Privacy Policy

1. Introduction

Pulau Systems Pte. Ltd. ("we", "us", "our") is committed to handling personal data responsibly and in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This policy explains what data we collect when you visit our website or engage our services, why we collect it, how long we keep it, and what rights you have over it.

If you have questions about this policy or how your data is handled, please contact us at [email protected].

2. What Personal Data We Collect

We collect personal data in the following ways:

Contact and enquiry forms

When you submit an enquiry through our website, we collect your name (required), email address (required), and optionally your phone number and a brief description of your enquiry.

Service engagements

When you engage us for a service, we may collect additional business information — your business name, address, the names of staff members involved in the engagement, and operational details relevant to the work. This information is used solely to deliver the agreed service.

Website usage data

If you accept analytics cookies, we collect anonymised data about pages visited, approximate location, device type, and referring source. This does not identify you personally.

Legal basis for processing

• Consent — for optional analytics and marketing cookies
• Contract performance — for processing data to deliver services you have engaged
• Legitimate interest — for following up on enquiries, improving our website, and maintaining client records

Retention: Enquiry data is kept for 12 months. Client engagement records are kept for 7 years to meet business and legal obligations. Analytics data is retained in anonymised form only.

3. How We Use Your Data

• To respond to your enquiry and arrange an initial consultation
• To deliver the services described in a written scope agreement
• To issue invoices and maintain financial records
• To send service-related updates (e.g. scheduling, follow-up reports)
• To improve our website and services using anonymised analytics
• To comply with applicable laws and professional obligations

We do not sell personal data to third parties. We do not use personal data for profiling, targeted advertising, or automated decision-making.

4. Data Sharing

We share personal data with third parties only where necessary:

• Website hosting and email services — our website and email are hosted on infrastructure we use under contract. These providers do not access personal data for their own purposes.
• Analytics services — if you consent to analytics cookies, anonymised usage data is processed by Google Analytics. No personally identifying data is shared.
• Legal requirements — we may disclose personal data where required by Singapore law or a court order.

5. Data Protection Measures

We take the following practical measures to protect personal data:

• Our website uses HTTPS with current TLS encryption
• Access to client records is restricted to members of our team who need it for their work
• We review access permissions periodically and remove them promptly when no longer needed
• In the event of a data breach, we will notify affected individuals and the PDPC as required under Singapore law

6. Cookies

Our website uses cookies to function and, with your consent, to understand how visitors use it. Essential cookies are always active. Analytics and preference cookies are optional and can be declined when the consent notice appears.

For full details, see our Cookie Policy.

7. Your Rights Under the PDPA

Under Singapore's Personal Data Protection Act, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate or incomplete personal data
• Withdrawal of consent — withdraw consent to process your data at any time (this does not affect processing done before withdrawal)
• Data portability — request your personal data in a commonly used format where technically feasible
• Erasure — ask us to delete your data where we have no continuing legal obligation to retain it

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. If you are unsatisfied with how we handle your request, you may contact the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies directly.

9. Children

Our services are intended for business owners and their representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be noted on this page with an updated date. Continued use of our website after changes constitutes acceptance of the revised policy. We recommend reviewing this page periodically.