Privacy

COOKIE	DESCRIPTION
_core_d1	This cookie is crucial for the proper functioning of our website. It enables core functionalities such as user login, account management, and security. Without this cookie, our site would not operate correctly, and the user experience could be significantly impacted. This cookie does not store any personally identifiable information.
.AspNet.Consent	This cookie is used to record the user's consent to the use of cookies on the website. It is essential for complying with privacy regulations by ensuring that personal data is processed only after receiving the user's consent.
.AspNetCore.Antiforgery	This cookie is critical for securing the website against cross-site request forgery (CSRF) attacks. It generates a unique token that must be submitted with each POST request, ensuring that the request is legitimate and originated from the website itself, not an unauthorized source. This security measure helps protect users’ data from being compromised.

COOKIE	DESCRIPTION
_core_analytics	This cookie serves as a foundation for enabling Google Analytics on our site. It assists in the activation and management of Google Analytics-related cookies, which are used to collect and analyze data about how visitors interact with our website. This information helps us improve user experience and optimize our website's performance.
_ga	Used by Google Analytics to distinguish users.
_gid	Used by Google Analytics to distinguish users.
_gat	Used by Google Analytics to throttle request rate. If Google Analytics is deployed using Google Tag Manager, this cookie will be named _dc_gtm_.
AMP_TOKEN	Contains a token for Google Analytics that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

CoreTRM Privacy Policy

1. Introduction

CoreTRM Pte Ltd (“CoreTRM”, “we”, “our”, “us”) is committed to protecting your privacy and upholding the highest standards of data protection. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal data in accordance with:

The Singapore Personal Data Protection Act 2012 (“PDPA”)
The European Union General Data Protection Regulation (“GDPR”)
The Australian Privacy Act 1988 and Australian Privacy Principles (“APPs”)
Other applicable data protection laws

This Privacy Policy applies to all visitors to our website, trial environments and CoreTRM Platform¹ (including paid and/or trial users of our SaaS and support services), office premises, clients and their users, job applicants, and contractors or vendors who interact with us².

2. Types of Personal Data We Collect

Depending on your interaction with CoreTRM, we may collect and process the following types of personal data:

Identification and Contact Data: Name, address, email, phone number, organisation.
Professional Data: Job title, employment/education history (for job applicants or business contacts).
Website Usage Data: IP address, device/browser type, cookies and similar technologies, pages visited, access times.
Security Data: CCTV footage from office premises, visitor logs, access records, and delivery personnel details.
Other Data: Information provided during communications, support requests, or as required for our services.

3. How We Collect Personal Data

Direct Collection: When you complete a form, register, apply for a job, or communicate with us.
From Your Organisation: If you use our services (including the use of our CoreTRM Platform and/or SaaS or support services) through your employer.
Automated Means: When you use our website (cookies, analytics) or enter our premises (CCTV, access logs).
Third Parties: Where permitted by law, e.g., background check providers for recruitment.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes and in accordance with the relevant legal bases:

Service Delivery and Account Management: To provide, operate, and improve our services. (Legal basis: contract performance, legitimate interests)
Recruitment: To process job applications, assess suitability and verify professional references and qualifications. (Legal basis: legitimate interests, consent for background checks)
Security: To protect our premises, assets, and individuals (including CCTV monitoring and visitor logs). (Legal basis: legitimate interests, legal obligations)
Communication: To respond to inquiries, send service-related notifications, and provide updates or marketing where permitted. (Legal basis: contract performance, consent, legitimate interests)
Legal and Regulatory Compliance: To comply with laws (including sanctions laws), regulations, court orders, or other obligations. (Legal basis: legal obligation)
Analytics and Website Improvement: To monitor and enhance website performance and user experience. (Legal basis: legitimate interests, consent for non-essential cookies)
Other Purposes: With your explicit consent or as otherwise permitted/required by law.

5. Use of Cookies and Tracking Technologies

We use cookies and similar technologies to:

Enable and secure website functionality
Analyse usage and improve our services
Personalise your experience

You may manage or disable cookies through your browser settings.

6. Disclosure of Personal Data

Personal data may be disclosed to:

Our subsidiaries and related entities
Service providers, contractors, and vendors (e.g., IT, security, cloud, recruitment, hosting), subject to strict confidentiality
Professional advisers (e.g., auditors, legal counsel)
Regulatory bodies, government agencies, sanctions bodies or law enforcement, as required by law
Any party with your consent, or as otherwise permitted/required by law

We do not sell your personal data.

7. Overseas Transfers and Cross-border Disclosure

Your personal data may be transferred outside Singapore, the European Economic Area, or Australia for processing, storage, or support services.
Where this occurs, we ensure that appropriate safeguards are in place (e.g., contractual clauses, adequacy decisions, or recognised mechanisms) to ensure a standard of protection that is at least comparable to the requirements under the PDPA, GDPR, and APPs.

8. Data Security

We implement reasonable technical and organisational measures to protect your personal data, including:

Encryption of data in transit and at rest
Access controls and role-based permissions
Multi-factor authentication
Secure storage and physical premises security
Staff training and confidentiality obligations
Regular audits, security updates, and incident response procedures

9. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Data no longer required is securely deleted or de-identified.

10. Data Breach Notification

In the unlikely event of a data breach involving your personal data that may pose a risk to your rights or freedoms, CoreTRM will:

Take immediate steps to contain and assess the breach
Notify relevant authorities as required by law (e.g., PDPC, OAIC, or EU supervisory authority) within statutory timeframes
Inform affected individuals without undue delay if there is a significant risk of harm, providing details of the breach and recommended actions
Implement measures to prevent recurrence and mitigate potential adverse effects

11. Your Rights and How to Exercise Them

Subject to applicable law, you have the right to:

Access: Request access to your personal data and information about how it is processed.
Correction: Request correction or updating of inaccurate or incomplete personal data.
Erasure: Request deletion of your personal data (“right to be forgotten” under GDPR; as required under PDPA/APPs).
Restriction/Objection: Restrict or object to certain types of processing.
Data Portability: Request a copy of your personal data in a machine-readable format (GDPR).
Withdraw Consent: Withdraw your consent at any time (where processing is based on consent). Withdrawal does not affect processing already performed, but may impact our ability to provide some services.
Interact Anonymously: Where practical, interact with us without identifying yourself (Australia APP 2).
Lodge a Complaint: Raise a concern or complaint regarding your personal data handling (see Section 12).

To exercise your rights, please contact our Data Protection Officer (DPO) using the details provided below. We may require verification of your identity to process your request. We aim to respond to all requests within 30 days, or as required by law.

12. Complaints and Dispute Resolution

If you have concerns or complaints about our handling of your personal data, please contact our DPO in the first instance. We will investigate your complaint in a timely and fair manner and provide you with a response, usually within 30 days.
If you are dissatisfied with our resolution, you may have the right to escalate your complaint to the relevant data protection authority in your jurisdiction.

13. Data Protection Officer (DPO) Contact

Email: dpo@coretrm.com
Address: 20 Collyer Quay #23-05 Singapore 049319

14. Policy Updates

We may update this Privacy Policy from time to time. Significant changes will be posted on our website with the updated version number and effective date. We encourage you to review this policy regularly.

15. Other Information

Our website and services are not directed at children under 13.
Links to external sites are governed by their respective privacy policies.

¹ “CoreTRM Platform” means the proprietary cloud-based commodity and/or energy trading and risk management software known as “CoreTRM Platform”, owned and/or operated by CoreTRM, and accessible via https://CoreTRM.com or at such links or in such manner provided by CoreTRM.
² This policy does not apply to information handled in the context of employment.

CoreTRM Pte Ltd | www.coretrm.com
Privacy Policy – Version 2.0 | Date: 17 April 2026

Cookies Consent