Privacy Notice

Effective Date: [20th July 2017]

Updated: [9th April 2020]


  1. Security Risk Pte. Ltd. (Company No. 201720434E) (“Security Risk”, “we”, “our”
    or “us”) is a company which offers a Software-as-a-Service to companies that intend
    to manage their security operations on the cloud(“Services”).

  2. We act in accordance with applicable data privacy laws, such as the Personal Data
    Protection Act 2012 (No. 26 of 2012) of Singapore (“PDPA”), when collecting and using
    Personal Data that you have provided to us, or which we have obtained from your visits to
    our websites and/or our mobile applications (“Platform”). Where our processing of
    your Personal Data is subject to other data protection/privacy laws, such as the European
    Union General Data Protection Regulation (Reg. 2016/679) (“GDPR”), we will process
    your Personal Data in accordance with such laws.

  3. This Privacy Policy (“Policy”) sets out the essential details relating to how we
    handle your Personal Data, and sets out how we collect your Personal Data, what Personal
    Data we collect, how we use it, and what rights you have in relation to our processing of
    your Personal Data.

  4. For the purposes of this Policy, “Personal Data” refers to data, whether true or not, about
    an individual who can be identified (a) from that data; or (b) from that data and other
    information to which we have or is likely to have access; or any other definition of “Personal
    under applicable law.

  5. The words “we”, “us”, “our” or any of their derivatives refer to Security Risk and its
    successors and any novatee, assignee, transferee or purchaser of Security Risk’s rights
    and/or obligations hereunder and any reference to Security Risk includes a reference to such
    successor, novatee, assignee, transferee or purchaser. The words “you”, “your”, “yours” or
    any of their derivatives refer to the person using our Services, operating any account
    maintained with us, accessing our Platform, or otherwise providing information to or
    communicating with us and shall include, as the context may require, personal
    representatives (as the case may be).

How we collect Personal Data

  1. Depending on the nature of your interaction with us, we use different methods to collect Personal Data from and about you, including without limitation, through:

    1. Direct Interactions
      We may collect your Personal Data when you engage us for any of our Services, whether
      in writing, orally or through our Platform. We may also collect Personal Data to
      comply with any Services that you request for, to correspond with you and/or where
      you submit your Personal Data to us for any other reason (whether voluntary or
    2. Automated Interactions
      We may automatically collect your Personal Data when you interact with us (e.g. via
      the use of our Platform or through electronic communications). For more information
      on cookies, please refer to Section I below.
    3. Third Parties
      We may collect your Personal Data from third parties (e.g. your employer while
      setting up a sentry or responder account for you or regulatory authorities for the
      purpose of verifying your license to provide security services) for the purposes of
      providing our Services, including Personal Data in publicly available sources.

      Where your Personal Data is collected from third parties, we will only use such
      Personal Data where you have provided your consent to the third party which would
      also cover our processing of your Personal Data or where otherwise permitted to do
      so by applicable law.

  2. If you are submitting Personal Data of another individual to us, you confirm that such
    Personal Data is true and correct. You further confirm that you will not provide us with any
    Personal Data unless you have ensured that you have obtained all necessary consents and/or
    have provided any required notices to the individuals. Alternatively, you may provide
    Personal Data to us if you have another legal justification to provide such information to
    us so that we can use it for the purposes and on the bases set out in this Policy.

What Personal Data we collect

  1. The type and quantity of Personal Data we collect and how we use it depends on the purpose
    for which you provided such Personal Data. We will seek to minimise our collection to what
    is necessary for each relevant function or service.

  2. We may collect the following kinds of Personal Data about you when you engage us for our
    Services or use our Platform:

    1. Personal contact data including name, telephone number, email address, residential
      address and correspondence address.
    2. Location data.
    3. Identification information (including photographs).
    4. Business or employment information such as occupation and education.
    5. Personal opinions made known to us (e.g. your feedback).
    6. Information relating to the usage of our Services and/or Platform (e.g. browsing
    7. Other information you may choose to provide us. For example, incident reports, images
      and recordings.
    8. Any other personal data reasonably required in order for us to provide the Services to
      you or for you to use our Platform.
    9. Any other personal data permitted by or required to comply with any applicable local or
      foreign laws. These laws include regulations, notices, notifications, rules, circulars,
      licence conditions, directions, requests, requirements, guidelines, directives, codes,
      information papers, practice notes, demands, guidance and/or decisions of any national,
      state or local government, any agency, exchange, regulatory or self-regulatory body, law
      enforcement body, court, central bank or tax revenue authority or any other authority
      whether in Singapore or elsewhere, whether having the force of law or not (including any
      intergovernmental agreement between the governments or regulatory authorities of two or
      more jurisdictions or otherwise), as may be amended from time to time.

How do we use your Personal Data

  1. We generally use and process your Personal Data for the purposes below or if we are
    otherwise legally permitted to do so.

  2. Providing services and features

    Your Personal Data may be used to provide, personalise, maintain and improve our Services.
    This includes using your Personal Data to:

    1. Provide you with Services as requested by you.
    2. Create, administer and update your account on our Platform.
    3. Verify your identity.
    4. Enable features that personalise your experience on our Platform, such as your
    5. Track the progress of your assignment.
    6. Perform internal operations necessary to provide our Services, including troubleshooting
      software bugs and operational problems conducting data analysis, monitoring and
      analysing usage and activity trends.
    7. To assess and comply with any requests or instructions from you.

    Safety and security

    Your Personal Data may be used to ensure the safety and security of our Services and all
    users. This includes using your Personal Data to:

    1. Prevent, detect and combat unsafe activities.
    2. Sharing location and details when you embark on your assignment.
    3. Monitoring compliance with our internal policies and procedures.
    4. Detecting and preventing crime.

    User support

    Your Personal Data may be used to resolve user support issues:

    1. Investigate and address concerns.
    2. Monitor and improve user support responses.
    3. Respond to questions, comments and feedback.
    4. Inform you about steps taken to resolve user support issues.

    Research and development and security

    Your Personal Data may be used for research, analysis and development of our Services and
    Platform. This allows us to, amongst others, understand and analyse your needs and
    preferences, protect your Personal Data, improve and enhance the safety and security of our
    Services and Platform.

    Legal purposes

    Your Personal Data may be used to investigate and resolve claims or disputes, or as allowed
    or required by applicable law. Your Personal Data may be used when we are required, advised,
    recommended, expected or requested to do so by our legal advisors or any local or foreign
    legal, regulatory, governmental or other authority.

    Marketing and promotions

    Your Personal Data may be used for us to communicate marketing materials to you by email,
    push notification, telephone calls, short message services.

    Mergers and acquisitions

    Your Personal Data may be used in connection with mergers, acquisitions, joint ventures, sale
    of company assets, consolidation, restructuring, financing, business asset transactions, or
    acquisition of all or part of our business by another company.

  3. We will generally seek consent to process your Personal Data, unless we are permitted to do
    so without consent in accordance with applicable law.

  4. In addition, to the extent that GDPR applies, your Personal Data may be processed in
    accordance with one or more of the following bases:
    1. It is necessary for the performance of a contract with you.
    2. It is necessary for compliance with a legal obligation.
    3. It is necessary to protect your vital interests or the vital interests of another
    4. It is necessary for the performance of a task carried out in the public interest or in
      the exercise of official authority.
    5. It is necessary for our legitimate interest (or those of a third party), except where
      such interests are overridden by the interests or fundamental rights and freedoms of the
      data subject.

  5. Please note that if you choose not to provide us with your Personal Data or choose not to
    consent to our processing of your Personal Data, we may not be able to provide some or all
    of our Services to you or make available our Platform to you.

  6. If we intend to process your Personal Data for a purpose other than that for which the
    Personal Data was collected, we will provide you, prior to the further processing, with
    information on that other purpose.

Disclosing your Personal Data

  1. We may disclose your Personal Data to third parties from time to time, but will only transfer such Personal Data in circumstances where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required. Some of these parties may include:
    1. Third party service providers (e.g. IT services, data analytics services).
    2. Other users of the Platform (e.g. If you require security services, we will share the Personal Data of the personnel providing security services to you. If you provide security services, we will share your Personal Data with persons requesting for security services).
    3. Our affiliates or partners.
    4. Our professional advisers, consultants and auditors.
    5. Regulatory or supervisory authorities.

Security and Retention


    1. As part of our commitment to protecting your privacy, we implement appropriate technical
      and organisational measures to protect your Personal Data against accidental, unauthorised
      or unlawful use, disclosure, access, destruction, loss, change or damage.

    2. Nevertheless, do note that while we will endeavor to take all reasonable measures to
      protect your Personal Data, you should similarly take all necessary precautions, such as
      implementing strong passwords and limiting access to your device which you use to access our


  1. We keep your Personal Data only for as long as necessary to provide you with the Services
    and to operate our Platform, to fulfil our processing purposes, in accordance with our legal
    obligations and for legitimate business purposes. Please refer to our Data Retention Policy
    for further information.

  2. The retention period for your Personal Data may vary based on the specific circumstances.
    Nevertheless, in determining the appropriate period to lawfully retain your Personal Data,
    we will consider inter alia, the:
    1. Amount, nature and sensitivity of Personal Data.
    2. Purposes for which Personal Data is retained.
    3. Appropriate security measures and, if any, relevant technical constraints.
    4. Applicable legal requirements.

  3. If you request that we stop sending you marketing materials, we may keep a record of your
    contact details and appropriate information to enable us to comply with your request not to
    be contacted by us. In such instances, we will endeavor to retain only minimal Personal Data
    to effect the above.

  4. Nonetheless, if you withdraw your consent (where we rely on consent as our legal basis) or
    object to our processing of your Personal Data, you may at any time request that we erase or
    delete your Personal Data. Upon receipt of such request, we shall, within a reasonable time,
    delete or anonymise your Personal Data unless we are legally permitted or required to retain
    such Personal Data (e.g. ongoing dispute, tax obligations, accounting purposes, compliance
    with any legal obligations).

Transfer to other countries

  1. In the provision of our Services and the operation of our Platform, the Personal Data we collect may be transferred to and processed by third parties in other countries. In all such instances, Security Risk shall ensure that the transfer of your Personal Data is carried out in accordance with any applicable laws and that appropriate safeguards (e.g. contractual, technical and organisational measures) are put in place before such transfer takes place.


  1. Our Platform uses cookies in order to facilitate your experience when browsing our

  2. For the purposes of this Policy, a “cookie” is a small piece of information sent by a web
    server to the Platform, which enables the server to collect information from the Platform.

  3. Security Risk uses cookies which are necessary for the functioning and operation of the
    Platform. We may also use cookies that allow us to track, record and analyse data in
    relation to the activity on our Platform (e.g. site traffic and volume, site usage
    statistics, operating system, referral source or device information), or recognise you
    whenever you return to our Platform for us to customise your browsing experience based on
    your preferences.

  4. Please note that if you choose not to receive cookies, you may not be able to properly
    utilise the full functionalities of the Platform.

  5. We may display advertisements from third parties or provide links to third party websites
    on our Platform. In these instances, Security Risk cannot be held responsible or liable for
    the privacy practices and policies of the third party. As such, please read the privacy
    policies of such third parties to find out how they process and collect your Personal Data
    when visiting these third party web sites.

How to Access and Control your Personal Data

  1. Individuals are given rights in relation to their Personal Data pursuant to the
    applicable law. We respond to all requests we receive from individuals wishing to
    exercise their data protection rights in accordance with applicable data protection

  2. For security reasons, in relation to certain rights, we may request for information to
    verify your identity before processing your request.

  3. In general, the rights afforded to individuals are:
    1. Right to Access

      The right to be informed of and request access to the Personal Data that we
      process about you. This will enable you to check what Personal Data we are
      processing and whether the processing is lawful.

      We will respond to your access request as soon as reasonably possible. Should we
      not be able to respond to your access request within 30 days after receiving
      your access request, we will inform you in writing via email within 30 days of
      the time by which we will be able to respond to your request.

    2. Right of Correction/Rectification

      The right to request that we amend or update your Personal Data where it is
      inaccurate or incomplete. While we shall make a reasonable effort to ensure that
      the Personal Data we collect is accurate and complete, you are responsible for
      ensuring the accuracy of the Personal Data that you provide to us directly.

      We will respond to your correction request as soon as reasonably possible. Should
      we not be able to perform the correction request within 30 days after receiving
      your request, we will inform you in writing via email on the time by which we
      will be able to perform your correction request.

    3. Right to Withdraw Consent

      The right to withdraw your consent at any time, where consent is the legal basis
      of the processing of your Personal Data. Depending on the nature and scope of
      your request, we may not be in a position to continue performing our obligations
      in the course of providing our Services to you.

  4. You may also have one or more of the following rights as available and subject to
    applicable laws such as the GDPR:


    1. Right to Erasure

      The right to request that we erase Personal Data concerning you without undue

    2. Right to Restriction of Processing

      The right to request that we restrict the processing of your Personal Data in
      certain circumstances such as where the accuracy of your personal data is
      consented to enable us to verify the accuracy of your Personal Data.

    3. Right to Object

      The right to object to your Personal Data being processed by us for direct
      marketing purposes, or to, at any time, object to us processing your
      Personal Data on grounds relating to your particular situation.

    4. Right to Data Portability

      The right to request a copy of your Personal Data in electronic format and
      the right to transmit that Personal Data for use in another party’s

    5. Right not to be subject to Automated Decision-making

    The right to not be subject to a decision based solely on automated decision-making
    where the decision would have a legal effect on you or produce a similarly
    significant effect.


  5. If we send you electronic marketing messages based on your consent or as otherwise
    permitted by applicable law, you may, at any time, respectively withdraw such consent or
    declare your objection at no cost. The electronic marketing messages you receive from
    Security Risk will also include an “unsubscribe” option within the message itself to
    enable you to manage your Personal Data. Please note that if you opt-out of receiving
    direct marketing materials, we may still send you non-promotional messages, such as
    information about the Services we are providing to you.

  6. To the extent permitted by applicable law, we may not accede to your request. If we are
    unable to accede to any request submitted by you, we shall inform you of the reasons why
    we are unable to do so.

  7. Additionally, you have the right at any time to lodge a complaint with the relevant
    Data Protection Authority if you are unhappy with the way in which we are using your
    Personal Data.

  8. In order to enable you to exercise these rights with ease and to record your
    preferences in relation to how Security Risk uses your Personal Data, you may manage
    your privacy preferences at any time via the Platform or by contacting our Data
    Protection Officer at ian.stewart@securityrisk.com .

Changes to this Policy

  1. We may amend the terms of this Policy from time to time (e.g. to respond to changes in any applicable law). Where the terms of this Policy change, we will notify you of any changes, including by displaying the notice within our Platform or by sending you an email. Additionally, you may also wish to refer to the “updated” date at the start of this Policy. If you continue to use our Services, operate any account maintained with us, access our Platform, and/or otherwise provide information to or communicate with us, you consent to our updates to this Policy without reservation.

Contact Us

  1. If you have any questions about your privacy, your privacy rights, or how to exercise
    them, please feel free to contact our Data Protection Officer at

  2. We will respond to your request within a reasonable period of time upon verification of
    your identity (if applicable).

Leslie Tan

Chief Operating Officer

Leslie Tan has held numerous senior positions within product, sales, business development, marketing, and operational teams, spanning a range of industries and in various locations across Asia Pacific.

He has an in-depth understanding of all the strategic and operations functions of a business, including how to develop a group of individuals into a highly productive, unified team.

Before joining Software Risk, Leslie worked for leading global technology and consumer brands and also owned and operated several other businesses.

As COO of Software Risk, Leslie has a broad set of responsibilities—from partnering with the CEO and management team to develop and execute strategic business initiatives, overseeing the day-to-day operations of the business, ensuring compliance with corporate governance, policies and processes, as well as taking a hands-on role in driving all aspects of products/services go-to-market and their performance.

A born and bred Singaporean, with a global mindset, Leslie is a firm believer of the importance of establishing a first-hand understanding of a client’s business to understand their key concerns and objectives and then provide them with a solution to those needs.

Dr Dennis

Chief Technology Officer

With both an undergraduate degree and doctorate in computer science, followed by 10 years of experience as a software engineer and solutions architect, Dennis brings a unique combination of research, teaching, and software engineering expertise to the Software Risk team.

He has worked on both large and small-scale projects and products, as well as consulting to the Australian Department of Defence on intelligence analysis.

Dennis’ passion for technology and solving problems, combined with his qualifications and professional experience, enable him to quickly identify how technology can solve a problem, rather than always relying on people.

He works with his team to develop smart tools that do not rely on language or technical know-how, ensuring accessibility and ease of use.

Dennis and his team of Software Risk software engineers are skilled at assessing client requirements, researching suitable technologies, designing solutions, and developing products.

With a focus on quality, security, and privacy, Dennis’ technology team ensures rigorous testing and evaluation of the features and design before delivering them to market. This commitment provides clients with the certainty that they are investing in a robust and fit-for-purpose product.

Ian Stewart

(Member of ASIS International)

Software Risk’s Founder, Ian Stewart has a wealth of experience in international executive, strategic, and operational roles across commercial and government sectors. In particular, Ian has spent:

  • Close to ten years working in risk management—including six years at a risk management and security company, providing boutique risk solutions in one of the most demanding operating environments in the world;
  • 20 years in the Australian Army; and
  • 2 years in the Australian Police Force.

Consequently, he brings significant industry experience and unique expertise to his role as Software Risk’s Founder. Ian has an innate understanding of his clients’ commercial business drivers as well as the logistics and specific demands involved in providing security operations.

It is this experience and understanding that drives his vision of using technology to keep people safe for Security Risk Manager (SRM); providing security companies and in-house security teams with an innovative, effective, and cost-efficient solution to the management of their operational needs.