logomenu

PRIVACY POLICY

A. PRIVACY STATEMENT

Bigyellow Pte Limited is a company bearing UEN 202342216M, and having its registered office at 21B Bukit Pasoh Road, 089835 Singapore (“Company”, "We", "Us", "Our" and terms of similar meaning) operating, and/or, mobile applications supported by Android and IOS and features and content etc. (“Platform”). The Company has developed a web based product and the mobile based application supported by Android and IOS and modules, features and content, which is a wellness product containing certain functionalities and features, as updated on the Platform from time to time (“Product”). We are committed to protecting Your privacy in connection with your use of our Product.

The Company is an enterprise application platform that integrates employee wellbeing, microlearning and collaboration into the flow of work to minimise human error, save costs and increase productivity. The Product is an enterprise product and the organisation is provided a code & link for internal circulation, the organisation shall provide this code to its employees. The Employees who log on to the Platform shall be termed as (“End Users”) to access the functionalities provided by the Product. These terms shall be applicable to the organisation, the End Users and any person accessing the Platform. This notice applies to all group structure entities.

  • This Privacy Notice is intended to comply with all applicable laws with regard to the Processing of Personal Data and on the Free Movement of such Data, in so far as Our Services result in collection and/or processing of Personal Information (as defined hereinafter) of users including users who are in the EU,EEA and India to provide appropriate protection and care with respect to the treatment of such Information in accordance with the applicable laws including without limitation, Digital Personal Data Protection Act (DPDP) 2023 , General Data Protection Regulation (GDPR) and Personal Data Protection Act (PDPA) 2012. We have a formal contract or agreement with customers based on the location of processing the personal data.
  • Access to the Product and its functionalities to record and observe the occupational health and safety indicators of an individual. In the event, You are accessing the Product under a corporate package client a company code will be provided to You.
  • Various functionalities to a corporate client and an individual on the Product as provided from time to time.
You agree and confirm that you are aged above 18 years of age. Our services are not directed at or intended for use by children under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly. By using our Product, you (such End User shall hereinafter be referred to as “You”, “Your” as applicable) accept this privacy notice along with any amendments or modifications as may be made from time to time (“Privacy Notice”) and thereby expressly consent to our collection, use and disclosure of Personal Information (as defined below) in accordance with this Privacy Notice. In the event you are using the Product under a corporate package or client package, you hereby provide your consent to us, including any of our authorised personnel, to share the Personal Information with such corporate/client, being your employed organization, and Your information will then be subject to the internal policies of such corporate/client in this regard. We, including any of our authorised personnel, shall not be liable in case of any misuse or breach of Your Personal Information from any third party, including Your organisation. If You do not wish to provide any Personal Information or any of the information as set forth in Section B below, You are not entitled to use this Product or avail of the services provided by the Product per the terms as set out herein. This Privacy Notice is incorporated into and subject to our Terms & Conditions (“Terms”)We reserve the right to modify this Privacy Notice at our sole discretion. To make sure You are aware of any changes, please review this Privacy Notice periodically. You will be deemed to be governed by the terms of the modified Privacy Notice as may be amended from time to time.Please feel free to direct any questions or concerns regarding this Privacy Notice by contacting us through this Product or by writing to us.

B. TYPE OF INFORMATION COLLECTED

  1. In order to provide our full range of Services, we may collect the following types of information from You (as applicable), with Your clear and affirmative consent, including but not limited to:
    1. Your employee ID;
    2. Age;
    3. Email address;
    4. Name of the vessel;
    5. Role/Designation;
    6. Demographic details
    7. Health and wellness related information collected from wearable device information or otherwise (including but not limited to lab reports, blood work, wellness data, sleep cycle data, heart rate, steps count, spo2% and such other related data), where You choose to connect such wearable device(s) or enable such feature(s) on the Product;
    8. Pre Employment Medical Examination- complete body blood report;
    9. Texts, images, videos, weblinks, social media posts and chats on the Platform feature that enable social interactions amongst End Users and the corporate and other service providers;
    10. Communications through the Platform with service providers and analysts through the Platform.
    11. All opinions, views, comments, notes and inferences created during or post the usage of the Product in respect of the particular End User;
    12. Input Data such as response to check-in and assessments and prompts on the Platform;
    (collectively referred to as “Personal Information”). You can withdraw or modify Your consent for the Personal Information, at any time on request by writing..You agree and acknowledge that the Company shall appoint certain third party vendors and service providers to provide services including but not limited to use of Artificial Intelligence platforms/ software, for the purpose of data analysis, messaging and teleconferencing services, and such third party service providers shall have access to Your Personal Information and End User Personal Information which may be recorded by such third party service providers as required under the applicable law. You expressly provide Your consent to the Company to share your Personal Information to such third party or a chatbot through a chat window unless otherwise such consent is withdrawn by You . Such third party service providers shall restrict access to Your Personal Information, End User Personal Information from all its employees, officers, agents etc. Further, the Company shall not have any access to such Personal Information, to the extent the End User does not provide its consent, if recorded by the third-party service providers, with the express consent of the End User and shall ensure that the consultants, employees, officers or agents of the Company are not provided any access to such Personal Information stored by the third party vendors. In any event, The Company shall not be held liable for any breach of confidentiality obligations by any third party service providers or its representatives as mentioned above or the breach of this Privacy Notice.
  2. Non-Personal Information: When You visit the Product, we may collect certain non-personal information such as Your internet protocol address, operating system, browser type, and internet service provider. This type of information does not identify You personally.
  3. In the event that You are using the feature under a corporate package or client package, you hereby provide your consent to us, including any of our authorised personnel, to share the Personal Information with such corporate/client, being your employed organization and Your information will then be subject to the internal policies of such corporate/client in this regard. We, including any of our authorised personnel, shall not be liable in case of any misuse or breach of Your Personal Information from any third party, including Your organisation. You expressly provide Your consent to share your Personal Information with such corporate/client unless otherwise such consent is expressly withdrawn by You.
  4. Automatic Information (applicable in case of use of Product through web browser) - We receive and store certain types of information whenever You access our Product through a web browser. We use "cookies" (small file containing a string of characters that uniquely identifies Your browser) and we obtain certain types of information when Your web browser accesses the Product or advertisements and other content served by or on behalf of Company on other websites. These server logs may include information such as Your web request, Internet Protocol address, browser type, browser language, the date and time of Your request and one or more cookies that may uniquely identify Your browser. We use cookies primarily for user authentication but may also use them to improve the quality of our Service by storing user preferences and tracking user trends. The Product uses Google Analytics code to gather statistical information. Google Analytics sets cookies to help us accurately estimate the number of visitors to the Product and the volumes of usage of the Product.
  5. Mobile: When You download or use our Product through Your mobile, we may receive information about Your location and Your mobile device, including a unique identifier number for Your device. We may use this information to provide You with Services if required. We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the Product, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We may link the information we store within the analytics software to any personal information you submit within the mobile application.
  6. User communications - When You send emails or other communications to us, we may retain those communications in order to process Your inquiries, respond to Your requests and improve our Services.
  7. For individuals using the Product in connection with a corporate client account as described in this Privacy Notice, business information such as Your company name, and company email address and other data on the Product.
  8. Device Information such as operating system version, device type, and system performance information.
  9. We gather certain information and automatically and store it in log files. This information may include Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

C. DATA SECURITY AND INCIDENT MANAGEMENT

  1. Data Breach Response - We have implemented internal protocols for detecting, reporting, and managing personal data breaches. In the event of a breach likely to affect data subjects' rights and freedoms, we notify relevant supervisory authorities within 72 hours, and affected individuals without undue delay, as per GDPR Articles 33 and 34.
  2. Technical and Organizational Measures - We adopt industry-standard practices including data encryption (in transit and at rest), access control, and logical data segregation to ensure EEA and non-EEA client data are stored and processed separately. Security audits are conducted regularly.
  3. Data Residency - Data is hosted in secure facilities in Singapore and the European Union. The region of storage depends on business, regulatory, and client-specific requirements.

D. RIGHTS OF THE END USERS

Under the applicable laws, You have the following rights with respect to Your Personal Information:
  1. Right to be informed: You have the right to be informed about what information is being collected, and how it is being used.
  2. Right of access: You have the right to access and receive a copy of Your data.
  3. Right to rectification: You have the right to correct any inaccurate data, or complete any incomplete data.
  4. Right to erasure: You have the right to request the erasure of your data, under the following circumstance:
    1. The data has been collected or processed in contravention with relevant laws;
    2. The data is no longer required for the provision of Services;
    3. You wish to withdraw your consent for the use of Your data; or
    4. Such erasure is necessary for compliance with any laws in force at the applicable time and jurisdiction.
  5. Right to restrict processing: You have the right to request us to restrict the use of the data You have provided, but continue to retain it in our database.
  6. Right to data portability: You have the right to request a copy of Your personal data for personal use and/or to have their personal data transmitted to another party.
  7. Right to object to processing: You have the right to object to the processing of Your personal data in certain circumstances such as for direct marketing purposes.
  8. Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision that is based on:
    1. Automated individual decision-making - Making a decision solely by automated means without any human involvement.
    2. Profiling - Automated processing of personal data to evaluate certain things about an individual.
  9. Depending on the circumstances and the nature of Your request it may not be possible for Us to do what You have asked, for example, where there is a statutory or contractual requirement for Us to process Your data and it would not be possible to fulfil Our legal obligations if We were to stop, However, where You have consented to the processing, You can withdraw Your consent at any time by emailing the Data Protection Officer. In this event, We will stop the processing as soon as such processing is no longer necessary for the provision of the Services.
  10. Right to withdraw consent: You may withdraw your consent for wearable-based processing and disconnect wearable device integration(s) at any time. In such event, We will stop collecting any new wearable device information, and will stop processing such information as soon as such processing is no longer necessary for the provision of the Services, subject to applicable law and this Privacy Notice. However, where You have consented to the processing,
  11. If You want to exercise any of the rights described above or are dissatisfied with the way we have used your information, please contact the Data Protection Officer. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the applicable laws and the GDPR. . Please note that We may keep a record of Your communications to help us resolve any issues which You raise.
  12. You have the right to readily available means of grievance redressal, and You must first exhaust Company’s grievance process before approaching the competent authority, where applicable. You also have the right to nominate another individual who may exercise Your rights in the event of Your death or incapacity, in the manner prescribed under applicable law.
  13. If You remain dissatisfied, You may lodge a complaint with the competent data protection authority in Your jurisdiction. For the UK, this is the Information Commissioner's Office. For Singapore, this is the Personal Data Protection Commission (PDPC). For India, You may approach the relevant authority such as Data Protection Board after exhausting Company’s grievance process, where applicable.
  14. Where You use the Product through Your employer/client, Your employer/client is generally responsible for responding to rights requests as the Data Fiduciary / Controller. Company will support the employer/client, as required under applicable law and contract, to the extent the request relates to processing carried out by Company on its behalf.

E. USE OF INFORMATION

We process the Personal Information and all other information provided by You in accordance with the applicable laws, in any one or more of the following manner:
  1. To process Your request for Services,
  2. For providing Services, We may disclose Your Personal Information to End User(s) and/or other registered business partners (as applicable).
  3. The Company’s and/or business partners/users shall be entitled to process the Personal Information in accordance with this Privacy Notice and as permitted by the applicable law;
  4. To fulfil requests for Services;
  5. To improve our Services;
  6. To enforce our Terms;
  7. To contact You;
  8. To avoid fraud and other prohibited or illegal activities;
  9. To protect the security or integrity of the Product, Our business, Services and users;
  10. To customise our communication with You and the marketing material we share with You;
  11. To observe the holistic wellbeing indicators, including where wearable device(s) are connected, by summarizing relevant data points and (i) presenting such information to You at an individual level through the Product (where applicable), and (ii) providing your organization with anonymized and aggregated data based on any behavioural patterns observed through the Products and Services, which will enable them, to take better decisions before assigning critical job functions;
  12. To publish any testimonials or reviews that You may have provided on the Product;
  13. To contact any person You may have enlisted as a friend for reference purposes;
  14. To observe the occupational health and safety indicators by summarizing data points from an individual and organizational perspective by providing your organization with a simplified dashboard with organization-wide anonymized data.
  15. AI enabled features shall analyse your Personal Information which is anonymised to recommend actions to your organisation based on time-based triggers or milestones. Ex: Quarterly pulse survey sent to everyone, Birthday wishes, survey sent after a week of onboarding etc.
  16. Your Personal Information which is anonymised will be analysed and AI tools shall be applied to such information to provide an anonymised data graph to your organisation using PDF, LLM, Contexts. 
  17. Your pre-employment medical examination report as provided to us by your organisation shall be provided as cohort level analytics on the Dashboard along with your individual reports, with Your organisation. You will have access to such reports along with individual habit building prompts to on mobile app. The habit building and mitigation methods are generic in nature and shall not be treated as a medical diagnosis of any kind.
  18. The Platform is not a clinical diagnosis application and does not provide any such Services, if enabled and express consent provided by you, the Platform’s chat feature can be extended to medical centres (which are approved and onboarded by clients). 
  19. To Comply with Legal Requirements: We may disclose Personal Information, in good faith, wherein the access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of the Company , its users or the public as required or permitted by law.
  20. Additionally, in the event of an audit, reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may share/transfer/assign the Personal Information we have collected to the relevant third party.
  21. To prepare reports and provide to the corporate clients.
  22. If You sign up to receive email newsletters or promotional materials from us. We will use the information You give us to provide the communications You have requested. If You inform Us that You wish to cancel email newsletters or promotional materials by selecting unsubscribe at the bottom of such communication. If you no longer wish to receive push notifications, you may turn them off at the device level.
  23. To allow you to participate in interactive features of the Platform , when you choose to do so.
  24. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  25. In the event you are using the Product under a corporate package / client package you will be registered to use the Product through a code or other registration credential furnished by a corporate, the concerned corporate will have access to your individual-level data on the Product, including the categories of information described under “TYPE OF INFORMATION COLLECTED” and the data generated through Your use of the Services, to the extent configured for the corporate account.
  26. We shall use Personal Information which is anonymised to provide AI-enabled features on the Product through the Company’s tools and third-party vendors and service providers. We shall also upload and process the Personal Information which is anonymised on AI platforms for the Product and Services.
The Product may also allow You to connect wearable device(s) and/or enable health and wellness features. If You choose to enable such feature(s), the Company may collect, store, process and use health and wellness information, including wearable device information and the related data points made available through such wearable device(s), for providing the Services and for the purposes set out in this Privacy Notice. Such information may include data points that relate to Your physical health, wellbeing, fatigue and occupational health and safety indicators. You are not required to connect any wearable device(s) to use the Product, and You may disconnect such wearable device(s) and/or disable such feature(s) at any time, in which event the Company will stop collecting any new wearable device information, subject to retention and deletion provisions set out in this Privacy Notice. For avoidance of doubt, the Company does not provide medical advice and such feature(s) are not intended to be used for medical diagnosis or treatment.

F. PROCESSING ON BEHALF OF YOUR EMPLOYERS / CLIENTS

Where Company processes Personal Information on behalf of Your employer/client, the employer/client determines the lawful basis as Fiduciary/Controller, and Company processes on documented instructions as Processor.Where Company processes Personal Information on behalf of Your employer/client, Company will:
  1. process Personal Information only on documented instructions of the employer/client;
  2. implement appropriate technical and organisational measures to protect Personal Information;
  3. notify Your employer/client without undue delay after becoming aware of a personal data breach involving data processed on its behalf;
  4. assist Your employer/client, as reasonably required, with requests from End Users (including access, correction, erasure, and objection requests) to the extent the request relates to processing carried out by Company on its behalf;
  5. ensure that approved sub-processors are subject to equivalent data protection obligations; and
  6. delete or return Personal Information at the end of the provision of Services, subject to legally required retention.
  7. Inform you employer/client of any red flag incidents on the Platform, basis data analysis and information on the Platform.
We retain Personal Information only for as long as necessary to fulfil the purposes outlined in this Privacy Notice, or for such longer period as required or permitted by applicable law. This encompasses compliance with legal obligations (e.g., tax or audit records), resolving disputes, establishing, exercising, or defending legal claims, fraud prevention, or other legitimate business needs. Where Company processes Personal Information on behalf of Your employer or client as a Data Processor, Company will retain, return, or securely erase such data strictly in accordance with the employer/client's documented instructions, subject to overriding legally mandated retention periods.

G. UPDATING YOUR INFORMATION

You may update or modify Your Personal Information and all other information provided by You. To delete Your registered account, please email us.. Requests for such deletion will be handled within 30 days and such deletion will be effective from the date of communication of confirmation of such deletion by Us to You. Upon access to the Product, the End User is required to accept or dissent to these terms. If You do not provide your consent, then this Product shall not be accessible to you. Eg. Push Notification service will not be delivered to You. In the event You wish to withdraw your consent, you may write to us and Your data will be deleted accordingly.Further, Your employer (the client to the Company) may make a request to us to purge or delete Your data by writing to us. Requests for such deletion will be handled within 30 days and such deletion will be effective from the date of communication of confirmation of such deletion by Us to You.

H. SECURITY

We use reasonable security measures to protect Personal Information from unauthorized access, maintain data accuracy, and help ensure the appropriate use of Personal Information. When the Service is accessed using advanced versions of Internet Explorer , Firefox, or Safari, Secure Socket Layer ("SSL") such technology may protect Personal Information using both server authentication and data encryption. These technologies help ensure that Personal Information is safe, secure, and only available to You and those to whom You have granted access including but not limited to us, our business partners and authorised third parties. We host our Product in a secure server environment that uses firewalls and other advanced technology to prevent interference or access from outside intruders.Account Security: You are responsible for maintaining the security and confidentiality of Your user ids and passwords including any corporate codes and passwords as may be provided to you while accessing the Product either as a End User (“End User Account”). You acknowledge that neither the Company nor any of its directors, shareholders or other representatives shall be liable to You under any circumstances for any direct, indirect, punitive, incidental, special or consequential damages that result from or arise out of, or a breach or, or compromise of registration of Your End User Account with us and/or Your ability or inability to use the End User Account .

I. THIRD PARTY

In addition, the Product may occasionally contain links to Third-Party sites (“Third-Party”). If You click on the links to Third-Party websites, You leave the Product. We are not responsible for the content of these Third-Party websites or for the security of Your information when You use the Third Party websites. These Third-Party service providers and Third-Party websites may have their own privacy policies governing the storage and retention of Your information that You may be subject to. They may collect information such as Your IP address, browser specification, or operating system. This Privacy Notice does not govern any information provided to, stored on, or used by these Third-Party providers and Third-Party websites. We recommend that when You enter a Third-Party website, You review the Third Party website’s privacy Notice as it relates to safeguarding Your information.
We use third-party advertising companies to serve ads when You visit the Product. These companies may use information (not including Your name, address, email address, or telephone number) about Your visits to the Product and Third-Party websites in order to provide advertisements about goods and services of interest to You. You agree and acknowledge that We are not be liable for the information published in search results or by any Third-Party website.

J. YOUR CONSENT

By using the Product and/ or by providing Your Personal Information and all other kind of information as set forth in this Privacy Notice, You consent to the collection and use of such information including but not limited to Your Personal Information, in accordance with this Privacy Notice, including but not limited to Your consent for sharing Your information including but not limited to Your Personal Information as per this Privacy Notice. You specifically agree and consent to us collecting, storing, processing, transferring and sharing information (including Personal Information) related to You with third parties, End-User(s), or to service providers or registered business partner/users or your concerned corporate (in case of a corporate package) for the purposes as set out in this Privacy Notice. You can withdraw or modify Your consent at any time by emailing the Data Protection Officer. This can be a part withdrawal / modification to the consent. On account of such modification, if we are unable to provide the Service / Product, we reserve the right to remove Your information in entirety and cease to provide Service / Product upon prior notice to You.
It is hereby clarified that any modification or withdrawal or of any consent by You shall not affect the lawfulness of any processing based on prior consent.If You use the Platform through Your employer or another organisation, that organisation generally decides the purposes and means of processing and is the Data Fiduciary (India) / Controller (GDPR) / Organization (Singapore). In such arrangements, Company generally acts as a Data Processor / Data Intermediary / Processor, as applicable.The Company also processes certain Personal Information for its own purposes, such as operating and securing the Platform, preventing fraud, maintaining business records, managing billing, complying with legal obligations, and responding to enquiries. For these activities, Company acts as a Data Fiduciary / Controller/Organization.Where processing is based on consent, You may withdraw consent at any time by contacting the Grievance Officer / Data Protection Officer using the details below, or using any in-product controls made available to You. Withdrawal will not affect the lawfulness of processing carried out before withdrawal. Where processing is necessary to provide core Services, we may not be able to provide those Services if the required data is not provided.

K. INTERNATIONAL TRANSFER

We collect information globally and may transfer, process, and store your information outside of your country of residence, to wherever we or our clients or Your employer may operate for the purpose of providing you the Services. We comply with laws on the transfer of Personal Data between countries to help ensure Your data is protected, wherever it may be. For transfers of Personal Information outside Singapore, Company will take appropriate steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to the PDPA. Where GDPR applies, Company will rely on recognised transfer safeguards, as applicable. Where the DPDP Act applies, transfers outside India will be subject to any restrictions notified by the Central Government.

L. GRIEVANCE OFFICER

  1. If You have any grievance with respect to the Product or the Services, You can contact our grievance officer at:
    1. Name : Arun Lakshmanan
    2. Email : grievance@bigyellowfish.io
  2. As required under the applicable laws, We have appointed a Data Protection Officer who is well versed with the intricacies of the Company’s internal data privacy policies and practices. You can contact the official for any query regarding the same as under:
    1. Name : Kundan Krishna
    2. Email : kundan@bigyellowfish.io
    3. Address : 21B Bukit Pasoh Road, 089835 Singapore.

M. DISTRIBUTION

This Privacy Notice is also available on our website and on our App dashboard for users to access in app.Last Revised: March, 2026