Privacy Policy

1. Introduction

Cempaka Partners ("we", "us", "our") is committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore and its amendments. This Privacy Policy describes the categories of personal data we collect, the purposes for which we use that data, how we protect it, and the rights available to individuals in relation to their data.

This policy applies to personal data collected through our website at cempakavrep.biz and through our service engagement activities. If you have questions about this policy or about the handling of your personal data, please contact us at [email protected].

2. Personal Data We Collect

We collect the following categories of personal data:

Data You Provide to Us

• Your name and contact details (email address, phone number) when you submit an enquiry through our website contact form
• Your organisation name and role, where provided
• The content of messages you send to us via our website form or by email
• Any additional information you choose to share during communications or service engagements

Data Collected Automatically

• Browser type, operating system, and device information
• Pages visited, time spent on pages, and navigation patterns
• IP address and approximate location data derived from IP
• Referring website or search query that led you to our site
• Cookie data — see our Cookie Policy for details

Legal Basis for Processing

• Consent: Where you have provided explicit consent, such as by submitting the website contact form after reading this policy
• Contractual necessity: Where processing is necessary to carry out a service engagement
• Legitimate interests: Where we have a legitimate business interest, such as improving our website and understanding how visitors use it

3. How We Use Personal Data

• To respond to enquiries submitted through our website or by email
• To assess whether our services are appropriate for your organisation's needs
• To carry out service engagements where a formal arrangement has been established
• To send information about our services where you have consented to receive such communications
• To improve the content and functionality of our website using aggregated analytics data
• To comply with applicable legal and regulatory requirements

We do not sell personal data to third parties. We do not use personal data collected through our website for automated decision-making or profiling in ways that produce legal or similarly significant effects.

4. Data Retention

We retain personal data for as long as is reasonably necessary for the purposes for which it was collected, subject to applicable legal and regulatory retention requirements.

• Enquiry data: Retained for 12 months from the date of last contact, unless a service engagement is established
• Service engagement data: Retained for 7 years from the completion of the engagement, in accordance with standard professional records retention practice
• Analytics data: Retained for up to 26 months in aggregated form

On expiry of the applicable retention period, personal data is securely deleted or anonymised.

5. Data Sharing

We do not share personal data with third parties except in the following circumstances:

• Service providers: We use third-party services for website hosting, analytics, and email delivery. These providers process data on our behalf and are subject to appropriate data processing arrangements
• Legal compliance: Where disclosure is required by Singapore law, a court order, or a regulatory authority
• Professional advisers: Where necessary for legal, accounting, or audit purposes, subject to confidentiality obligations

We do not transfer personal data outside Singapore except where necessary and subject to appropriate safeguards in accordance with the PDPA's data transfer obligations.

6. Data Protection Measures

• Website data is transmitted over encrypted HTTPS connections
• Access to personal data is restricted to individuals who require it for their role
• We maintain documented data breach response procedures
• We review and update our security practices periodically
• Staff handling personal data receive guidance on data protection obligations

In the event of a personal data breach that meets the mandatory notification threshold under the PDPA, we will notify the Personal Data Protection Commission (PDPC) within the required timeframe, and will notify affected individuals where required.

7. Cookies

Our website uses cookies to understand how visitors use the site and to maintain basic functionality. Please refer to our Cookie Policy for a full description of the cookies we use, their purpose, and how to manage your preferences.

8. Your Rights Under the PDPA

As an individual whose personal data we hold, you have the following rights under the PDPA:

• Right of Access: You may request access to the personal data we hold about you
• Right of Correction: You may request that we correct inaccurate or incomplete personal data
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal
• Right to Data Portability: Where applicable, you may request that personal data provided by you be transferred in a common machine-readable format

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days of receiving a valid request. There is no fee for submitting a request, though we reserve the right to charge a reasonable fee where requests are manifestly unfounded or excessive.

If you are dissatisfied with our handling of your personal data, you may lodge a complaint with the PDPC at www.pdpc.gov.sg.

9. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any external site you visit.

10. Children's Privacy

Our services are directed at organisations and professionals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that such data has been collected, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our data handling practices or applicable legal requirements. Where changes are material, we will update the "Last Updated" date above. We encourage you to review this policy periodically.

12. Contact Information

Data Controller: Cempaka Partners

Address: 8 Shenton Way, #36-04, AXA Tower, Singapore 068811

Privacy enquiries: [email protected]

Phone: +65 6475 1836

This Privacy Policy is governed by the laws of Singapore. Any disputes arising in connection with this policy are subject to the exclusive jurisdiction of the courts of Singapore.