Privacy Policy

What Aspects Does the Privacy Statement Cover?

This Privacy Policy ("Policy") sets out how Benevolve Inc. (collectively "Benevolve," "we," "us" or "our") may collect and use Personal Data from individuals and/or through client organisations (collectively "you") in connection with your use of the Mosaix platform, through the website i.e. https://mymosaix.com/, ("Services") that are incorporated in this Privacy Policy.

The purpose of this Policy is to inform you regarding your Personal Data as defined under the Personal Data Protection Act 2012 of Singapore ("PDPA") is processed in a clear and transparent manner, as set out herein. Benevolve operates as a Data Intermediary (as defined under the PDPA) and does not determine the purposes of processing the Personal Data. All processing activities undertaken by Benevolve are pursuant to a written contract or Data Processing Agreement ("DPA") with the relevant Organisation.

This Privacy Statement shall apply uniformly to the Mosaix platform, including desktop website and mobile applications. This Privacy Statement outlines how Benevolve collects, uses, shares, retains, transfers, and stores your Personal Data. Benevolve collects your Personal Data in accordance with the DPA only to the extent necessary to process your requirements, and in accordance with the Personal Data Protection Act 2012 of Singapore.

We do not independently:

• Decide why Personal Data is collected;
• Seek consent from individuals;
• Use Personal Data for our own commercial purposes;
• Sell or trade Personal Data.

What Are the Governing Laws and Jurisdiction?

Benevolve respects your privacy and recognizes the importance of the Personal Data you have entrusted to us. Our commitment to safeguarding your privacy is outlined in this Privacy Statement, which is governed by the Personal Data Protection Act 2012 of Singapore ("PDPA") and guidelines issued by the Personal Data Protection Commission ("PDPC"). This Policy complies with all 11 obligations under the PDPA: Consent, Purpose Limitation, Notification, Access and Correction, Accuracy, Protection, Retention Limitation, Transfer Limitation, Openness, Accountability, and Data Breach Notification.

Data Protection Officer

In compliance with the PDPA Accountability Obligation, Benevolve has appointed a Data Protection Officer ("DPO") responsible for ensuring compliance with the PDPA. The DPO can be contacted at: dpo@benevolve.com

Further, this Privacy Statement has been made in line with the compliance requirements under ISO 27001 and SOC2 certification.

What Personal Data Does Benevolve Collect?

Benevolve collects Personal Data from the Organisation, as necessary to provide and continually improve its products or services. The Personal Data collected includes but is not limited to:

• Contact details: Name, mobile number, residential address, date of birth, education details.
• Employment details: Occupation, designation, employment history and/or organisation details, salary and/or benefits.
• Employees' skills assessments;
• Employees' preferences on their career aspirations.

However, we do not independently determine the categories of Personal Data collected.

We rely on the Organisation to ensure the accuracy and completeness of Personal Data provided to us, in compliance with the Accuracy Obligation under the PDPA.

How Does Benevolve Process Your Personal Data?

Benevolve while processing Personal Data relies on the Organisation:

• That a lawful basis for processing exists;
• That individuals have been provided with appropriate privacy notices;
• That necessary consents (where required) have been obtained.

We process Personal Data for legitimate uses, in order to provide our services, and to perform, among other actions, the following:

1. To process the data for the specified purposes of human resources management for which it was provided to us voluntarily.
2. To undertake research and analytics for offering or improving our products/services and our security and service quality.
3. To develop new products/services and to monitor and review products/services from time to time.
4. To check and process the requirements submitted to us for availing products/services and/or instructions or requests received from you in respect of the products/services.
5. To respond to queries or feedback submitted by you.
6. To verify your identity for us to provide or offer products/services to you.
7. To share with you, updates on changes to the products/services and their terms and conditions including the Benevolve Platform's terms and conditions.
8. To notify in case of suspicious activities or blocking of transactions as per our risk engines.

We process Personal Data solely for providing Services to the Organisation, as well as maintaining, securing, and improving our infrastructure and complying with applicable legal obligations in Singapore and India.

We do not process Personal Data for purposes other than those documented in our DPA with the Organisation.

We do not sell, rent, trade, or otherwise commercialize Personal Data. Further, we do not use Personal Data for independent marketing, profiling, or analytics purposes except as expressly authorized by the Organisation.

How Does Benevolve Handle Personal Data of Children?

We do not collect and process children's personal data for the said Services.

Does Benevolve Use Cookies and Other Tracking Technologies?

Benevolve uses cookies and other tracking technologies depending on the features offered, to enhance your experience, analyse usage patterns, and personalize content. Cookies may collect technical information such as IP addresses, device identifiers, and browsing behaviour, which may constitute Personal Data under applicable law. We process such data in accordance with our Cookie Policy.

Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the website to function correctly. They enable core functionalities such as security, network management, and accessibility. You cannot turn off these cookies through our cookie consent tool.
• Performance and Analytics Cookies: These cookies help us understand how users interact with our website by collecting and reporting information anonymously.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences (e.g., language or region).
• Advertising and Targeting Cookies: These cookies are used to deliver personalized advertisements and track the effectiveness of marketing campaigns. We may set them as third-party advertising partners.

Legal Basis for Using Cookies

• Consent: For non-essential cookies, such as analytics, advertising, and social media cookies, we seek your explicit consent.
• Legitimate Interest: For strictly necessary cookies required for website functionality and security.

Data Collected Through Cookies

Cookies may collect the following types of data: IP address, device information (e.g., browser type, operating system), browsing behavior and interactions (e.g., pages visited, time spent), and referring websites or links. This data is often aggregated and anonymized, but in some cases, it may be linked to your personal information if you provide it elsewhere on our site.

Retention of Cookies

• Session Cookies: Deleted when you close your browser.
• Persistent Cookies: Retained for a specified duration up to 2 years or until manually deleted.

Managing Your Cookie Preferences

Consent and Cookie Banner: When you visit our website for the first time, you will see a cookie banner explaining our use of cookies. You can accept all cookies, reject non-essential cookies, or customize your preferences using our Cookie Consent Tool.

Browser Settings: You can also manage cookies through your browser settings. Most browsers allow you to block or delete cookies and set preferences for first-party and third-party cookies.

Disclosure of Third-Party Cookies

We use third-party cookies on our platform, which may be placed by trusted external service providers such as analytics, advertising, and functionality partners. These third parties may collect information about your online activities over time and across different websites. We do not control these cookies and recommend reviewing the respective privacy policies of these third-party providers for further information.

Does Benevolve Share Personal Data with Third Parties/Subsidiaries/Affiliates?

We only share the data on a "need-to-know" basis to designated personnel or third-parties, affiliates or subsidiaries in our business and operational processes who are bound by contractual confidentiality and data protection obligations.

Does Benevolve Share Your Personal Data Internationally?

The Mosaix application infrastructure is hosted in India. However, all Personal Data of Singapore-based users is stored and resides on servers located in Singapore (AWS ap-southeast-1 region). As Personal Data does not leave Singapore, the Transfer Limitation Obligation under Section 26 of the PDPA does not apply to this data.

Benevolve Inc., as a US-incorporated entity with a Singapore subsidiary (Benevolve Pte. Ltd.), may access Personal Data from outside Singapore for platform maintenance and support purposes. Such access is subject to contractual safeguards in our DPA, encryption in transit (TLS 1.2+) and at rest (AES 256, AWS KMS), and compliance with ISO 27001 and SOC2 certification standards.

What Are the Rights of Individuals Under the PDPA and How Can They Be Exercised?

If you are an individual whose Personal Data is processed through Mosaix, please direct your questions regarding collection, consent, correction, or withdrawal of consent to the Organisation that provided your data to us.

We do not respond directly to individual requests unless authorized by the Organisation. Upon receiving a request from an individual, we promptly notify the relevant Organisation.

We shall provide reasonable assistance to the Organisation to enable compliance with individual rights and obligations, and will respond to Organisation requests as soon as reasonably possible.

Right to Erasure

We shall retain Personal Data only for the duration specified by the Organisation and/or as required by applicable law. Upon termination of the contract or expiration of services by Benevolve, the Personal Data shall be returned or securely deleted in accordance with the instructions of the Organisation, unless retention is required by applicable law.

Right to Grievance Redressal

You have the right to access grievance redressal mechanisms provided by us regarding any concerns or complaints related to the processing of the Personal Data. We will respond to grievances within the prescribed timeframes, and you are encouraged to utilize the mechanisms mentioned below before seeking further legal recourse.

Depending on your jurisdiction, you may have the following rights:

• Access: Request access to your data.
• Rectification: Correct inaccurate or incomplete data.
• Data Portability: Obtain a copy of your data in a portable format.
• Restriction: Request a limitation on the processing of your data.
• Objection: Object to certain processing activities (e.g., direct marketing).
• Withdraw Consent: Withdraw your consent when processing is based on consent.

To exercise the above rights, you can raise queries or complaints with the privacy personnel by email to privacy@benevolve.com

How Does Benevolve Keep Your Personal Data Safe?

Benevolve takes reasonable security safeguards to protect your Personal Data from misuse, loss, unauthorised access, modification, or disclosure and uses the latest secure server layers encryption and access control on its systems. While Benevolve implements reasonable security measures, we cannot guarantee absolute protection for Personal Data due to factors beyond our control, such as hacking, virus, dissemination, force majeure events, breach of firewall etc.

How Long Does Benevolve Keep Your Data?

You can delete your account through Benevolve's desktop website, mobile WAP site, or mobile application. Once deleted, we cease the external processing of the Personal Data.

We retain Personal Data until the purpose for its legitimate usage exists, after which the same is erased by us, or until you withdraw the Services, whichever occurs earlier.

However, Benevolve may retain your Personal Data for longer periods in the following circumstances:

1. If it is necessary for the specified purpose for which it was collected or for compliance with any applicable law.
2. In the event of pendency of any legal or regulatory proceeding.
3. For safety, security, and integrity purposes.
4. Any other purposes such as any judicial and/or governmental investigations.
5. To protect our rights, property, or Services.

What Happens in Case of Data Breach?

In the event of a Personal Data breach that is likely to result in significant harm to affected individuals or is of a significant scale, we notify the Organisation without undue delay. We provide all relevant information to enable statutory reporting to the Personal Data Protection Commission ("PDPC") within 3 calendar days of assessing the breach, as required under the PDPA. We take reasonable measures to mitigate harm and prevent recurrence.

How Does Mosaix Use AI to Process Your Personal Data?

Mosaix is an AI-powered workforce skills intelligence platform. The following AI-driven features process Personal Data:

• Skills Inference: AI analyses employee data to identify, map, and assess workforce competencies and skill gaps;
• Career Recommendations: AI generates personalised career development pathways based on skills profiles and organisational needs;
• Talent Modeling: AI performs workforce modelling to predict future skills requirements and reskilling priorities;
• 360° Assessment Analytics: AI processes multi-source feedback to generate assessment scores and team-level insights.

No solely automated decisions with legal or similarly significant effects are made about individuals without human oversight by the Organisation. AI-generated insights are provided to authorised administrators who retain full decision-making authority.

How Will You Know the Changes in Privacy Statement?

Benevolve reserves the right to modify this Privacy Statement periodically to reflect updates to its business processes, current acceptable practices, or legislative or regulatory changes. The latest version can be accessed at mymosaix.com/privacypolicy.

In case of any significant changes, we will notify you via email or display a notice on our website. You will have the opportunity to review the updated Privacy Statement before deciding to continue using our products or services.

Benevolve — Primary Business Address

This Privacy Policy applies to Benevolve INC.

If you have questions or concerns related to this Privacy Policy, you may contact our Data Protection Officer at: dpo@benevolve.com, or at our primary place of business at: contactus@mymosaix.com

Capitalised terms which have not been defined here shall have the meaning ascribed to them in the Personal Data Protection Act 2012 of Singapore.

For complaints not resolved to your satisfaction, you may contact the Personal Data Protection Commission (PDPC) of Singapore at https://www.pdpc.gov.sg.