Legal

Privacy Policy

Last Updated: 12 February 2025

Shelvik ("we", "us", "our") is committed to handling personal data with care and in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

If you have questions about this policy or how your data is handled, contact us at [email protected].

1. Who We Are

Shelvik operates from 252 North Bridge Road, #08-03, Raffles City Tower, Singapore 179103. We provide AI consulting services to retail and e-commerce businesses. For purposes of data protection law, Shelvik is the data controller for personal data collected through this website and through client engagements.

2. Data We Collect

2.1 Website Enquiries

When you submit an enquiry through our website, we collect:

• Your name
• Your email address
• Your phone number (if provided)
• The content of your message

2.2 Technical and Analytics Data

We may collect standard technical data when you visit our website, including your IP address, browser type, pages visited, and session duration. This is used for website performance monitoring and aggregate analytics only.

2.3 Client Project Data

In the course of delivering our services, we may process personal data contained within client datasets (customer transaction records, behavioural data). This is governed by a separate Data Processing Agreement entered into at project commencement.

3. How We Use Personal Data

• To respond to your enquiry and assess whether there is a suitable project fit
• To communicate about and deliver agreed project work
• To send relevant information about our services (with your consent, which you may withdraw at any time)
• To fulfil legal and regulatory obligations
• To improve our website based on aggregated usage data

4. Legal Basis for Processing

Under the PDPA, we collect and use personal data on the following bases:

• Your consent, given when you submit a form or agree to receive communications
• The necessity of processing to perform a contract or pre-contractual steps (for project-related data)
• Legitimate interests in operating and improving our services, where these interests are not overridden by your rights

5. Data Sharing

We do not sell personal data to third parties. We may share data with:

• Service providers (email, hosting, analytics) under contractual data protection obligations
• Professional advisers (legal, accounting) where necessary
• Regulatory authorities where required by law

Client project data is not shared with any third party beyond what is agreed in the project Data Processing Agreement.

6. Data Retention

• Enquiry data: retained for 24 months from last contact, then deleted
• Active client data: retained for the duration of the engagement plus 12 months
• Invoicing and contractual records: retained for 7 years in accordance with Singapore corporate requirements
• Client project datasets: deleted according to the agreed schedule in the Data Processing Agreement, typically within 30 days of project completion

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Encrypted storage and transmission (TLS/SSL)
• Access controls limiting data access to authorised team members
• Regular review of data handling practices
• Contractual security obligations for any sub-processors

In the event of a data breach that is likely to result in significant harm, we will notify affected individuals and the Personal Data Protection Commission (PDPC) in accordance with our mandatory breach notification obligations.

8. Cookies

We use cookies on this website. Please refer to our Cookie Policy for full details of the cookies we use and how to manage your preferences.

9. Your Rights

Under Singapore's PDPA, you have the right to:

• Access personal data we hold about you
• Correct inaccurate personal data
• Withdraw consent you have given for data use
• Request data portability in a machine-readable format
• Lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend reviewing their policies independently.

11. Children's Privacy

Our services are directed at business professionals. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has submitted personal data to us, please contact us to request deletion.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of the page. Material changes will be communicated by email to active clients. Continued use of our website following any update constitutes acceptance of the revised policy.

13. Contact

For privacy-related enquiries:

• Email: [email protected]
• Address: 252 North Bridge Road, #08-03, Raffles City Tower, Singapore 179103
• Phone: +65 6284 7039