PDPA Compliance

We are committed to protecting your personal data and respecting your rights under the PDPA. We undertake to:

• Collect, use, and disclose personal data only for legitimate and reasonable purposes
• Obtain your consent before collecting, using, or disclosing your personal data (unless exceptions apply)
• Ensure accuracy and completeness of personal data in our possession
• Protect personal data against unauthorised access, modification, or disclosure
• Retain personal data only for as long as necessary for business or legal purposes
• Provide you with access to and correction of your personal data upon request

In the course of our business, we may collect the following categories of personal data:

2.1 Contact Information

• Full name
• NRIC/FIN (for contract purposes only)
• Email address
• Phone number(s)
• Residential/mailing address

2.2 Project-Related Information

• Property address and details
• HDB/condo/landed property type
• Floor plans and property documents
• Design preferences and requirements
• Budget information
• Photographs of property

2.3 Financial Information

• Bank account details (for payments)
• Payment records
• Invoice and receipt information

2.4 Other Information

• Feedback and testimonials
• Correspondence and communication records
• Website usage data and cookies

We collect, use, and disclose your personal data for the following purposes:

3.1 Primary Purposes

• Providing interior design consultation and services
• Preparing proposals, quotations, and contracts
• Executing renovation and construction works
• Communicating project updates and information
• Processing payments and maintaining accounts
• Applying for necessary permits and approvals (HDB, BCA, etc.)
• Coordinating with subcontractors and suppliers
• Providing after-sales service and warranty support

3.2 Secondary Purposes (with Consent)

• Sending marketing communications about our services
• Including project in our portfolio and marketing materials
• Publishing testimonials and reviews
• Conducting customer satisfaction surveys

3.3 Legal and Administrative Purposes

• Complying with legal and regulatory requirements
• Responding to legal processes or government requests
• Protecting our legal rights and interests
• Managing business operations and records

4.1 Obtaining Consent

We obtain your consent before collecting, using, or disclosing your personal data, except where permitted by law. Consent may be obtained through:

• Written consent forms
• Electronic consent (website forms, emails)
• Verbal consent (documented in our records)
• Implied consent (when you voluntarily provide information)

4.2 Withdrawal of Consent

You may withdraw your consent at any time by contacting our Data Protection Officer. Please note:

• Withdrawal of consent may affect our ability to provide services
• We will inform you of the consequences before processing your withdrawal
• Withdrawal does not affect the lawfulness of prior processing

4.3 Exceptions to Consent

Under the PDPA, we may collect, use, or disclose personal data without consent in certain circumstances, including:

• Vital interests or emergencies
• Publicly available information
• Legal requirements or court orders
• Legitimate interests as permitted by law

5.1 Right of Access

You have the right to request access to your personal data in our possession or control. Upon request, we will:

• Provide the requested information within 30 days
• Inform you of how your data has been used or disclosed in the past year
• Provide information in a reasonable format

We may charge a reasonable fee for processing access requests.

5.2 Right of Correction

You have the right to request correction of inaccurate or incomplete personal data. Upon receiving a correction request, we will:

• Correct the data within 30 days
• Send the corrected data to organisations that received it in the past year (where practicable)
• Inform you if we cannot make the correction and provide reasons

5.3 Exceptions

We may refuse access or correction requests in certain circumstances as permitted by the PDPA, including:

• Data subject to legal privilege
• Disclosure would reveal personal data about another individual
• Request is frivolous or vexatious
• Disclosure could threaten safety or health

We implement appropriate security measures to protect your personal data, including:

6.1 Administrative Safeguards

• Designated Data Protection Officer
• Staff training on data protection practices
• Internal policies and procedures for data handling
• Non-disclosure agreements with employees and contractors

6.2 Technical Safeguards

• Encryption for data transmission (SSL/TLS)
• Secure storage systems with access controls
• Regular security updates and patches
• Firewall and anti-malware protection

6.3 Physical Safeguards

• Secure office premises with controlled access
• Locked storage for physical documents
• Secure disposal of documents and electronic media

7.1 Retention Periods

We retain personal data only for as long as necessary:

• Project Records: 7 years after project completion (for warranty and legal purposes)
• Financial Records: As required by tax and accounting regulations (minimum 5 years)
• Marketing Contacts: Until consent is withdrawn
• Enquiries (non-clients): 2 years from last contact

7.2 Disposal Methods

When personal data is no longer needed, we dispose of it securely:

• Physical documents: Shredding or secure destruction
• Electronic data: Secure deletion or anonymisation
• Devices: Data wiping before disposal or recycling

8.1 Third Party Disclosure

We may disclose your personal data to:

• Subcontractors and suppliers (for project execution)
• Government authorities (HDB, BCA, URA for permit applications)
• Professional advisors (lawyers, accountants)
• Cloud service providers (for data storage)

We require all third parties to protect your data in compliance with the PDPA.

8.2 Overseas Transfer

If we transfer your personal data outside Singapore, we ensure that the recipient provides a standard of protection comparable to the PDPA, through:

• Contractual obligations binding the recipient
• Transfer to countries with comparable data protection laws
• Your consent for the overseas transfer

We comply with Singapore's Do Not Call (DNC) provisions:

• We check the DNC Registry before sending marketing messages
• We do not send marketing messages to numbers on the DNC Registry unless we have clear and unambiguous consent
• Marketing messages include our identity and contact information
• You can opt out of marketing communications at any time

In the event of a data breach, we have procedures to:

• Contain the breach and assess its impact
• Notify the Personal Data Protection Commission (PDPC) if the breach is notifiable under the PDPA
• Notify affected individuals if the breach is likely to result in significant harm
• Take remedial actions to prevent future breaches

We have appointed a Data Protection Officer (DPO) responsible for:

• Overseeing our compliance with the PDPA
• Handling access, correction, and consent withdrawal requests
• Responding to enquiries and complaints about personal data
• Coordinating with the PDPC on data protection matters

For any enquiries, requests, or complaints regarding your personal data or our PDPA compliance, please contact:

We will respond to your enquiry within 30 business days.

We may update this PDPA compliance document from time to time to reflect changes in our practices or legal requirements. Updates will be posted on our website with the revised date.

For more information about the PDPA and your data protection rights in Singapore, please visit:

• Personal Data Protection Commission Singapore (PDPC)
• Do Not Call Registry