Privacy Policy

Version as at 24 June 2022


vaultbox is a product of Sircured Pte Ltd (“Sircured”). For the purposes of this Policy, vaultbox and Sircured are used interchangeably.  Data entered into a user’s vaultbox account is invisible to Sircured and vaultbox; so lies outside the scope of this Policy. 

This Policy sets out the manner in which Sircured Pte Ltd ("Sircured") collects, uses, manages and protects Personal Data (as defined below) in compliance with the Personal Data Protection Act 2012 ("PDPA") and General Data Protection Regulation (“GDPR”).


Sircured is committed to protecting your privacy and applicable data protection legislation including Personal Data. This Policy applies to all Individuals (as defined below) who provide Sircured with Personal Data or whose Personal Data is otherwise collected, used and/or disclosed by Sircured in connection with and/or for the purposes of its business operations.


This Policy supplements but does not supersede or replace any previous consent which an Individual may have provided to Sircured, nor does it affect any rights that Sircured may have at law in connection with the collection, use and/or disclosure of any data.


Sircured may from time to time update this Policy to ensure it is consistent with its business purposes or to accommodate future changes to applicable legal or regulatory requirements. All updates to this Policy will be published at ("vaultbox Website") and appropriate notifications of any material revisions will be published on the vaultbox Website and may be issued separately to relevant persons such as may be determined by Sircured. Subject to an Individual's rights at law, the prevailing terms of the Policy from time to time shall apply. By continuing their relationship with Sircured after any amendments have been introduced and published on the vaultbox Website, Individuals shall be deemed to have accepted the Policy as amended.



For purposes of this Policy:


"Individual" means a natural person, whether living or deceased and "Individuals" shall be construed accordingly;


“Personal Data” means data that is capable of identifying an Individual, whether on its own or in conjunction with other data accessible to Sircured;


"Personnel" means any Individual engaged under a contract of service with Sircured, permanent or temporary employees as well as trainees and interns engaged by Sircured from time to time; and


“Sensitive Personal Data” includes data relating to race or ethnic origin, political opinions, religions or similar, trade union membership, physical or mental health, sexual life or criminal record.


2.Personal Data collected by Sircured


Sircured will only collect, use or disclose Personal Data about an Individual which it reasonably considers necessary for the relevant purposes underlying such collection, use or disclosure. It is not our policy to seek Sensitive Personal Data, but if an Individual provides us with their Sensitive Personal Data for any reason, by doing so, they indicate their willingness for it to be used as described in this Policy unless otherwise directed at the time of disclosure. Depending on the specific nature of an Individual’s interaction with Sircured, Personal Data which Sircured collects, uses or discloses concerning an Individual may variously include but is not limited to the following:


     a. the  Individual's name, gender and contact particulars, including telephone number(s), residential/mailing address(es)                 and email address;

     b. details of the Individual's identification documents (such as, NRIC or passport numbers), and applicable visa or permits               (such as employment pass, work permit, permanent residency status);

     c. details of the Individual's employment history and academic qualifications;

     d. the name and contact particulars of the Individual’s next-of-kin;

     e. the Individual's network usage data and other information gathered automatically by our computer systems, including the           Individual’s computer IP address, links visited and other activities conducted online or using our computer systems;

     f. photographs and video or CCTV recordings of the Individual; and

     g. other information which the Individual may provide to Sircured, from time to time, in the course of such Individual’s                      interaction with Sircured.

3.How Sircured collects Personal Data


Sircured is a Singapore-registered FinTech Company certified by the Singapore FinTech Association as a Wealth Management, Blockchain & DLT and Capital Markets provider. We collect Personal Data for the purpose of carrying out such services on behalf of our clients worldwide where we have a legitimate interest or other legal interest for processing such information.


Generally, Sircured may collect Personal Data from an Individual in one or more of the following ways or circumstances:


     a. when the Individual interacts with Sircured's Personnel via telephone calls, emails, other correspondence and/or                             face-to-face meetings;

     b. when the Individual visits Sircured's premises;

     c. when the Individual specifically requests that Sircured contact him or her or requests to be included in an email or any                   mailing list maintained by Sircured;

     d. when the Individual responds to any request by Sircured for the provision of Personal Data;

     e. when Sircured receives references or referrals from its business partners or other third parties;

     f. when the Individual attends or participates in any event organised by Sircured;

     g. when the Individual submits his or her Personal Data to Sircured as a potential candidate for hire or in connection with                 current or potential future executive search or recruitment projects;

     h. when the Individual subscribes to Sircured' publication(s); and/or

     i. when the Individual submits his or her Personal Data to Sircured for any other reason related to Sircured' ordinary course            of business operations.

Sircured may also compile data from searches of an Individual’s professional information publicly available via social media platforms such as LinkedIn, Google, Twitter, company websites, the press or other publications as part of our research and assessment.



4.Purposes of collection, use and disclosure of Personal Data


Generally, Sircured collects, uses and/or discloses Personal Data from Individuals for one or more of the following purposes:


A. Provision of services


     a. administering and managing the Individual’s relationship with Sircured;

     b. providing the Individual with information about Sircured’ services and/or the services of any external vendor that is                        providing services or products in partnership or collaboration with Sircured;

     c. providing the Individual with information about Sircured’ search related, recruitment or other business opportunities;

     d. responding to the Individual’s complaints, queries and/or requests;

     e. facilitating and/or organising meetings, interviews or events; and

     f. informing the Individual of changes and/or updates to Sircured' policies, terms and conditions and/or other administrative          information.


B. Security measures

     a. verifying the Individual's identity or monitoring the Individual's activities, including without limitation via CCTV                             observation and/or recording; and

     b. preventing, detecting and investigating fraud, misconduct, any unlawful action, omission or dispute, and whether or not               there is any suspicion of the aforementioned.

C. General business operations of Sircured

     a. web and mobile application for asset/liabilities record-keeping, including documents, contacts, events and passwords;

     b. research and consulting;

     c. administering and managing Sircured' relationship with potential clients and partners; and;

     d. meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines which are binding on Sircured (including but not limited to responding to regulatory complaints, disclosure to regulatory bodies and conducting audit checks, due diligence and investigations).


D. Managing Personnel


     a. administering, managing and/or terminating Sircured' relationship with Personnel;

     b. evaluating the performance of Personnel;

     c. undertaking staff training and quality assurance activities; and

     d. providing Personnel with services, facilities and/or other benefits being offered or made available by Sircured to such                     Personnel as well as information about such services, facilities and benefits.


E. Marketing

     a. where Sircured circulates Sircured' publications or marketing information to an Individual or which may be disseminated to an Individual relating to services offered by Sircured (whether by Sircured or Sircured' business partners) which Sircured thinks is or may be of benefit or interest to him/her via postal mail, electronic transmission to his or her or any email address(es), and/or voice call or phone call and/or fax to his or her or any telephone number(s).


F. Others

     a. for transfer to third party data intermediaries to facilitate any of the aforesaid purposes;

     b. for any purposes reasonably related to any of the above purposes; and

     c. for any other purposes in relation to which Sircured has specifically obtained the Individual's consent.



Unless otherwise authorised under the PDPA or any other applicable law, Sircured will not collect, use or disclose an Individual's Personal Data without his or her explicit consent.


Sircured will take reasonable steps to highlight the purposes relevant to an Individual, by appropriate means, at the point or time of collection of the Personal Data from such Individual, including:


     a. a via express provisions in contracts, application forms and/or registration forms to be signed with or submitted to                          Sircured;

     b. via notifications on Sircured's websites and vaultbox Website; and

     c. in the course of verbal communications.

Where feasible, Sircured will inform the Individual of purposes that are intrinsic to the relationship between Sircured or to the provision of services to such Individual, as well as purposes that are optional.


In so far as any purpose(s) are intrinsic to the relationship or provision of services, Sircured reserves the right to decline to engage in the relevant relationship or to provide the relevant services to the Individual if he or she does not consent to Sircured's collection, use or disclosure of his or her Personal Data for such purpose.



Individuals who:


     a. voluntarily provide their Personal Data to Sircured for the specified purposes;

     b. use or access Sircured's website(s), vaultbox Website or computer network;

     c. enter Sircured's premises or use any of the facilities thereon; and/or

     d. attend or participate in meetings, events or programmes organised by Sircured

will be deemed to agree and consent to Sircured collecting, using and/or disclosing their Personal Data in the manner and for the purposes set forth in this Privacy Policy.


An Individual who provides Sircured with Personal Data relating to a third party for any particular purpose, represents to Sircured that he/she has obtained the consent of the relevant third party to Sircured collecting, using or disclosing such Personal Data for the relevant purpose.

In so far as Sircured collects Personal Data of an Individual from any third party(ies), Sircured will take reasonable steps to inform the relevant third party(ies) of Sircured's purposes for collecting the Personal Data and to verify that consent from the Individual has been obtained by the relevant third party(ies) to such disclosure for the intended purpose.


6.Disclosure of Personal Data


In carrying out one or more of the above Purposes, Sircured may need to disclose Individuals' Personal Data to the following third parties for one or more of the above Purposes:


     a. Sircured's clients. We will only disclose what is necessary for providing our services and will obtain permission from an                 Individual before disclosing Personal Data in detail as part of an executive search process;

     b. third party service providers or agents or external vendors that are providing services or products in partnership or                          collaboration with Sircured;

     c. Sircured's auditors and professional advisors;

     d. any person to whom disclosure is permitted or required by any statutory provision or law;

     e. any permitted assigns;

     f. any local or foreign regulatory body, government agency, statutory board, ministry, department or other government body            and/or its officials; and/or

     g. other parties with the Individual’s consent or at their direction.


7.Withdrawal of Consent


Any Individual who wishes to withdraw his or her consent to any use or disclosure of his or her Personal Data by Sircured as set out in this Policy may do so by contacting Sircured' Data Protection Officer at


Depending on the extent to which an Individual withdraws consent to the use or disclosure of his or her Personal Data by Sircured, such withdrawal of consent may result in Sircured' inability to provide services to the Individual and may be considered as a termination by the Individual of any agreement



between Sircured and the Individual. Sircured' legal rights and remedies are expressly reserved in such event.


In so far as an Individual's data is being collected by cookies, the Individual may disable the use of cookies on his or her internet browser when accessing Sircured’s website. However, this may result in the loss of functionality, restrict the Individual's use of the website and/or delay or affect the way in which Sircured' website operates.


8.Verification of Personal Data & Notification of Changes


Where feasible, Sircured will take reasonable steps to verify the accuracy of Personal Data received at the point of collection but Individuals remain primarily responsible and liable to ensure that all Personal Data submitted by them to Sircured is complete and accurate. Information voluntarily provided by an Individual to Sircured shall prima facie be deemed complete and accurate.


Sircured will also take reasonable steps to periodically verify Personal Data in its possession, taking into account the exigencies of its operations, but Individuals are nonetheless responsible for notifying Sircured, from time to time, of any applicable changes to such Personal Data.


Sircured shall not be held liable for any inability on its part to provide services to an Individual who fails to ensure that his or her Personal Data submitted to Sircured is complete and accurate or who fails to notify Sircured of any relevant changes to such Personal Data.


9.Protection of Personal Data


Sircured makes reasonable physical and technical security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to Personal Data in its possession and ensure staff have training to support this.


If Sircured transfers Personal Data outside Singapore, Sircured takes reasonable steps to ensure that such Personal Data transferred receives a standard of protection comparable to the protection received under the PDPA and GDPR and such transfer shall be subject to this Policy. Sircured will do their reasonable best to ensure that third parties who receive Personal Data from Sircured protect such Personal Data in a manner consistent with this Policy and not use such Personal Data for any purposes other than those specified by Sircured, by incorporating appropriate contractual terms in its written agreements with these third parties. Sircured is not responsible in any way for the security and/or management of Personal Data shared by Individuals with third party websites accessible via links on Sircured's website.


10.Contacting Sircured-Access and Correction of Personal Data


Any Individual who:


     a. has questions or feedback relating to this Policy; and/or

     b. would like to obtain access to his or her Personal Data held by Sircured; and/or

     c. would like to obtain information about the ways in which his or her Personal Data held by Sircured has been or may have                been used or disclosed by Sircured in the year preceding the request; and/or

     d. would like to update or make corrections to his or her Personal Data held by Sircured; and/or

     e. would like to exercise other rights he or she has under applicable legislation, such as the right to restrict/block, object,                    erase, move, copy or transfer his or her Personal Data held by Sircured; and/or

     f. would like to revoke consent to any applicable aspect of this Policy,

        should contact Sircured's Data Protection Officer at


Individuals should note that Sircured is not required, under the PDPA, to provide access and correction to Personal Data in certain exempted situations as set out in the PDPA.


The PDPA allows and Sircured reserves the right to charge a reasonable fee for the handling and/or processing of access requests by an Individual pursuant to paragraphs (b) or (c) above.


11.Governing Law


This Policy shall be governed by and construed in accordance with the laws of Singapore. Any dispute arising out of or in connection with this Policy including any question regarding its existence, validity or termination, shall be referred to and finally resolved by the Courts of Singapore.