Privacy Policy

1. Introduction

Satay Systems ("we", "us", "our") is committed to handling personal data responsibly and in compliance with Singapore's Personal Data Protection Act 2012 (PDPA). This Privacy Policy explains how we collect, use, store, and protect personal data when you engage with our website or our services.

This policy applies to all personal data we process in connection with our AI integration services, including enquiries submitted through our website, engagement communications, and data handled during service delivery. If you have questions about this policy, please contact us at [email protected].

2. Personal Data We Collect

We collect personal data in the following circumstances:

Via our website contact form

• Full name (required)
• Email address (required)
• Phone number (optional)
• Message content (optional)

During service engagements

When conducting assessments or building workflows, we may be given access to business documents that contain personal data about your staff or clients. Data handling in this context is governed by the specific terms agreed in writing at the start of each engagement.

Automatically via website analytics

We use analytics tools to understand how visitors use our website. This may include IP address, browser type, pages visited, and visit duration. This data is collected in aggregate and is not used to identify individuals.

Legal basis for processing

• Consent: Contact form submissions, cookie consent
• Contract: Data processed to deliver agreed services
• Legitimate interest: Analytics for website improvement

We retain contact enquiry data for up to 24 months. Engagement-related data is retained for the duration of the engagement and up to 12 months thereafter, unless a shorter period is agreed in the engagement terms.

3. How We Use Your Data

We use personal data for the following purposes:

• Responding to enquiries: We use contact form data to respond to your messages and arrange preliminary conversations.
• Service delivery: We use engagement data to conduct assessments, build workflows, and produce written deliverables.
• Communications: We may send updates relevant to your engagement. We do not send unsolicited marketing emails.
• Website improvement: Aggregated analytics help us understand which parts of our website are useful.
• Legal obligations: We may retain or disclose data as required by Singapore law.

We do not sell personal data to third parties. We do not share personal data with third parties except where necessary to deliver services (for example, cloud hosting providers) or as required by law.

4. Data Protection Measures

• Encryption: Data transmitted to and from our website is encrypted via HTTPS/TLS.
• Access controls: Personal data is accessible only to staff who need it to perform their work. Access is reviewed regularly.
• Breach response: In the event of a data breach affecting your personal data, we will notify affected individuals and the Personal Data Protection Commission (PDPC) in accordance with the PDPA's mandatory breach notification requirements.
• Data minimisation: We collect only the personal data necessary for the stated purpose and do not retain it beyond the relevant retention period.

5. Cookies

We use cookies on our website to manage your session and, where you consent, to collect analytics data. You can manage your cookie preferences at any time via our Cookie Policy page. Essential cookies cannot be disabled as they are required for the website to function.

6. Your Rights Under the PDPA

As a Singapore resident, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right of correction: You may request correction of inaccurate or incomplete personal data.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.
• Right to erasure: Subject to our retention obligations, you may request deletion of your personal data.
• Right to data portability: You may request a machine-readable copy of personal data you have provided to us.

To exercise any of these rights, write to us at [email protected]. We will respond within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg.

7. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any external sites you visit.

8. Children's Privacy

Our services are directed at businesses and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected].

9. Policy Updates

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes, we will notify current engagement clients by email where possible. Continued use of our website after any changes constitutes acceptance of the revised policy.