Privacy Policy
Last updated: 13 May 2026
- Who We Are
- What This Policy Covers
- Information We Collect
- How We Collect Your Information
- Legal Bases for Processing
- How We Use Your Information
- Disclosure of Your Information
- International Transfers
- Data Security
- Data Retention
- Your Privacy Rights
- Cookies & Website Tracking
- Third-Party Links
- Changes to This Policy
- Contact Us
1. Who We Are
Secroia ("we", "us", "our") is a corporate secretarial services provider. We are committed to protecting your personal data and respecting your privacy.
Company details: Secroia Pte. Ltd.
Data Protection Officer / Contact: dpo@secroia.com
2. What This Policy Covers
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you:
- Use our corporate secretarial, compliance, and company administration services
- Visit our website at www.secroia.com
- Communicate with us via email, phone, or in person
- Provide information as a client, director, shareholder, beneficial owner, or third-party contact
3. Information We Collect
We may collect the following categories of personal data:
| Category | Examples |
|---|---|
| Identity Data | Full name, date of birth, nationality, passport/ID number, tax identification number |
| Contact Data | Residential address, business address, email address, phone number |
| Corporate Data | Directorship history, shareholdings, beneficial ownership details, signatory powers |
| KYC & AML Data | Proof of identity, proof of address, source of funds/wealth declarations, UBO declarations |
| Transaction Data | Details about company formations, director appointments, share transfers, filings with registries |
| Technical Data | IP address, browser type, cookies, website usage (when visiting our site) |
| Communications | Emails, letters, meeting notes, support requests |
We do not knowingly collect sensitive data (e.g., health, biometric, political opinions) unless legally required for AML/CFT purposes and with your explicit consent.
4. How We Collect Your Information
- Directly from you: When you engage us, fill in forms, submit KYC documents, or email us.
- From public registers: Company registers (e.g., ACRA BizFile+), beneficial ownership registers, sanction lists.
- From third parties: Law firms, accountants, registered agents, banks, or due diligence providers (with your consent or as permitted by law).
5. Legal Bases for Processing (PDPA & similar laws)
We process your data only when we have a lawful basis:
- Contractual necessity: To provide corporate secretarial services (e.g., filing annual returns, maintaining statutory registers).
- Legal obligation: To comply with anti-money laundering (AML), counter-terrorist financing (CTF), and corporate disclosure laws.
- Legitimate interests: For internal administration, fraud prevention, and business development — provided your interests do not override these.
- Consent: For optional marketing communications (you may withdraw anytime).
6. How We Use Your Information
We use your personal data to:
- Perform company formations, director/secretary appointments, and share transfers
- Prepare and file statutory forms with government registries
- Maintain statutory books, registers of members, directors, and UBOs
- Comply with AML/KYC due diligence and reporting obligations
- Respond to regulatory, tax, or law enforcement requests
- Invoice, collect payments, and manage our business relationship
- Improve our website and services (e.g., analytics)
- Send service-related notices (not marketing, unless consented)
7. Disclosure of Your Information
| Recipient Type | Reason |
|---|---|
| Government registries | ACRA, IRAS, and other statutory bodies (as required by law) |
| Regulatory bodies | AML supervisors, financial intelligence units |
| Professional advisors | Lawyers, auditors, compliance consultants (under confidentiality) |
| Service providers | IT hosting, document storage, secure communication platforms (as data processors) |
| Banks & financial institutions | Opening corporate accounts or verifying signatories |
| Third parties as required by law | Courts, law enforcement, or under a court order |
We never sell your personal data to third parties.
8. International Transfers
We may transfer your data to countries outside Singapore (e.g., when using cloud services or filing with overseas registries). Where required by law, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules (where applicable)
- Transfers to countries with adequacy decisions or equivalent protections
9. Data Security
We implement technical and organisational measures to protect your data, including:
- Encryption of sensitive data in transit and at rest
- Access controls (need-to-know basis)
- Regular staff training on data protection and AML confidentiality
- Secure destruction of physical documents when no longer needed
However, no method of transmission over the Internet is 100% secure.
10. Data Retention
We retain your personal data only as long as necessary for:
- Providing corporate secretarial services (until the company is dissolved or our engagement ends)
- Complying with legal retention periods (e.g., AML laws typically require 5–10 years after a client relationship ends)
- Defending or asserting legal claims
After retention periods expire, we securely delete or anonymise your data.
11. Your Privacy Rights
Depending on your location, you may have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion (where there is no legal obligation to retain) |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests (e.g., direct marketing) |
| Withdraw consent | For any processing based solely on consent |
To exercise these rights, contact us at dpo@secroia.com. We will respond within the legally required timeframe (typically 30 days).
You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) or your local data protection authority.
12. Cookies & Website Tracking
Our website may use essential and analytical cookies. You can manage cookie preferences via your browser settings.
For detailed cookie information, see our separate Cookie Policy (if applicable).
13. Third-Party Links
Our website or emails may contain links to third-party sites (e.g., ACRA BizFile+, law firms). We are not responsible for their privacy practices — please review their policies directly.
14. Changes to This Privacy Policy
We may update this policy from time to time to reflect legal changes or our business practices. The latest version will always be available on our website. Material changes will be notified directly (e.g., by email).
15. Contact Us
For any privacy-related questions, to exercise your rights, or to report a data breach, please contact: