SQEP-led, independent cyber resilience for Singapore CII and enterprise across APAC
SQEP-led, independent cyber resilience for Singapore CII and enterprise across APAC
How Infracom Consultancy Integration Pte Ltd collects, uses, discloses, and protects your personal data — and what your rights are under Singapore's Personal Data Protection Act 2012.
This Privacy Policy is issued by Infracom Consultancy Integration Pte Ltd ("Infracom", "we", "us", or "our"), a private limited company incorporated in Singapore.
Registered office: 506 Chai Chee Lane, Singapore 469026
Website: https://infracom.com.sg
Primary contact for data matters: security@infracom.com.sg
Infracom provides IT and cybersecurity consulting services — including Governance, Risk & Compliance (GRC), Vulnerability Assessment & Penetration Testing (VAPT), Suitably Qualified & Experienced Personnel (SQEP) staffing, and managed services — primarily to clients in Singapore, with expansion into Australia from 2026.
We collect different categories of personal data depending on how you interact with us:
Full name, job title, company name, company size, business email address, contact number, country/market, service of interest, and the contents of your enquiry message.
Any personal data you choose to include when you write to us at our published email addresses, plus mail-server metadata such as your sending domain and timestamp.
IP address, browser type, device type, referring page, pages visited, time of visit, and approximate location — collected through standard web-server logs and analytics tools.
Session identifiers, preference cookies, anti-spam tokens, and analytics identifiers. See section 10 for details.
Where we are formally engaged, we collect the personal and business information needed to scope, deliver, and invoice for the engagement (e.g. authorised contact details, signatories).
If you apply for a role with us, we collect the information you submit in your CV, application materials, and any subsequent interviews or assessments.
We do not knowingly collect personal data from children under the age of 13 through this website. If you believe we have inadvertently done so, please contact our DPO and we will delete the data promptly.
We collect, use, and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances and that you have been notified of, in line with PDPA Section 18.
Our purposes include:
We will not use your personal data for purposes materially different from those listed without first obtaining your fresh consent, unless an exception under the PDPA applies.
Under the Singapore Personal Data Protection Act 2012, we rely on one or more of the following bases for processing your personal data:
← Swipe to compare →
| Basis | When it applies |
|---|---|
| Consent | When you submit a contact form, subscribe to a mailing list, or otherwise voluntarily provide your data with notice of how it will be used. |
| Deemed consent by contractual necessity | When processing your data is reasonably necessary to perform a contract you have entered into with us (e.g. an engagement letter or service agreement). |
| Legitimate interests | For limited purposes such as preventing fraud, ensuring information security, and maintaining the integrity of our services — where our interests do not override your privacy rights. |
| Legal obligation | Where we are required to process data to comply with applicable laws, court orders, or regulatory requests. |
We share personal data only where necessary, and only with parties we have assessed for security and privacy practices. We do not sell, rent, or trade your personal data.
To run our website and business operations, we use trusted third-party service providers in categories such as:
All such providers are bound by contractual confidentiality and data-protection obligations. The personal data they process is limited to what is necessary for the service they provide. A current list of providers is available on request to security@infracom.com.sg.
We may disclose personal data when required by Singapore law, regulatory authority, valid court order, or to protect our legal rights — and we will limit such disclosure to what is strictly necessary.
Our primary data storage and processing takes place in Singapore. However, some of our third-party service providers operate from servers outside Singapore.
Where personal data is transferred outside Singapore, we ensure that the receiving party provides a standard of protection comparable to the PDPA, and — where personal data of individuals located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions covered by the EU General Data Protection Regulation (GDPR) is involved — to a standard comparable to the GDPR.
We achieve this through one or more of:
This satisfies our obligations under PDPA Section 26 (Transfer Limitation Obligation) and aligns with the international baseline set by the GDPR for cross-border data transfers, even where a transfer is not strictly subject to GDPR.
We retain personal data only for as long as it is reasonably necessary for the purpose it was collected for, or as required by applicable law. After that, we securely delete or anonymise it.
As a general rule, personal data we collect through our website (including contact form submissions, email correspondence, and recruitment applications) is retained for a maximum of 12 months, after which it is securely deleted.
← Swipe to compare →
| Data category | Retention period |
|---|---|
| Contact form submissions (no engagement) | Up to 12 months from last contact |
| Email correspondence (no engagement) | Up to 12 months from last contact |
| Web-server logs | Up to 90 days, then aggregated/anonymised |
| Analytics data | Up to 12 months in aggregated/anonymised form |
| Recruitment data (unsuccessful applicants) | Up to 12 months, unless you consent to longer |
| Engagement & project records | Retained for the period required by Singapore tax, accounting, and contractual obligations |
| Recruitment data (successful applicants) | Per employment record retention rules |
Where the law requires us to keep certain records longer (for example, statutory accounting and tax records), we will do so — but we will continue to apply appropriate access and security controls during the extended retention period.
Under PDPA Section 24, we are required to make reasonable security arrangements to protect personal data in our possession or under our control. We take this obligation seriously and have implemented:
Despite these measures, no method of internet transmission or electronic storage is 100% secure. If we become aware of a personal data breach that is likely to result in significant harm to affected individuals or involves 500 or more individuals, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required under the PDPA's mandatory data breach notification framework.
Under the Personal Data Protection Act 2012, you have the following rights with respect to your personal data:
To exercise any of these rights, send a written request to security@infracom.com.sg. We will respond within 30 days, or notify you within that period if we need an extension. We may require you to verify your identity before fulfilling the request, and may charge a reasonable fee for access requests as permitted under the PDPA.
Withdrawing consent: Note that withdrawing consent may affect our ability to continue providing certain services to you. We will inform you of any such consequences before processing the withdrawal.
Our website uses cookies and similar technologies for essential functionality, performance, and aggregated analytics. We do not use cookies for advertising or cross-site tracking.
← Swipe to compare →
| Type | Purpose | Controllable? |
|---|---|---|
| Strictly necessary | Site navigation, form submission, security | No — required for site to function |
| Performance | Aggregated, anonymous usage statistics | Yes — via your browser settings |
| Functional | Remember preferences (e.g. language, region) | Yes — via your browser settings |
Most modern browsers let you block, delete, or set notifications for cookies. Disabling cookies may affect parts of the website but does not prevent you from contacting us.
In compliance with PDPA Section 11(3), Infracom has designated a Data Protection Officer (DPO) responsible for ensuring compliance with the PDPA.
For all privacy-related enquiries, requests under PDPA, or to report a concern, please write to:
security@infracom.com.sg
You may also write to our DPO by post at our registered office: 506 Chai Chee Lane, Singapore 469026, marked "Attention: Data Protection Officer".
We encourage you to contact us first at security@infracom.com.sg if you have any concern about how we have handled your personal data. We will investigate and respond within 30 days.
If you are not satisfied with our response, you have the right to escalate the matter to the Personal Data Protection Commission Singapore (PDPC), which is the regulator for the PDPA:
We may update this Privacy Policy from time to time to reflect changes in our practices, services, technology, legal requirements, or other factors. For material changes, we will provide more prominent notice (such as a banner on our website or, where appropriate, direct notification). The current version is always available at https://infracom.com.sg/privacy-policy/.
Your continued use of our website or services after an updated policy is published constitutes acceptance of the changes (where the law permits).