Privacy Policy

1. Introduction and Scope

This Privacy Policy applies to all personal data collected through the Birchcrest website at birchcre.sbs, through our contact form, and in the course of delivering our M&A operational integration advisory services. By using this website or engaging with us, you acknowledge that you have read and understood this policy.

Data controller: Birchcrest, 18 Cross Street, #11-09, Cross Street Exchange, Singapore 048423.

2. Data We Collect

We may collect the following categories of personal data:

• Identification data — your name and job title, if provided
• Contact data — your email address and telephone number
• Organisational data — the name and nature of your organisation, if relevant to your enquiry
• Communication data — the content of messages you send through our contact form or by email
• Technical data — IP address, browser type, pages visited, and referral source, collected automatically via cookies and server logs

We do not collect sensitive personal data (such as financial account numbers, NRIC details, or health information) through this website.

3. How We Collect Data

• Contact form — when you submit an enquiry through our website
• Direct communication — when you correspond with us by email or telephone
• Cookies and analytics — automatically as you browse our website (see Section 7 and our Cookie Policy)
• Referrals — if an existing contact introduces you to us, they may share your name and email address with your knowledge

4. Legal Basis for Processing

We process personal data on the following bases:

• Consent — where you have explicitly agreed, such as when submitting the contact form
• Legitimate interests — to respond to enquiries, improve our website, and manage our business operations, where those interests are not overridden by your rights
• Contractual necessity — to perform services under an engagement agreement with you or your organisation
• Legal obligation — where processing is required by applicable law

5. How We Use Personal Data

• Responding to enquiries and proposals submitted through the website
• Delivering and administering advisory engagements
• Communicating updates relevant to an active or prospective engagement
• Improving the usability and content of our website
• Complying with legal and regulatory obligations
• Maintaining records appropriate to a professional advisory practice

We do not use personal data for automated decision-making or profiling, and we do not use it for unsolicited direct marketing.

6. Data Sharing

We do not sell personal data. We may share data in the following limited circumstances:

• Service providers — third parties who assist with website hosting, email infrastructure, or analytics, operating under contractual data-protection obligations
• Professional advisors — legal or accounting advisors, where necessary and under obligations of confidentiality
• Regulatory authorities — where disclosure is required by law or a competent authority

Any third parties with access to personal data are required to handle it in accordance with applicable data protection law and to use it only for the specified purpose.

7. Cookies

Our website uses cookies to support basic functionality and understand how visitors use the site. Cookie categories include essential, analytics, marketing, and preference cookies. You can manage your cookie preferences at any time through our Cookie Policy page, which includes full details of the cookies in use and how to adjust your settings.

8. Data Retention

• Enquiry and contact data — retained for up to 24 months from the date of last contact, unless an engagement is established
• Engagement records — retained for seven years from the close of an engagement, in line with standard professional practice and potential legal requirements
• Analytics and technical data — aggregated or anonymised within 14 months

Data is securely deleted or anonymised when retention periods expire.

9. Data Security

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or disclosure. These include:

• HTTPS encryption for all data transmitted through the website
• Access controls limiting personal data to those with a need to use it
• Secure hosting with reputable infrastructure providers
• Regular review of our data-handling practices

In the event of a data breach that poses a risk to individuals, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required under the PDPA Notification of Data Breaches Obligation.

10. Your Rights

Under the PDPA and applicable data protection frameworks, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Withdrawal of consent — withdraw consent at any time where processing is based on consent
• Data portability — request that data provided to us be transmitted to another organisation in a structured format, where technically feasible
• Erasure — request deletion of data where it is no longer necessary for the purpose for which it was collected, subject to any overriding legal obligations

To exercise any of these rights, please contact us at [email protected]. We aim to respond within 30 days. In certain cases, we may need to verify your identity before processing a request.

If you consider that your data has been handled in a manner inconsistent with the PDPA, you may also lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

11. Third-Party Links

Our website may contain links to external websites or resources. We are not responsible for the privacy practices or content of those third-party sites and encourage you to review their privacy policies before providing any personal data.

12. Children's Privacy

Our services are directed at organisations and business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

13. International Data Transfers

Our website is hosted and operated primarily in Singapore. If personal data is transferred to service providers located outside Singapore, we take steps to ensure that such transfers occur under appropriate contractual safeguards consistent with the PDPA's requirements on overseas data transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated through a notice on the website. Continued use of the website after any change constitutes acceptance of the updated policy.

15. Contact for Data Enquiries

For any questions about this Privacy Policy, requests to exercise your rights, or concerns about how your data is handled, please contact us:

• Email: [email protected]
• Post: Birchcrest, 18 Cross Street, #11-09, Cross Street Exchange, Singapore 048423