Privacy Policy

1. Introduction

Tidewell ("we", "us", "our") is a data strategy consultancy operating in Singapore. We are committed to handling personal data responsibly and in accordance with Singapore's Personal Data Protection Act 2012 (PDPA) and its accompanying regulations.

This policy sets out how we collect, use, disclose, and protect personal data that you provide to us through our website (tidewell.club) or in the course of an engagement with us.

Questions about this policy may be directed to: [email protected]

2. Data We Collect

We collect personal data only to the extent necessary to respond to your enquiry, deliver an agreed service, or operate our website effectively. The categories of data we may collect include:

• Contact information: name, email address, phone number — provided through our enquiry form or email correspondence.
• Engagement information: details about your organisation and data situation provided in the course of scoping or delivering a consulting engagement.
• Technical data: IP address, browser type, pages visited — collected automatically through website analytics tools.
• Cookie data: preferences and consent choices stored locally in your browser. See our Cookie Policy for details.

Legal basis for processing: We process personal data on the basis of consent (where you have submitted a form or agreed to cookies), legitimate interest (responding to business enquiries), and contractual necessity (where data processing is required to deliver an agreed service).

Retention: Enquiry data is retained for 24 months from the date of submission unless an engagement begins, in which case it is retained for the duration of the engagement plus three years. Analytics data is retained for 14 months.

3. How We Use Personal Data

Personal data collected is used for the following purposes:

• Responding to enquiries about our services
• Scoping, delivering, and billing for consulting engagements
• Sending written notes and deliverables arising from sounding-board or project engagements
• Improving the performance and usability of our website
• Meeting legal and regulatory obligations under Singapore law

We do not use personal data for unsolicited marketing. We do not sell personal data to third parties. Where analytics tools are used, data is processed under the terms of those providers' privacy agreements.

4. Data Sharing

We share personal data only in the following circumstances:

• Service providers: Analytics and hosting providers who process data on our behalf under contractual data processing agreements.
• Legal obligations: Where required by Singapore law, court order, or regulatory authority.

All third-party data processors used by Tidewell are subject to written agreements requiring them to handle personal data in accordance with the PDPA.

5. Data Protection Measures

We take reasonable steps to protect personal data against unauthorised access, disclosure, modification, or destruction. These measures include:

• HTTPS encryption for all website data transmission
• Access controls limiting internal access to personal data to those with a need to process it
• Regular review of data handling practices and access permissions
• Data breach notification procedures in accordance with PDPA requirements

In the event of a data breach affecting your personal data, we will notify affected individuals and the Personal Data Protection Commission (PDPC) as required under the PDPA.

6. Cookies

We use cookies for essential site functionality, analytics, and preference storage. Full details of the cookies used and your management options are set out in our Cookie Policy. You can withdraw cookie consent at any time through the Cookie Policy page.

7. Your Rights Under Singapore PDPA

Under the Personal Data Protection Act 2012 and its 2021 amendments, you have the following rights in respect of personal data we hold about you:

• Right of access: Request a copy of personal data we hold about you.
• Right of correction: Request correction of inaccurate personal data.
• Right of withdrawal: Withdraw consent to processing where consent is the legal basis, subject to legal or contractual restrictions.
• Right to data portability: Request personal data in a commonly used machine-readable format where applicable.
• Right to lodge a complaint: Contact the Personal Data Protection Commission (PDPC) at pdpc.gov.sg if you believe your data protection rights have not been respected.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies before providing personal data to them.

9. Children's Privacy

Our services are directed to business organisations and individuals aged 18 and above. We do not knowingly collect personal data from persons under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

10. Policy Updates

We may update this policy from time to time. Where changes are material, we will note the revised effective date at the top of this page. Continued use of our website or services after a policy update constitutes acceptance of the revised terms.

11. Contact

For privacy-related questions, data access requests, or complaints, contact our data protection contact: