— Legal

Privacy Policy

Merlion Apex Pte. Ltd. ("Merlion Apex", "we", "us", or "our") is committed to handling your personal data with care and transparency. This Privacy Policy explains what personal data we collect, how we use it, who we may share it with, and what your rights are under Singapore's Personal Data Protection Act 2012 ("PDPA") and related regulations.

By using our website at merliona.live or engaging with us through any contact channel, you acknowledge that you have read and understood this policy.

1. Data Controller

The data controller responsible for your personal data is:

For questions or requests related to this policy or to your personal data, please contact us at the email address above.

2. What Personal Data We Collect

We collect only the personal data that is necessary for the purposes set out in this policy. The types of data we may collect include:

Data you provide directly

• Full name and contact details (email address, phone number)
• Company name, role, and business context shared in enquiry messages
• Any other information you voluntarily provide through our contact form or direct correspondence

Data collected automatically

• IP address and browser type when you visit our website
• Pages visited, time spent on pages, and referring website (where analytics cookies are accepted)
• Device type and operating system

Data from third-party services

• Analytics data aggregated through Google Analytics (where consent is given)
• Basic interaction data from advertising platforms (where applicable and consent is given)

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

• Responding to enquiries: When you contact us through the website form or by email, we use your details to respond to your message and discuss whether an engagement might be appropriate.
• Service delivery: If you proceed with an engagement, we use relevant contact and business information to manage the consulting process and deliver agreed deliverables.
• Website improvement: Aggregated and anonymised analytics data helps us understand how our website is used so we can make it clearer and more useful.
• Legal compliance: We may retain certain data as required by Singapore law, including records related to business transactions.
• Communication about our services: If you have engaged with us previously, we may contact you about relevant updates. You can opt out at any time.

We do not use your personal data for automated decision-making or profiling.

4. Legal Basis for Processing

Under the PDPA, we process your personal data on the following grounds:

• Consent: For optional cookies, marketing communications, and analytics tracking, where you have given your explicit consent.
• Contractual necessity: Where processing is required to fulfil a consulting engagement you have entered into with us.
• Legitimate interests: For website analytics and improving our services, where this does not override your fundamental rights.
• Legal obligation: Where we are required by Singapore law to retain or process certain information.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

• Enquiry data (no engagement commenced): up to 12 months from last contact, unless you request earlier deletion.
• Engagement-related data: up to 5 years from the conclusion of the engagement, consistent with Singapore's general commercial records requirements.
• Analytics data: retained in anonymised/aggregated form only; individual identifiers are not stored beyond 26 months.
• Cookie consent records: retained for 12 months from the date of consent or until consent is withdrawn.

6. Data Sharing

We do not sell your personal data. We may share it only in the following limited circumstances:

• Service providers: Third-party technology providers who support our website operations (such as hosting and analytics) may have access to certain data on a processor basis, and are bound by appropriate data processing agreements.
• Analytics platforms: Google Analytics may receive anonymised usage data where you have consented to analytics cookies.
• Legal requirements: Where disclosure is required by a court order, regulatory authority, or applicable Singapore law.
• Business transfers: In the event of a merger, acquisition, or sale of business assets, your data may transfer to the successor entity under equivalent protection obligations.

Any third parties with whom we share data are required to handle it in accordance with the PDPA and our data processing standards.

7. Cookies

Our website uses cookies to support basic functionality and, where you consent, to collect analytics and preference data. Full details about the types of cookies used, their purpose, and how to manage them are set out in our Cookie Policy.

You can withdraw your cookie consent at any time by visiting the Cookie Policy page and adjusting your preferences.

8. Data Security

We take reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and loss. These include:

• TLS encryption for data transmitted between your browser and our website
• Access controls limiting internal access to personal data to those with a specific need
• Regular review of access logs and security practices
• Secure storage of client-related data within professional document management systems

While we take these measures seriously, no system can be made completely secure. If you believe your data has been compromised, please contact us immediately at [email protected].

In the event of a data breach that is likely to result in significant harm to affected individuals, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA's data breach notification obligations.

9. International Data Transfers

Our primary operations are based in Singapore. Where data is processed or stored by third-party service providers outside Singapore, we take steps to ensure that equivalent levels of data protection apply, consistent with the PDPA's requirements for overseas transfers of personal data.

10. Your Rights Under the PDPA

Under Singapore's Personal Data Protection Act, you have the following rights in relation to your personal data:

• Right of access: You may request a copy of the personal data we hold about you, along with information about how it is being used.
• Right of correction: You may request that we correct any personal data that is inaccurate or incomplete.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Right to data portability: Where technically feasible and applicable, you may request that your data be provided in a portable format.
• Right to erasure: You may request deletion of your personal data where it is no longer required for the purposes for which it was collected, subject to our legal retention obligations.

To exercise any of these rights, please contact us at [email protected]. We aim to respond to all requests within 30 days. If we are unable to fulfil a request, we will explain why in writing.

If you are not satisfied with our response, you have the right to lodge a complaint with Singapore's Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal data.

12. Children's Privacy

Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us so we can delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy, how we handle your data, or wish to exercise any of your rights, please reach out: