Privacy Policy

1. Introduction

Quills at Work Pte. Ltd. (UEN 201800255Z), with its registered office at 20 McCallum Street, #18-01, Tokio Marine Centre, Singapore 069046 (“we”, “us”, or “our”), is committed to protecting your personal data in accordance with the Singapore Personal Data Protection Act 2012 (“PDPA”) and, where applicable, the European Union General Data Protection Regulation (“GDPR”).

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website, applications, and services. By using our services, you acknowledge that you have read and understood this policy.

2. Data Controller

For the purposes of the PDPA and GDPR, the data controller responsible for your personal data is:

3. Personal Data We Collect

We may collect and process the following categories of personal data:

a) Data you provide directly

• Name, email address, and contact details (via contact forms, email correspondence, or applications)
• Enquiry type and message content
• Any other information you voluntarily provide in the course of our engagement

b) Data collected automatically

• Device information (device type, operating system, unique device identifiers)
• Log and usage data (IP address, browser type, pages visited, time and date of access, referring URL)
• Application usage data (features used, interactions, crash reports)
• Cookies and similar tracking technologies (see Section 10)

c) Data from third-party sources

• Publicly available business information (e.g. from LinkedIn or company websites) when relevant to our consultancy services

4. Legal Basis for Processing

Under the PDPA, we process your personal data with your consent or where otherwise permitted by law. Under the GDPR, where applicable to individuals in the European Economic Area (“EEA”), we rely on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose
• Contractual necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legitimate interests: Where processing is necessary for our legitimate interests (e.g. improving our services, security) and your rights do not override those interests
• Legal obligation: Where processing is necessary to comply with a legal obligation

5. Purposes of Processing

We use the personal data we collect for the following purposes:

• To provide, operate, and maintain our website, applications, and services
• To respond to your enquiries and provide customer support
• To process and manage our engagement with you
• To improve and personalise your experience with our services
• To communicate with you about our services, updates, and (with your consent) promotional materials
• To detect, prevent, and address technical issues, fraud, and security threats
• To comply with applicable laws, regulations, and legal processes
• For analytics and research to improve our offerings

6. Disclosure of Personal Data

We do not sell your personal data. We may disclose your personal data to the following categories of recipients:

• Service providers: Third-party vendors who assist us in operating our website, applications, and services (e.g. hosting, analytics, email delivery). These providers are contractually bound to protect your data and use it only for the purposes we specify
• AI and technology providers: Where our services integrate with third-party AI tools, data may be processed by these providers. We will clearly disclose such integrations and obtain your consent where required
• Professional advisors: Legal, accounting, and other professional advisors as necessary
• Legal requirements: When required by applicable law, regulation, court order, or governmental authority
• Business transfers: In connection with any merger, acquisition, reorganisation, or sale of assets, subject to the receiving party agreeing to honour this policy
• With your consent: Where you have given explicit permission for a specific disclosure

7. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside Singapore or the EEA. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data, including:

• Transfers to countries recognised as providing an adequate level of data protection
• Standard Contractual Clauses approved by the European Commission (for GDPR compliance)
• Binding corporate rules or other legally recognised transfer mechanisms
• Compliance with the PDPA's transfer limitation obligation, ensuring the recipient provides a comparable standard of protection

8. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to satisfy any legal, regulatory, accounting, or reporting requirements, or as required by applicable law. When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and applicable legal requirements. When your data is no longer required, we will securely delete or anonymise it.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include encryption, access controls, secure hosting infrastructure, and regular security assessments. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, notify you in accordance with applicable law.

10. Cookies and Tracking Technologies

Our website and applications may use cookies and similar technologies to enhance your experience. These include:

• Strictly necessary cookies: Essential for the website to function properly
• Analytics cookies: Help us understand how visitors interact with our website so we can improve it
• Functional cookies: Remember your preferences and settings

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our services. Where required by law, we will obtain your consent before placing non-essential cookies.

11. Your Rights

Under the PDPA

Under Singapore's PDPA, you have the right to:

• Access: Request access to your personal data held by us
• Correction: Request correction of any inaccurate or incomplete personal data
• Withdrawal of consent: Withdraw your consent for the collection, use, or disclosure of your personal data at any time, subject to legal or contractual restrictions
• Data portability: Request that your data be transmitted to another organisation in a commonly used machine-readable format (where applicable under the Data Portability Obligation)

Under the GDPR

If you are located in the EEA, you additionally have the right to:

• Erasure: Request deletion of your personal data where there is no compelling reason for its continued processing
• Restriction: Request restriction of processing of your personal data in certain circumstances
• Objection: Object to processing of your personal data where we rely on legitimate interests as the legal basis
• Automated decision-making: Not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects
• Lodge a complaint: Lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement

To exercise any of these rights, please contact our Data Protection Officer at hello@quillsatwork.com. We will respond to your request within 30 days (PDPA) or one month (GDPR) of receipt. We may need to verify your identity before processing your request. A reasonable fee may be charged for access requests under the PDPA.

12. Children's Privacy

Our services are not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us immediately.

13. Do Not Track Signals

Some browsers include a “Do Not Track” feature that signals to websites that you do not wish to be tracked. We respect these signals and will not track or collect personal data when a Do Not Track signal is detected, except where necessary for the operation of our services.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date. Where required by law, we will obtain your consent to material changes. We encourage you to review this page periodically.

15. Governing Law

This Privacy Policy is governed by the laws of the Republic of Singapore. For individuals in the EEA, nothing in this policy limits your rights under the GDPR or applicable local data protection laws.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us: