passport number) where required by law or vendors for verification or regulatory compliance
  • Service and billing information
  • Employment information (for job applicants)
  • Technical and device data related to service use

We collect NRIC or other identifiers only when necessary, such as to comply with government regulations, verify identity, or meet vendor or partner requirements for service provisioning.

Such identifiers are collected only where strictly necessary and are protected with enhanced security controls.

Ways We Collect Personal Data

We collect personal data that is necessary for us to deliver our services, manage relationships, and comply with regulatory requirements. This may include both customer and end-user information obtained through our cloud phone platform, SIP trunking, and contact center applications.

Examples of when we collect personal data:

  • When you enquire about our range of services
  • When you subscribe to or use our services.
  • When you enter into a contract or agreement with us.
  • When you communicate with us via calls, emails, or online forms.
  • When you visit our website and submit an enquiry.
  • When you apply for a job or submit a resume and cover letter in response to our recruitment advertisements.
  • When we receive your information through referrals or business partners.

We may collect, disclose, or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law, such as during the following situations:

  • To respond to an emergency that threatens your life, health, and safety or that of another individual; and
  • Necessary in the national interest, for any investigation or proceedings.

In general, subject to the applicable exceptions permitted in the PDPA, before we collect the above personal data from you, we will notify you of the purposes for which your personal data may be collected, used, and/or disclosed.

Obtaining Consent

Before we collect, use, or disclose personal data, we will notify you of the purpose for which the personal data is being collected, used, or disclosed. We will obtain your expressed consent (including written confirmation where required) before doing so. We will not collect more personal data than is necessary for the stated purpose. If the original purpose for the collection, use, or disclosure of personal data changes, we will seek fresh consent from you where applicable.

You have a choice regarding our collection, use, and disclosure of your personal data. If you choose not to provide the personal data described in this Notice, we may not be able to fulfil our contractual obligations to you, facilitate your request, or provide the relevant services.

Where you provide us with personal data relating to a third party (e.g., spouse, children, parents, referees, and/or employees), you represent and warrant that you have obtained the necessary consent from that third party for the collection, use, or disclosure of their personal data.

We generally obtain consent directly from the individual who is dealing with us. If you appoint a representative to provide consent on your behalf, you are required to provide an authorisation letter confirming the appointment. The authorisation letter should include the full name of the appointed representative and the type of valid identification document used to verify their identity.

Under certain circumstances, we may rely on deemed consent where you voluntarily provide your personal data for a stated purpose, such as when seeking our services or applying for a job with us via email. We will not obtain your consent under the PDPA for the collection, use, or disclosure of your personal data in the following circumstances:

  • The personal data is publicly available.
  • The personal data is disclosed by a public agency or disclosed to a public agency.
  • The personal data is necessary for any investigation or proceedings.
  • The personal data is necessary for legitimate interests, including evaluative purposes (e.g., determining the suitability of a job applicant for the position applied for).
  • The personal data is necessary to manage or terminate an employment relationship.
  • The personal data is necessary for a business asset transaction.
  • The personal data is necessary for a purpose that is clearly in the interests of the individual or necessary to protect the individual’s vital interests.
  • The personal data is necessary for business improvement purposes, such as improving, enhancing, or developing new goods or services.

Use of Personal Data

We use personal data for the following purposes:

  • To provide, manage, and improve our communication and contact center services
  • To verify identity and process billing or payment transactions
  • To manage customer accounts andrespond to service requests
  • To carry out our obligations arising from any contracts entered into between our clients/suppliers and us
  • To comply with legal andregulatory requirements
  • To communicate service updates,maintenance notices, or productimprovements
  • To conduct customer satisfaction surveys and service analytics
  • For recruitment, employment, and HR administration

Disclosure of Personal Data

We may disclose your personal data to:

  • Government agencies (e.g., IMDA, MOM, IRAS) where required by law
  • Business partners and service vendors who assist in service delivery or support
  • Regulatory bodies or law enforcement agencies, when necessary

We ensure that all third parties handling personal data on our behalf are bound by strict confidentiality and data protection obligations comparable to those required under the PDPA.

We will seek fresh consent from you should there be any change to the original purpose for which your personal data was disclosed.

Withdrawal of Consent

You may withdraw your consent for the collection, use, and/or disclosure of your personal data for any or all of the purposes stated above by submitting a written request to us via email or letter.

Upon receiving your request, we may require a reasonable period of time to process it, depending on the nature and complexity of the request. We will inform you of the outcome and any consequences arising from the withdrawal of consent, including potential legal or contractual implications that may affect your rights and obligations to us. In general, we will process such requests within twenty-one (21) working days from the date of receipt, depending on the nature and complexity of the request.

The consent you provide will remain valid until it is withdrawn. Please note that the withdrawal of consent does not affect our right to continue collecting, using, or disclosing personal data where such actions are permitted or required under applicable laws.

Maintaining Accuracy of Personal Data

We generally rely on personal data provided by you (or your authorised representative). We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading, and kept up-to-date.

If we are in an ongoing relationship with you, it is important that you notify us of any changes to your personal data (such as changes to your contact number, email address, or mailing address). Please update us by informing our Data Protection Officer in writing or via email at the contact details provided.

Measures to Protect Personal Data

We implement appropriate administrative, physical, and technical safeguards to protect personal data against unauthorised access, use, disclosure, alteration, or loss. These measures include the use of data encryption and secure transmissionprotocols, restricted access controls to limit data access to authorised personnel only, regular system monitoring and security audits, and adherence to recognised information security standards such as ISO/IEC 27001:2022.

Notwithstanding these measures, please note that no method of transmission over the Internet or method of electronic storage is entirely secure. While absolute security cannot be guaranteed, we remain committed to protecting personal data and continuously reviewing and improving our information security measures.

Data Retention Practices

We maintain a document retention policy that tracks the retention schedules of job applicants’ personal data in both paper and electronic forms. We will not retain personal data for longer than is necessary to fulfil recruitment, business, legal, or regulatory purposes.

Personal data will be disposed of or destroyed properly and securely when it is no longer required or when the applicable retention period has expired.

Accessing and Correcting Your Personal Data

You may request access to a copy of the personal data we hold about you or request corrections to update or amend any personal data that is inaccurate or incomplete.

Requests for access or correction may be submitted in writing or via email. We will respond as soon as reasonably possible, generally within twenty-one (21) working days. Where we are unable to meet this timeframe, we will notify you and provide an estimated timeline. A reasonable fee may be charged to cover the administrative cost of processing an access request, where applicable.

Managing the Transfer of Personal Data

Personal data collected by Nautilus SIP Pte Ltd is stored and processed through cloud service providers, including Amazon Web Services (AWS) and Google, where applicable. Where configured by Nautilus, our cloud environments are hosted in the Asia Pacific (Singapore) region, and we take reasonable steps to ensure that personal data remains within Singapore whenever practicable. These service providers implement appropriate technical and organisational measures to safeguard personal data and comply with applicable data protection laws, including the PDPA.

We generally do not transfer personal data outside Singapore. If there is a business or operational requirement to do so, we will obtain consent from the individual where necessary and ensure that the recipient organisation provides a standard of protection comparable to that under the PDPA, including through contractual safeguards.

Use of Cookies and Tokens

Our website does not use cookies or tracking technologies to collect personal information. However, we use secure tokens for our customer portals to manage login sessions and provide access to our services. These tokens are used only for authentication and session management and do not track your activity for marketing or analytics purposes.

Contacting Us

For any questions, feedback, or requests regarding your personal data, please contact:

Data Protection Officer (DPO)
Nautilus SIP Pte Ltd
Email: john.alam@nautilus-network.com
Address: 62 Ubi Rd 1, #11-13, Oxley Bizhub 2, Singapore 408734

Effect of Notice and Changes to Notice

This Notice supplements any other agreements or consents you may have provided. We may update this Notice periodically to reflect changes in our data protection practices. The updated version will be posted on our website.

Effective date: 9 September 2025
Updated on: 01 March 2026