Privacy policy overview
This policy describes how Virdara collects and uses personal data in connection with our professional upskilling and career advancement services. We collect only the information necessary to deliver courses, assess project submissions, administer cohorts and communicate course-related updates. Collected data may include contact details, professional background, course submissions and feedback. We retain records needed for course delivery and regulatory reporting and otherwise limit retention based on purpose. Where personal data is shared with third-party service providers (platform hosting, payment processors, or analytics providers), we assess their controls and limit access to what is necessary for service delivery. Individuals can request access to their personal data, corrections, or deletion as outlined below. Our processing is explained in more detail in the sections that follow. Effective date: 19-02-2026.
Definitions
In this policy, 'we', 'us' and 'Virdara' refer to the operator of the site and training services. 'Personal data' means any information relating to an identified or identifiable person. 'Processing' refers to collection, storage, use and sharing of data.
Data collection and categories
Virdara collects data in three main ways: data you provide directly, data automatically generated through platform use, and data received from partners. We explain each category and provide real-life examples and case scenarios showing how that data supports learning pathways, employer reporting (with consent) and administrative tasks.
Data you provide directly
When you sign up, enroll in courses, submit assignments or contact support, you provide data that enables course delivery, assessment and career services. Below are common examples and their purpose in practical cases.
- Identity and contact details: full name, email, phone number. Example case: an instructor reaches out to schedule a live coaching session based on the availability you supplied during registration.
- Professional and educational background: CV, current role, employer, certifications. Scenario: your submitted CV is used in a mock interview exercise to create realistic role-play content and tailored feedback.
- Payment and billing information: billing name, billing address, partial card details processed by our payment provider. Practical note: payment processors handle full card numbers; Virdara retains transactional receipts necessary for refunds and audits.
- Course interactions and assessments: assignment uploads, quiz answers, progress records, feedback forms. Case example: assessment results inform a recommended learning pathway presented in your learner dashboard.
- Communications and preferences: messages to support, consent choices, marketing preferences. Scenario: if you opt into job-alert emails, we will use those preferences to send relevant opportunities or employer webinar invitations.
- Employer or third-party referrals: contact details and role information when enrolling via a corporate training partner. Use case: when a company sponsors training, Virdara may share attendance records with the company contact for administrative reconciliation, based on agreed terms.
Data collected automatically
While using the platform we automatically collect technical and usage data to operate the service, analyze performance, and improve course experience. The items below include examples and scenarios illustrating how they support service quality and educational outcomes.
- Device and browser information: device type, operating system, browser version. Scenario: identifying a browser bug reported by a cohort during a live workshop and prioritizing fixes to maintain course delivery continuity.
- IP address and approximate location: used for fraud prevention, regional content configuration and managing access controls during live assessments.
- Usage data: pages visited, time spent on modules, clicks and navigation patterns. Example use: analyzing which case-study modules lead to better assessment outcomes and refining course materials accordingly.
- Cookies and similar technologies: session cookies to maintain login and preference cookies to remember language settings for recurring learners.
- Error and performance logs: crash reports and diagnostic data. Practical case: logs help our technical team reproduce and resolve an issue that prevented a cohort from submitting assignments.
- Interaction metadata from communications: timestamps and basic routing data for messages with support or mentors to ensure timely responses and training continuity.
Data obtained from third parties
Virdara may receive data about you from trusted third parties under specific scenarios such as corporate training procurement, employment verification, or social sign-on. We document those sources and the purposes for use with practical examples below.
- Payment processors and billing platforms: transaction confirmations, refund details. Example: a corporate purchaser's management team sends proof of payment and Virdara links it to the corporate learner roster.
- Corporate partners and employers: enrollment lists, employee identifiers and completion requirements for sponsored programs. Use case: an employer provides a list of employees for a cohort; Virdara uses that list to create accounts and report attendance as agreed.
- Authentication providers and social platforms: basic profile information when you use sign-in with a third-party account to speed up registration and reduce friction.
Purposes of processing
We use collected data to operate Virdara and to support learning outcomes, administrative needs and legal obligations. Below are typical purposes presented with scenario-based examples showing how data is applied.
- Course delivery and learning management: to register learners, grant access to content, store progress and issue certificates. Example: storing module completion records to generate a final certificate for a learner.
- Personalization and recommendations: to tailor course suggestions, mentorship pairings and study resources based on prior assessments and profile data.
- Billing, invoicing and fraud prevention: to process payments, issue receipts and detect suspicious transactions in coordination with payment partners.
- Customer support and communications: to respond to inquiries, schedule coaching sessions and coordinate cohort logistics with practical case references.
- Research and course improvement: to analyze anonymized usage data and case study outcomes to refine curriculum and teaching methods.
- Compliance and legal obligations: to meet regulatory requirements and respond to lawful requests from authorities when necessary.
- Security and platform integrity: to detect and mitigate abuse, maintain secure access to assessments and protect user accounts.
- Employer reporting and third-party coordination: to share agreed completion and attendance data with corporate clients or accrediting bodies as part of an agreed training engagement.
Legal basis for processing
Where applicable, we rely on recognized legal bases to process personal data. For transparent understanding we outline common bases and practical examples of when each applies in Virdara's operations.
- Performance of a contract: processing necessary to provide services you requested, such as enrolling you in a course and delivering content and assessments.
- Consent: where you have expressly agreed (for example, marketing emails or optional research participation). You can withdraw consent at any time without affecting prior processing.
- Legal obligation: processing required to comply with laws, for example taxation records related to payments and refunds for corporate engagements.
- Legitimate interests: limited uses where Virdara has a legitimate operational need, such as improving the platform through analytics, provided your interests are respected and we apply safeguards.
Compliance and cross-border transfers
Although Virdara operates in Singapore under local data protection rules, we aim to follow recognized privacy practices. If GDPR rights are relevant to you, the items below summarize common rights and how they apply in practical cases.
- Right of access: you may request confirmation of the personal data we hold and receive a copy. Example: a learner requests their assessment records to share with a new employer.
- Right to rectification: incorrect or incomplete data can be corrected. Scenario: updating a misspelled name on a certificate prior to issuance.
- Right to erasure: you may request deletion of personal data where there is no overriding legal basis to retain it. Case: removing a marketing contact from our lists on request.
- Right to restriction of processing: you may request processing limitations where you contest accuracy or object to certain uses while matters are resolved.
- Right to data portability: where technically feasible we provide a structured, commonly used format of the personal data you provided, for example course completion and profile data for transfer to another provider.
- Right to object: you may object to processing based on legitimate interests or for direct marketing; Virdara will assess and respect those requests consistent with applicable law.
When we share data
Virdara shares personal data only in limited circumstances required to operate services or fulfil contractual obligations. Below are typical recipients and scenario-based reasons for sharing data.
- Payment and billing providers: to process course fees, issue refunds, and reconcile transactions for corporate arrangements.
- Cloud hosting and technical service providers: to store course content, backups and platform logs necessary to deliver uninterrupted training experiences.
- Corporate training clients and employers: to report attendance and completion for sponsored learners, according to contractual terms and with appropriate safeguards.
- Analytics and research partners: to analyze anonymized or pseudonymized data for curriculum improvement and impact assessment of case-study modules.
- Accreditation bodies and assessment partners: to verify results and issue recognized credentials where learners have enrolled in accredited programs.
- Legal and regulatory authorities: where required by law or to respond to valid legal requests relating to contribute or compliance matters.
International transfers
Virdara is based in Singapore (West Coast Road, Singapore, 127385) and primarily processes data within Singapore. However, for hosting, backups and third-party services we may transfer data to processors in other countries. Transfers are limited to partners who meet appropriate safeguards.
When transferring data outside Singapore, Virdara uses safeguards such as contractual clauses, technical protections (encryption, pseudonymization) and selecting providers with recognized security practices. Practical example: learner progress data stored in a regional cloud is encrypted and accessible only to authorized platform administrators for support and reporting.
Data retention
We retain personal data only as long as necessary for the purposes described, to meet contractual or legal obligations, or to support legitimate business needs such as fraud prevention and audit. Below are typical retention periods and scenarios.
Account information and profile data are retained for the duration of your active relationship with Virdara and for a further period needed for administrative purposes, typically up to 7 years for corporate records related to invoicing and audits relevant to training engagements.
Communications with support, mentors and instructors are retained for as long as necessary to resolve service issues and for quality assurance; routinely reviewed and archived according to operational needs.
System logs, access records and diagnostic data are retained for security, troubleshooting and compliance. Retention balances operational necessity with privacy and logs are periodically purged or aggregated where feasible.
When retention periods expire or upon valid deletion requests, Virdara will securely delete or anonymize personal data except where legal obligations require continued retention. Example: anonymized training outcome data may be kept for research and course improvement after personal identifiers are removed.
Security of your data
Virdara implements technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure or destruction. Security practices are selected to match the sensitivity of the data and the risks involved, with real-world scenarios in mind such as protecting assessment integrity during live sessions.
- Encryption in transit and at rest to protect data platform during course delivery and stored on our systems.
- Role-based access controls and authentication measures to limit access to personal data to authorized staff and instructors.
- Regular security reviews, penetration testing, staff training and incident response planning to address potential threats and maintain continuity of learning services.
Your rights
You have rights regarding your personal data and how it is processed by Virdara. We describe these rights with example scenarios so you understand how to exercise them and what to expect.
- Access: request copies of personal data we hold, for example your course completion history to include in a professional collection.
- Rectification: ask us to correct inaccurate data, such as correcting a misspelled name on a certificate before issuance.
- Deletion: request erasure of data where retention is no longer justified and there are no overriding legal obligations.
- Restriction: request limitation of processing while accuracy is contested or while we assess an objection to processing based on legitimate interests.
- Data portability: request a structured export of data you provided, for example transferring profile and completion data to another learning platform where technically feasible.
- Object: object to processing based on legitimate interests or to direct marketing; Virdara will assess and respect valid objections consistent with applicable laws.
- Withdraw consent: where processing is based on consent (for example marketing communications), you can withdraw consent at any time without affecting prior processing.
- Complaint: lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been infringed; Virdara will cooperate with inquiries and provide information about actions taken.
How to make a rights request
To exercise your rights, contact our Data Protection contact at [email protected] or send a written request to Virdara, West Coast Road, Singapore, 127385. Include sufficient details to identify you and specify the request type (e.g., access, correction, deletion). For corporate account requests, include your company and Business ID: S4118973A to help us validate the request in a practical case scenario.
We aim to acknowledge rights requests within 5 business days and to respond substantively within 30 calendar days. For complex requests or where legal review is required, we will inform you of any necessary extension and the reason, using scenario-based updates so you know expected timelines.
Marketing communications
Virdara may send informational and promotional communications about courses, case-study webinars, employer panels and relevant events where you have opted in. Messages are tailored using anonymized patterns and explicit preferences to keep content practical and relevant for career advancement scenarios.
You may opt out of marketing emails at any time by clicking the unsubscribe link in the email or updating preferences in your account. For corporate cohort communications, contact your designated training coordinator or [email protected] to adjust communication preferences.
Children and Learners Under 18
Virdara is committed to protecting the privacy of younger learners. Our services are designed primarily for adult professionals. If we collect personal data that appears to belong to an individual under 18, we take steps to obtain verifiable parental or guardian consent before processing where required by applicable law. Case example: when a university student under 18 enrolls in a professional workshop, our admissions team requests parental confirmation and limits account functionality until consent is verified.
Links to Third-Party Sites
Virdara may include links to partner platforms, industry tools and third-party resources for practical case work and scenario-based exercises. These links are provided to support learning outcomes and are not under our control. Before linking, we evaluate partners for reputational fit and educational relevance. Example scenario: a course on product analytics may link to a vendor sandbox for hands-on exercises; learners use the sandbox under the vendor's terms and any data collected there is subject to that vendor's policies.
Changes to This Privacy Policy
We review our privacy practices periodically to reflect new services, legal requirements and operational improvements. When material changes are made, Virdara will post an updated policy and an effective date. For changes that affect ongoing program participants, we provide notice and, when required, an opportunity to consent. Practical case: a change in data retention for assessment records was communicated to active cohorts with clear instructions on opting out of future data sharing.