Barracuda Privacy Mapping: Singapore
This guide is not legal advice, does not provide contractual guarantees, and should not be interpreted as a statement on Barracuda’s compliance with specific privacy laws. Customers should obtain advice from their own attorney.
This guide is designed to help Customers map Barracuda’s Privacy Documentation to the relevant requirements under Singapore’s Personal Data Protection Act (PDPA). Customers may use this guide to streamline internal assessments, validate regulatory alignment, and better understand how Barracuda’s security, privacy, and data-processing practices support customer efforts to comply with the PDPA. Please send questions to privacy@barracuda.com.
| PDPA Requirement | Barracuda Privacy Documentation |
|---|---|
|
Notice and Consent (Division 1 of Part 4)
|
Barracuda provides a privacy notice, a global data processing addendum, and obtains necessary processing consent. See Barracuda’s Privacy Notice, Barracuda’s Global DPA (Sec. 1), and Barracuda’s Legal Homepage.
|
|
Processing Purpose Limitations (Division 2 of Part 4)
|
Barracuda outlines the types of data collected, the purpose of use, and limits processing to what is necessary for achieving the specified uses. See Barracuda’s Privacy Notice (Sec. 1 and 2) and Barracuda’s Global DPA (Sec. 1 and Attachment 1).
|
|
Accuracy, Access, Portability, and Correction Obligations (Parts 5 and 6)
|
Barracuda supports Data Subject’s Rights Requests (e.g. Access, deletion, correction). See Barracuda’s Privacy Notice (Sec. 6) and Barracuda’s Global DPA (Sec. 5).
|
|
Processor Obligations
|
Sub-processors are bound by substantially similar compliance requirements and can only process data under documented instructions. See Barracuda’s Global DPA (Sec. 4).
|
|
Protection Obligation – Security (Part 6)
|
Barracuda has robust security safeguards in place to protect data. ISO and SOC2 Type II Certifications are available on the Trust Center. See Security Certifications.
|
|
Data Breach Notification Obligation (Part 6A)
|
Barracuda’s incident response practices align with the local notification obligations and timeframes. See Barracuda’s Global DPA (Sec. 6).
|
|
Data Transfers from Singapore (Part 6)
|
Barracuda uses contractual safeguards for cross-border transfers. See Barracuda’s Privacy Notice (Sec. 7), Barracuda’s Global DPA (Sec. 10 and Attachment A, Exhibit 1) and Barracuda’s Product Guides.
|
