Privacy Policy

Last Updated: January 15, 2026

Introduction

Prismara is committed to protecting the privacy and security of personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA) and applicable data protection regulations.

By engaging our services or using our website, you acknowledge that you have read and understood this Privacy Policy. If you have questions or concerns about how we handle your personal information, please contact us at [email protected].

Data Collection

Personal Information We Collect

We collect personal information that you provide directly to us, including:

  • Contact information (name, email address, phone number, business address)
  • Professional information (job title, organisation name, role)
  • Communication content (messages, inquiries, consultation requests)
  • Engagement information (service preferences, project requirements)

How We Collect Information

We collect personal information through:

  • Contact forms and inquiry submissions on our website
  • Email and phone communications
  • Consultation meetings and stakeholder interviews
  • Service engagement agreements and contracts
  • Cookies and similar technologies on our website (see Cookie Policy)

Legal Basis for Processing

We process personal data based on:

  • Your consent when you submit inquiries or request information
  • Contractual necessity to deliver consulting services
  • Legitimate interests in conducting business operations and improving services
  • Legal compliance requirements under Singapore law and applicable regulations

Data Usage

How We Use Your Information

We use collected personal information to:

  • Respond to inquiries and consultation requests
  • Deliver consulting services and project deliverables
  • Communicate about engagements, schedules, and project updates
  • Process agreements and maintain client records
  • Improve our services and website functionality
  • Send relevant updates about governance frameworks and industry developments (with consent)
  • Comply with legal and regulatory obligations

Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods include:

  • Client engagement records: 7 years from engagement completion (regulatory requirement)
  • Marketing communications: Until consent is withdrawn
  • Inquiry records: 2 years from last contact
  • Website analytics data: 26 months

Data Sharing and Disclosure

Third-Party Service Providers

We may share personal information with third-party service providers who assist in operating our business, including:

  • Cloud hosting and storage providers
  • Email and communication platforms
  • Analytics and website performance tools
  • Professional advisors (legal, accounting, insurance)

These service providers are contractually obligated to handle personal data securely and only for specified purposes.

Legal Disclosures

We may disclose personal information when required by law, regulation, legal process, or governmental request, or when necessary to:

  • Comply with legal obligations under Singapore law
  • Protect our rights, property, or safety
  • Investigate potential violations of our terms or policies
  • Respond to regulatory inquiries or audits

Data Protection Measures

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication mechanisms
  • Regular security assessments and updates
  • Employee training on data protection and confidentiality
  • Incident response procedures for data breaches
  • Secure disposal of data no longer required

While we strive to protect personal information, no method of transmission or storage is completely secure. We cannot guarantee absolute security but maintain commercially reasonable safeguards.

Your Rights

Under Singapore's Personal Data Protection Act and applicable data protection regulations, you have the following rights:

  • Right to Access: Request access to your personal information we hold
  • Right to Correction: Request correction of inaccurate or incomplete data
  • Right to Withdrawal: Withdraw consent for processing at any time
  • Right to Data Portability: Request transfer of your data to another provider
  • Right to Object: Object to processing for certain purposes
  • Right to Erasure: Request deletion of your personal information (subject to legal requirements)

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with:

  • Your full name and contact information
  • Description of your request
  • Verification of your identity (for security purposes)

We will respond to your request within 30 days. In some circumstances, we may need to retain certain information for legal or regulatory compliance.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyse website performance. For detailed information about our use of cookies, including types of cookies used and how to manage cookie preferences, please refer to our Cookie Policy.

International Data Transfers

We primarily process personal information within Singapore. If personal information is transferred outside Singapore, we ensure appropriate safeguards are in place, including standard contractual clauses or other legally recognised transfer mechanisms. Any such transfers comply with PDPA requirements and applicable data protection regulations.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email if you have an active engagement with us
  • Post a notice on our website homepage for 30 days

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes indicates acceptance of the updated policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer

Prismara

12 Marina Boulevard, #25-04

Marina Bay Financial Centre Tower 3

Singapore 018982

Email: [email protected]

Phone: +65 6358 2741

Supervisory Authority

You have the right to lodge a complaint with Singapore's Personal Data Protection Commission (PDPC) if you believe we have not handled your personal information in accordance with applicable data protection laws. Contact information for the PDPC is available at www.pdpc.gov.sg.