Legal

Privacy Policy

Last Updated: 15 April 2025  ·  Effective Date: 15 April 2025

1. Introduction

Lyndral ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our website and reading programmes. This Privacy Policy explains what personal data we collect, how we use it, the basis on which we hold it, and your rights under Singapore's Personal Data Protection Act 2012 (PDPA).

This policy applies to the website at lyndral.info and to enquiries and enrolment processes associated with our financial education reading programmes. If you have questions, contact us at [email protected].

2. Data We Collect

We collect personal data in the following ways:

• Enquiry form submissions: name, email address, telephone number (optional), and any message content you provide.
• Programme enrolment: name, email address, telephone number, and payment information (processed via a third-party payment provider).
• Website analytics: anonymised usage data via analytics tools (page views, session duration, device type). This data does not identify you personally.
• Cookies: session and preference data stored in your browser. See our Cookie Policy for details.

We do not collect sensitive personal data (such as financial account details, health information, or identification documents) through our website or programme enrolment process.

3. Legal Basis for Processing

Under the PDPA, we process your personal data on the following bases:

• Consent: for marketing communications and optional cookie categories, where you have given explicit consent.
• Contractual necessity: for processing enquiries and administering programme enrolment.
• Legitimate interests: for website analytics and security monitoring, where our interests do not override your rights.

4. How We Use Your Data

• Responding to enquiries submitted through our contact form.
• Administering programme enrolment, scheduling, and cohort communications.
• Sending programme-related updates and the cohort newsletter (where applicable to your programme).
• Improving our website based on anonymised analytics data.
• Complying with legal obligations under Singapore law.

We do not sell personal data to third parties. We do not use your data for unsolicited marketing without your consent.

5. Data Sharing

We share your personal data only in the following limited circumstances:

• Payment processing: programme fees are processed via a third-party payment provider. We share only the data necessary for payment completion.
• Email services: cohort newsletters are distributed via an email service provider. Participant email addresses are shared for this purpose only.
• Legal obligations: we may disclose data where required by Singapore law, court order, or regulatory authority.

6. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

• Enquiry form data: up to 24 months from the date of submission.
• Programme participant data: up to 36 months from the end of the programme, or as required by applicable law.
• Analytics data: anonymised and retained in aggregate for up to 26 months.

7. Data Protection Measures

We take reasonable steps to protect personal data against loss, unauthorised access, disclosure, alteration, or destruction:

• Our website is served over HTTPS (encrypted connection).
• Access to participant data is restricted to staff involved in programme administration.
• Payment data is handled by a third-party PCI-compliant payment processor; we do not store full payment card details.
• In the event of a data breach that is likely to cause harm, we will notify affected individuals and the Personal Data Protection Commission (PDPC) as required under the PDPA.

8. Cookies

Our website uses cookies for basic functionality, analytics, and preference storage. You can manage your cookie preferences at any time via our Cookie Policy page. Rejecting non-essential cookies will not affect your ability to use the website or submit an enquiry.

9. Your Rights Under the PDPA

Under the Singapore PDPA, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Withdrawal of consent: withdraw consent for processing where consent is the legal basis. Note that withdrawal may affect our ability to deliver programme services.
• Data portability: request your data in a portable format where technically feasible.
• Erasure: request deletion of your data, subject to our legal obligations to retain certain records.
• Lodge a complaint: you may lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg if you believe your data has been handled inappropriately.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any external site before providing personal data.

11. Children's Privacy

Our programmes and website are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe we have received data from a minor, please contact us at [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last Updated" date. For material changes, we will notify active programme participants by email. Continued use of our website after the effective date constitutes acceptance of the revised policy.

13. Contact

Data Controller: Lyndral
9 Battery Road, #15-01, Straits Trading Building, Singapore 049910
Email: [email protected]
Phone: +65 6829 4350