PRIVACY POLICY

Personal Data Protection Act (PDPA) Compliance
Effective Date: June 17, 2026 | Version 1.0

1. Introduction & Scope
Aegis Marketing Pte. Ltd., a company duly organized and existing under the laws of the Republic of Singapore with company registration number 20 260 8434C, having its registered address at 216 Joo Chiat road #02−16 Soho life, Singapore, 427 483 (hereinafter referred to as the "Aegis Marketing", "we", "our", or "us") is committed to protecting the personal data of our website visitors and all other individuals whose data we may process (hereinafter referred to as the "you" or "users"). This Privacy Policy explains how we collect, use, disclose, and protect personal data in compliance with the Personal Data Protection Act 2012 (hereinafter referred to as the "PDPA") of Singapore and its subsidiary legislation, including, but not limited to, the Personal Data Protection (Notification of Data Breaches) Regulations 2021.

This Policy applies to:
• All personal data collected through our website at https://aegis-marketing.com (hereinafter referred to as the "Website");
• Personal data collected via our contact forms.

By "Personal Data", we refer data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. The term "Personal Data" may include, for example, your name, your postal address, your telephone number, your e-mail address. Anonymous or de-identified information, which we are not able to identify you, does not qualify as "Personal Data".
For clarity, "Personal Data" does not include Business Contact Information (as defined under Section 2(1) of the PDPA), such as an individual's name, position title, business telephone number, business address, or business email address. Pursuant to Section 4(5) of the PDPA, the PDPA does not apply to Business Contact Information, where such information is provided solely for business purposes.
If you are located outside Singapore, please note that your personal data will be processed in accordance with this Policy and applicable Singapore law. Where mandatory data protection laws in your jurisdiction apply, we will comply with such requirements to the extent applicable.

By using the Website, you acknowledge that you have read this Policy.
Where you voluntarily submit personal data to us, we may collect and use that data for the purposes notified to you at the point of collection or otherwise described in this Policy.
Where consent is required under the PDPA, we will obtain it separately.

2. Personal Data We Collect
2.1 Data You Provide Directly
When you interact with our website or contact us, we may collect the following categories of personal data:
• Contact information: email address, contact details
• Communication data: we may also collect the content of any message, enquiry or request that you submit to us through the form, if the form contains a message field or similar free-text field.

2.2 Sensitive Personal Data
We do not intentionally collect sensitive personal data (e.g., NRIC/FIN numbers, health information, racial or ethnic origin, religious beliefs) through our website. 

3. Purposes of Collection and how this is permitted under the PDPA
We collect and use personal data only for purposes that a reasonable person would consider appropriate in the circumstances. We collect, use and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances and, where required under the PDPA, after notifying you of the relevant purposes and/or obtaining your consent. In some circumstances, we may rely on deemed consent or on an applicable exception under the PDPA, including where the collection, use or disclosure is required or authorized under written law, or where another exception under the PDPA applies.

4. Disclosure of Personal Data
4.1 Third-Party Service Providers
We may disclose personal data to third-party service providers, including data intermediaries, that process personal data on our behalf and for our purposes, such as IT and hosting providers, business systems providers, analytics providers, professional advisers and other operational support providers.
Where a service provider acts as our data intermediary, we require it to process personal data in accordance with a written contract and to implement appropriate security and retention measures. We remain responsible for complying with the PDPA in relation to processing carried out on our behalf and for our purposes.
4.2 Regulatory and Legal Authorities
We may disclose personal data to government agencies, regulators, law enforcement bodies, or courts where required by law, including under the PDPA, or applicable anti-money laundering legislation. Such disclosures are made only to the extent required and permitted by law (PDPA s.17).
4.4 No Sale of Personal Data
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

5. Transfer of Personal Data Outside Singapore
We may transfer personal data outside Singapore where this is necessary for our operations, service delivery or use of service providers. Where we transfer personal data overseas, we will take appropriate steps to ensure that the recipient is bound by legally enforceable obligations or specified certifications to provide a standard of protection to the transferred personal data that is comparable to that under the PDPA, or that another legally permitted basis for the transfer applies.
Where we rely on your consent for an overseas transfer, we will provide you with the information required under the PDPA, including a written summary of the extent to which the transferred personal data will be protected to a standard comparable to that under the PDPA.

6. Retention of Personal Data
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. In general, personal data submitted through the feedback form will be retained for up to 12 months after the enquiry is resolved, unless a longer retention period is required or permitted by law, or unless the enquiry leads to an ongoing business relationship.
Upon expiry of the applicable retention period, personal data will be securely destroyed or anonymised in accordance with our Data Disposal Procedure.

7. Your Rights Under the PDPA
As a data subject, you have the following rights under the PDPA. We will respond to all verified requests as soon as reasonably possible.


To exercise any of the above rights, please submit a written request to our DPO at info@aegis-marketing.com. We may require you to verify your identity before processing your request. We reserve the right to charge a reasonable fee for access requests in accordance with the PDPA.

8. Cookies and technical information
Our website uses only strictly necessary technical cookies and similar technologies that are required for the website to function properly, maintain security, remember essential settings, and support basic website operations.
We do not use analytics cookies, advertising cookies, marketing cookies, tracking pixels or behavioral profiling technologies on this website.
Strictly necessary cookies may collect limited technical information, such as:

• session identifiers;
• browser and device information required to display the website correctly.

These cookies cannot be switched off through our website because they are necessary for the website to operate. You may be able to block or delete cookies through your browser settings, but doing so may affect the functionality or security of the website.

9. Security of Personal Data
Aegis Marketing implements appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (PDPA s.24). Our security measures include:
• Access controls and role-based permissions limiting access to personal data to authorised personnel only;
• Regular security assessments and vulnerability scanning of our website and systems;
• Staff training on data protection and security awareness;
• Contractual security obligations imposed on all third-party data processors;
• Incident response procedures, including our Data Breach Response Plan.
In the event of a data breach that is notifiable under the PDPA (i.e., affects 500 or more individuals or is likely to result in significant harm), we will notify the PDPC and affected individuals as soon as practicable.

10. Children’s Privacy
Our Website is not intended for individuals under the age of 16, and we do not knowingly collect, use, or disclose personal data from minors.
We request that individuals under the age of 16 do not submit any personal data through the Website or contact forms. If we become aware that personal data has been provided by a minor without verifiable parental or guardian consent, we will take reasonable steps to delete such data as soon as practicable, in accordance with the Protection Obligation and Retention Limitation Obligation under the PDPA.
If you believe that a minor has provided personal data to us, please contact so that appropriate action may be taken.

11. Changes to This Policy
We reserve the right to update or amend this Privacy Policy at any time. Material changes will be notified to you via our website or, where we hold your email address, by email. The "Effective Date" at the top of this Policy indicates when the current version was last updated. We encourage you to review this Policy periodically.

12. Contact Us & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact our Data Protection Officer: