Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the contributor relationship between you and Nexscient Pte Ltd.. Ltd. and supplements the Privacy Policy. It governs the processing of your personal data in compliance with GDPR Article 28, the Singapore PDPA, and applicable data protection law.
1. Parties and roles
- Data Controller: Nexscient Pte Ltd.. Ltd., Singapore — determines the purposes and means of processing your personal data.
- Data Processor: Flipside Digital Content Company, Inc. ("Flipside AI") — processes personal data on behalf of Nexscient Labs under a separate Controller-Processor agreement.
- Data Subject: You, the Contributor or applicant.
2. Subject matter and nature of processing
Nexscient Labs processes your personal data for the purposes of: contributor onboarding and identity verification; Project assignment and management; quality control review of Submissions; fraud prevention and dataset integrity; payment processing and financial compliance; and platform operation and improvement.
3. Categories of personal data processed
As detailed in the Privacy Policy: identity and contact data; financial and payment data; technical and device data; environment profile data; video Submissions and associated metadata; and qualification and review data.
4. Sub-processors
Nexscient Labs engages the following categories of sub-processors:
- Flipside AI — contributor programme operations and QC management
- Cloud infrastructure providers — hosting, storage, and database services (details available on request)
- Payment processors — Wise, PayPal, GCash, Maya, and SWIFT banking network as applicable to your chosen method
- Communication services — email delivery and notification services
All sub-processors are bound by data processing terms no less protective than this DPA. We will notify you of material changes to our sub-processor list at least 14 days in advance.
5. International transfers
Your personal data may be transferred to Singapore and other jurisdictions as described in the Privacy Policy. For EEA/UK data subjects, transfers are made under Standard Contractual Clauses (SCCs) adopted by the European Commission (Commission Decision 2021/914). For Singapore residents, transfers comply with the PDPA's cross-border transfer framework. You may request a copy of the applicable transfer mechanism by contacting privacy@taskalpha.io.
6. Security measures
Nexscient Labs and Flipside AI implement the following technical and organisational measures (TOMs):
- Encryption of personal data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent)
- Access controls based on the principle of least privilege
- Multi-factor authentication for platform access by staff
- Audit logging of access to personal data
- Regular security assessments and penetration testing
- Incident response procedures and breach notification processes
- Staff training on data protection obligations
7. Data subject rights
To exercise your rights under GDPR, PDPA, or applicable local law — including rights of access, rectification, erasure, restriction, portability, and objection — contact: privacy@taskalpha.io. We will acknowledge requests within 72 hours and respond in full within 30 days (extendable by a further 60 days for complex requests, with notice).
8. Breach notification
In the event of a personal data breach, Nexscient Labs will: notify relevant supervisory authorities within 72 hours where required under GDPR Article 33; notify affected data subjects without undue delay where the breach poses a high risk to rights and freedoms; document all breaches in an internal breach register.
9. Retention and deletion
Data is retained as specified in the Privacy Policy Section 8. Upon expiry of the retention period, or upon verified request for erasure, personal data is securely deleted or anonymised. Backups are purged on the same schedule as primary data.
10. Contact
privacy@taskalpha.io · Nexscient Pte Ltd.. Ltd. · Singapore