Skip links
The JourneyThe Journey

Last Updated: 9 December 2025

This Privacy Policy explains how daniel-aden.com (“we”, “us”, or “our”) collects, uses, and protects your personal data in compliance with Singapore’s Personal Data Protection Act 2012 (PDPA).

1. Introduction

We respect your privacy and are committed to protecting your personal data. This policy informs you about how we handle your personal data when you visit our website and use our contact services.

2. Data We Collect

We operate a minimal data collection policy. We only collect personal data when you actively interact with our contact form. We do not use cookies, analytics, or tracking technologies that monitor general website browsing.

2.1 Contact Form Submissions

When you submit a message through our “Contact Us” form, we collect the following information:

Information You Provide:

  • Your name
  • Your email address
  • The content of your message

Information Collected Automatically:

  • Date and time of submission
  • IP address (collected automatically for spam prevention and abuse detection)
  • Browser and device information (user agent string)

Purpose of Automatic Collection: IP addresses and browser information are collected to protect our systems from spam, abuse, and fraudulent submissions. This is a standard security practice for contact forms.

2.2 What We Do NOT Collect

We do not collect personal data through:

  • Cookies or tracking technologies for general website browsing
  • Analytics tools that identify individual users (no Google Analytics, Facebook Pixel, or similar services)
  • Social media plugins that track your activity across websites
  • Third-party advertising networks
  • User accounts or registrations (our website does not offer account creation)
  • Website comments (commenting is not enabled)

General Browsing: If you simply browse our website without submitting the contact form, we do not collect any personal data that identifies you individually. Standard server logs may record anonymous access information (pages visited, access times) but these are not linked to your personal identity.

3. Purpose of Data Collection

We collect and use your personal data solely for the following legitimate purposes:

  • To respond to your inquiries and messages
  • To provide customer support and assistance
  • To maintain records of our communications with you for quality assurance
  • To protect our systems from spam, abuse, and security threats
  • To comply with legal obligations (record-keeping, dispute resolution)

We do not use your personal data for marketing, advertising, or any purpose beyond responding to your specific inquiry unless you explicitly request additional services.

4. Legal Basis for Processing (PDPA Compliance)

Under Singapore’s Personal Data Protection Act (PDPA), we process your personal data based on the following legal grounds:

Consent: When you submit a contact form, you are indicating your agreement to our collection and use of your personal data as described in this policy. We recommend reviewing this Privacy Policy before submitting any personal information.

Legitimate Interests: Processing is necessary to respond to your inquiries, provide requested services, and protect our systems from security threats.

Note on Consent Mechanism: We are currently implementing enhanced consent features, including an explicit acknowledgement checkbox, to ensure full compliance with PDPA’s express consent requirements. In the interim, your use of the contact form constitutes your informed agreement to this policy.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

Contact Form Submissions:

  • Contact form messages (name, email, message content): Retained for up to 2 years from the date of submission, or until your inquiry is resolved and no further action is required
  • IP addresses: Retained with contact form data for up to 2 years for spam prevention and abuse investigation
  • After the retention period: Data is securely deleted or anonymised

Retention Justification: The 2-year retention period allows us to maintain records of our communications, respond to follow-up inquiries, and investigate abuse or security incidents if they arise after initial contact.

Early Deletion: You may request deletion of your personal data before the standard retention period expires by contacting us (see Section 12).

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

Technical Security:

  • Secure encrypted connections (HTTPS/SSL) for all data transmission
  • Secure database storage with access controls
  • Regular security updates and patches for WordPress and plugins
  • Protection against common web vulnerabilities (SQL injection, XSS, CSRF)

Organisational Security:

  • Access to personal data limited to authorised personnel only
  • Regular security assessments and monitoring
  • Secure data handling procedures
  • Incident response procedures for data breaches

Limitations: While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using commercially reasonable safeguards.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We may share your personal data only in the following limited circumstances:

Service Providers:
We use trusted third-party service providers who process data on our behalf under strict confidentiality obligations:

  • Email delivery service: To send contact form notifications and responses to your inquiries
  • Web hosting infrastructure: To store website data and ensure site availability

These service providers have access to your personal data only as necessary to perform their functions and are contractually obligated to maintain confidentiality and security.

Legal Obligations:
We may disclose your personal data when required by Singapore law, court order, or government authority, or when necessary to:

  • Comply with legal processes
  • Protect our legal rights and property
  • Investigate fraud, security threats, or violations of our terms
  • Protect the safety of our users or the public

Business Transfers:
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

Complete Service Provider List: A detailed list of our current third-party service providers is available upon request by contacting our Data Protection Officer.

8. Your Rights Under PDPA

Under Singapore’s Personal Data Protection Act, you have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you, including how it is being used and to whom it has been disclosed.

Right to Correction: Request correction of inaccurate, incomplete, or outdated personal data.

Right to Withdraw Consent: Withdraw your consent for data processing at any time. Please note that withdrawal may affect our ability to respond to your inquiries.

Right to Data Portability: Request transfer of your personal data in a structured, commonly used, and machine-readable format.

Right to Object: Object to our processing of your personal data where we are relying on legitimate interests as the legal basis.

How to Exercise Your Rights:
To exercise any of these rights, please contact our Data Protection Officer using the details in Section 12 below. We will respond to your request within 30 days as required by the PDPA, or inform you if we require additional time to process your request.

Verification: For your protection, we may request verification of your identity before processing requests to access or modify personal data.

No Fee: We do not charge a fee for processing data subject requests unless your request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee.

9. International Data Transfers

Your personal data is primarily processed and stored within secure hosting infrastructure. However, some of our service providers (email delivery, web hosting) may transfer or store data outside Singapore.

Cross-Border Safeguards:
When personal data is transferred outside Singapore, we take steps to ensure appropriate protection:

  • We select service providers who maintain data protection standards comparable to Singapore’s PDPA requirements
  • Service providers are contractually required to protect personal data and use it only for specified purposes
  • We assess the data protection laws and practices of the jurisdictions where data may be transferred

Service Provider Jurisdictions: Personal data may be transferred to service providers located in countries with established data protection frameworks. Specific jurisdictions depend on our current service provider arrangements.

10. Children’s Privacy

Our website is not directed to or intended for use by children under 18 years of age. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe we have collected personal data from a child under 18, please contact us immediately using the details in Section 12. We will promptly investigate and delete such data if verified.

11. Data Breach Notification

In the event of a data breach that is assessed to result in significant harm to affected individuals (such as identity theft, financial loss, damage to reputation, or other serious consequences), we will:

Notify Affected Individuals: Inform you of the breach, the types of personal data affected, and recommended actions to mitigate potential harm.

Notify the PDPC: Report the breach to the Personal Data Protection Commission (PDPC) as required under the PDPA.

Timeline: Notification will typically occur within 3 calendar days of assessing that the breach is likely to result in significant harm, in accordance with PDPA requirements.

Breach Response: We maintain an incident response plan to contain breaches, assess their impact, and take corrective measures to prevent recurrence.

12. Contact Us – Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact our Data Protection Officer:

Data Protection Officer
Email: [email protected]
Website: daniel-aden.com

Response Time: We aim to respond to all privacy inquiries within 5 working days. For formal data subject access requests, we will respond within 30 days as required by the PDPA.

Note: We are committed to maintaining professional data protection practices. While our current contact email uses a personal domain, it is the authorised business contact for all data protection matters related to daniel-aden.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data collection or processing practices
  • New legal or regulatory requirements
  • Improvements to our privacy and security measures
  • Feedback from users or data protection authorities

Notification of Changes: We will notify you of any significant changes by:

  • Posting the updated policy on this page with a new “Last Updated” date
  • If changes materially affect your rights, we may provide additional notice via email (if we have your contact information) or prominent website notification

Your Continued Use: By continuing to use our website and services after changes are posted, you acknowledge and accept the updated Privacy Policy.

14. Governing Law

This Privacy Policy is governed by the laws of Singapore, including:

  • Personal Data Protection Act 2012 (PDPA)
  • Personal Data Protection (Amendment) Act 2020
  • Guidelines and regulations issued by the Personal Data Protection Commission (PDPC)

Any disputes arising from this Privacy Policy or our data protection practices shall be subject to the exclusive jurisdiction of the courts of Singapore.

Acknowledgement

By using our website and services, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree with this policy, please do not use our contact form or submit personal data through our website.

For any questions or concerns about our privacy practices, please contact our Data Protection Officer using the details provided in Section 12 above.

This Privacy Policy is effective as of 9 December 2025.