1. Introduction
Virtual Vision Ltd (“Virtual Vision”, “we”, “us”, or “our”) is a technology company incorporated in Singapore that delivers crypto-infrastructure, exchange-platform, and fintech software solutions to institutional and enterprise clients worldwide. We operate this website (virtualvisionltd.com) and associated services (collectively, the “Services”). This Privacy Policy explains what personal data we collect, why we collect it, how we process it, with whom we share it, and what rights you have in relation to it. It applies to all visitors to our website, prospective clients, existing clients, job applicants, and any other individuals who interact with us. By accessing or using our Services you acknowledge that you have read and understood this policy. If you do not agree with its terms, please discontinue use of our Services.
2. Information We Collect
We collect personal data through several channels. Contact and inquiry data includes your name, job title, company name, business email address, telephone number, and the content of any message you send us via our contact form or directly by email. Account and onboarding data collected during client on-boarding may include company registration details, beneficial-ownership information, and identity-verification documents required by law. Usage and analytics data is collected automatically when you visit our website and includes IP address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, and clickstream data. We collect this using server logs and privacy-respecting analytics tooling. Communication data includes records of our email and telephone correspondence with you for purposes of quality assurance and legal compliance. Marketing preferences such as whether you have opted in to receive newsletters, product updates, or event invitations. Recruitment data submitted by job applicants, including CVs, cover letters, educational and professional history, and references. We do not knowingly collect sensitive personal data (such as health, biometric, or political information) through our standard website interactions.
3. How We Use Information
We use your personal data for the following purposes: to respond to inquiries, sales requests, and support tickets you submit to us; to deliver, operate, and improve our Services under a contractual or pre-contractual relationship; to carry out identity and compliance checks as required by applicable anti-money-laundering and know-your-customer regulations; to send you product updates, technical notices, security alerts, and administrative messages related to your account; to send you marketing communications where you have given us consent or where we have a legitimate interest and you have not opted out; to analyse how our website and Services are used so we can improve them; to evaluate job applications and conduct recruitment processes; to comply with legal obligations including tax records, audit trails, and regulatory reporting; and to protect the security and integrity of our platform, detect and prevent fraud, and enforce our terms of service.
4. Legal Bases (GDPR)
For individuals located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with similar data-protection legislation, we rely on the following legal bases under Article 6 of the General Data Protection Regulation (GDPR). Contract: processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract, for example when fulfilling a service agreement or responding to a procurement inquiry. Legal obligation: processing is necessary to comply with a legal obligation to which we are subject, such as AML/KYC screening, tax reporting, or responding to lawful requests from regulatory authorities. Legitimate interests: processing is necessary for our legitimate interests, including operating and improving our Services, preventing fraud, maintaining network security, and conducting direct marketing to business contacts where those interests are not overridden by your rights. We carry out a balancing test before relying on this basis. Consent: where we ask for your consent, for example to send you newsletters or place non-essential cookies, you may withdraw that consent at any time by contacting us or using the cookie preference centre. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
5. Cookies & Tracking
We use cookies and similar tracking technologies to operate our website and understand how it is used. Strictly necessary cookies are essential for the website to function and cannot be disabled in our systems. They are usually set in response to actions you take such as setting privacy preferences or filling in forms. Analytics cookies help us count visits and understand traffic sources so we can measure and improve site performance. We use privacy-respecting analytics that anonymise IP addresses and do not sell your data. Marketing cookies may be set by our advertising partners to build a profile of your interests. We do not currently run retargeting campaigns, but if we do so in future we will update this section accordingly. You can control cookie preferences through the cookie banner displayed on your first visit, or at any time via the Cookie Preferences link in the footer. You can also control cookies through your browser settings; note that disabling all cookies may affect site functionality.
6. Data Sharing & Processors
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances. Service providers and sub-processors: we engage carefully selected third-party service providers to operate parts of our infrastructure, including cloud hosting providers (currently AWS and Google Cloud), email delivery platforms, analytics services, and customer-relationship management software. Each sub-processor is bound by a data-processing agreement that requires them to protect your data to at least the standard set out in this policy. Compliance and legal: we may disclose personal data to law-enforcement agencies, regulators, or courts where required by law, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Virtual Vision, our clients, or the public. Corporate transactions: if Virtual Vision is involved in a merger, acquisition, or sale of all or a portion of its assets, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal data becomes subject to a different privacy policy. Professional advisors: we may share limited data with our legal counsel, auditors, and insurers under obligations of confidentiality.
7. International Transfers
Virtual Vision operates globally with offices in Singapore, Hong Kong, and Dubai, and our cloud infrastructure spans multiple regions. Your personal data may therefore be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data-protection as your home jurisdiction. Where we transfer personal data from the EEA or UK to countries not recognised as providing an adequate level of data protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or binding corporate rules. Singapore is not currently recognised as adequate by the European Commission; transfers to Singapore therefore rely on SCCs supplemented by a transfer impact assessment. If you would like a copy of the safeguards in place, please contact us using the details in the Contact section below.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law. Inquiry and marketing data is retained for up to 3 years from the date of last meaningful contact. Client data collected during on-boarding and service delivery is retained for the duration of the contractual relationship plus 7 years, in line with Singapore and international financial-records retention requirements. Analytics data is retained in aggregated, anonymised form indefinitely; identifiable session data is deleted after 13 months. Recruitment data for unsuccessful applicants is retained for 12 months following the close of the relevant recruitment process, after which it is securely deleted. You may request earlier deletion of your data subject to applicable legal retention obligations; see Your Rights below.
9. Your Rights
Depending on your location you may have the following rights regarding your personal data. Right of access: you may request a copy of the personal data we hold about you. Right to rectification: if any data we hold is inaccurate or incomplete you may ask us to correct it. Right to erasure (‘right to be forgotten’): you may ask us to delete your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where there is no overriding legitimate reason to retain it. Right to restrict processing: you may ask us to suspend processing of your data in certain circumstances, for example while you contest its accuracy. Right to data portability: where processing is based on consent or contract and is carried out by automated means, you may request that we transmit your data to you or to another controller in a structured, machine-readable format. Right to object: you may object to processing based on legitimate interests or direct marketing at any time. Right not to be subject to automated decision-making: we do not make decisions about you solely by automated means that have legal or similarly significant effects. To exercise any of these rights, please submit a written request to [email protected]. We will respond within 30 days (EEA/UK: within 1 calendar month as required by GDPR). We may need to verify your identity before processing your request. You also have the right to lodge a complaint with your local data-protection supervisory authority.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our security programme includes TLS encryption in transit and AES-256 encryption at rest for all personal data; role-based access controls and the principle of least privilege across our systems; multi-factor authentication for all internal tooling that handles personal data; regular penetration testing and vulnerability assessments conducted by independent third parties; an information-security management system aligned with ISO 27001; and an incident-response plan that includes procedures for notifying affected individuals and regulators of personal-data breaches within legally required timeframes. No method of transmission over the internet or electronic storage is completely secure; while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
11. Privacy of Minors
Our Services are directed exclusively to businesses and business professionals. They are not intended for, and we do not knowingly collect personal data from, individuals under the age of 18. If you believe that a minor has provided us with personal data without appropriate consent, please contact us immediately at [email protected] and we will take prompt steps to delete that information from our systems.
12. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify you by email or by placing a prominent notice on our website. Your continued use of our Services after any changes become effective constitutes your acceptance of the revised policy. We encourage you to review this page periodically to stay informed about how we protect your information.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data-processing activities, please contact our Data Protection team. For privacy and data-subject rights requests: [email protected]. For general inquiries: [email protected]. Virtual Vision Ltd, 1 Raffles Place, #20-61 One Raffles Place, Singapore 048616. We will acknowledge your request within 3 business days and aim to resolve all matters within 30 days. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant data-protection supervisory authority in your jurisdiction.
