Introduction
Ledger Partners ("we", "our", or "us") is committed to protecting the personal data of individuals who engage with our services. This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with Singapore's Personal Data Protection Act 2012 (the "PDPA").
This Policy applies to personal data handled through our website, contact forms, email communications, marketing activities, and all other channels through which individuals engage with us.
By submitting your personal data to us, you acknowledge that you have read and understood this Policy.
Definitions
"Personal Data" means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
"Processing" includes any action involving personal data, such as collection, recording, storage, use, disclosure, transmission, or deletion.
"Data Intermediary" means an organisation engaged to process personal data on our behalf under a written agreement.
Data Protection Officer
We have appointed a Data Protection Officer ("DPO") to oversee our compliance with the PDPA. For any enquiries, access or correction requests, or complaints regarding your personal data, please contact:
Personal Data We Collect
We collect personal data that you voluntarily provide to us. The types of personal data we may collect include:
| Category | Examples |
|---|---|
| Contact information | Name, email address, telephone number, company name |
| Enquiry details | Messages submitted via our contact form, email correspondence |
| Business information | Company name, role, industry, nature of enquiry |
| Technical data | IP address, browser type, device information, pages visited, session data |
| Marketing preferences | Consent status, communication channel preferences, Do-Not-Call registry status |
We do not collect NRIC numbers, financial account details, or other government-issued identification unless specifically required by law for the provision of our services. The provision of your personal data is voluntary; however, if you do not provide certain information, we may not be able to respond to your enquiry or provide our services.
How We Collect Personal Data
5.1 Directly from You
We collect personal data when you:
- submit an enquiry through our website contact form;
- send us an email or correspond with us;
- engage us for bookkeeping, advisory, or training services;
- subscribe to our updates or marketing communications; or
- provide your business card or contact details at events.
5.2 Automated Collection
When you visit our website, technical data may be collected automatically through cookies and similar technologies for the purpose of website functionality and analytics. You may configure your browser to reject cookies; however, certain features of our website may not function as intended.
5.3 From Third Parties
We may receive your personal data from referral partners or business contacts where you have authorised such disclosure, or where permitted by law.
Purposes of Data Processing
We collect, use, and disclose your personal data for the following purposes:
6.1 Service Delivery
- responding to your enquiries and requests;
- providing bookkeeping, advisory, and training services;
- managing our client relationship with you;
- invoicing and account administration; and
- communicating service updates and relevant information.
6.2 Operational Purposes
- website analytics and service improvement;
- compliance with legal and regulatory obligations; and
- internal record-keeping and administration.
6.3 Marketing
Subject to your consent and in compliance with Singapore's Do-Not-Call ("DNC") provisions, we may contact you to share information about our services, events, and insights that may be relevant to your business. You may withdraw consent for marketing communications at any time (see Section 8).
Legal Basis for Processing
We process personal data on the following lawful grounds recognised under the PDPA:
- Consent — where you have given us express permission;
- Deemed consent by contractual necessity — where processing is necessary to fulfil our obligations under a contract with you;
- Deemed consent by notification — where we have informed you of the intended purpose, provided a reasonable opt-out period, and you have not opted out; and
- Applicable legal exceptions — including business improvement, legitimate interests, and legal obligations, as permitted under the PDPA.
Consent and Withdrawal
Where processing is based on your consent, you may withdraw consent at any time by contacting our Data Protection Officer at hello@ledgerpartners.com.sg.
We will process your withdrawal request within a reasonable time. Please note that withdrawal of consent may affect our ability to continue providing certain services to you. We will inform you of any such consequences upon receiving your request.
Notwithstanding withdrawal of consent, we may continue to process your personal data where we are required or authorised to do so under the PDPA or any other applicable law.
Sharing and Disclosure of Personal Data
We may share your personal data with the following categories of recipients for the purposes described in this Policy:
- Data Intermediaries — third-party service providers who process data on our behalf under written agreements (see Section 10);
- Professional advisers — accountants, auditors, and legal counsel;
- Regulatory authorities — where required by law or regulatory obligation; and
- Successor entities — in connection with any corporate restructuring or transfer of business.
We do not sell or trade your personal data to any third party.
Third-Party Service Providers
We engage the following categories of third-party service providers to support our operations:
| Service | Provider | Data Processed | Location |
|---|---|---|---|
| Email and business communications | Google Workspace (Gmail) | Email content, contact details | Global (US/APAC) |
| Website hosting | Firebase (Google Cloud) | Technical data, access logs | Global (US/APAC) |
| Domain and DNS hosting | Vodien | Domain records | Singapore |
| Form processing | Webhook integration (n8n) | Name, email, company, message | Overseas |
International Data Transfers
Some of our service providers (including Google Workspace and Firebase) process data on servers located outside Singapore. Where personal data is transferred overseas, we ensure that the receiving party is subject to legally enforceable obligations providing a standard of protection comparable to the PDPA, in compliance with Section 26 of the Act.
This may include contractual clauses, binding corporate rules, or reliance on jurisdictions with comparable data protection legislation.
Data Protection and Security
We implement reasonable administrative, technical, and physical security measures to protect personal data against unauthorised access, collection, use, disclosure, modification, or disposal. These measures include:
- access controls restricted to authorised personnel;
- two-factor authentication on business-critical systems;
- encryption of data in transit;
- periodic review of security practices; and
- employee awareness of data protection obligations.
While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your personal data.
Data Retention
We retain personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law. Indicative retention periods are:
| Data Type | Retention Period |
|---|---|
| Client engagement records | Duration of engagement + 5 years |
| Accounting and financial records | 5 years (per IRAS requirements) |
| Website enquiry submissions | 24 months from submission |
| Marketing consent records | Duration of consent + 24 months |
| Website analytics data | 14 months |
Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised.
Your Rights
Under the PDPA, you have the right to:
- Access — request access to the personal data we hold about you and information about how it has been used or disclosed within the past year;
- Correction — request correction of any personal data that is inaccurate or incomplete; and
- Withdrawal of consent — withdraw your consent for any processing based on consent.
To exercise any of these rights, please submit a written request to our Data Protection Officer at hello@ledgerpartners.com.sg.
We will respond within thirty (30) days of receiving your request. If additional time is required, we will notify you accordingly. A reasonable administrative fee may apply for access requests and will be communicated in advance.
Do-Not-Call Compliance
We comply with Singapore's Do-Not-Call ("DNC") provisions under the PDPA. We will not send marketing messages to Singapore telephone numbers registered on the DNC Registry unless:
- we have obtained your clear and unambiguous consent; or
- the communication is otherwise permitted under applicable law.
DNC status checks are conducted before any marketing outreach. You may opt out of marketing communications at any time by contacting us or using the unsubscribe mechanism provided in our communications.
Cookies and Tracking Technologies
Our website may use cookies and similar technologies for session management, remembering preferences, and website analytics. These may include first-party cookies and third-party analytics services.
You may configure your browser to reject cookies. However, doing so may limit certain website functionality. Where cookies collect personal data, such data is processed in accordance with this Policy.
Data Breach Notification
We maintain a data breach response framework. In the event of a data breach that is assessed to be notifiable under the PDPA, we will:
- notify the Personal Data Protection Commission ("PDPC") within three (3) calendar days of completing our assessment; and
- notify affected individuals as soon as practicable where the breach is likely to result in significant harm.
Third-Party Websites
Our website may contain links to external websites. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any external sites you visit.
Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated through our website. The effective date at the top of this Policy indicates when it was last revised.
Continued use of our services following any update constitutes your acknowledgement of the revised Policy.
Governing Law
This Policy is governed by and interpreted in accordance with the laws of Singapore.
Contact Us
If you have any questions about this Policy or wish to exercise your rights under the PDPA, please contact our Data Protection Officer:
Email: hello@ledgerpartners.com.sg
Singapore
We will endeavour to respond to all enquiries within thirty (30) days.