Personal Data Protection Policy
Effective Date: 1 June 2025
1. Purpose of this Policy
KaiCari Impact Group Pte. Ltd. (“KaiCari”, “we”, “our”, “us”) is committed to safeguarding the personal data entrusted to us. This Policy explains how we collect, use, disclose, protect, and retain your personal data in compliance with Singapore’s Personal Data Protection Act 2012 (“PDPA”). pdpc.gov.sg
2. What is “Personal Data”?
“Personal Data” means any information—true or otherwise—about an individual who can be identified from that data alone or from that data together with other information we can reasonably access (e.g., name, NRIC, e-mail, employment details, photographs).
3. How We Collect Personal Data
We collect data:
| Channel | Examples |
|---|---|
| Direct interactions | Enquiry forms, newsletter sign-ups, event registrations, coaching/therapy intake forms |
| Automated technologies | Cookies, web analytics, chat logs, device identifiers |
| Third-party sources | Professional networking platforms (e.g., LinkedIn), publicly available registries, partners who refer you with your consent |
4. Purposes for Collection, Use & Disclosure
We only collect, use, and/or disclose personal data for purposes such as:
- Providing consultancy, coaching, therapy and related services
- Processing transactions, invoices, and CPF grant applications
- Managing subscriptions, events, webinars, or marketing campaigns
- Assessing and improving our services, website UX, or course content
- Complying with legal obligations or responding to law-enforcement requests
- Any purpose reasonably related to the above—including legitimate-interest situations permitted under the PDPA Data Protection Report
5. Consent & Legitimate Interests
We generally obtain your express consent before collecting or using personal data. In limited circumstances, we may rely on the Legitimate Interests Exception where:
- The collection/use is necessary for our or a third-party’s legitimate interests; and
- Those interests outweigh any adverse impact on you.
We document these assessments in accordance with PDPC guidelines. pdpc.gov.sg
6. Disclosure to Third Parties
We do not sell your data. We may share it with:
- Service providers (IT hosting, CRM, e-mail delivery, payment processors) under strict confidentiality obligations
- Professional advisers (lawyers, auditors)
- Government agencies, regulators, or law-enforcement bodies where required by law or a legitimate request
7. Protection of Personal Data
We implement administrative, physical, and technical safeguards (e.g., encryption at rest, multi-factor admin access, staff PDPA training) to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.
8. Retention & Destruction
Personal data is retained only as long as:
- Required for the purpose for which it was collected; or
- Necessary for business, legal, or compliance needs.
When the retention period lapses, we securely delete or anonymise the data.
9. Accuracy
We rely on the accuracy of information you provide. Please keep us informed of any changes so we can update our records.
10. International Transfers
Where data is transferred outside Singapore, we ensure the recipient provides a comparable standard of data protection (e.g., contractual clauses, intra-group policies, or certification mechanisms).
11. Access & Correction Requests
You may request access to, or correction of, your personal data held by KaiCari. A reasonable administrative fee may apply. We will respond within the timelines prescribed by the PDPA.
12. Withdrawal of Consent
You can withdraw your consent for any specific purpose by e-mailing our Data Protection Officer (see §18). We will inform you of potential consequences (e.g., service limitations) and act on your request within a reasonable time.
13. Do Not Call (DNC) Provisions
For voice calls, SMS, or fax marketing, we check Singapore’s DNC Registry and honour all opt-outs before sending marketing messages. pdpc.gov.sg
14. Cookies & Similar Technologies
We use cookies, pixel tags, and analytics tools to remember preferences, enhance site performance, and measure campaign effectiveness. You may disable cookies via your browser, but certain site features may not function properly.
15. Data Breach Notification
If a data breach:
- Is likely to result in significant harm to an individual, or
- Concerns personal data of 500 or more individuals,
we will notify the Personal Data Protection Commission (“PDPC”) as soon as practicable and no later than three (3) calendar days after confirming the breach, and will notify affected individuals as required. DLA Piper Data ProtectionBaker McKenzie Resource Hub
16. Data Portability (Upcoming Obligation)
Parliament has passed, but not yet commenced, data-portability provisions allowing individuals to request transmission of their data in a structured, commonly used format. We will comply once the provisions take effect.
17. Updates to This Policy
We may amend this Policy from time to time. The latest version will always be posted on our website with the effective date at the top.
18. Contact – Data Protection Officer
If you have any questions, requests, or complaints regarding this Policy or your personal data, please contact:
Managing Director
KaiCari Impact Group Pte. Ltd.
E-mail: rachaeljane.bah@kaicari.com
(Attn: DPO – Confidential)
19. Governing Law
This Policy is governed by the laws of the Republic of Singapore.