Privacy Policy

Privacy Policy (PDPA & GDPR Compliant)

© AnC Corporate Services Private Limited

Last Updated: January 1, 2026

1. Introduction and Scope

AnC Corporate Services Private Limited ("we", "us", "our", or "Company") is committed to protecting your privacy and ensuring transparent, responsible data handling practices. This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal data in compliance with Singapore's Personal Data Protection Act (PDPA) and the European Union's General Data Protection Regulation (GDPR).

This policy applies to all individuals ("data subjects" or "you") whose personal data we collect, process, or store through our website, services, communications, and business operations. We recognise both the rights of individuals under PDPA and GDPR, and our obligations as a responsible data handler.

2. What is Personal Data?

Under this Privacy Policy, "personal data" means any information relating to an identified or identifiable natural person. This includes, but is not limited to:

Name, email address, phone number
Postal address
Job title and company affiliation
Payment and transaction information
IP address and device identifiers
Communications and correspondence records
Any other information that identifies you or could reasonably identify you

3. Legal Basis for Processing (GDPR Compliance)

For individuals in the European Union and the European Economic Area (EEA), we process personal data on one or more of the following legal grounds:

Consent: You have explicitly provided consent for us to process your personal data for specific purposes.
Contractual necessity: Processing is necessary to enter into or perform a contract with you.
Legal obligation: We are required by law to process your personal data (e.g., tax, regulatory, or legal requirements).
Legitimate interests: We have a legitimate business interest in processing your data, balanced against your rights and freedoms.
Public task: Processing is necessary for us to perform a task in the public interest.
Vital interests: Processing is necessary to protect your vital interests or those of another person.

For individuals in Singapore subject to the PDPA, we collect and process personal data only for purposes that are reasonable and related to our business functions, with appropriate notification and consent.

4. Collection of Personal Data

4.1 How We Collect Your Data

We collect personal data through:

Direct interactions: When you submit contact forms, register for services, request quotations, or communicate with us via email or phone.
Website usage: Through cookies, analytics, and similar technologies (see Section 9).
Third-party sources: From partners, service providers, public databases, or referral sources (with lawful means).
Automated collection: When you interact with our website or digital services.

4.2 What Data We Collect

We typically collect the following types of personal data:

Identity and contact information: Name, email, phone, postal address, job title
Business information: Company name, industry, business size, service requirements
Communication records: Inquiries, meeting notes, correspondence, feedback
Technical information: IP address, browser type, device information, access logs
Payment and transaction data: Billing address, payment method, invoice history (when applicable)
Marketing preferences: Email preferences, communication opt-ins, content interests

4.3 Sensitive Personal Data

We do not intentionally collect sensitive personal data (such as racial or ethnic origin, religious beliefs, health data, or biometric information) unless explicitly necessary and with your informed consent and explicit permission.

5. Use of Personal Data

We use your personal data for the following lawful purposes:

5.1 Service Delivery

Providing corporate services, consulting, or professional advice you have requested
Processing quotations, proposals, and service inquiries
Fulfilling contractual obligations and delivering services
Responding to customer service requests and inquiries

5.2 Communication and Marketing

Sending transactional emails (order confirmations, service updates, invoice notifications)
Providing newsletters, industry updates, and relevant content (with your consent)
Notifying you of changes to our services or policies
Conducting surveys and requesting feedback
Personalising your experience and tailoring content to your interests

5.3 Business Operations

Maintaining business records and account information
Improving our website, services, and customer experience
Conducting data analysis, research, and analytics
Fraud detection and prevention
Regulatory compliance and legal obligations
Enforcing contractual terms and resolving disputes

5.4 Legal and Compliance

Complying with applicable laws, regulations, and legal processes
Protecting our legal rights and those of our customers
Responding to government inquiries and court orders
Meeting tax, accounting, and audit requirements

6. Sharing and Disclosure of Personal Data

We are committed to limiting the disclosure of your personal data. We may share your information in the following circumstances:

6.1 Service Providers and Partners

We may engage third-party service providers (such as email delivery services, hosting providers, payment processors, and analytics platforms) to assist in our operations. These service providers are contractually obligated to:

Process personal data only on our behalf and on our instructions
Maintain appropriate security and confidentiality
Comply with applicable data protection laws (PDPA and GDPR)

6.2 Legal Requirements and Compliance

We may disclose personal data when required by law, court order, or regulatory authority, including:

Singapore Personal Data Protection Commission (PDPC) requests
European Data Protection Authorities (DPAs) requests
Tax and revenue authorities
Law enforcement agencies

6.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice of such changes and any choices you may have regarding your personal data.

6.4 Legitimate Business Interests

With your consent or where justified by legitimate business interests, we may share anonymised or aggregated data for market research, industry analysis, or business development purposes.

6.5 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for marketing or commercial gain without your explicit consent.

7. Data Retention and Deletion

7.1 Retention Periods

We retain personal data for as long as necessary to:

Fulfil the purposes for which it was collected
Satisfy legal, regulatory, or tax obligations
Resolve disputes and enforce agreements
Establish, exercise, or defend legal claims

Typical retention periods are:

Customer service and communications: 3–5 years after the last interaction
Contractual records: Duration of contract plus 7 years (for legal/tax compliance)
Marketing communications: Until consent is withdrawn
Website analytics and logs: 12–24 months
Payment and transaction records: 7 years (tax requirements)

7.2 Data Deletion and Anonymisation

Upon request or when data is no longer needed, we will:

Delete personal data in a secure manner
Anonymise or pseudonymise data where continued storage is necessary
Securely destroy hard copies and digital records

You have the right to request deletion of your personal data, subject to legal obligations and legitimate business needs (see Section 8).

8. Your Data Protection Rights

8.1 Rights Under Singapore PDPA

As a data subject under Singapore's PDPA, you have the right to:

Request access: Obtain a copy of personal data we hold about you
Request correction: Correct inaccurate or incomplete personal data
Notification: Be informed of the collection, use, and disclosure of your personal data
Opt-out: Withdraw consent for non-essential processing (e.g., marketing communications)
Lodge a complaint: File a complaint with Singapore's Personal Data Protection Commission (PDPC)

8.2 Rights Under GDPR

As a data subject in the EU/EEA under GDPR, you have the right to:

Right of access: Obtain confirmation of whether we process your data and receive a copy
Right to rectification: Correct inaccurate or incomplete personal data
Right to erasure ("right to be forgotten"): Request deletion of your personal data under certain circumstances
Right to restrict processing: Request that we limit how we use your personal data
Right to data portability: Receive your personal data in a structured, commonly used format and transmit it to another controller
Right to object: Object to processing based on legitimate interests or for direct marketing
Rights related to automated decision-making: Not be subject to automated decisions that produce legal or similarly significant effects without human review
Withdraw consent: Withdraw previously given consent at any time
Lodge a complaint: File a complaint with your local Data Protection Authority

8.3 Exercising Your Rights

To exercise any of the above rights, please contact us using the details provided in Section 11. We will respond to your request within:

Singapore (PDPA): 30 days of receipt
EU/EEA (GDPR): 30 days of receipt (extendable by two months for complex requests)

We may require verification of your identity to process your request and may charge a reasonable fee for access requests if they are manifestly unfounded or excessive.

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small files stored on your device that enable us to recognise you and improve your experience. We use the following types:

Essential cookies: Required for basic website functionality (e.g., login, security)
Performance cookies: Collect anonymised data about how you use our site (Google Analytics)
Marketing cookies: Track your interests and behaviour for targeted advertising
Third-party cookies: Set by external services (e.g., social media platforms)

9.2 Cookie Consent and Control

We obtain your explicit consent before placing non-essential cookies on your device. You can:

Accept or reject cookies through our cookie consent banner
Adjust cookie preferences in your browser settings
Opt-out of Google Analytics tracking using tools provided by Google
Clear cookies at any time through your browser

For more information, visit www.allaboutcookies.org.

9.3 Similar Technologies

We also use similar tracking technologies such as:

Web beacons: Small graphics that track page visits and email opens
Local storage: Client-side data storage for user preferences
Device identifiers: Information about your device type and OS

These are subject to the same consent and opt-out mechanisms as cookies.

10. Data Security and Protection

10.1 Security Measures

We implement industry-standard security measures to protect your personal data against unauthorised access, loss, alteration, and misuse:

Encryption: Sensitive data is encrypted during transmission (TLS/SSL) and at rest
Access controls: Only authorised personnel have access to personal data, with role-based restrictions
Firewalls and intrusion detection: Network security systems monitor and prevent unauthorised access
Regular audits: We conduct periodic security assessments and penetration testing
Data breach protocols: We have procedures to detect, respond to, and report data breaches

10.2 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

Under GDPR: We will notify affected individuals and relevant Data Protection Authorities without undue delay (within 72 hours of discovery) unless the breach is unlikely to result in risk.
Under PDPA: We will notify you and Singapore's PDPC as required under applicable guidelines.

You will receive information about the nature of the breach, the data affected, potential risks, and recommended protective measures.

10.3 Limitations

While we employ robust security measures, no system is completely secure. We cannot guarantee absolute security and are not liable for unauthorised access due to factors beyond our reasonable control.

11. International Data Transfers

11.1 Transfer to Other Countries

As a Singapore-based company, we may transfer your personal data to:

Service providers located in Singapore, the EU, the US, or other countries
Affiliated entities or business partners in different jurisdictions
Legal or regulatory authorities in other countries

11.2 GDPR Data Transfer Mechanisms

For individuals in the EU/EEA, international transfers are safeguarded by:

Standard Contractual Clauses (SCCs): Contractual terms approved by the European Commission that ensure adequate protection
Adequacy decisions: Transfer to countries deemed to have adequate data protection (e.g., within the EEA)
Explicit consent: Your informed consent to transfer outside the EEA

We maintain a record of all international transfers and the mechanisms used to ensure compliance with GDPR.

11.3 PDPA Compliance

We take appropriate measures to ensure that your personal data receives a comparable level of protection when transferred outside Singapore, consistent with PDPA requirements.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services that we do not operate. We are not responsible for their privacy practices. We encourage you to:

Review their privacy policies before providing personal data
Understand their data collection, use, and sharing practices
Contact them directly with privacy inquiries

This Privacy Policy applies only to information collected through our website and services.

13. Children's Privacy

We do not intentionally collect personal data from children under the age of 13 (or the applicable age of digital consent in your jurisdiction). If we inadvertently collect data from a child:

We will delete it promptly
Under GDPR, parental consent is required for children under 13
We recommend parents monitor children's online activities

If you believe a child's data has been collected, please contact us immediately at the address in Section 11.

14. Your Communications Preferences

14.1 Marketing Communications

We may send you promotional emails, newsletters, and service updates. You can:

Opt-out: Unsubscribe using the link in every marketing email
Update preferences: Contact us to adjust your communication preferences
Manage frequency: Request reduced communication frequency

14.2 Service Notifications

We will continue to send transactional emails (e.g., order confirmations, password resets) even if you opt out of marketing, as these are necessary for service delivery.

15. Data Protection Officer and Responsible Parties

15.1 Data Controller

AnC Corporate Services Private Limited is the data controller responsible for personal data processing under GDPR and PDPA.

Contact Details:

Mr Yeo Keng Nien
Data Protection Officer
Email: ask_anc [at] anccorp.com.sg

15.2 Data Protection Officer (for GDPR compliance)

If you have data protection inquiries or wish to exercise your GDPR rights, you may contact our Data Protection Officer (if appointed) or our designated data protection contact through the above channels.

15.3 Singapore PDPC

For inquiries or complaints regarding PDPA compliance, you may contact:

Personal Data Protection Commission (PDPC)

Website: www.pdpc.gov.sg
Email: info@pdpc.gov.sg

15.4 European Data Protection Authority

For GDPR-related inquiries or complaints, you may contact your local Data Protection Authority:

European Data Protection Board (EDPB)

Website: https://edpb.ec.europa.eu

16. Policy Updates and Amendments

We may update this Privacy Policy periodically to reflect changes in:

Our data processing practices
Legal or regulatory requirements
Technology and security standards

16.1 How We Notify You

Material changes: We will provide at least 30 days' notice before material changes take effect
Website updates: We will publish the updated policy on our website with a new effective date
Email notification: For significant changes, we may notify you via email

16.2 Your Continued Use

Your continued use of our services after policy amendments constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may withdraw consent or discontinue using our services.

17. Frequently Asked Questions (FAQs)

Q: How long do you keep my personal data?

A: Retention periods vary by data type and legal requirements. Generally, we retain data for 3–7 years depending on the purpose. See Section 7 for details.

Q: Can I download a copy of my data?

A: Yes. Under GDPR (right to data portability) and PDPA, you can request your data in a structured, portable format. Contact us using the details in Section 11.

Q: How do I opt out of marketing emails?

A: Click the "unsubscribe" link in any marketing email, or contact us directly to manage your preferences.

Q: What happens if there's a data breach?

A: We will notify you and relevant authorities as required by law (within 72 hours under GDPR, per PDPA guidelines for Singapore).

Q: Do you use profiling or automated decision-making?

A: We use basic analytics and marketing segmentation. We do not use fully automated decision-making that produces legal or similarly significant effects without human review. You have the right to request information about any such processing and to seek human review.

Q: How do I lodge a complaint?

A: You can lodge a complaint with us directly (Section 11) or with the relevant authority:

Singapore: PDPC (info@pdpc.gov.sg)
EU/EEA: Your local Data Protection Authority

18. Contact Information

For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:

Mr Yeo Keng Nien

Data Protection Officer

Email: ask_anc [at] anccorp.com.sg

Response Time:

Singapore (PDPA): Within 30 days
EU/EEA (GDPR): Within 30 days (extendable to 60 days)

10 Jalan Kilang, #04-06

Bukit Merah Enterprise Centre

Singapore 159410