Privacy Policy
Last Updated: January 15, 2026
Introduction
Prismara is committed to protecting the privacy and security of personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA) and applicable data protection regulations.
By engaging our services or using our website, you acknowledge that you have read and understood this Privacy Policy. If you have questions or concerns about how we handle your personal information, please contact us at [email protected].
Data Collection
Personal Information We Collect
We collect personal information that you provide directly to us, including:
- Contact information (name, email address, phone number, business address)
- Professional information (job title, organisation name, role)
- Communication content (messages, inquiries, consultation requests)
- Engagement information (service preferences, project requirements)
How We Collect Information
We collect personal information through:
- Contact forms and inquiry submissions on our website
- Email and phone communications
- Consultation meetings and stakeholder interviews
- Service engagement agreements and contracts
- Cookies and similar technologies on our website (see Cookie Policy)
Legal Basis for Processing
We process personal data based on:
- Your consent when you submit inquiries or request information
- Contractual necessity to deliver consulting services
- Legitimate interests in conducting business operations and improving services
- Legal compliance requirements under Singapore law and applicable regulations
Data Usage
How We Use Your Information
We use collected personal information to:
- Respond to inquiries and consultation requests
- Deliver consulting services and project deliverables
- Communicate about engagements, schedules, and project updates
- Process agreements and maintain client records
- Improve our services and website functionality
- Send relevant updates about governance frameworks and industry developments (with consent)
- Comply with legal and regulatory obligations
Data Retention
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods include:
- Client engagement records: 7 years from engagement completion (regulatory requirement)
- Marketing communications: Until consent is withdrawn
- Inquiry records: 2 years from last contact
- Website analytics data: 26 months
Data Sharing and Disclosure
Third-Party Service Providers
We may share personal information with third-party service providers who assist in operating our business, including:
- Cloud hosting and storage providers
- Email and communication platforms
- Analytics and website performance tools
- Professional advisors (legal, accounting, insurance)
These service providers are contractually obligated to handle personal data securely and only for specified purposes.
Legal Disclosures
We may disclose personal information when required by law, regulation, legal process, or governmental request, or when necessary to:
- Comply with legal obligations under Singapore law
- Protect our rights, property, or safety
- Investigate potential violations of our terms or policies
- Respond to regulatory inquiries or audits
Data Protection Measures
We implement appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction:
- Encryption of data in transit and at rest
- Secure access controls and authentication mechanisms
- Regular security assessments and updates
- Employee training on data protection and confidentiality
- Incident response procedures for data breaches
- Secure disposal of data no longer required
While we strive to protect personal information, no method of transmission or storage is completely secure. We cannot guarantee absolute security but maintain commercially reasonable safeguards.
Your Rights
Under Singapore's Personal Data Protection Act and applicable data protection regulations, you have the following rights:
- Right to Access: Request access to your personal information we hold
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Withdrawal: Withdraw consent for processing at any time
- Right to Data Portability: Request transfer of your data to another provider
- Right to Object: Object to processing for certain purposes
- Right to Erasure: Request deletion of your personal information (subject to legal requirements)
Exercising Your Rights
To exercise any of these rights, please contact us at [email protected] with:
- Your full name and contact information
- Description of your request
- Verification of your identity (for security purposes)
We will respond to your request within 30 days. In some circumstances, we may need to retain certain information for legal or regulatory compliance.
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance user experience and analyse website performance. For detailed information about our use of cookies, including types of cookies used and how to manage cookie preferences, please refer to our Cookie Policy.
International Data Transfers
We primarily process personal information within Singapore. If personal information is transferred outside Singapore, we ensure appropriate safeguards are in place, including standard contractual clauses or other legally recognised transfer mechanisms. Any such transfers comply with PDPA requirements and applicable data protection regulations.
Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected].
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email if you have an active engagement with us
- Post a notice on our website homepage for 30 days
We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes indicates acceptance of the updated policy.
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Data Protection Officer
Prismara
12 Marina Boulevard, #25-04
Marina Bay Financial Centre Tower 3
Singapore 018982
Email: [email protected]
Phone: +65 6358 2741
Supervisory Authority
You have the right to lodge a complaint with Singapore's Personal Data Protection Commission (PDPC) if you believe we have not handled your personal information in accordance with applicable data protection laws. Contact information for the PDPC is available at www.pdpc.gov.sg.