As of July 2025

The Simple Sum Pte. Ltd. respects the privacy rights of our users ("you” or “your”) and are strongly committed to protecting your privacy. When we refer to “TSS”, “we”, “us” “our”, we refer to The Simple Sum Pte. Ltd. and where applicable, its affiliates, whereby the term “affiliate” with respect to a party hereto shall mean any person or entity that controls, is controlled by, or is under common control with, such party (with “control” meaning the ability to control via board control, equity ownership, contract or otherwise). This Privacy Policy applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes. This Privacy Policy aims to give you information on how we collect, process, use, disclose and retain your personal data through our website (“our site”) and other services provided by us in connection with the outreach event (the “Outreach”) for the Temasek Youth Challenge 2025 (the “Challenge”) organised in conjunction with Temasek Capital Management Pte. Ltd. (“Temasek”) and any services in relation to the Outreach (collectively our “Services” and each a “Service”).

This Privacy Policy is based on the Personal Data Protection Act 2012 of Singapore (as may be amended, supplemented or otherwise modified from time to time, the “PDPA”) and all the associated regulations and guidelines as may from time to time be issued by the Personal Data Protection Commission of Singapore (the “PDPC”). Where the context so permits, terms used in this Privacy Policy shall have the meanings given to them in the PDPA.

Notwithstanding the above, we will take steps to comply with all applicable laws with regards to data privacy, including where local laws are more stringent than this policy. For the purposes of this Privacy Policy, the term “applicable laws” shall mean applicable laws, regulations, codes of practice, guidelines, or rules as may be amended, supplemented or otherwise modified from time to time.

Please review this Privacy Policy in its entirety carefully before using your registration for, attendance of and/or participation in the Outreach, or otherwise providing us with any of your personal data. This Privacy Policy applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. Specifically, this Policy supplements but does not supersede nor replace any other consents which you may have previously provided to us nor does it affect any rights that we may have at law in connection with the collection, use, disclosure and/or retention of your personal data.

1.        Consent

 

1.    We will notify you of the purpose for collection, processing, usage or disclosure of your personal data before we collect, process, use or disclose such personal data respectively, including through the use of this Privacy Policy. By registering for, attending and/or participation in the Outreach, you consent to the collection, processing, usage and disclosure of your personal data for the purposes set out in this Privacy Policy. Under certain circumstances, we may deem that you have provided consent when you voluntarily provide your personal data for specific relevant purposes.

 

2.        Information We Collect

 

1.    We may collect and process certain types of personal data. “Personal data” is data, whether true or not, about you whereby you can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. It does not include data that has been aggregated or made anonymous whereby you can no longer be identified using means reasonably available to us.

 

2.    Personal data includes, among other things, personal data that you voluntarily provide to us, which may include your:

 

1.  Verification information: name; and e-mail address(es);
2.  Contact information: e-mail address(es); and
3.  Biometric information: photographs; and other audio-visual information and recordings,

 

and may be embedded in any other types of information that you choose to communicate or otherwise provide to us or that we may collect about you through our provision of any Services or your transactions with us in general, which may include any inquiries or feedback which we receive from you.

 

3.    In addition, we may also collect personal data provided by other organisations such as your education institute or third-party sources including other entities we believe you have authorised to provide such personal data for and on your behalf, such as business partners, unaffiliated third-party social media companies, data brokers and analysts (via data analytics tools or otherwise), or other information providers, or other commercially and publicly available and legitimate sources as permissible by applicable law (your “authorised representatives”).

 

4.    We also may collect information about you that is not personal data, which may include anonymised or aggregated information, intellectual property or other company information shared with us or your authorised representatives, from your use of the Services or otherwise. This may include:

 

1.  Academic information: education institutes and other status and records; and
2.  Biometric information: photographs; and other audio-visual information and recordings.

 

Where necessary, we may combine this information with personal data or other information that we receive from or about you to provide the Services you require in the manner set out below, which combination of such information possibly could be used to identify you personally.

 

3.        How We Collect, Use and Process Your Personal data

 

1.    We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via an authorised representative after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other applicable laws. We seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

 

2.    We may collect, use and/or process your personal data for the following purposes:

 

1.  checking or verifying your identity as a participant of the Outreach or the Challenge in general;
2.  providing you with our online or offline Services and performing obligations in the course of or in connection with our provision of such Services;
3.  carrying out your instructions or responding to your enquiries, requests for information submitted by your or on your behalf;
4.  administering and managing our relationship with you, including the processing of and attending or responding to any feedback, opinions or comments;
5.  for any logistical or administrative purposes in connection with any of our Services, including informing you or any updates and the sending of any reminders in relation to the Outreach or the Challenge in general;
6.  complying with applicable law or in response to a subpoena, court order, government request, or other legal process for or in connection with litigation, arbitration, mediation, adjudication, government, or internal investigations, or other legal or administrative proceeding;
7.  protecting, enforcing and/or complying with our contractual, legal rights and/or obligations, as applicable, including in relation to that with Temasek in respect of the Challenge;
8.  operating and maintaining our systems and carrying out our business operations or internal protocols and policies properly including to ensure the safety and security of our other Outreach participants, Challenge participants, panellists, representatives and all relevant persons in both physical and online environment, including the prevention of fraud, abuse, or other illegal or prohibited activities;
9.  transmitting to any unaffiliated third parties including Temasek, our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
10.     for any other incidental or ancillary purposes related to or in connection with the above, including audit requirements and carrying out market-related, evaluative, or similar research and analysis to review, develop, improve or enhance our Services.

 

The purposes listed in the above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter.

 

4.        Disclosure of Personal Data and Other Information

 

1.    We may disclose your information, including personal data:

 

1.  to Temasek and our affiliates where they are directly or indirectly involved in the provision of Services or the Challenge in general;
2.  where swift disclosure is required to respond to an emergency threatening the life, safety or health of you or any other persons;
3.  where applicable laws or regulations require such disclosure, such as producing relevant documents or information for the compliance with a subpoena, court order, government request, or other legal process, whether in connection with litigation, arbitration, mediation, adjudication, government, or internal investigations, or other legal or administrative proceeding;
4.  where such disclosure is required for performing obligations in the course of or in connection with our provision of the Services you require or the Challenge in general; and
5.  to third-party service providers, agents, professional advisors and other organisations we have engaged to perform any of the functions listed in the section above for us, including database and other backend related systems (including ActiveCampaign), as well as their respective representatives.

 

The purposes listed in the above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter.

 

5.        Accuracy and Security of Personal data

 

1.    We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our data protection officer in via email at the contact details provided below.

 

2.    Where personal data is submitted by you on behalf of another person or concerns another person other than yourself, you represent and warrant to us that all the necessary consents procured in accordance with applicable law, for such purposes stated in the relevant sections of this Privacy Policy have been obtained from the relevant person(s) and that you have retained proof of these consents, such proof to be provided to us upon our request.

 

3.    Where we have an ongoing relationship with you, it is crucial that you update us of any changes or updates to your personal data. As such, we may from time to time do data verification exercises for you to provide us with any such updates.

 

4.    We strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. We take reasonable effort to implement appropriate administrative, technical, personnel, and physical measures (a) to safeguard personal data against loss, theft, unauthorised use, copying, disclosure, or modification; and (b) to ensure the integrity of the personal data, as encapsulated in our internal data protection rules and PDPA compliance policies. For example, we have the Azure Web Application Firewall set up in place and use the HTTPS protocol throughout our websites and web applications to provide centralised protection from common vulnerabilities and exploits in general, as well as to specifically ensure that our user communications with the servers are encrypted so that personal data are unlikely to be hijacked by third parties without authorisation. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is 100% secure, in particular the transmission of data over open or public networks. Therefore, we recommend against transmitting any confidential or sensitive data over open or public networks.

 

5.    In the unlikely event that we suffer a data breach in relation to personal data, we will assess whether the data breach is notifiable, and will notify the affected persons and/or the PDPC where it is assessed to be notifiable. To be clear, a data breach in and of itself does not trigger any obligation to notify affected persons and/or the PDPC. For this purpose, a “data breach” in relation to personal data means (a) the unauthorised access, collection, use, disclosure, copying, modification or disposal of personal data; or (b) the loss of any storage medium or device on which personal data is stored in circumstances where the unauthorised access, collection, use, disclosure, copying, modification or disposal of the personal data is likely to occur.

 

6.        Retention of Data

 

1.    You agree that we may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

 

2.    Any personal data in our possession or under control will be destroyed and/or where practicable, anonymised when:

 

1.  the purpose for which the personal data was collected is no longer served by the retention of such personal data; and
2.  the retention is no longer necessary for any audit, legal, regulatory, or business purposes, including the maintenance of business records in accordance with record retention requirements under applicable law or for business analysis purposes, as well as make or defend against any legal claims.

 

7.        Transfer of Personal data to Other Countries

 

1.    Some of the uses and disclosures mentioned in this Privacy Policy may involve the transfer and processing of your personal data, as data in transit or otherwise to and in various countries around the world that may have different levels of privacy protection than your country, including the United States. By submitting your personal data, you consent to such transfers and processing.

 

2.    We take reasonable steps to ensure that appropriate levels of protection necessary to maintain the security and integrity of your personal data are in place and that any transferred data is processed only in accordance with the PDPA, the General Data Protection Regulation (“GDPR”) and any other applicable law. Specifically, we have or will have in place appropriate contractual and/or commercial agreements or arrangements to ensure that while under certain circumstances your personal data may be disclosed or transferred to countries which do not have requirements of data protection that is comparable to that under the PDPA, parties will abide by the requirements under applicable law.

 

3.    Where it is necessary for relevant third parties to further disclose personal data onward to other third parties, we endeavour to ensure that these parties also abide by the PDPA or such applicable law.

 

8.        Access, Correction and Withdrawal

 

1.    The consent that you provide for the collection, use, disclosure and retention of all or any parts your personal data will remain valid until such time it is being withdrawn by you in writing.

 

2.    You may request to access and/or correct the personal data currently in our possession or withdraw your consent for the collection, use, disclosure and/or retention of your personal data in our possession or under our control at any time by contacting us at [email protected]. Where appropriate, such request may be referred to the relevant data protection officer, Mr. Jeremy Ong. To the extent possible, we may take steps to verify your identity before granting access or making any changes to your personal data to protect your privacy.

 

3.    For a request to access personal data, we will process your request within a reasonable amount of time from when the request is made.

 

4.    For a request to correct or update personal data, we will process your request as soon as practicable after the request has been made. Such correction or update may involve necessary verification, which may include sending the corrected or updated personal data to other organisations to which the personal data was disclosed within a year before the date the correction or update was made (unless that other organisation does not need the corrected personal data for any legal or business purpose), or if you so consent, only to specific organisations to which the personal data was disclosed by us within a year before the date the correction or update was made.

 

5.    While we will, in most instances, provide a copy of the requested information or make the requested correction or update, where we are unable to provide you with any records of personal data or to make a correction or update requested, we shall, where required under applicable law or otherwise appropriate, inform you of the reasons why we are unable to do so. Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that we have on record, if the record of your personal data forms a negligible part of the document.

 

6.    We may also charge a reasonable fee for the handling and processing of your requests to access, correct and/or update your personal data. You will be notified in advance of such costs.

 

7.    For a request to withdraw your consent to the processing of personal data, we will process your request within a reasonable amount of time from when the request is made (depending on the complexity of the request and its impact on our relationship with you).

 

8.    Our ability to provide Services to you after such withdrawal may be affected depending on the nature and scope of your request, whereby under certain circumstances we may not be in a position to continue providing our Services to you and we shall, in such circumstances, notify you before completing the processing of your request.

 

9.    Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

 

9.        Telemarketing Policy

 

1.    We will not send you promotional and marketing messages via SMS or calls.

 

10.    General Data Protection Regulation 

 

1.  The GDPR is a legal framework for data protection which applies to all organisations, regardless of whether it is established within or outside of the European Union ("EU”) if the organisation processes personal data or possesses personal data of data subjects residing in the EU. Accordingly, this Clause 10 shall only apply to you if you are an EU citizen or resident.

 

2.  We will process your personal data where there is one or more lawful bases to do so under the GDPR, where:

 

1.     You have given your consent for the processing of your personal data;
2.     It is necessary for the performance of a contract you have entered into with us or to take specific steps at your request prior to entering into the contract;
3.     It is necessary to comply with our legal or regulatory obligations under applicable law (as defined in the Privacy Policy);
4.     It is necessary to protect the vital interests of a natural person, whether you or another person;
5.     It is necessary for the performance of a task carried out in the public interest or exercise of official authority on our part; or
6.     It necessary for the purposes of our legitimate interests or another natural person’s legitimate interests.

 

3.  Subject to any exceptions under the GDPR, you have the following rights:

 

1.     Right to access: You have the right to request for confirmation on whether we process your personal data, as well as personal data and any supplementary information as permissible under the GDPR, which will be processed in accordance with this Privacy Policy.
2.     Right to rectification: You have the right to require us to rectify any incomplete or inaccurate personal data, which will be rectified in accordance with this Privacy Policy.
3.     Right to erasure: You have the right to request that we delete personal data we process about you if one of the bases provided under the GDPR applies, which will be erased in accordance with the GDPR.
4.     Right to restrict processing: You have the right to restrict our processing of your personal data in certain circumstances. Examples of such circumstances include the accuracy of your personal data is disputed, where the processing is not lawful under the GDPR, or we no longer need your personal data for processing, but you require the personal data to establish, exercise or defend a legal claim.
5.     Right to object: You have the right to object to our processing of your personal data where such personal data is being processed by us for the performance of a task carried out in the public interest, or in the exercise of official authority on our part, or for the purposes of the legitimate interests pursued by us. Additionally, you have the right at any time to object to our processing of your personal data for direct marketing or for scientific or historical research purposes or statistical purposes.
6.     Right to data portability: You have the right to right to request for personal data processed in the format we have processed such personal data you had provided, which we will process in a structured, commonly used, and machine-readable format. You also have the right to then transmit such personal data to another controller upon obtaining such processed personal data from us, without any hindrance from us.

 

4.  Our Services are not directed to children under the age of 16 (“Children”). We also do not knowingly collect personal data from Children, and will not do so except as permitted under applicable law. To the extent required by applicable law, where we become aware that a Child has provided us with personal data without parental consent, we will delete such information.

 

5.  In addition to the procedures we have put in to deal with any suspected personal data breach as stated in the Privacy Policy, we will notify any applicable regulator and the affected persons of a breach where we are legally required to do so. In determining if we are so required to do so, we will consider in particular the risks to the rights and freedoms of such affected persons.

 

11.    Questions

 

1.  If you have any questions about this Privacy Policy or any other queries in relation to how we manage, protect and/or process your personal data, please contact us at [email protected]. Where appropriate, such request may be referred to the relevant data protection officer, Mr. Jeremy Ong.

 

12.    Updates

 

1.  This Privacy Policy may be updated from time to time and changes to this Privacy Policy take effect when they are posted on our site or otherwise communicated to you via the email address provided at the point of registration of the Outreach. Your attendance and/or participation in the Outreach or the Challenge in general constitutes your acknowledgement and acceptance of such changes. We shall not be responsible or liable to you for any expense, loss, damage, liability or other consequence suffered by you or incurred by you in connection with any of the foregoing actions.