M
Mandatum
Singapore
 Contact Us
Legal | Mandatum — Privacy & Data Policy
Privacy Policy

How We Handle
Your Information

Mandatum is committed to being straightforward about the personal data we collect, why we collect it, and how it is used. This policy applies to information gathered through our website and in the course of our consulting engagements.

1. Introduction

Mandatum ("we", "us", "our") operates as a brand and communications consultancy based in Singapore. We respect the privacy of every individual who interacts with our website or engages our services. This Privacy Policy sets out in plain terms what personal data we collect, the purposes for which we use it, and the steps we take to keep it safe.

This policy is governed by the Singapore Personal Data Protection Act 2012 (PDPA) and, where applicable to website visitors located in the European Economic Area, by the General Data Protection Regulation (GDPR).

Last updated: 12 May 2025   |   Effective from: 12 May 2025

Questions about this policy may be directed to [email protected].

2. Data We Collect

Information You Provide Directly

When you fill in the contact form on our website or correspond with us by email or phone, we may collect:

  • Your name and the name of your organisation
  • Your business email address
  • Your telephone number, if provided
  • The content of your message or enquiry

Information Collected Automatically

When you browse our website, certain technical data is collected automatically by our hosting infrastructure and analytics tools:

  • IP address and approximate geographic region
  • Browser type, version, and operating system
  • Pages visited and time spent on each
  • Referring website or search query
  • Date and time of each visit

Legal Basis for Processing

We process personal data on the following grounds:

  • Consent — where you have ticked the agreement box on our contact form or accepted cookies
  • Legitimate interest — for website analytics and improving our service quality
  • Contract performance — where data is needed to deliver an agreed engagement

Retention Periods

Enquiry and contact data is retained for up to 24 months from the date of last contact. Engagement-related records are kept for six years from the close of an engagement, in line with standard business record-keeping requirements under Singapore law. Website analytics data is retained for 26 months.

3. How We Use Your Data

Primary Purposes

  • Responding to enquiries and scheduling consultations
  • Delivering and managing our consulting engagements
  • Sending engagement-related correspondence and deliverables
  • Issuing invoices and maintaining engagement records

Secondary Purposes

  • Analysing website usage to improve content and navigation
  • Sending occasional editorial updates to contacts who have opted in
  • Responding to data access or deletion requests

Third-Party Sharing

We do not sell personal data. We may share limited data with the following categories of service providers who operate under confidentiality obligations:

  • Website hosting and infrastructure providers
  • Analytics platforms (e.g., Google Analytics)
  • Cloud document and communication tools used in engagement delivery

We do not transfer personal data to jurisdictions outside Singapore without ensuring equivalent data protection standards are in place.

Marketing Communications

We send editorial and thought-leadership updates only to contacts who have explicitly opted in. Each communication includes a clear unsubscribe mechanism. Opting out does not affect an ongoing engagement.

4. Data Protection Measures

Technical Safeguards

  • Our website is served over HTTPS with TLS encryption in transit
  • Form submissions are transmitted using encrypted connections
  • Access to stored personal data is restricted to authorised personnel
  • Cloud platforms used in engagements operate under enterprise-grade security standards

Organisational Safeguards

  • Personal data is accessible only to team members who need it for the relevant purpose
  • Engagement files containing client information are stored in access-controlled workspaces
  • Team members are briefed on data handling responsibilities

Breach Notification

In the event of a personal data breach that poses a significant risk to affected individuals, we will notify the Personal Data Protection Commission (PDPC) of Singapore within three business days of becoming aware of the breach, and will contact affected individuals promptly where required.

5. Cookies

Our website uses cookies to support basic site functionality and to understand how visitors engage with our content. The categories of cookies used are:

  • Essential cookies — required for the site to function correctly; cannot be disabled
  • Analytics cookies — help us understand page performance; can be declined
  • Preference cookies — remember your cookie consent choice; can be declined

You can review and update your cookie preferences at any time on our Cookie Policy page.

6. Your Rights

Under the PDPA and, where applicable, the GDPR, you have the following rights regarding your personal data:

Right of Access

You may request a copy of the personal data we hold about you and information about how it is used.

Right to Rectification

If any information we hold is inaccurate or incomplete, you may ask us to correct it.

Right to Erasure

You may ask us to delete your personal data where there is no longer a lawful basis for retaining it, subject to our legal record-keeping obligations.

Right to Data Portability

Where data is processed on the basis of consent or contract, you may request it in a structured, machine-readable format.

Right to Object

You may object to processing based on legitimate interest, including direct marketing communications.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time without affecting earlier processing.

How to Exercise Your Rights

Send your request to [email protected] with sufficient detail to identify your request. We will respond within 30 days. Requests are handled at no charge.

Supervisory Authority

If you have concerns about how we handle your personal data, you may contact the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg. EEA residents may also contact their local data protection authority.

8. Children's Privacy

Our services and website are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has submitted data through our website, we will delete that data promptly.

9. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we do, the revised version will be published on this page with an updated effective date. We encourage you to check this page periodically. Where changes are material, we will take reasonable steps to bring them to your attention.

10. Contact Information

If you have questions, requests, or concerns regarding this Privacy Policy or the handling of your personal data, please contact our data point-of-contact:

Mandatum