Privacy Policy

This privacy policy (“Policy”) describes the types of information Navozyme Pte. Ltd. (UEN 201720826M) and its subsidiaries, affiliates and related companies (“Navozyme”, “we”, “us” or “our”) may collect from you (“User”, “you” or “your”) or that you may provide through which an individual can be identified directly or indirectly (“Personal Information”) and how we may be collecting, using, disclosing and processing that Personal Information in respect of your use of the Navozyme services, including the n-cap.net website (“Website”), the “NCap™ Wallet” mobile application, software and related products and services, accessed via any platform or device (collectively, the “Services”).  

If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms “User”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not access and/or use the Services (as defined below).  

By accepting this Policy, or otherwise by accessing and/or using the Services, you acknowledge that you have read, understood, and agreed to be bound by the terms of this Policy as amended from time to time.  

You acknowledge that this Policy is a binding legal contract between you and Navozyme, even though it is electronic and is not physically signed by you, and it governs your access and use of the Services. Please also read our Terms of Use and Cookies Policy as amended from time to time which shall form part of your contract with us.  

We recognise the importance of safeguarding your personal data and we are committed to properly managing, protecting and processing your Personal Information in accordance with this Policy and in accordance with the applicable laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), United Kingdom Data Protection Act 2018 (“UK GDPR”), Singapore Personal Data Protection Act 2012 (“PDPA”), and the Philippines Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations ("DPA") as applicable to each User (collectively, the “Applicable Laws”). 

1. Automatic Collection of Data 

When you access or use the Services, we may automatically record data that your browser or device sends by using cookies, server logs and other similar technologies. This data may include information such as your device’s IP address and location, browser and device name and version, operating system type and version, language preferences, the webpage you were visiting before you came to the Services, pages of the Services that you visit, the time spent on those pages, the information you search for on the Services, access times and dates, and other statistics. Such data collected automatically is used to identify potential cases of abuse and establish statistical information regarding the usage and traffic of the Services. This statistical information is not otherwise aggregated in such a way that would identify any particular User.  

2. Collection of Information 

In order to access and use the Services, you will be asked to provide certain Personal Information. We collect, use, store and transfer certain Personal Information you provide to us when you create an account with us, make a purchase, or fill up any forms to use the Services. When required, such information may include the following: 

  • Basic personal information (such as name, country of residence, date of birth, etc.) 

  • Navozyme account details (such as membership number, membership type, password, etc.) 

  • Contact information (such as email address, phone number, residential address, etc.) 

  • Work related details (such as company name, job title, sea service time, etc.) 

  • Proof of identity (such as a photocopy of a government ID) 

You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the features on the Services or in certain circumstances access the Services. Where we need to collect Personal Information as required by law (for instance, in relation to anti-money laundering or other “know your customer” checks) or under the terms of a contract we have with you and you fail to provide the Personal Information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Services). In this case, we may have to decline to provide any or all of the Services to you and you may contact us if you have any questions or to understand how you may be affected. 

3. Use and Processing of Information 

We may act as a data controller or a data processor in relation to the collected Personal Information, depending on the type of Services provided. It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your Personal Information, so that you are fully aware of how and why we are using your Personal Information. This notice supplements the other notices and is not intended to override them. 

Data Controller 

  • We act as a data controller in situations where we ask you to submit your Personal Information that is necessary to ensure your access and use of the Services. In such instances, we are a data controller because we determine the purposes and means of the processing of your Personal Information. 

Data Processor or Data Intermediary 

  • We act as a data processor or data intermediary in situations where we process your Personal Information on behalf of any third party service provider through the Services. We do not own, control or make decisions regarding your Personal Information. In such instances, the third party service providers acts as a data controller. 

  • For example, we offer additional features on behalf of third party service providers such as a User requesting for a credential or sea time approval from maritime issuers through the NCap™ Wallet. In such cases, the purpose and terms are set by the third party service providers, and we store the personal data in our servers for the purposes determined by the third party service providers.  

We will only process your Personal Information when the Applicable Laws allow us to, that is, when we have a legal basis for processing (as described below). The Personal Information we collect from you may be used for the following purposes: 

  1. to assist, process and facilitate your access or use of the Services; 

  2. to administer, operate and facilitate any transactions or activities by you, whether with us or any third party service provider, or any third party viewing the issued certificate on the NCap™ Wallet, and whether for your own benefit or for the benefit of a third party on whose behalf you are duly authorised to act; 

  3. to carry out your instructions or respond to any queries, feedback or complaints provided by (or purported to be provided by) you or on your behalf, or otherwise for the purposes of responding to or dealing with your interactions with us; 

  4. to monitor and track your usage of the Services, to conduct research, data analytics, surveys, market studies and similar activities, in order to assist us in understanding your interests, concerns and preferences and improving the Services (including any service of a third party service provider) and other services and products provided by us; 

  5. to generate any certificate and credential or pre-fill any form, user registration page or screen on the Website or NCap™ Wallet with your Personal Information; 

  6. for the purposes of storing or creating backups of your Personal Information (whether for contingency or business continuity purposes or otherwise) whether with us or any third party service provider, whether in or outside Singapore;  

  7. to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, software and other facilities; and 

  8. to enable us to contact you or communicate with you on any matters relating to your access or use of the Services, including but not limited to the purposes set out above, via email, SMS, instant messaging, push notifications or such other forms of communication that we may introduce from time to time.  

We process your Personal Information based on how you interact with the Services, where you are located in the world and subject to the Applicable Laws, by relying on the following legal bases: (a) your consent for one or more specific purposes; (b) necessary for the performance of any contract with you and/or for any pre-contractual steps to be taken; (c) necessary for compliance with a legal or regulatory obligation to which we are subject to; (d) processing is related to a task that is carried out in the public interest; and (e) necessary for the purposes of our legitimate interests or by a third party, in such instance, we will consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. 

We may rely on the following additional legal bases to collect and process your Personal Information: 

  • Employment or social security obligations; 

  • Provision of health or social care; 

  • Legal claims and proceedings; 

  • Research or statistics; and 

  • Where your Personal Information is publicly available. 

Note that under some legislations we may be allowed to process your Personal Information until you object to such processing by opting out, without having to rely on consent or any of the legal bases above. We will be happy to clarify the specific legal basis that applies to the processing and you may contact us if you have any questions. 

We may disclose or share Personal Information with other third party service providers or collaborators in connection with the Service, so as to provide the Services to you in the most efficient and effective way to the extent permitted by Applicable Laws. We will not share your Personal Information with other parties which are not third party service providers or collaborators, except where such sharing is necessary for such parties to assist us in providing the Services to you or for fulfilling any of the above purposes. 

4. Payment Processing

We do not charge you a fee to use most of the features of the Services. Instead, our third party service providers may pay us to provide certain products and services on the Services. If payment is required, you may need to provide your billing information such as contact information, billing name, billing address and payment account details, which will be used solely for processing payments (“Billing Information”). We use third party payment processors (“Payment Processors”) to assist us in processing your Billing Information securely. We will share your Billing Information with the Payment Processors only to the extent necessary for the purposes of processing your payments, refunding such payments, fraud prevention and dealing with any complaints and queries related to such payments and refunds. 

Where necessary for processing future or recurring payments, your Billing Information may be stored by our Payment Processors. The Payment Processors’ use and storage of your Billing Information is governed by their respective privacy policies. If you wish to opt out of such use and storage, please contact us. 

5. Your Rights

You may withdraw your consent to the use and disclosure of your Personal Information by us with reasonable notice and subject to any applicable laws or contractual restrictions; however, doing so may prevent the proper functioning of the Services, the provision of the Services to you and may also result in the cessation of any Service to you. 

Your rights are determined by the Applicable Laws and we set out some which may apply to you below depending on where you are located: 

  • to have inaccurate Personal Information rectified – to have any inaccurate or incomplete Personal Information rectified. If we have disclosed the relevant Personal Information to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;  

  • to have Personal Information erased in certain circumstances – in certain circumstances to request that certain Personal Information held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all Personal Information to be deleted. We will consider each request carefully in accordance with the requirements of any of the Applicable Laws relating to the processing of your Personal Information;  

  • to data portabilitywhere applicable – in certain circumstances you may request to receive a copy of your Personal Information in a commonly used electronic format. This right only applies to Personal Information that you have provided to us (for example by completing a form or through the Website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);  

  • to object to processing of Personal Information in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing Personal Information based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using Personal Information for direct marketing purposes, or (c) if Personal Information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and  

  • not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effectin certain circumstances – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you. 

We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of your rights under the Applicable Laws. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Alternatively, we may refuse to comply with your request if it is unfounded.  

You are able to delete certain Personal Information we have about you. The Personal Information you can delete may change as the Services change. When you delete Personal Information, however, we may maintain a copy of the unrevised Personal Information in our records for the duration necessary to comply with our obligations under applicable laws or with other third parties, and for the purposes described herein. If you would like to delete your Personal Information or permanently delete your account, you can do so on the settings page of your account on the Services. 

6. Disclosure of Information

Depending on the requested Services or as necessary to complete any transaction, activities or provide any Services you have requested, we may disclose or transfer your Personal Information to our affiliates, related entities, third party service providers and other collaborators (the “Partners”) we rely upon to assist in the administration, operation and facilitation of the Services available to you and whose privacy policies are consistent with ours or who agree to abide by our policies with respect to Personal Information. We will not transfer or disclose any Personal Information with other third parties.  

The Partners are not authorised to use or disclose your Personal Information except as necessary to perform certain services on our behalf or to comply with applicable laws. We only disclose to the Partners such Personal Information they need in order to perform their designated functions, and we do not authorise them to use or disclose any of your Personal Information for their own marketing or other unauthorised purposes. 

We may also disclose any Personal Information to the extent permitted by applicable laws to (a) any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body, (b) our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us, (c) any financial institutions providing financial services to us, (d) service providers who provide certification, credential issuance, information technology and system administration services to us, (e) any external auditors who may carry out independent checks, (f) when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, prevent or investigate fraud, or (g) any third party upon your request or receiving your consent. 

In the event we undergo a business transition, such as a merger or acquisition by another third party entity, or sale of all or a portion of its assets, your user account, and your Personal Information will likely be among the assets disclosed to such third party to the extent permitted by applicable laws. 

7. Retention of Information

We store the Personal Information we collect as described in this Policy for as long as you access and use the Services, or as necessary to carry out the purpose(s) for which it was collected, maintain and provide the Services, resolve disputes, comply with any legal, regulatory, accounting, reporting requirements, conduct audits, pursue legitimate business purposes, enforce our agreements, and to comply with applicable laws. 

We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, or anonymise your Personal Information (such that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

8. Transfer of Information

Your Personal Information may be transferred, processed and stored in our servers, systems or devices anywhere in the world, including but not limited to, Singapore and other countries such as Ireland, Germany, etc., which may have data protection laws that are different from the laws where you live. Your Personal Information may be transferred and stored in the servers, systems or devices of our third party service providers.  

Where there is any transfer or data sharing, we have taken appropriate steps to ensure that each recipient is bound by corporate rules or privacy policies consistent with ours or who agree to abide by our policies with respect to Personal Information. In particular, this is to maintain the security and integrity of such servers, systems or devices as well as to safeguard your Personal Information consistent with the requirements of Applicable Laws.  

Whenever we transfer your Personal Information, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:  

  • we will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for personal data under the PDPA and corresponding regulations (in the case of transfers out of Singapore), by the National Privacy Commission (the “NPC”) (in the case of transfers out of the Philippines), by the European Commission (in the case of transfers out of the EEA) or by the UK Information Commissioner (in the case of transfers out of the United Kingdom); and/or  

  • where we transfer to our affiliates, related entities or use third party service providers, we may use legally binding obligations as approved by the Personal Data Protection Commission Singapore (in the case of transfers out of Singapore), or specific contracts as approved by the NPC (in the case of any transfers to a third party), European Commission (in the case of transfers out of the EEA) and/or the UK Information Commissioner (in the case of transfers out of the United Kingdom), or in all cases which give personal data the same protection it has within Singapore, the Philippines, EEA and/or United Kingdom as applicable.  

9. Supplemental Notices

To the extent that there is any conflict between the country or jurisdiction-specific notices set out below and any other section of this Policy, the sections below shall prevail where applicable.  

(a) UK and EU/EEA 

Application of Standard Contractual Clauses under the EU GDPR and the UK Addendum in relation with the UK GDPR. For transfers from the EEA or the UK to countries not considered adequate by the European Commission or the UK government (as applicable), we have put in place adequate measures, such as the SCC and UK Addendum, to protect your Personal Information.  

For this section, the following definitions apply: 

  • Standard Contractual Clauses” or “SCC” mean the Appendix to the European Commission Implementing Decision ((EU) 2021/914 of 4 June 2021) on Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.  

  • UK Addendum” means the Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the UK Information Commissioner Office and laid before Parliament in accordance with Section 119A of the Data Protection Act 2018 on 2 February 2022, as it was revised under Section ‎‎18 of those Mandatory Clauses. 

Please contact our data protection officer if you would like further information about the specific mechanism used by us when transferring your Personal Information out of the EEA and/or UK.  

If you are located in the EEA or the UK, you have the right to lodge a complaint with a supervisory authority if you believe that we have violated the EU GDPR or the UK GDPR. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Navozyme’s processing of your Personal Information. 

(b) The Philippines 

Rights under the DPA. If you are a resident of the Philippines, you have certain rights in relation to your Personal Information based on the DPA that we comply with as part of our commitment to your privacy.  

Navozyme recognises and respects your data privacy rights and ensures that all personal data collected are processed in accordance with the DPA and other relevant policies, including issuances of the NPC. 

Navozyme adheres to the general principles of transparency, legitimate purpose, and proportionality in the collection, processing, securing, retention, and disposal of Personal Information through the implementation of reasonable and appropriate organisational, physical and technical measures. We ensure that personnel and third parties who access Personal Information are trained with appropriate physical and digital security measures to protect the Personal Information. 

We maintain a secure environment through the implementation of reasonable and appropriate organisational, physical and technical measures, for the protection of Personal Information processed electronically. Navozyme uses reasonable security safeguards such as data encryptions, network firewalls, and other security standards provided by third-party applications, to protect Personal Information from loss, unauthorised access, use, or disclosure. 

To the extent permitted under the DPA, you have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorised use of your Personal Information, taking into account any violation of your rights and freedoms as data subject. You are able to file a complaint with the NPC if you believe that your rights have been infringed. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Navozyme’s processing of your Personal Information. 

10. How to Exercise your Rights

Any requests to exercise your rights can be directed to us through the contact details provided in this document. Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorised representative of such person. If we receive your request from an authorised representative, we may request evidence that you have provided such an authorised representative with valid written authority to submit requests on your behalf. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.  

You must include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to your request or provide you with Personal Information unless we first verify your identity or authority to make such a request and confirm that the Personal Information relates to you. We may also contact you to ask you for further information. Alternatively, we may refuse to comply with your request if it is unfounded. 

11. Cookies

Our Services use “cookies” to help personalise your online experience. For further information on Cookies, please read our Cookie Policy. 

12. Data Analytics

Our Services may use third-party analytics tools that use cookies, web beacons, or other similar information-gathering technologies to collect standard internet activity and usage information. The information gathered is used to compile statistical reports on User activity such as how often Users visit our Services, what pages they visit and for how long, etc. We use the information obtained from these analytics tools to monitor the performance and improve our Services. We do not use third party analytics tools to track or to collect any personally identifiable information of our Users and we will not associate any information gathered from the statistical reports with any individual User. 

13. Social Media Features

Our Services may include social media features, such as the Facebook and Twitter buttons (collectively, the “Social Media Features”). These Social Media Features may collect your IP address, what page you are visiting on our Services and may set a cookie to enable Social Media Features to function properly. Social Media Features are hosted either by the respective third party service providers or directly on our Services. Your interactions with the Social Media Features are governed by the privacy policy of the respective third party service providers. 

14. Email Marketing 

We offer electronic newsletters, blog posts and other marketing communication to which you may voluntarily subscribe for at any time. We will not disclose your Personal Information to any third parties except as set out in the above purposes, in accordance with Applicable Laws or for the purposes of utilising third party service providers to send such marketing communication. We will not use your Personal Information to send you marketing materials if you have requested not to receive them. If you request that we stop processing your Personal Information for marketing purposes, we will stop processing your Personal Information for those purposes. 

15. Push Notifications

To make sure push notifications reach the correct devices, we may use a third party service provider who relies on a device token unique to your device which is issued by the operating system of your device. If you wish to stop receiving push notifications, simply adjust your device settings accordingly. 

16. Links to Third Parties

The Services may contain links to third parties’ websites, platforms or applications. Any access to and use of such linked websites, platforms and applications are not governed by this Policy but is instead governed by the privacy and cookies policies applicable to those third party websites, platforms and applications. We are not responsible for the information security or privacy practices of such third party websites, platforms and applications. For example, our Website contains Social Media Features which may collect certain information, such as your IP address or the page you are visiting on our Site and we may set a cookie to enable the feature to function properly. 

We are not responsible for the content and policies of these other websites, platforms and applications and encourage you to read the third party privacy notices. Providing your Personal Information to any such third party websites, platforms or applications would be at your own risk.

17. Information Security

We have taken steps to ensure that your Personal Information is treated securely and in accordance with this Policy. In particular, to safeguard your Personal Information, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing. 

While we strive to protect your Personal Information to the extent required by the Applicable Laws, you acknowledge that (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and the Services cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. To the fullest extent permitted by applicable laws, we do not accept any liability for unauthorised use, disclosure or transfer of your Personal Information beyond our control.  

18. Data Breach

By using our Services or providing your Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your access and use of the Website and Services. If we discover a material data breach, we will notify you electronically by posting a notice on our Services, by mail, or by sending an email to you, only to the extent required under the Applicable Laws.  

We reserve the right to take reasonably appropriate measures, including but not limited to, investigation and reporting, as well as notification to and cooperation with the relevant government body or law enforcement authorities. Navozyme’s obligation to report or respond to a data breach under this Policy is not and will not be construed as an acknowledgement by Navozyme of any fault or liability of Navozyme with respect to such data breach. 

19. Changes and Amendments 

We reserve the right to modify, revise, update, change or amend this Policy at any time at our sole discretion. Your access and use of the Services will constitute your consent to this Policy and any modifications, revision, updates, changes or amendments made thereto from time to time. 

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your access and use of the Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes.  

20. Acceptance of this Policy  

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Services and submitting your Personal Information to us, you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, please do not access or use the Services. 

21. Contacting Us  

If you have any questions, feedback, or complaints regarding this Policy, or would like to exercise your rights as detailed in this Policy, please contact us using the details below: 

Attention: Data Protection Officer 

Email: dpo@navozyme.com 


We will address your questions, acknowledge your feedback and resolve your complaints in good faith, and make every reasonable effort to allow the exercise your rights within the timescales provided by applicable data protection laws.  

22. Conflict

In the event of any conflict between this Policy and any applicable data protection laws, the provisions of the applicable data protection law shall govern. 

This document was last updated on 1st of August, 2024