1. Introduction
Mandatum ("we", "us", "our") operates as a brand and communications consultancy based in Singapore. We respect the privacy of every individual who interacts with our website or engages our services. This Privacy Policy sets out in plain terms what personal data we collect, the purposes for which we use it, and the steps we take to keep it safe.
This policy is governed by the Singapore Personal Data Protection Act 2012 (PDPA) and, where applicable to website visitors located in the European Economic Area, by the General Data Protection Regulation (GDPR).
Last updated: 12 May 2025 | Effective from: 12 May 2025
Questions about this policy may be directed to [email protected].
2. Data We Collect
Information You Provide Directly
When you fill in the contact form on our website or correspond with us by email or phone, we may collect:
- Your name and the name of your organisation
- Your business email address
- Your telephone number, if provided
- The content of your message or enquiry
Information Collected Automatically
When you browse our website, certain technical data is collected automatically by our hosting infrastructure and analytics tools:
- IP address and approximate geographic region
- Browser type, version, and operating system
- Pages visited and time spent on each
- Referring website or search query
- Date and time of each visit
Legal Basis for Processing
We process personal data on the following grounds:
- Consent — where you have ticked the agreement box on our contact form or accepted cookies
- Legitimate interest — for website analytics and improving our service quality
- Contract performance — where data is needed to deliver an agreed engagement
Retention Periods
Enquiry and contact data is retained for up to 24 months from the date of last contact. Engagement-related records are kept for six years from the close of an engagement, in line with standard business record-keeping requirements under Singapore law. Website analytics data is retained for 26 months.
3. How We Use Your Data
Primary Purposes
- Responding to enquiries and scheduling consultations
- Delivering and managing our consulting engagements
- Sending engagement-related correspondence and deliverables
- Issuing invoices and maintaining engagement records
Secondary Purposes
- Analysing website usage to improve content and navigation
- Sending occasional editorial updates to contacts who have opted in
- Responding to data access or deletion requests
Third-Party Sharing
We do not sell personal data. We may share limited data with the following categories of service providers who operate under confidentiality obligations:
- Website hosting and infrastructure providers
- Analytics platforms (e.g., Google Analytics)
- Cloud document and communication tools used in engagement delivery
We do not transfer personal data to jurisdictions outside Singapore without ensuring equivalent data protection standards are in place.
Marketing Communications
We send editorial and thought-leadership updates only to contacts who have explicitly opted in. Each communication includes a clear unsubscribe mechanism. Opting out does not affect an ongoing engagement.
4. Data Protection Measures
Technical Safeguards
- Our website is served over HTTPS with TLS encryption in transit
- Form submissions are transmitted using encrypted connections
- Access to stored personal data is restricted to authorised personnel
- Cloud platforms used in engagements operate under enterprise-grade security standards
Organisational Safeguards
- Personal data is accessible only to team members who need it for the relevant purpose
- Engagement files containing client information are stored in access-controlled workspaces
- Team members are briefed on data handling responsibilities
Breach Notification
In the event of a personal data breach that poses a significant risk to affected individuals, we will notify the Personal Data Protection Commission (PDPC) of Singapore within three business days of becoming aware of the breach, and will contact affected individuals promptly where required.
6. Your Rights
Under the PDPA and, where applicable, the GDPR, you have the following rights regarding your personal data:
Right of Access
You may request a copy of the personal data we hold about you and information about how it is used.
Right to Rectification
If any information we hold is inaccurate or incomplete, you may ask us to correct it.
Right to Erasure
You may ask us to delete your personal data where there is no longer a lawful basis for retaining it, subject to our legal record-keeping obligations.
Right to Data Portability
Where data is processed on the basis of consent or contract, you may request it in a structured, machine-readable format.
Right to Object
You may object to processing based on legitimate interest, including direct marketing communications.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw that consent at any time without affecting earlier processing.
How to Exercise Your Rights
Send your request to [email protected] with sufficient detail to identify your request. We will respond within 30 days. Requests are handled at no charge.
Supervisory Authority
If you have concerns about how we handle your personal data, you may contact the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg. EEA residents may also contact their local data protection authority.
7. Third-Party Links
Our website may contain links to external publications, directories, and reference resources. These sites operate under their own privacy policies, which we do not control. We encourage you to review the privacy practices of any third-party site you visit via a link from ours.
8. Children's Privacy
Our services and website are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has submitted data through our website, we will delete that data promptly.
9. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we do, the revised version will be published on this page with an updated effective date. We encourage you to check this page periodically. Where changes are material, we will take reasonable steps to bring them to your attention.
10. Contact Information
If you have questions, requests, or concerns regarding this Privacy Policy or the handling of your personal data, please contact our data point-of-contact:
Mandatum
- 50 Raffles Place, #31-09, Singapore 048623
- Email: [email protected]
- Phone: +65 6584 2937