This notice explains how SG Venture Consulting collects, uses, discloses and protects personal data in accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore and its subsidiary legislation.
SG Venture Consulting (UEN: 53391282B) ("we", "us", "our") is committed to protecting the privacy and security of the personal data it processes. We are an Enterprise Singapore Approved management consultancy providing PDPA compliance, ISO certification, digital transformation, and strategic advisory services to businesses in Singapore and the region.
This Privacy Notice applies to personal data collected through our website (sgventure-consulting.com), service engagements, marketing activities, and any other interaction with our organisation.
We adhere to the obligations set out in the PDPA and its subsidiary legislation, including the Personal Data Protection (Composition of Offences) Regulations 2021 and the Personal Data Protection Regulations 2021 (Data Breach Notification).
Important: SG Venture Consulting is a business-to-business (B2B) organisation. The personal data we primarily collect relates to individuals acting in a professional capacity on behalf of their organisations. Under the PDPA, Business Contact Information (BCI) — defined as an individual's name, position or job title, business telephone number, business address, business email address, and business fax number — is excluded from the definition of "personal data" when collected, used or disclosed for business-related purposes.
Accordingly, most data we collect (business name, work email, job title, company, business phone) falls outside the scope of the PDPA obligations. Nonetheless, as a demonstration of our commitment to responsible data stewardship, we voluntarily extend the same standard of care to all information we hold. Where data is collected beyond BCI (for example, personal mobile numbers provided voluntarily, or data relating to individuals in a personal capacity), the full protections of the PDPA apply.
SG Venture Consulting is responsible for all personal data in its possession or under its control. We have appointed a Data Protection Officer (DPO) to oversee our data protection policies and practices and to ensure compliance with the PDPA.
Our DPO may be contacted at the details set out at the end of this Notice. We will make our data protection policies and practices available upon request.
Where we engage third-party data intermediaries or processors to handle personal data on our behalf, we require them by contract to implement appropriate data protection standards consistent with the PDPA.
We collect, use and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances and that have been notified to the individual concerned (unless an exception under the PDPA applies).
We will not use personal data for purposes beyond those for which it was originally collected without first obtaining consent, unless a valid exception under the PDPA applies.
We notify individuals of the purposes for which their personal data is collected at or before the time of collection. This Privacy Notice constitutes our primary notification instrument. Where personal data is collected through forms on our website, the purpose of collection is stated on the relevant form.
If the purpose for which personal data is to be used changes materially, we will notify affected individuals and, where required, seek fresh consent before proceeding.
We collect personal data only with the voluntary consent of the individual, or where a valid exception under the PDPA permits collection without consent (e.g. publicly available data, legal requirements, or where collection is clearly in the interest of the individual and consent cannot be obtained in a timely way).
By submitting an enquiry or consultation form on our website, by engaging us for services, or by voluntarily providing your contact information through any channel, you provide your consent to the collection, use and disclosure of your personal data for the purposes set out in this Notice.
You have the right to withdraw your consent at any time by contacting our DPO. Upon withdrawal, we will cease to use your personal data for the purposes to which consent was withdrawn, subject to any legitimate legal basis for continued retention. Withdrawal of consent may affect our ability to provide ongoing services.
Where an individual enters into a contract with us for the provision of services, we may collect, use and disclose personal data as is reasonably necessary to perform obligations under that contract, without the need for separate explicit consent, in accordance with Section 15A of the PDPA.
We make reasonable efforts to ensure that personal data in our possession or control is accurate and complete, particularly where it may be used to make decisions that affect the individual concerned or may be disclosed to third parties.
Individuals are encouraged to proactively inform us of any changes to their personal data to ensure continued accuracy. Correction requests may be submitted to our DPO.
We implement reasonable physical, administrative and technical security arrangements to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Our security measures include:
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the event of a data breach, we will respond in accordance with the Data Breach Notification Obligation described below.
We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by applicable law, regulation or contractual obligation. Our general retention guidelines are as follows:
When personal data is no longer needed, we will dispose of it in a secure manner that prevents unauthorised recovery or reconstruction.
Subject to the exceptions set out in the PDPA and the First and Second Schedules thereof, individuals have the right to:
Access and correction requests must be submitted in writing to our DPO (see contact details below). We will respond within 30 calendar days of receiving a valid request. Where we are unable to respond within this timeframe, we will notify the individual and provide an expected response date.
We reserve the right to charge a reasonable administrative fee for processing access requests. We will not charge for correction requests.
We may decline access or correction requests in circumstances permitted by the PDPA, such as where complying would reveal personal data of another individual, or where the data forms part of a legal proceeding. Where access is denied, we will provide written reasons.
Under the PDPA Data Portability Obligation, individuals may request that we transmit their personal data to another organisation in a commonly used machine-readable format (e.g. CSV, JSON), provided that:
Portability requests do not apply to personal data derived or inferred by us from the individual's data (e.g. assessments, analysis, scores), nor to data that is subject to legal privilege or other exceptions under the PDPA.
Portability requests should be submitted in writing to our DPO. We will assess and respond within 30 calendar days. A reasonable fee may apply.
Where we transfer personal data to a country or territory outside Singapore, we will ensure that the receiving organisation is bound to provide a standard of protection for the personal data that is at least comparable to the protection provided under the PDPA. We achieve this through:
Our primary service delivery tools and cloud platforms (including Google Workspace, Web3Forms, and Netlify) process data in jurisdictions subject to data protection frameworks that we have assessed as providing adequate comparable protection. Details are available upon request from our DPO.
In the event of a data breach that is likely to result in significant harm to affected individuals, or that affects 500 or more individuals, we are required under the PDPA to:
We maintain an internal Data Breach Response Plan that includes procedures for detecting, assessing, containing and reporting data breaches. This plan is reviewed and tested annually.
If you believe your personal data held by us has been compromised, please contact our DPO immediately at consult@sgventure-consulting.com.
The Do-Not-Call (DNC) Provisions of the PDPA prohibit the sending of unsolicited telemarketing messages (voice calls, text messages, fax messages) to Singapore telephone numbers registered on the DNC Registry, unless clear and unambiguous consent has been obtained from the individual.
The DNC Provisions do not apply to messages sent to business telephone numbers used for business purposes, provided the message is directed at the business and relates to a business matter. As SG Venture Consulting operates exclusively in a B2B context, most of our telephone-based communications are directed to business contacts and fall within this exception. We nonetheless commit to professional, relevant and non-intrusive communication practices in all cases.
Our website uses Google Analytics 4 to collect anonymised usage data (pages visited, time on site, geographic region). This data is used solely to improve website content and user experience. It does not identify individual users and is processed under Google's data processing terms.
We do not use targeting or advertising cookies. Browser cookies may be cleared at any time through your browser settings.
To exercise your rights under the PDPA, to submit a query, complaint, access or correction request, or to report a suspected data breach, please contact our Data Protection Officer:
Data Protection Officer
Patrick Oh
SG Venture Consulting (UEN: 53391282B)
Email: consult@sgventure-consulting.com
WhatsApp: +65 8157-1701
We aim to respond to all data protection enquiries within 3 business days and to resolve all requests within 30 calendar days.
We reserve the right to update this Privacy Notice at any time to reflect changes in the law, our data practices, or our services. The "Last updated" date at the top of this page will reflect the most recent revision. We encourage you to review this Notice periodically.
Material changes that affect your rights will be communicated directly to known contacts where practicable, and posted on our website.
This Privacy Notice is governed by the laws of the Republic of Singapore. Any dispute arising from or in connection with this Notice shall be submitted to the exclusive jurisdiction of the Singapore courts. For regulatory enquiries, the Personal Data Protection Commission (PDPC) may be contacted at pdpc.gov.sg.