Privacy Policy
Governing the collection, processing, and protection of data in compliance with Singapore PDPA, UK GDPR, and global financial data regulations.
1. Data Controller & Registered Entity
FundInsight Network Ltd. ("FundInsight", "we", "our") is the data controller responsible for personal and institutional data processed through this platform. FundInsight operates its global headquarters at 10 Collyer Quay, #10-01 Ocean Financial Centre, Singapore 049315, and maintains research and co-location operations in London (LD4, Slough) and New York (NY4, Secaucus). This policy governs all data processing activities in compliance with the Singapore Personal Data Protection Act 2012 (PDPA), the UK General Data Protection Regulation (UK GDPR), and applicable financial data protection legislation across all operating jurisdictions.
2. Categories of Data Collected
We collect and process the following categories of data: (a) Identity Data: full name, position title, company affiliation, and professional credentials including regulatory licence numbers; (b) Contact Data: business email addresses, telephone numbers, and registered office addresses; (c) Technical Data: IP addresses, browser fingerprints, session tokens, API authentication keys, and FIX session identifiers; (d) Usage Data: interaction logs, feature utilisation metrics, analytical query patterns, and data feed subscription records; (e) Financial Preference Data: instrument watchlists, risk tier configurations, and liquidity depth preferences. We do not collect sensitive personal data as defined under Article 9 of the UK GDPR or Section 2 of Singapore PDPA unless explicitly required and disclosed in advance.
3. Legal Basis for Processing
All data processing activities are conducted under one or more of the following lawful bases: (a) Contractual Necessity: processing required to deliver institutional data feed services under a signed Master Service Agreement; (b) Legitimate Interests: processing for fraud prevention, network security, and service performance analytics; (c) Consent: processing for non-essential analytics cookies, withdrawable at any time via our Cookie Management Portal; (d) Legal Obligation: processing required to comply with MAS regulatory reporting requirements, anti-money laundering (AML) obligations, and Know-Your-Client (KYC) verification under applicable financial regulations.
4. Data Retention & Deletion
Institutional client data is retained for seven (7) years from contract termination, in compliance with MAS Notice SFA04-N02 and applicable financial record-keeping regulations. Technical logs are purged on a rolling 90-day cycle. Marketing consent records are retained for three (3) years from last interaction. Data subjects may submit verified deletion requests to dpo@fundinsight.net. Upon verification, requests are actioned within thirty (30) calendar days, subject to overriding legal retention obligations.
5. International Data Transfers
FundInsight operates co-located server infrastructure at Equinix data centres in SG1 (Singapore), LD4 (Slough, UK), and NY4 (New York, US). All cross-border data transfers from Singapore are governed by Contractual Clauses approved by the Personal Data Protection Commission (PDPC). Transfers from the UK/EU are governed by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office. Our binding Inter-Company Data Transfer Agreement incorporates the requirements of all applicable transfer mechanisms across our operating jurisdictions.
6. Data Subject Rights
Under applicable data protection legislation, you have the right to: (a) Access personal data held about you; (b) Rectify inaccurate data without undue delay; (c) Request erasure, subject to legal retention requirements; (d) Restrict processing in specified circumstances; (e) Request data portability for data processed under consent or contract; (f) Object to processing based on legitimate interests. To exercise any of these rights, submit a written request to our Data Protection Officer at dpo@fundinsight.net. Requests will be acknowledged within 5 business days and actioned within 30 calendar days.
7. Security Measures
FundInsight employs enterprise-grade security measures including AES-256 encryption at rest, TLS 1.3 for all data in transit, multi-factor authentication for all administrative access, role-based access controls, annual third-party penetration testing, and continuous SIEM monitoring. Our Information Security Management System is certified under ISO/IEC 27001:2022. Data breach notification procedures comply with 72-hour reporting requirements under applicable regulatory frameworks.
Contact: Data Protection Officer: dpo@fundinsight.net. FundInsight Network Ltd. | 10 Collyer Quay, #10-01 Ocean Financial Centre, Singapore 049315. Registered with the Personal Data Protection Commission (PDPC) Singapore. Effective Date: June 15, 2012. Last Updated: April 2026.