Privacy Policy

Last Updated: January 30, 2026

1. INTRODUCTION AND COMPANY INFORMATION

CENDARA PTE. LTD. (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cendarapte.com and interact with our marketing services.

Please read this Privacy Policy carefully. By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the website.

The data controller responsible for your personal data is:

CENDARA PTE. LTD.

Registration Number: 202555428K

Registered Address: 531 Upper Cross Street, #02-11, Hong Lim Complex, Singapore 050531

Legal Email: [email protected]

General Inquiries: [email protected]

Website: cendarapte.com

2. WHAT INFORMATION WE COLLECT AND HOW WE USE IT

Personal Data You Voluntarily Provide

We may collect the following personal information that you voluntarily provide to us:

Contact Information: We collect your name, email address, phone number, company name, and website URL when you fill out contact forms, submit competitor analysis requests, request information about our marketing services, or subscribe to our newsletter (if available). We use this information to respond to your inquiries, provide information about our services, conduct competitor analysis, maintain client relationships, and send you marketing communications where you have subscribed or provided consent.

Communication Data: Any information you provide when communicating with us via email, contact forms, or other messaging platforms regarding our marketing services. We use this to respond to your communications, provide customer support, and understand your business needs and marketing objectives.

Newsletter Subscription (if applicable): When you subscribe to receive our marketing communications and industry insights, we collect your email address and name. We use this information to send you newsletters, marketing communications, industry trends, and updates about our services through email marketing platforms.

Inquiry Data: Information about your business needs, marketing objectives, and project requirements when you request consultations or service proposals. We use this to understand your requirements, prepare customized service proposals, and provide relevant recommendations.

Information We Collect Automatically

When you visit our website, we may automatically collect certain information about your device and browsing behavior:

Technical Data: We collect your IP address, browser type and version, operating system, device information, time zone settings, and referring website addresses. This helps us understand our audience demographics, optimize our website for different devices and browsers, and maintain website security.

Usage Data: Information about how you use our website, including pages visited, time spent on pages, links clicked, and navigation patterns. We analyze this data to improve our website functionality, enhance user experience, and understand which content is most valuable to our visitors.

Location Data: Approximate geographic location derived from your IP address to understand where our audience is located and provide relevant content and service information.

Cookies and Tracking Technologies: We may implement cookies and similar tracking technologies in the future, including analytics tools (such as Google Analytics) and marketing pixels (such as Facebook Pixel) to better understand user behavior, measure campaign effectiveness, and improve our services. Should we implement these technologies, we will update this Privacy Policy accordingly, provide clear notice on our website, and seek your consent where required by applicable law including Singapore PDPA. You will have the ability to control cookie settings through your browser preferences and opt-out mechanisms we provide.

Legal Basis for Processing

We process your personal data based on the following legal grounds under Singapore’s Personal Data Protection Act (PDPA) and, where applicable, the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and other applicable data protection laws:

Consent: Where you have provided explicit consent for us to collect, use, or disclose your personal data for specific purposes under Singapore PDPA

Contract Performance and Pre-contractual Measures: Processing your inquiries, preparing service proposals, and delivering consultations you have requested

Legitimate Interests: Responding to communications, maintaining client relationships, improving our website and services, understanding market needs, ensuring website security, and conducting business operations (where applicable under GDPR/UK GDPR)

Legal Obligations: Complying with tax requirements, legal obligations under Singapore law, preventing fraud, and protecting our legal rights

3. HOW WE SHARE YOUR INFORMATION

We may share your personal information with third parties in the following circumstances:

Service Providers: We may share your data with trusted third-party service providers who assist us in operating our website, conducting business, or providing services to you. This may include website hosting providers, email communication service providers, email marketing platforms (if we implement email marketing), competitor analysis tools, IT support and security providers, and professional advisors such as lawyers, accountants, and auditors. We ensure that all third-party service providers are contractually obligated to protect your personal data, use it only for the purposes for which it was disclosed, and comply with applicable data protection laws including Singapore PDPA.

Analytics and Marketing Providers (if implemented): Should we implement analytics tools (such as Google Analytics) or marketing pixels (such as Facebook Pixel) in the future, data may be shared with these providers to help us understand website usage, measure marketing effectiveness, and improve our services. We will only implement these technologies with appropriate safeguards and in compliance with applicable laws including PDPA consent requirements.

Business Transfers: Your personal data may be transferred in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. In such cases, we will ensure that the acquiring party agrees to protect your personal data in accordance with this Privacy Policy and applicable data protection laws including Singapore PDPA.

Legal Requirements: We may disclose your information when required by Singapore law, regulation, legal process, governmental request, court order, or to comply with international legal obligations. We may also disclose your information to protect our rights, property, or safety, or that of others, or to prevent fraud or other illegal activities.

Professional Advisors: We may share your data with our lawyers, accountants, auditors, and other professional advisors who are bound by confidentiality obligations and need access to your information to provide their services to us.

With Your Consent: When you have given explicit consent for us to share your information with specific third parties for particular purposes, we will do so in accordance with your instructions and Singapore PDPA requirements.

We will not sell, rent, or lease your personal data to third parties without your explicit consent as required under Singapore PDPA.

4. INTERNATIONAL DATA TRANSFERS AND SAFEGUARDS

Your personal data may be transferred to and processed in countries outside Singapore, the European Economic Area (EEA), and the United Kingdom where our service providers are located. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your information:

For Singapore PDPA Compliance: We comply with Section 26 of Singapore’s Personal Data Protection Act regarding transfers of personal data outside of Singapore. We ensure that the receiving organization is bound by legally enforceable obligations to provide a standard of protection to the transferred personal data that is comparable to the protection under the PDPA through contractual commitments, adequacy assessments, or other approved transfer mechanisms.

For GDPR Compliance: We use Standard Contractual Clauses (SCCs) approved by the European Commission, or we transfer data to countries that have received adequacy decisions from the European Commission, confirming they provide an adequate level of data protection.

For UK GDPR Compliance: We use the International Data Transfer Agreement (IDTA) or Addendum to the European Commission’s Standard Contractual Clauses, or we transfer data to countries with UK adequacy regulations.

For Other Jurisdictions: We implement appropriate safeguards as required by applicable data protection laws in other jurisdictions where we operate or where our users are located, including compliance with CCPA requirements for California residents and similar laws in other Tier-1 countries.

Additional Safeguards: We may also use Binding Corporate Rules, approved certification mechanisms, or other legally approved transfer mechanisms under applicable data protection laws. We conduct thorough due diligence on all third-party service providers to ensure they provide adequate protection for your personal data in accordance with Singapore, EU, UK, California, and other applicable data protection standards.

5. DATA RETENTION AND SECURITY

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on the nature of the data and the purposes for which it was collected, the duration of our business relationship with you, legal, regulatory, tax, accounting, or other legal obligations requiring retention, and whether there are legitimate business reasons for retention such as dispute resolution or contract enforcement.

Specific Retention Periods:

Contact Form Inquiries and Competitor Analysis: We retain inquiries, analysis requests, and related correspondence for up to 3 years from the date of inquiry to maintain records of potential client relationships and for business development purposes.

Newsletter Subscriptions (if applicable): We retain your subscription data until you unsubscribe or request deletion. After unsubscription, we may retain your email address on our suppression list to ensure we do not inadvertently contact you again.

Communication Records: We retain records of our communications with you for up to 7 years for legal, accounting, and dispute resolution purposes.

Technical and Usage Data: We retain technical and usage data for up to 2 years for website improvement and security purposes.

Analytics and Marketing Data (if implemented): Should we implement analytics or marketing tools, we will retain data collected through these tools in accordance with the retention policies of the respective platforms and our legitimate business needs, typically not exceeding 26 months for analytics data and as required for marketing campaign management.

When your personal data is no longer required for the purposes collected, we will securely delete or anonymize it in accordance with Singapore PDPA requirements and international data protection standards. Deletion or anonymization will be carried out in a way that prevents the data from being reconstructed or identified.

How We Protect Your Data

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction in accordance with Singapore PDPA Protection Obligation, GDPR, UK GDPR, and industry best practices. These measures include:

Encryption: We encrypt data in transit using SSL/TLS protocols to protect information as it travels between your device and our servers. We also encrypt sensitive data at rest to protect stored information.

Access Controls: We implement strict access controls ensuring that only authorized personnel have access to personal data on a need-to-know basis. Access is granted based on job responsibilities and is regularly reviewed.

Authentication: We use multi-factor authentication and strong password requirements for access to systems containing personal data. All access attempts are logged and monitored.

Network Security: We maintain secure server infrastructure protected by firewalls, intrusion detection systems, and regular security monitoring to detect and prevent unauthorized access attempts.

Regular Assessments: We conduct periodic security assessments, vulnerability testing, and penetration testing to identify and address potential security weaknesses before they can be exploited.

Employee Training: We provide regular training for employees and contractors on data protection principles under Singapore PDPA, security practices, and confidentiality obligations to ensure everyone handling personal data understands their responsibilities.

Incident Response: We maintain documented incident response procedures to address potential data breaches promptly and effectively, including notification procedures in compliance with Singapore PDPA mandatory breach notification requirements and other applicable laws.

Vendor Management: We conduct due diligence and ongoing monitoring of third-party service providers to ensure they maintain adequate security measures and comply with their contractual obligations and PDPA requirements.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data using commercially reasonable means, we cannot guarantee absolute security. In the event of a data breach that is assessed to result in significant harm to affected individuals, we will notify you and relevant supervisory authorities as required by Singapore PDPA (as soon as practicable but no later than 3 days after assessment) and other applicable laws.

6. YOUR RIGHTS AND HOW TO EXERCISE THEM

You have comprehensive rights regarding your personal data under Singapore’s Personal Data Protection Act (PDPA), the EU General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable data protection laws. These rights are designed to give you control over your personal information and how it is used.

Your Rights Under Singapore PDPA

Right to Access: You have the right to request access to your personal data in our possession or control, and information about how we have used or disclosed your personal data in the past year.

Right to Correction: You can request correction of inaccurate or incomplete personal data. We will correct the personal data as soon as practicable and inform other organizations to which we disclosed the data within the past year.

Right to Withdraw Consent: Where we rely on your consent to collect, use, or disclose your personal data, you may withdraw your consent at any time. Upon receipt of your withdrawal, we will cease to collect, use, or disclose your personal data unless required or authorized by law.

Right to Data Portability: You have the right to request that we transmit your personal data in a commonly used machine-readable format to another organization where technically feasible.

Your Rights Under GDPR and UK GDPR

Right to Access: You have the right to request a copy of the personal data we hold about you, including details about how we process it, the categories of data we collect, the purposes of processing, and the recipients with whom we share your data.

Right to Rectification: You can request correction of inaccurate, incomplete, or outdated personal data.

Right to Erasure: You can request deletion of your personal data under certain circumstances, including when it is no longer necessary for the purposes collected, when you withdraw consent, when you object to processing and there are no overriding legitimate grounds, when the data has been unlawfully processed, or when erasure is required to comply with legal obligations.

Right to Restriction: You can request restriction of processing of your personal data under certain circumstances.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another data controller where technically feasible.

Right to Object: You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or your local Data Protection Authority in the EU.

Additional Rights for California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you in the preceding 12 months.

Right to Delete: You can request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Opt-Out: You have the right to opt-out of the “sale” of your personal information. However, we do not sell personal information and have not sold personal information in the preceding 12 months.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or write to our registered address. When submitting a request, please provide sufficient information to allow us to verify your identity and locate your data in our systems.

We will respond to your request within the timeframes required by applicable law: – Singapore PDPA: Within 30 days of receiving your request – GDPR and UK GDPR: Within one month, which may be extended by two additional months for complex requests – CCPA: Within 45 days, which may be extended by an additional 45 days where reasonably necessary

We may charge a reasonable fee for access requests under Singapore PDPA. If we refuse your request, we will explain why and inform you of your right to lodge a complaint with the relevant supervisory authority.

7. SPECIAL SITUATIONS

Children’s Privacy

Our website and services are not directed to individuals under the age of 18 (or 21 in some jurisdictions). We do not knowingly collect personal data from children without parental consent. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at [email protected]. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take immediate steps to delete that information from our systems.

Newsletter and Marketing Communications

If we implement newsletter functionality and you subscribe to our newsletter, we will use your email address and name to send you marketing communications, industry insights, marketing trends, and information about our services. You have the right to opt-out of receiving marketing communications at any time.

You may unsubscribe from our newsletter at any time by: – Clicking the “unsubscribe” link included in every newsletter email – Contacting us at [email protected] with your unsubscribe request – Sending a written request to our registered address

Once you unsubscribe, we will stop sending you marketing communications within 10 business days.

Third-Party Links and Services

Our website may contain links to third-party websites, plugins, and applications that are not owned or controlled by us. We are not responsible for the privacy practices, content, or security measures of these third parties. This Privacy Policy applies solely to information collected by our website.

Cookies and Tracking Technologies

Currently, we do not use cookies or tracking technologies beyond essential website functionality. However, we may implement cookies, analytics tools (such as Google Analytics), and marketing pixels (such as Facebook Pixel) in the future. Should we implement these technologies, we will update this Privacy Policy, provide clear notice on our website, obtain your consent where required by Singapore PDPA and other applicable laws, and provide you with cookie management tools.

8. UPDATES AND CONTACT INFORMATION

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and sending an email notification if you are subscribed to our newsletter.

Your continued use of our website after any changes constitutes your acceptance of the updated Privacy Policy.

How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

CENDARA PTE. LTD.

Registration Number: 202555428K

Address: 531 Upper Cross Street, #02-11, Hong Lim Complex, Singapore 050531

Privacy Matters: [email protected]

General Inquiries: [email protected]

Website: cendarapte.com

By using our website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein in accordance with Singapore PDPA and other applicable data protection laws.