Legal

Privacy Policy

Last updated: 15 February 2025  ·  Effective: 15 February 2025

1. Introduction

Bumi Prism Pte. Ltd. ("Bumi Prism", "we", "us", "our") is committed to protecting the personal data of individuals who interact with our organisation, use our website, or participate in our programmes. This policy explains how we collect, use, disclose, and protect your personal data.

We operate in compliance with Singapore's Personal Data Protection Act 2012 (PDPA). If you have questions about this policy or how your data is handled, please contact us at [email protected].

2. What Personal Data We Collect

We collect personal data that you provide directly or that is generated through your use of our website and services. This may include:

  • Name and contact details (email address, phone number)
  • Organisation name and role (if provided)
  • Information submitted through our website contact form or programme enquiries
  • Website usage data collected through cookies and analytics tools (subject to your consent)
  • Correspondence with our team

We collect only the personal data reasonably necessary for the purposes described in this policy. We do not collect sensitive personal data as defined under the PDPA without explicit consent.

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Responding to enquiries submitted through our website contact form
  • Providing information about our AI training programmes and services
  • Administering programme enrolments and ongoing engagement communications
  • Sending service-related updates or notifications
  • Improving our website and services using aggregated, anonymised analytics data
  • Complying with legal obligations and regulatory requirements

We will only use your personal data for marketing communications if you have given your consent. You may withdraw consent at any time by contacting us.

4. Legal Basis for Processing

Under the PDPA, we process personal data on the following bases:

  • Consent: Where you have expressly provided consent (e.g., when submitting our contact form or opting into communications)
  • Contractual necessity: Where processing is necessary to fulfil a programme engagement or service agreement
  • Legitimate interests: Where we have a legitimate business interest, balanced against your privacy rights (e.g., improving our services)
  • Legal obligation: Where we are required to process data to comply with applicable law

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Enquiry data is typically retained for up to 24 months. Programme participant data is retained for up to 5 years for administrative and follow-up purposes. You may request deletion of your data at any time, subject to our legal retention obligations.

6. Sharing of Personal Data

We do not sell your personal data. We may share your data with:

  • Service providers: Third-party tools used to operate our website or manage communications (e.g., email platforms, analytics), under appropriate data processing agreements
  • Regulatory authorities: Where required by law or in response to legal process
  • Professional advisers: Including legal counsel or auditors, where necessary and under confidentiality obligations

Third-party service providers are selected carefully and are required to handle data in accordance with the PDPA and this policy.

7. Data Protection Measures

We take data security seriously and implement appropriate technical and organisational measures, including:

  • Encrypted transmission of data via HTTPS
  • Access controls limiting internal data access to those with a need to know
  • Regular review of our data handling practices
  • Use of reputable, security-compliant third-party services

In the event of a data breach that is likely to result in significant harm, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required under the PDPA's Mandatory Data Breach Notification obligations.

8. Cookies and Analytics

Our website uses cookies to understand how visitors interact with the site and to improve the experience we provide. You can control cookie preferences through our Cookie Policy and the cookie consent control on our website. Analytics data is processed in aggregated, anonymised form where possible.

9. Your Rights Under the PDPA

You have the following rights with respect to your personal data:

  • Right of access: Request information about the personal data we hold about you
  • Right of correction: Request correction of inaccurate or incomplete personal data
  • Right of withdrawal: Withdraw consent at any time where processing is based on consent
  • Right to data portability: Request your personal data in a machine-readable format where technically feasible
  • Right to erasure: Request deletion of your personal data, subject to our legal obligations
  • Right to object: Object to certain types of processing, including direct marketing

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframe required under the PDPA.

10. Third-Party Links

Our website may contain links to third-party websites. This privacy policy applies only to Bumi Prism's website and services. We are not responsible for the privacy practices of external sites and encourage you to review their policies independently.

11. Children's Privacy

Our services are intended for business and organisational clients. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor's data has been submitted to us, please contact us and we will take appropriate action.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via a notice on our website or by direct communication where appropriate. The "last updated" date at the top of this page reflects the most recent revision. Continued use of our website after a change constitutes acceptance of the updated policy.

13. Contact Information

For privacy-related enquiries or to exercise your rights, please contact:

Data Controller: Bumi Prism Pte. Ltd.

Address: 38 Beach Road, #18-02, Singapore 189767

Email: [email protected]

For regulatory complaints, you may contact the Personal Data Protection Commission (PDPC) of Singapore at pdpc.gov.sg.