Privacy Policy

Xintesys Pte. Ltd. (“Xintesys”, “we”, “our”, or “us”) is committed to protecting the personal data of individuals who interact with our website and services. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and your rights under the Personal Data Protection Act 2012 (PDPA) of Singapore.

This policy applies to personal data collected through our website at www.xintesys.com and through direct communications with us. It does not apply to data collected as part of client software systems we implement or manage on behalf of our clients, which are governed by separate data processing agreements.

Effective date: 7 April 2026. We may update this policy from time to time; the effective date above will reflect the date of the most recent revision.

We collect personal data only when you voluntarily provide it to us. The main point of collection on this website is the contact enquiry form, which requests:

• Name and company — to address you correctly and understand your business context.
• Email address — to respond to your enquiry.
• Area of interest — to route your enquiry to the right team (e.g. Business Framework, Accounting, M&A).
• Message — a free-text description of your situation or question.

We may also collect personal data when you contact us directly by phone or email, or when you engage us for services (in which case a separate service agreement will govern that data collection).

We do not collect sensitive personal data (such as NRIC numbers, financial account details, or health information) through this website.

We use the personal data you provide for the following purposes:

• Responding to enquiries — to reply to your message, answer questions, and connect you with the appropriate member of our team.
• Providing services — if you engage us, to deliver, manage, and improve the services you have requested.
• Business communications — to send relevant follow-up information you have requested (e.g. service details, proposals).
• Internal records and compliance — to maintain records of client interactions as required for legitimate business and legal purposes.

We will not use your personal data to send unsolicited marketing communications without your consent, and we do not sell, rent, or trade your personal data to third parties.

We do not disclose your personal data to external parties except in the following limited circumstances:

• Service providers — trusted vendors who assist us in operating our business (e.g. email hosting, cloud storage), bound by confidentiality obligations and only permitted to use your data to perform services on our behalf.
• Legal obligations — where disclosure is required by law, court order, or a Singapore regulatory authority.
• Business transfers — in the event of a merger, acquisition, or sale of Xintesys assets, personal data may be transferred as part of that transaction, subject to equivalent data protection obligations.

Google Fonts — this website loads typefaces directly from Google’s servers (fonts.googleapis.com). When your browser requests a font file, your IP address is transmitted to Google. This is governed by Google’s Privacy Policy. No other third-party scripts, trackers, or analytics tools are loaded on this website.

Cookies — we do not place tracking or analytics cookies on your device. Your browser may store minimal session-related data as part of normal browsing, which is not used by us for profiling or advertising.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Enquiry data from individuals who do not become clients is typically retained for up to 24 months, after which it is securely deleted or anonymised. Data relating to ongoing or completed client engagements is retained for the period required under Singapore law and our professional obligations.

Under the PDPA, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request that inaccurate or incomplete personal data be corrected.
• Withdrawal of consent — withdraw consent to our use of your personal data at any time. Note that withdrawal may affect our ability to respond to or continue servicing your enquiry.
• Data portability — where applicable under the PDPA, request that your personal data be provided in a structured, machine-readable format.

To exercise any of these rights, please contact us using the details below. We will respond within 10 business days. We may need to verify your identity before processing your request.

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.