Legal
Privacy Policy
Effective date: 8 July 2026 · Last updated: 8 July 2026
This Privacy Policy explains how MarketCraft Co Pte. Ltd. ("MarketCraft Co", "we", "us", or "our") collects, uses, discloses, and protects personal data when you visit marketcraftco.pro (the "Website") or interact with our marketing strategy and advisory services (the "Services"). We are committed to handling personal data responsibly and in compliance with the Personal Data Protection Act 2012 of Singapore ("PDPA") and applicable subsidiary legislation.
1. Data controller
The data controller responsible for your personal data is:
MarketCraft Co Pte. Ltd.
UEN: 202541028M
Registered address: 50 Craig Road #03-01, Singapore 089688
Email: [email protected]
Phone: +65 6222 3480
2. Scope of this policy
This policy applies to personal data we collect through the Website, contact forms, email correspondence, phone calls, in-person meetings at our studio, and during the provision of Services. It does not apply to third-party websites linked from our Website, or to personal data processed by our clients in their own capacity. Where we process personal data on behalf of a client under a service agreement, that processing is governed by the contractual terms between us and the client.
3. Personal data we collect
We may collect the following categories of personal data, depending on how you interact with us:
3.1 Identity and contact data
Full name, job title, company name, email address, telephone number, postal address, and other contact details you provide when submitting an enquiry, signing a contract, or communicating with us.
3.2 Enquiry and communication data
Content of messages, enquiry type, project descriptions, and any other information you voluntarily include in contact form submissions, emails, or meeting notes.
3.3 Technical and usage data
When you visit the Website, we may automatically collect your IP address, browser type and version, operating system, referring URL, pages viewed, time and date of access, and device identifiers. This data is collected through cookies and similar technologies as described in our Cookie Policy.
3.4 Contract and billing data
If you engage our Services, we may collect billing address, payment-related information (processed through third-party payment providers), tax identification numbers, and records of services rendered.
3.5 Client project data
During service delivery, we may receive personal data about your customers, employees, or partners that you share with us for strategy and analysis purposes. We treat such data as confidential client information and process it only as instructed by you and as necessary to deliver the Services.
4. How we collect personal data
We collect personal data through the following means:
- Directly from you when you complete our contact form, send email, call us, or meet with us in person;
- Automatically through cookies and analytics tools when you browse the Website (subject to your consent where required);
- From publicly available sources such as company websites and professional networking platforms, where relevant to business development;
- From third parties such as referral partners or event organisers, where you have been informed that your data will be shared with us.
5. Purposes of collection, use, and disclosure
We collect, use, and disclose personal data for the following purposes:
- To respond to enquiries and communicate with prospective and existing clients;
- To provide, manage, and improve our marketing strategy and advisory Services;
- To prepare proposals, contracts, invoices, and project deliverables;
- To maintain internal records, including CRM entries and project files;
- To comply with legal and regulatory obligations under Singapore law;
- To protect our legal rights, prevent fraud, and ensure the security of our systems;
- To analyse Website usage and improve user experience (with consent where required);
- To send service-related communications, such as project updates and policy changes.
We do not sell your personal data. We do not use your personal data for automated decision-making that produces legal or similarly significant effects.
6. Legal basis for processing
Under the PDPA, we rely on one or more of the following bases to collect, use, and disclose your personal data:
- Consent: Where you have provided consent, such as when submitting our contact form with the PDPA consent checkbox, or when accepting analytics cookies;
- Contractual necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering a contract;
- Legitimate interests: Where processing is necessary for our legitimate business interests, such as responding to enquiries, maintaining Website security, and improving our Services, provided your interests do not override ours;
- Legal obligation: Where processing is required to comply with applicable laws, regulations, or court orders.
7. Disclosure of personal data
We may disclose personal data to the following categories of recipients:
- Our employees and contractors who require access to perform their duties, bound by confidentiality obligations;
- IT service providers, hosting providers, email service providers, and analytics platforms that support our operations;
- Professional advisers including lawyers and accountants, where necessary;
- Government authorities, regulators, or law enforcement, where required by law or to protect our rights;
- Business successors in the event of a merger, acquisition, or asset sale, subject to equivalent data protection safeguards.
Where we engage third-party data processors, we require them to process personal data only on our instructions and to implement appropriate security measures. Some processors may be located outside Singapore. Where personal data is transferred overseas, we take steps to ensure that the recipient provides a standard of protection comparable to that under the PDPA.
8. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods are:
| Data category | Retention period |
|---|---|
| Contact form enquiries (not converted to clients) | 24 months from last contact |
| Client project files and contracts | 7 years from project completion |
| Billing and tax records | 7 years as required by IRAS |
| Website analytics data | 26 months (if analytics cookies accepted) |
| Cookie consent preferences | 6 months |
When personal data is no longer needed, we securely delete or anonymise it.
9. Data security
We implement reasonable administrative, technical, and physical safeguards to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include access controls, encrypted connections (HTTPS), secure file storage, and staff training on data handling practices.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.
10. Your rights under the PDPA
Subject to exceptions under the PDPA, you have the following rights regarding your personal data:
- Access: Request access to personal data we hold about you and information about how it has been used or disclosed within the past year;
- Correction: Request correction of inaccurate or incomplete personal data;
- Withdrawal of consent: Withdraw consent for processing that is based on consent, subject to legal and contractual restrictions;
- Data portability: Where applicable, request a copy of your personal data in a commonly used machine-readable format.
To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days, or inform you if an extension is required. We may charge a reasonable fee for access requests as permitted under the PDPA.
11. Consent and withdrawal
Where we rely on your consent to process personal data, you may withdraw consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Please note that withdrawing consent may affect our ability to provide certain Services or respond to your enquiries.
Our contact form requires explicit PDPA consent before submission. This consent covers collection and use of your enquiry data for the purpose of responding to your request and maintaining related records.
12. Children's data
Our Website and Services are directed at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.
13. Marketing communications
We may send you service-related or informational communications where we have an existing business relationship or where you have opted in. You may opt out of non-essential marketing communications at any time by clicking the unsubscribe link in an email or contacting us directly. We will continue to send communications necessary for the performance of a contract or required by law.
14. Third-party links
Our Website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party site you visit.
15. Data breach notification
In the event of a data breach that is likely to result in significant harm to affected individuals or is of significant scale, we will notify the Personal Data Protection Commission of Singapore and affected individuals as required under the PDPA and applicable guidelines.
16. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on this page with a revised effective date. Material changes will be communicated through the Website or by email where appropriate. Your continued use of the Website after changes are posted constitutes acceptance of the updated policy.
17. Contact and complaints
For questions, access requests, or complaints about our handling of personal data, contact:
Data Protection Contact
MarketCraft Co Pte. Ltd.
50 Craig Road #03-01, Singapore 089688
Email: [email protected]
If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg.