Skip to content

📢 We’re opening pilot programs in India & Sri Lanka, beyond ASEAN.

Privacy Policy

Effective: 2025-01-01 · v1.1

This Privacy Policy explains how Greenleaf Assurance (“Greenleaf”, “we”, “us”) collects, uses, discloses, and protects personal information when you use our websites (the “Sites”) or engage our advisory, training, audit support, inspection, and related services (the “Services”). By using the Sites or Services, you agree to this Policy. For terms governing your engagement with us, see our Terms of Service.

1. Who we are & scope

This Policy applies to Greenleaf entities operating under the Greenleaf Assurance brand, including Greenleaf Assurance Global Pte. Ltd. (Singapore HQ) and affiliated regional entities as identified in your statement of work (SOW) or invoice. It covers personal information we process via the Sites and in the course of delivering the Services.

2. Information we collect

  • Account & contact data: name, job title, company, email, phone, billing details, addresses, and preferences provided via forms (e.g., Contact, Apply).
  • Engagement data: statements of work, proposals, purchase orders, audit scopes, site information, training enrollments, deliverables, approvals, and communications.
  • Evidence & submissions (Services): documents you share for reviews or assessments (policies, payroll/timesheets, training records, CAPA evidence, photos) which may contain personal data.
  • Usage & device data: IP address, browser type, device identifiers, pages viewed, timestamps, referrers, and general analytics generated when you visit the Sites.
  • Cookies & similar technologies: functional and analytics cookies and local storage used to keep sessions, remember preferences, and analyze traffic. See Cookies.
  • Recruitment data: CVs, LinkedIn profiles, application answers, interview notes, and background information you provide when applying for roles or projects.
  • Sensitive information: We do not seek to collect special categories of data. If a Service requires limited processing (e.g., worker interviews), we apply appropriate safeguards and minimize collection.

3. How we use personal information

  • Provide, administer, and improve the Sites and Services.
  • Respond to inquiries; prepare proposals and SOWs; manage projects and deliverables.
  • Verify identities for secure access; maintain logs for security and compliance.
  • Conduct assessments, prepare reports, manage CAPA workflows, and track closures.
  • Process payments and accounting; send transactional notices and service updates.
  • Recruitment and talent matching for client assignments.
  • Operate analytics to understand aggregate usage and improve user experience.
  • Comply with legal obligations and enforce our Terms of Service.

5. How we share information

  • Service providers & partners: vetted vendors (e.g., secure hosting, email, analytics, ticketing), and project partners/subcontractors engaged under confidentiality and data-protection obligations.
  • Client-directed disclosures: where a client instructs disclosure to buyers, certification bodies, or regulators as part of a normal compliance workflow.
  • Legal & compliance: to comply with law, protect rights, safety, and security, or respond to lawful requests from authorities.
  • Business transactions: in connection with a merger, acquisition, financing, or transfer of assets, subject to appropriate safeguards.

A data processing addendum (DPA) can be executed upon request where we act as a processor.

6. International transfers

We operate regionally and may transfer personal data across borders. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and limit access to personnel with a need to know.

7. Data retention

We retain personal information only as long as needed for the purposes described above, to perform a contract, to comply with legal obligations, or to resolve disputes. Engagement records and working papers may be kept for customary audit and legal timeframes.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is completely secure; we continuously improve our controls and vendor due diligence.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You may also have the right to lodge a complaint with your data protection authority. To exercise rights, contact us at privacy@greenleafassurance.com. We will verify your request and respond within applicable timeframes.

10. Cookies & similar technologies

We use necessary cookies for core functionality and analytics cookies to understand aggregate usage. You can manage cookies through your browser settings. Where required, we obtain consent for non-essential cookies.

11. Children’s privacy

Our Sites and Services are not directed to children and we do not knowingly collect personal information from individuals under the age required by local law. If you believe a child has provided personal information to us, please contact us so we can delete it.

12. Changes to this Policy

We may update this Policy periodically. The latest version will be posted on this page with an updated effective date. Material changes will be indicated in-line or via reasonable notice.

13. Contact

Privacy questions or requests: privacy@greenleafassurance.com

  • Singapore HQ: Greenleaf Assurance Global Pte. Ltd., 68 Circular Road, #02-01, Singapore 049422
    📞 +65 9711 7826 · ✉️ hq@greenleafassurance.com
  • Cambodia: 18/F Canadia Bank Tower, No.315 Monivong Blvd, Phnom Penh, Cambodia

For commercial terms, see our Terms of Service. For cancellations, see Refund & Cancellation Policy.