Privacy Policy

1. Introduction

KakehashiX ("we", "our", or "the Platform"), operated by VenturesLink Pte. Ltd., is committed to protecting your privacy. The platform name "Kakehashi" (架け橋) means "bridge" in Japanese, reflecting our mission to bridge talent between Indonesia and Japan. The Platform is currently operated from Singapore and is active in Indonesia, with planned expansion to Japan. Certain features (including Japanese Language Proficiency Test or "JLPT" credentials) are collected in anticipation of this Japan-bound matching.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We collect data to provide and improve our services, facilitate job matching between candidates and employers, and maintain the security of our platform.

Your use of KakehashiX is subject to this Privacy Policy. Where consent is required by applicable law, we will request consent for specific purposes, including the processing of sensitive or higher-risk personal data, profile sharing with employers, marketing communications, non-essential cookies, and international transfers where required. If you do not agree with this Privacy Policy, please do not access or use the Platform.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect personal information that you voluntarily provide, including but not limited to:

• Full name and email address
• Phone number and date of birth
• Nationality and current location
• Professional headline and biography
• JLPT certification level and certificates (collected to support our Japan-bound matching, which is forthcoming)

2.2 Profile Data

Depending on your account type, we may collect additional profile information:

• Candidates: Education history, work experience, skills, languages, resume/CV, profile photo, visa status, and salary expectations.
• Employers: Company name, industry, company size, registration number, contact details, company logo, and social media links.

2.3 Sensitive Personal Data

Some information we collect may be considered sensitive, specific, or higher-risk personal data depending on applicable law and the context in which it is processed. This may include visa or immigration status, identity-document data, biometric data contained in documents or photos where processed for identification, children's data if inadvertently collected, personal financial data, health data if ever provided, and other categories defined by applicable law. Information such as nationality and date of birth may not always be legally classified as sensitive data, but we handle it carefully because it can still create privacy or discrimination risks. We process such data only where necessary for Platform purposes, with explicit consent where required, and with heightened safeguards as described in Section 6.

2.4 Usage Data

We automatically collect certain information when you access the Platform, including your IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages, and other diagnostic data. This information helps us understand how our Platform is used and improve user experience.

2.5 Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our Platform and store certain information. These include session cookies for authentication, preference cookies for language and theme settings, and analytics cookies to understand usage patterns. See Section 10 for details and consent controls.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To create and manage your account, facilitate job matching, process applications, and enable communication between users.
• Communication: To send you account-related (transactional) notifications, job alerts, application updates, and platform announcements. Marketing communications are sent only with your separate consent and you may opt out at any time via the unsubscribe link in any marketing email or by emailing our DPO.
• Platform Improvement: To analyze usage patterns, identify trends, and improve the functionality and user experience of our Platform.
• Security: To detect, prevent, and address technical issues, fraud, and unauthorized access.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and platform or electronic-system obligations in the markets where KakehashiX operates.

4. Legal Basis for Processing

We process your personal data on one or more of the following lawful bases, in line with Indonesia's UU PDP, Singapore's Personal Data Protection Act 2012 ("PDPA"), and, where relevant, other applicable data protection laws:

• Consent: You have given consent to the processing of your personal data for one or more specific purposes (e.g., creating an account, applying for a job, receiving marketing communications).
• Performance of a Contract: Processing is necessary to provide you with the Platform services you have requested.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: Processing is necessary for our legitimate interests in operating, securing, and improving the Platform, provided these are not overridden by your rights and freedoms.

You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, contact our Data Protection Officer (see Section 15).

5. Automated Decision-Making and Job Matching

Our job matching uses a combination of automated ranking (based on factors such as skills, experience, location, language credentials, and visa eligibility) and human review by employers and our team. Automated matching does not produce legal or similarly significant effects without human review by the prospective employer. You have the right to request human review of any automated outcome that materially affects you, to express your point of view, and to contest the decision by contacting our Data Protection Officer.

Where our processing is likely to result in a high risk to individuals, including through automated matching, profiling, large-scale processing, use of sensitive or higher-risk data, or the adoption of new technology, we may conduct a data protection impact assessment or equivalent risk assessment and apply additional controls before launching or materially changing the feature.

6. Data Protection and Security

We take the security of your personal information seriously and use appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. Depending on the data type, system used, and risk level, safeguards may include encryption, access restrictions, monitoring, and additional controls for sensitive or higher-risk data, including:

• Email addresses and contact information
• Full names
• Phone numbers
• Dates of birth
• Nationality and visa status
• Resume/CV files and profile photos
• Salary expectations
• Identity-document numbers and JLPT certificates
• Employer contact details and company registration numbers

We use secure transmission protocols (TLS/SSL) for data in transit and encryption at rest where supported by our systems and service providers. Access to personal data is limited to authorized personnel and automated systems that require it to provide our services, under role-based access controls, audit logging, confidentiality obligations, and periodic access review. No method of transmission or storage is completely secure, but we continuously improve our safeguards as the Platform develops.

7. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share your information, such as when applying for a job (your profile is shared with the employer).
• Employers and Partner Organizations: When you apply for a job, respond to an opportunity, or choose to make your profile available, your information may be shared with employers or partner organizations. Once they receive your information, those organizations are responsible for handling it as independent data controllers or equivalent responsible parties under applicable law.
• Service Providers: With trusted third-party service providers who assist us in operating our Platform (such as cloud hosting, email delivery, and analytics providers), under written Data Processing Agreements (DPAs) that require equivalent protection of your data. A current list of our key sub-processors is available on request from our DPO.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify users in advance of any change in control affecting their personal data.
• Safety and Security: To protect the rights, property, or safety of KakehashiX, our users, or the public.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. An account is considered inactive after 24 consecutive months without login, after which we may notify you and proceed to delete or anonymize the account in accordance with this section.

If you request account deletion, we will delete or irreversibly anonymize your personal information within 30 days, except where we are required to retain certain data for legal, regulatory, tax, or dispute-resolution purposes.

Job application data is retained for 12 months after the position is closed. Usage data is retained in irreversibly anonymized form for up to 24 months for platform-improvement purposes; once anonymized, this data is no longer considered personal data.

9. Your Rights

Subject to applicable law (including Singapore PDPA and Indonesia UU PDP), you have the following rights regarding your personal information:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct any inaccurate or incomplete personal information.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
• Right to Restrict Processing: You may request that we limit the processing of your personal information in certain circumstances.
• Right to Object: You may object to the processing of your personal information for certain purposes, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of earlier processing.
• Right to Lodge a Complaint: You may complain to the relevant supervisory authority — the Personal Data Protection Commission (PDPC) of Singapore (www.pdpc.gov.sg) or the Ministry of Communication and Digital Affairs of the Republic of Indonesia (and, once established, the Indonesian Personal Data Protection Authority).

To exercise any of these rights, please contact our Data Protection Officer at jansen.tambunan@ventures-link.com. We will respond to your request within 30 days.

10. Cookies and Tracking

Our Platform uses the following types of cookies:

• Essential Cookies: Required for the Platform to function properly, including authentication and security cookies. These are set on the basis of legitimate interest and cannot be disabled without affecting Platform functionality.
• Preference Cookies: Store your language preference (English/Indonesian/Japanese) and theme settings (light/dark mode).
• Analytics Cookies: Help us understand how users interact with the Platform so we can improve functionality and user experience.

Non-essential cookies (preferences and analytics) are set only after you provide consent via our cookie banner on first visit. You may change your cookie preferences at any time through the cookie settings link in the Platform footer, or through your browser preferences.

11. International Data Transfers

KakehashiX is operated from Singapore by VenturesLink Pte. Ltd. and is currently active in Indonesia, with planned expansion to Japan. Your information may be transferred to and processed in Singapore, Indonesia, or other countries where our service providers are located.

We ensure that appropriate safeguards are in place for any cross-border transfer of personal data, in compliance with Singapore's PDPA and Indonesia's UU PDP. Where required, we rely on one or more of the following mechanisms: (i) your explicit consent to the transfer; (ii) the transfer being necessary for the performance of a contract with you; (iii) standard contractual clauses or equivalent contractual protections with the receiving party; or (iv) a determination that the destination country provides an adequate level of data protection. Upon launch of operations in Japan, or where transfers to or from Japan become applicable, we will additionally comply with Japan's Act on the Protection of Personal Information (APPI), including requirements relating to third-party transfers, outsourcing controls, records of provision, disclosure of foreign recipient information where required, and data subject requests.

12. Data Breach Notification

We maintain an internal incident-response procedure to detect, contain, and remediate personal-data breaches. In the event of a personal-data breach that is likely to result in a risk to your rights and interests, we will:

• Notify the relevant supervisory authority in accordance with applicable timelines. For Indonesia, we will notify the relevant authority within 3 × 24 hours / three calendar days as required. For Singapore, we will notify the PDPC as soon as practicable and no later than three calendar days after determining that the breach is notifiable.
• Notify affected data subjects without undue delay where the breach is likely to result in significant harm. Where required by applicable law, the notification will include the categories of personal data affected, when and how the breach occurred, likely consequences, and the measures taken or proposed to address and mitigate the breach.

13. Children's Privacy

KakehashiX is intended only for users who are at least 18 years old. We apply this 18-year threshold for product, consent, safeguarding, and employment-related risk-management reasons across all users of the Platform. We do not knowingly collect personal information from individuals under 18. Under Indonesia's UU PDP, individuals under 17 are treated as children whose personal data may only be processed with verifiable parental or guardian consent; we apply the more conservative 18-year threshold across all users of the Platform. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe that we may have collected information from a minor, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice, such as an email notification or an in-platform announcement, at least 14 days before the changes take effect. We encourage you to review this Privacy Policy periodically.

Language versions. A Bahasa Indonesia version of this Privacy Policy is also available. In the event of any inconsistency between the English and Bahasa Indonesia versions, the Bahasa Indonesia version shall prevail for users located in Indonesia.

15. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and with applicable data protection laws, including Singapore's PDPA and Indonesia's UU PDP. The DPO is the primary contact for any questions, concerns, or requests relating to your personal data.

• Data Protection Officer: Jansen Tambunan
• Email: jansen.tambunan@ventures-link.com

16. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

• General inquiries: kakehashi-x@ventures-link.com
• Data Protection Officer: jansen.tambunan@ventures-link.com
• Registered address: VenturesLink Pte. Ltd., 105 Cecil Street, #18-18, 069534 Singapore.

You may also visit our Contact page for additional ways to reach us.