Privacy

Privacy Policy

How BrandSpark Co Pte. Ltd. handles personal data under the Personal Data Protection Act 2012 (PDPA) of Singapore.

Last updated: 9 July 2026

1. Organisation identity

BrandSpark Co Pte. Ltd. (UEN 202546013K) is a marketing agency registered in Singapore with its principal place of business at 12 Ann Siang Road, #02-01, Singapore 069692. We provide brand strategy, creative, paid media, SEO, content, social and motion services for client brands. This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit brandsparkco.pro, submit an enquiry, engage our services or otherwise interact with us.

For the purposes of the PDPA, BrandSpark Co Pte. Ltd. is the organisation responsible for personal data described in this policy, except where we process data solely on behalf of a client under a separate data processing arrangement.

2. Personal data we collect

Depending on your interaction with us, we may collect the following categories of personal data:

  • Identity and contact data: name, job title, company name, email address, telephone number, postal address.
  • Enquiry and communication data: messages you send via contact forms, email correspondence, meeting notes and project briefs.
  • Technical data: IP address, browser type, device identifiers, pages visited, referral URLs and cookie identifiers (see our Cookie Policy).
  • Marketing preferences: your choices regarding analytics and advertising cookies, newsletter opt-ins where applicable.
  • Contract and billing data: for clients — billing contact, payment references and signed scope documents (processed under separate client agreements).

We do not intentionally collect sensitive personal data unless required for a specific engagement and with your explicit consent.

3. Purposes of collection and use

We collect and use personal data for purposes including:

  • Responding to enquiries submitted through contact forms or email;
  • Scoping, delivering and administering marketing agency services for client campaigns;
  • Managing retainer and project relationships, invoicing and reporting;
  • Improving our website, user experience and service offerings;
  • Complying with legal obligations, including record-keeping and regulatory requests;
  • Protecting our rights, preventing fraud and ensuring website security;
  • Sending service-related communications where you are an existing client or have opted in.

We will not use your personal data for purposes incompatible with those described above without notifying you and, where required, obtaining consent.

4. Legal bases and consent

Under the PDPA, we rely on one or more of the following bases:

  • Consent: when you tick the PDPA consent checkbox on our contact form or opt in to non-essential cookies;
  • Contractual necessity: processing needed to perform a contract or take pre-contractual steps at your request;
  • Legitimate interests: operating and securing our business, provided your interests do not override ours;
  • Legal obligation: where Singapore law requires retention or disclosure.

You may withdraw consent for marketing or non-essential processing by contacting [email protected]. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. Data Protection Officer

Our Data Protection Officer can be reached at:

Email: [email protected]
Post: Data Protection Officer, BrandSpark Co Pte. Ltd., 12 Ann Siang Road, #02-01, Singapore 069692

The DPO handles access requests, correction requests, consent withdrawals and privacy-related complaints.

6. Disclosure to third parties

We may share personal data with:

  • Service providers who assist with hosting, email delivery, analytics (with consent), CRM and project management — bound by confidentiality;
  • Professional advisers (lawyers, accountants) where necessary;
  • Regulatory or law enforcement authorities when required by Singapore law.

We do not sell personal data. Cross-border transfers, if any, are conducted with appropriate safeguards consistent with PDPA requirements.

7. Retention

We retain personal data only as long as necessary for the purposes collected:

  • Enquiry records: up to 24 months unless a client relationship forms;
  • Client project data: duration of engagement plus up to 7 years for legal and accounting purposes;
  • Cookie consent preferences: 6 months (renewable on revisit);
  • Server logs: typically 90 days unless needed for security investigation.

8. Your rights under the PDPA

You have the right to:

  • Request access to personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Withdraw consent for processing that relies on consent;
  • Request information about how your data has been used or disclosed in the past year.

Submit requests to [email protected]. We respond within 30 days where practicable. A reasonable fee may apply for manifestly unfounded or excessive access requests as permitted under the PDPA.

9. Personal Data Protection Commission

If you believe we have not handled your personal data appropriately, you may contact us first. You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore:

Personal Data Protection Commission
Website: www.pdpc.gov.sg

10. Cookies and tracking

Our website uses cookies as described in our Cookie Policy. Non-essential cookies are placed only with your consent via the cookie banner. You may change preferences at any time by clearing cookies and revisiting the site.

11. Security measures

We implement reasonable administrative, technical and physical safeguards to protect personal data against unauthorised access, collection, use, disclosure, copying, modification or disposal. These include HTTPS encryption, access controls, secure hosting in Singapore/APAC, staff confidentiality obligations and limited data access on a need-to-know basis. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

12. Third-party links

Our website may contain links to third-party sites (e.g. social platforms). We are not responsible for the privacy practices of those sites. Review their policies before providing personal data.

13. Children

Our services are directed at business professionals. We do not knowingly collect personal data from individuals under 18. Contact us if you believe we have inadvertently collected such data.

14. Changes to this policy

We may update this Privacy Policy to reflect legal, technical or business changes. The "Last updated" date at the top will change accordingly. Material changes will be highlighted on this page. Continued use of the website after changes constitutes acknowledgement of the updated policy where permitted by law.

16. Marketing data in client engagements

When you become a client, we may process business contact details of your team members, campaign briefs, brand assets and performance data from ad platforms solely to deliver agreed marketing services. Such processing is governed by our client agreement and, where applicable, a separate data processing addendum. Client campaign data remains your property; we use it only to fulfil the retainer or project scope.

17. Breach notification

In the event of a personal data breach that is likely to result in significant harm or affect a significant number of individuals, we will notify affected individuals and the PDPC as required under the PDPA and our internal incident response procedures. We maintain records of data incidents and remedial actions taken.

18. Data portability and format

Where technically feasible and permitted by law, we will provide personal data you have supplied to us in a structured, commonly used and machine-readable format upon verified request. This applies to data processed on the basis of consent or contract where you wish to transmit it to another organisation.

19. Automated decision-making

BrandSpark does not use solely automated decision-making, including profiling, that produces legal or similarly significant effects on individuals in the context of website visits or standard enquiry handling. Client campaign optimisation may involve automated ad-platform tools operated within your accounts under agreed scopes.

20. Do Not Call Registry

If you provide a Singapore telephone number, we will check it against the Do Not Call Registry where required before sending marketing messages, unless you have provided clear consent to receive such messages or an ongoing client relationship applies under PDPA exceptions. You may withdraw marketing consent at any time without affecting service-related communications for active engagements.

Service-related calls and emails about active projects or retainer work are treated separately from promotional outreach and are sent only to business contacts with a legitimate interest in the engagement.

We review this Privacy Policy at least annually and whenever we introduce new tools or change how personal data is processed across our marketing agency operations. Material updates will be posted on this page with a revised date.

21. Contact

Questions about this Privacy Policy: [email protected]
BrandSpark Co Pte. Ltd., 12 Ann Siang Road, #02-01, Singapore 069692 · +65 6223 5710