1. Introduction
Lumenith ("we", "us", "our") is a business consulting practice registered in Singapore. We are committed to handling personal data responsibly and transparently, in compliance with the Personal Data Protection Act 2012 (PDPA) of Singapore.
This policy applies to personal data collected through our website at lumenith.live, through enquiry forms, telephone communications, and in the course of delivering our consulting engagements.
If you have questions about how we handle your data, please contact us at [email protected].
2. Personal Data We Collect
We collect only the personal data necessary for the purposes described in this policy. This may include:
Information you provide directly
- Full name, job title, and organisation name
- Contact details: email address and telephone number
- The content of messages or enquiries submitted through our contact form
- Information shared during telephone or in-person consultations
- Documents or materials you share as part of an engagement
Information collected automatically
- IP address and general geographic location (country or region level)
- Browser type, operating system, and device type
- Pages visited, referral source, and time spent on pages
- Cookie identifiers (see Section 5 for full details)
Legal basis for processing
We process personal data on the following bases under the PDPA: your consent (for marketing communications and optional cookies), the performance of a contract or pre-contractual steps (for engagement-related communications), our legitimate interests (for website analytics and security), and legal obligations where applicable.
Data retention
Enquiry and contact data is retained for up to 24 months. Engagement-related data is retained for seven years to satisfy legal and regulatory obligations. Analytics data is aggregated and anonymised within 26 months. You may request earlier deletion — see Section 6.
3. How We Use Personal Data
We use personal data for the following purposes:
Service delivery and communication
- Responding to enquiries and scheduling introductory conversations
- Delivering consulting engagements and producing written deliverables
- Sending engagement-related documents, briefings, and correspondence
Website improvement and analytics
- Understanding how visitors use our website in order to improve its structure and content
- Monitoring website security and diagnosing technical issues
Marketing communications (with consent)
- Sending periodic updates or perspectives on topics relevant to our practice, where you have consented
- You may withdraw consent at any time by contacting [email protected]
Data sharing
We do not sell or rent personal data. We may share data with trusted service providers who assist us in operating our website and business systems (such as hosting providers and analytics services) — only to the extent necessary and under confidentiality obligations. We may disclose data where required by Singapore law or a competent authority.
4. Data Protection Measures
We take reasonable and appropriate steps to protect personal data against unauthorised access, disclosure, alteration, or loss. These measures include:
- Transmission of data via TLS/HTTPS encryption
- Access to personal data restricted to authorised personnel on a need-to-know basis
- Secure, access-controlled storage environments for engagement documents
- Regular review of data handling practices and third-party processor agreements
Data breach notification
In the event of a data breach that is likely to result in significant harm, we will notify affected individuals and, where required under the PDPA, the Personal Data Protection Commission (PDPC) within the timeframes prescribed by law.
6. Your Rights
Under the PDPA, you have the right to:
- Access — request confirmation of whether we hold your personal data and obtain a copy
- Correction — request that inaccurate or incomplete data be corrected
- Withdrawal of consent — withdraw consent to processing at any time, where processing is based on consent
- Erasure — request deletion of your data in circumstances where we are no longer required to retain it
- Data portability — receive your data in a structured, machine-readable format where technically feasible
- Lodge a complaint — submit a complaint to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg
Exercising your rights
To submit a data request, contact us at [email protected]. We will acknowledge your request within three business days and respond in full within 30 days. We may need to verify your identity before processing certain requests.
7. Third-Party Links
Our website may contain links to external websites operated by third parties. This policy does not extend to those sites. We encourage you to review the privacy practices of any external service before sharing your data with them. We are not responsible for the content or data practices of third-party websites.
8. Children's Privacy
Our services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe that a minor has submitted data through our website, please contact us at [email protected] and we will take prompt steps to remove it.
9. Policy Updates
We may revise this policy from time to time to reflect changes in law, technology, or our practices. When we do, the revised policy will be published on this page with an updated "Last updated" date. For material changes, we will take reasonable steps to inform affected individuals — for example, by placing a notice on our website or contacting those with whom we have an active relationship.
Continued use of our website following publication of a revised policy constitutes acceptance of that revision.
10. Contact
For all data protection enquiries, requests, or concerns, please contact our data controller directly: