Data Protection Notice

How we handle personal data under Singapore’s Personal Data Protection Act (PDPA)

1. About this notice

This notice explains how [Firm Name](“we”, “us”) collects, uses, discloses and protects personal data in this corporate-secretarial system, in accordance with the PDPA. It applies to personal data of company officers, directors, shareholders, beneficial owners, and our clients and their contacts.

2. Personal data we collect

  • Identity data: full name, NRIC/FIN/passport number, nationality, date of birth
  • Contact data: residential / correspondence addresses, email, phone
  • Corporate role data: directorships, shareholdings, beneficial ownership
  • Due-diligence data: KYC/CDD records, screening and risk-assessment results

3. Purposes & legal basis

We collect and use this data to provide corporate-secretarial services — incorporation and statutory filings with ACRA, maintaining statutory registers, and meeting our anti-money-laundering (AML/CFT) and customer due-diligence obligations. Collection of NRIC/FIN numbers is limited to where it is required by law or necessary to verify identity to a high degree of fidelity, consistent with the PDPC’s Advisory Guidelines on the NRIC.

4. Disclosure

We disclose personal data only as needed for the above purposes or as required by law — for example to ACRA, regulators, or law-enforcement authorities. We do not sell personal data.

5. Protection & retention

  • Access requires authentication; all data is gated behind sign-in.
  • Encrypted in transit (HTTPS / TLS) and at rest (managed database).
  • NRIC/FIN numbers are masked in the interface, revealing only the last few characters.
  • Changes are recorded in an audit log for accountability.
  • Data is retained only as long as necessary for the purposes above or to meet legal retention requirements, then securely disposed of.

6. Overseas transfer

Personal data is hosted with infrastructure providers that may process data in or outside Singapore. Where data is transferred overseas, we take reasonable steps to ensure a standard of protection comparable to the PDPA. [Confirm hosting regions with the DPO.]

7. Your rights

You may request access to, or correction of, your personal data, or withdraw consent (subject to legal/contractual restrictions). To do so, contact our Data Protection Officer.

8. Data Protection Officer

[DPO Name] · [[email protected]] · [contact number]

This notice may be updated from time to time. Last updated: [date].

← Back to sign in