Our GDPR Commitment
We’re committed to helping you and your organisation understand and, where applicable, comply with the General Data Protection Regulation (GDPR).
The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018. In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations located.
Our team has adapted our Services, operations and contractual commitments to help our Members comply with the GSPR regulation. We (who processes data on our Members’ behalf) has implemented the measures below to reflect that commitment.
1. What is the GDPR?
The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018.
The GDPR replaces the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU. In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations located.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
2. Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals.
The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
Does the GDPR apply to my organisation?
Yes, if your organisation is processing the personal data of EU individuals when using L10 Services.
Security
We use cookies and similar technologies to make your interactions with our Services faster and more secure.
For example, we use cookies to enable and support our security features, keep your account safe, and help us detect malicious activity and violations of our User Agreement.
3. What is L10 role under GDPR?
We act as both a data processor and a data controller under the GDPR.
L10 as a Data Controller: TeamCulture.ai Limited (operating as "L10") will be the controller of your personal data provided to, collected by, or processed in connection with our Services. We collect EU customer information, such as names and contact details, to provide our products, services, and timely customer support.
L10 as a Data Processor: When customers use our products and services to process EU personal data, we act as a data processor. In this role, we comply with our customers’ instructions and the legal obligations that apply directly to processors under the GDPR.
4. What have we done to comply with GDPR?
L10 Services are designed to help your organisation meet the GDPR requirements
We conducted an extensive analysis of our operations to ensure compliance with the requirements of the GDPR before it went into effect. We reviewed our products and services, customer terms, privacy notices and arrangements for compliance with the GDPR. Our focus on privacy and compliance efforts are ongoing.
GDPR Contractual Requirements
We are committed to support your organisation to meet the GDPR contractual requirements.
We offer a Data Processing Agreement that supplements the User Agreement, as GDPR compliance requires data controllers to sign a Data Processing Agreement with any parties that act as data processors on their behalf. Please have an authorised individual to request for a Data Processing Agreement here.

Here are some of the measures that we has put in place to reflect that commitment:

  1. L10 will prevent unauthorised access to your employees’ personal data and never use your employees’ personal data other than as instructed by you or the employees;
  2. L10 will continue to improve its security infrastructures and maintain appropriate security measures to protect your employees’ personal information; and
  3. L10 will assist you with requests from your employees regarding their personal information that is processed using our Services.
Organisational Security
We are committed to protect and prevent unauthorised access to your employees’ personal data.
We take exhaustive steps to identify and mitigate risks, implement best practices, and constantly develop ways to maintain and improve our infrastructure and measures.

Here are some of the measures that we has put in place to reflect that commitment:

  1. L10 Services are hosted on Amazon Web Services (AWS), a leading cloud service provider with SOC 3 compliance, with our secure data centers located in Singapore and the United Kingdom. See here for more details.
  2. L10 ensures that, to the extent possible, your employees’ personal data is pseudonymised;
  3. L10 can restore the availability and access to your employees’ personal data in a timely manner in the event of a technical or security incident; and
  4. L10 is putting in place a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures to ensure the security of your employees’ personal data.
For more details regarding L10’s commitment to invest in its security infrastructures, we invite you to read our Security page.
International Data Transfer
We committed to ensuring that all transfers of your employees’ personal data are and will be in compliance with the required international data transfer standards.
L10’s Services are hosted in data centres located in Singapore and the United Kingdom. In certain circumstances, we will process personal data that originates from the EU and other countries in the United States to provide our services to you. However, your employees’ personal data on our servers will remain within the region where you choose to host such data, unless we inform you otherwise.
For more details regarding L10’s commitment to invest in its security infrastructures, we invite you to read our Security page.
5. What is the L10 Data Processing Agreement (“DPA”)?
Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR.
As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services. Please have an authorised individual to request for a Data Processing Agreement here.
Am I required to sign the L10 DPA?
In order to use our products and services, you need to accept our DPA, which you can request here. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.
Can I share the L10 DPA with my customers?
Yes. The DPA is a publicly available document and you may feel free to do so if you wish to share it with your customers to confirm our security measures and other terms.
Do I need to notify anyone upon accepting our DPA?
No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.
Are there unique DPA needs for individual countries?
The GDPR applies to all of the EU and we offer a DPA that is compliant in all EU countries.