Privacy Policy

1. Introduction

Coulthwaite Group Ltd and its affiliates (“Company” or “We”) respect your privacy and are committed to protecting it through compliance with this privacy policy (“Policy”). This privacy policy describes how we subscribe to the principles, guidelines and requirements of the Singapore Personal Data Protection Act 2012 (“PDPA”) and, to the extent that you are a resident of the EU or UK, the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR“) and the version of the GDPR that has been incorporated into the laws of the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018) (“UK GDPR“).

If you are a resident of the EU or the UK, there is a section of this Policy titled ‘Additional information for EU/UK residents’ that also applies to our processing of your personal data.

2. Definitions

For the purposes of this Policy, “personal data” means any data, whether true or not, about an individual who can be identified or is identifiable (a) from such data; or (b) from such data and other information to which we have or are likely to have. This may include, for example, a person’s name, date of birth, gender, NRIC, passport number, photos, mailing addresses, telephone numbers, email addresses and network data.

3. What Personal Data We Collect

  • Personal information such as name, date of birth, gender etc.
  • Business/company name and other information such as activities and business size
  • Contact details such as mailing addresses, email addresses, telephone numbers
  • Job title
  • Profession
  • Demographic information such as postcode

4. Methods of Collection

We collect this information:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
  • From third parties, for example, our business partners.

5. Purposes

The purposes for which we may collect, use, disclose, process, manage and/or transfer your personal data are as follows:

  • to provide you with our services (including fulfil our obligations under our contract with you for such services);
  • to respond and deal with enquiries or complaints and for other customer-care activities;
  • to supply you with emails that you have opted into (you may unsubscribe or opt-out at any time);
  • to comply with regulatory, compliance, or legal obligations and/or requirements;
  • as permitted or required by applicable law, regulations, industry codes or market rules;
  • for any other purposes necessary, ancillary or consequential to the above specified purposes.

6. Who we might Disclose Personal Data to

We may disclose any of the personal data we collect about you, including the categories of personal data listed in Section 3, to any of the recipients listed below:

  • external service providers, contractors and third parties, for the purpose of providing our services to you;
  • other business partners and vendors we work with to deliver products and services;
  • banks, credit card companies, payment vendors and other entities within the payment processing chain for the purposes of processing payment;
  • debt collection agencies;
  • credit information companies and credit bureaus;
  • government bodies, including any ministry, department, agency (including law enforcement agencies), or organ of state, judicial or quasi-judicial body or disciplinary, arbitral or mediatory body, or any other statutory body;
  • advisors, including auditors, accountants and lawyers who advise us;
  • any data intermediaries;
  • any other party to whom you authorise us to disclose personal data to; and
  • the prospective seller or buyer of our business or assets in the event that we sell or buy any business assets.

7. Transfer of Personal Data Overseas

In general, your data will be stored in Singapore. We may, in the course of providing services to you, disclose, transfer, store, process and/or deal with your personal data outside Singapore. In doing so, we will comply with all applicable data protection and privacy laws, and take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. For residents in the EU or UK, see the ‘Additional Information for EU/UK Residents’ section below for further information on transfers.

8. Withdrawal of Consent

You may subsequently withdraw your consent to our collection, use or disclosure of your personal data. However, should you choose to do so, we may not be able to provide you with our services, or perform any contract we may have with you. Accordingly, we may, insofar as such consent is integral to the provision of the services to you, cease to provide such services to you and will have the right to terminate any contract of service with you in its discretion, without liability to you. Notwithstanding any withdrawal of consent, unless otherwise agreed by the Company, you will still be bound by any contract of service with the relevant entity in the Company, and should you choose to terminate the relevant contract(s), early termination and other charges, liquidated damages or contractual consequences may apply in accordance with the relevant contract(s) or at law, and the Company reserves its rights thereof.

Please contact us by email (please see Section 14. Contact Details) to request for withdrawal.

We shall process your withdrawal request within a reasonable time (depending on the complexity of the request and its impact on our relationship with you), and in any event no later than within ten (10) business days of receiving your request.

9. Retention of Personal Data

We will retain personal data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws. We will usually keep your personal data for up to seven (7) years to ensure that any contractual disputes can be addressed. If you opt out or withdraw your consent to marketing, we will remove you from our marketing database.

10. Access, Update and Correction Requests

You must ensure that all personal data submitted to us is accurate, up-to-date and not misleading. Any submission of false or incorrect information may result in our failure to deliver the products and services you seek. We reserve the right to request for documentation to verify the information provided by you.

We encourage you to inform us when there are any changes to the personal data which you have provided to us, so as to ensure that we have the most current, accurate and complete information. Upon request by you, we may correct or complete any personal data found to be inaccurate or incomplete as soon as practicable.

You can access, update and correct your personal information anytime by accessing your account registered with us through the website or mobile application (if applicable). If you do not have an account with us, you may contact us (please see Section 14. Contact Details). We will respond to your update and/or correct request as soon as reasonably possible, an in any event no later than within ten (10) days of receiving such update and/or correct request.

Subject to the PDPA, we will respond to access requests within a reasonable time and in any event no later than within thirty (30) days of receiving such access request. We may charge a fee for processing your request for access. Such a fee would depend on the nature and complexity of your access request.

If you are a resident in the EU or UK, see the ‘Additional Information for EU/UK Residents’ section below for information on access, update and correction requests under the GDPR/ UK GDPR.

11. Cookies

Our website uses cookies to monitor browsing preferences and help analyse data about webpage traffic in order to make website improvements based on your needs and to enhance website efficiency. We generally use such information for statistical analysis but may use it for other reasons in aggregated form or where we are not aware of your identity.

When you visit our website, our servers will automatically record information that is sent whenever you visit a website. This data may include: (a) your computer’s IP address; (b) your browser type; (c) the webpage you were visiting before you visited the relevant website; (d) the pages within the website which you visit; and/or (e) the time spent on such pages, item and information searched for in the website, access time and dates, and other statistics.

A cookie does not give us access to your computer. Most internet browsers automatically accept cookies, but you can usually modify your browser settings according to your preference. If you choose not to accept cookies, you may not be able to experience all the features of our website.

12. Other Websites

Our website may contain links to other websites which are owned or operated by third parties, and which are not under our control. We are not responsible for the content on any such website, or the consequences of accessing or using any such website (including the protection and privacy of any information which you provide whilst visiting such sites) and such sites are not governed by this statement. You agree that your access to or use of such websites is entirely at your own risk. When visiting these third-party websites, you should read their privacy policies which will apply to your use of the websites.

13. Updates to This Policy

We will amend this Policy from time to time, and the updated versions will be posted on our website; and date stamped so that you are aware of when the Policy was last updated. Please check back frequently to see any updates or changes to this Policy. If we make any material changes to this Policy, we will provide notice, for example, by way of a banner on our website.

14. Contact Details

If you have any enquiries, comments, or suggestions about how we collect, use or disclose your personal data or this Policy, or would like to receive information about your personal data which we retain, please contact us by email at

Additional Information for EU/UK Residents

I. Basis for handling personal information. We need to ensure that there is a legal basis under the GDPR/UK GDPR (as applicable) to justify our processing of your personal information. There are a number of different ways that we are lawfully able to process your personal information. We will only process your personal data if and to the extent that at least one of the following legal bases apply. We have set these out below with reference to each of the purposes set out under Section 5 (Purposes) above. Most commonly we will use your personal data in the following circumstances:

  • Where you have consented before the processing.
  • Where we need to perform a contract we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Consent means processing your personal data where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose.

Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Legitimate Interest means the interest of our business in conducting and managing our business and generating revenue to enable us to give you the best service and to grow and develop our business and our service offerings. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

II. Transfer of Personal Data Overseas. As indicated in Section 7 (Transfer of Personal Data Overseas) above, your personal data will be stored in a country outside of the EU/UK (as applicable), Singapore. In any event where your personal data is stored in a country outside of the EU/UK, and in this case including with reference to onward transfers within Singapore or to entities outside of Singapore, where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that any such transfers are undertaken in accordance with applicable data protection and privacy laws and that your data is treated securely and in accordance with this Policy.

However, please note that where personal data is stored in another country, it may be accessible to law enforcement agencies in accordance with domestic laws.

III. Your Rights. You have various rights in relation to the data which we hold about you as described below.
To get in touch with us about any of your rights under applicable data protection laws, please use the contact details set out above. We will seek to deal with your request without undue delay, and in any event within any time limits provided for in applicable data protection law (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

a) Right to object

This right enables you to object to us processing your personal data where we do so for one of the following reasons:

  • because it is in our legitimate interests to do so;
  • to enable us to perform a task in the public interest or exercise official authority;
  • to send you direct marketing materials; or
  • for scientific, historical, research, or statistical purposes.

b) Right to withdraw consent

If we obtain your consent to process your personal data for any activities, you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. You can withdraw your consent by using the contact details provided at Section 14 (Contact Details) above. Please note that if you withdraw your consent, this does not impact the lawfulness of our processing on the basis of consent before the consent was withdrawn.

c) Right to access a copy of your data

You may ask us for confirmation of the processing of your personal data, or a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

d) Right to erasure

You have the right to request that we “erase” your personal data in certain circumstances. Normally, this right exists where:

  • the data are no longer necessary;
  • you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
  • the data has been processed unlawfully;
  • it is necessary for the data to be erased in order for us to comply with our obligations under law; or
  • you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

e) Right to restrict processing

You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

f) Right to rectification

You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

g) Right of data portability

If you wish, you have the right to transfer your personal data between service providers and receive a copy of your data. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.

h) Rights in relation to automated decision making

You have the right to object to being subject to a decision based on solely automated processing where this decision adversely affects your legal rights. Where we use your personal data for automated decision making, we will ensure to give you specific information about that processing, and you will have the right to challenge and request a review of the decision.

i) Right to complain

You also have the right to complain to your data protection authority.

In the UK the data protection authority is the Information Commissioner’s Office. You can contact them in the following ways:

If the relevant data protection authority is in the EU, please contact the data protection authority in the relevant country.

IV. Cookies. When you first visit our website, you will be presented with a pop-up screen informing you of our use of cookies and asking you to provide your consent for such use. The pop-up screen may not reappear for all your subsequent visits to our website, but you may adjust your web browser software if you do not wish to receive cookies or web beacons, but this may prevent you from taking advantage of some of the features of our website. Please refer to your browser instructions or help pages to learn more about these functions.