Legal
Privacy policy
Last updated: 9 July 2026. This policy explains how ContentSpark Co Pte. Ltd. collects, uses, discloses, and protects personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore and subsidiary legislation issued by the Personal Data Protection Commission (PDPC).
1. Organisation identity
ContentSpark Co Pte. Ltd. (UEN 202563841K) is a private company limited by shares registered in Singapore. We operate as a content and editorial marketing agency providing brand strategy, campaign planning, paid media support, SEO content, social media editorial, creative production, marketing automation, and analytics services for client brands in Singapore and the wider APAC market. We are a professional services firm — not a content-hosting platform, news publisher, course provider, or financial adviser.
Our registered address is 55 Neil Road #02-03, Singapore 088892. Our primary business contact is [email protected] and +65 6223 4167. This privacy policy applies to personal data collected through contentsparkco.pro, email correspondence with our team, telephone enquiries, in-person meetings at our Neil Road studio, and business relationships arising from marketing agency engagements.
For the purposes of the PDPA, ContentSpark Co Pte. Ltd. is the organisation responsible for deciding how and why personal data is processed in connection with our website and agency operations, except where we act strictly as a data intermediary processing data on documented instructions from a client under a separate written agreement.
2. Scope of this policy
This policy describes our practices regarding personal data we collect directly from you, automatically through your use of our website, or from third parties where permitted by law. It covers visitors who browse contentsparkco.pro without submitting a form, prospective clients who request proposals, current and former clients under retainer or project scope, suppliers and contractors, and individuals who communicate with us for any business-related purpose.
This policy does not apply to third-party websites linked from our pages, social media platforms operated by other organisations, or client-owned domains and platforms where we produce content marketing assets on your behalf under a separate client services agreement. Those environments are governed by their own privacy terms and, where applicable, your instructions to us as your service provider.
Where our processing of client customer data is governed by a data processing addendum or contractual clause, that document takes precedence for the specific processing activities it covers. This policy remains the baseline statement of our general practices.
3. Personal data we collect
3.1 Information you provide directly
When you complete our contact form at contentsparkco.pro/contact.php, we may collect your full name, email address, telephone number, selected enquiry subject, message content, and your explicit confirmation of consent under the PDPA via the consent_pdpa checkbox. That checkbox is never pre-ticked; submission without consent is rejected by our form handler.
When you become a client or enter commercial discussions with us, we may additionally collect your job title, company name, company registration details where relevant, billing and invoicing information, campaign briefs, brand guidelines, analytics credentials for reporting purposes, media buying account references, and correspondence relating to integrated campaigns, KPI reviews, or retainer administration. We collect only data reasonably necessary for the stated purpose.
3.2 Information collected automatically
When you browse contentsparkco.pro, our web servers may record technical information including IP address, browser type and version, operating system, device type, referring URL, pages viewed, approximate session duration, and timestamps. Where you have consented to analytics cookies, additional usage metrics may be collected as described in our Cookie Policy.
3.3 Information from third parties
We may receive limited personal data from referral partners, event organisers, professional networks, or publicly available business directories where collection is permitted by law and relevant to a prospective client relationship. We assess the lawfulness of such collection before adding records to our systems.
4. Purposes of collection, use, and disclosure
We collect, use, and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances, and not beyond what is necessary. Our primary purposes include:
- Responding to enquiries, scheduling discovery calls, and preparing scoped proposals for content marketing and editorial services
- Delivering agency services under contract, including brand strategy, campaign planning, paid media support, SEO content, social editorial, creative production, marketing automation configuration, and analytics reporting
- Issuing proposals, quotations, invoices, and retainer statements denominated in SGD
- Managing client campaigns, performance dashboards, A/B testing records, and monthly KPI review meetings
- Maintaining internal records for project governance, quality assurance, and handover documentation
- Improving website security, performance, accessibility, and user experience through aggregated technical analysis
- Complying with legal and regulatory obligations, including tax record-keeping, responding to lawful requests, and managing disputes
- Sending service-related communications about engagements you have with us, where permitted under the PDPA
- Sending promotional communications only where you have opted in or where an existing client relationship makes such communication relevant to services previously engaged
We do not sell personal data. We do not use your contact details to guarantee marketing outcomes, rankings, reach, leads, or return on investment in any communication. Performance marketing results depend on budget, audience targeting, product fit, market conditions, and competition — factors outside our sole control.
Disclosure may occur to categories of recipients including: website hosting providers located in Singapore; email delivery services; cloud storage and collaboration tools; accounting and audit firms; legal advisers; and analytics or advertising technology vendors where you have consented to relevant cookies. Each recipient is bound by confidentiality and data protection obligations appropriate to the processing they perform. We may also disclose personal data where required by Singapore law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of ContentSpark, our clients, or others.
5. Consent bases and notification obligation
Under the PDPA, organisations must not collect, use, or disclose personal data unless the individual has given consent, or an exception applies. ContentSpark relies on the following bases as appropriate to each processing activity:
- Consent: Contact form submission requires explicit consent via the consent_pdpa checkbox. Marketing email subscriptions, where offered, require a separate opt-in. Cookie categories beyond strictly necessary cookies require consent through our cookie banner (Accept all, Reject all, or Customise). You may withdraw consent at any time by contacting [email protected], subject to legal or contractual restrictions and reasonable notice periods.
- Contractual necessity: Processing required to perform a services agreement you have entered with us — for example, delivering a content sprint, producing SEO editorial, or reporting campaign analytics under an agreed scope of work.
- Legal obligation: Processing necessary to comply with applicable laws, including retention of financial records for tax purposes.
- Legitimate interests: Processing reasonably necessary for our business operations where not overridden by your interests — for example, maintaining website security logs, responding to an enquiry you initiated, or managing a pre-contractual discussion. Where we rely on deemed consent or legitimate interests, we ensure you are notified of the purpose in accordance with PDPA notification requirements.
Before collecting personal data, we take reasonable steps to inform you of the purposes for which your data will be collected, used, and disclosed, unless you are already aware or notification is not required under an applicable exception. Our contact form, cookie banner, and this policy together fulfil that notification obligation for website interactions.
If you withdraw consent for processing that is not essential to an active contract, we will cease that processing within a reasonable period. Withdrawal of consent for essential service delivery may limit or prevent our ability to continue the engagement.
6. Data Protection Officer and privacy contact
ContentSpark has designated a Data Protection contact responsible for overseeing compliance with the PDPA and handling privacy enquiries, access requests, correction requests, and complaints. You may reach our Data Protection contact at:
Data Protection Contact
ContentSpark Co Pte. Ltd.
55 Neil Road #02-03, Singapore 088892
Email: [email protected]
Phone: +65 6223 4167
Hours: Monday to Friday, 09:00–18:00 Singapore Time (SGT), excluding public holidays
Please include sufficient detail in your request to allow us to identify you and the personal data concerned. We may request verification of identity before releasing or correcting records, to protect against unauthorised access.
7. Retention periods
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention schedule is as follows:
- Website enquiry records: Up to twenty-four months from the date of submission, unless a client relationship begins or a longer period is agreed in writing.
- Client project files, correspondence, and campaign assets: Duration of the engagement plus seven years, to support contractual disputes, quality review, and regulatory requirements.
- Billing and financial records: Seven years after the relevant financial year, consistent with Singapore tax and commercial record-keeping practice.
- Marketing opt-in records: Until you unsubscribe or withdraw consent, plus a short suppression record to honour your preference.
- Server and security logs: Typically ninety days, unless extended for an active security investigation.
- Cookie consent preferences: Six months (one hundred and eighty days), stored in the cs_cookie_consent cookie as described in our Cookie Policy.
- Aggregated analytics: Anonymised or de-identified usage statistics may be retained indefinitely for trend analysis.
When retention periods expire, we securely delete or anonymise personal data unless a legal hold or ongoing dispute requires continued storage.
8. Individual access and correction rights
Subject to exceptions set out in the PDPA, you have the right to:
- Request access to personal data that ContentSpark holds about you, and information about how that data has been used or disclosed within the year before your request
- Request correction of personal data that is inaccurate or incomplete
- Withdraw consent for processing that relies on consent, as described in Section 5
- Request that we cease processing or delete personal data where retention is no longer necessary and no legal exception applies
Submit access or correction requests to [email protected]. We will respond within thirty calendar days where practicable. If we require additional time, we will inform you of the extension and reasons, consistent with PDPA guidance.
A reasonable administrative fee may be charged for access requests that are manifestly unfounded, repetitive, or excessive. We will provide an estimate before processing such requests. There is no fee for correction requests made in good faith.
If we are unable to provide access — for example, because disclosure would reveal confidential commercial information of another party — we will explain the grounds permitted under the PDPA.
9. Personal Data Protection Commission (PDPC)
If you remain unsatisfied after contacting our Data Protection contact, you may lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC), the statutory body responsible for administering and enforcing the PDPA.
Personal Data Protection Commission
10 Pasir Panjang Road, #03-01
Mapletree Business City
Singapore 117438
Website: www.pdpc.gov.sg
We encourage you to contact us first so we may address your concern directly. Many issues can be resolved through dialogue without formal escalation.
10. Cookies and similar technologies
Our website uses cookies and similar technologies to remember your cookie preferences, maintain basic functionality, and — where you consent — measure analytics and marketing performance. Strictly necessary cookies include cs_cookie_consent, which stores your Accept all, Reject all, or Customise selection for six months.
Full details of cookie categories, storage durations, third-party vendors, and opt-out instructions are set out in our Cookie Policy. Where cookie data constitutes personal data, the rights described in Section 8 apply. You may change your cookie preferences at any time by clearing site cookies and revisiting contentsparkco.pro to trigger the consent banner again, or by adjusting settings in the Customise modal when it is displayed.
11. Cross-border transfers
ContentSpark is based in Singapore and primarily stores data within infrastructure located in Singapore or the APAC region. Some service providers — including cloud collaboration, email, or analytics tools — may process data in other jurisdictions. Where personal data is transferred outside Singapore, we take steps to ensure that the recipient provides a standard of protection comparable to that under the PDPA, including contractual clauses, vendor due diligence, and limitation of processing to documented instructions.
Before transferring personal data overseas, we assess whether the destination jurisdiction provides comparable protection or whether appropriate contractual safeguards are in place, consistent with PDPA transfer obligations.
12. Security measures
We implement organisational and technical measures appropriate to the nature and sensitivity of personal data we hold. These measures include:
- Access controls limiting personal data to staff and contractors with a legitimate business need
- Password policies and authentication requirements for internal systems
- Use of secure transmission protocols (HTTPS) for website communications
- Periodic review of third-party processors and their security practices
- Staff awareness of confidentiality obligations and PDPA principles
- Procedures for responding to suspected unauthorised access or data incidents
No method of electronic storage or internet transmission is completely secure. While we commit to reasonable industry practices, we cannot guarantee absolute security. If you believe your interaction with us is compromised, contact [email protected] promptly.
13. Data breach notification
In the event of a data breach that is likely to result in significant harm to affected individuals, or that is of significant scale, we will assess our obligations under the PDPA and notify the PDPC and affected individuals where required. Our internal incident response procedure includes containment, assessment, remediation, and documentation steps designed to minimise harm and prevent recurrence.
14. Marketing communications
We send promotional emails only where you have opted in, or where an existing client relationship makes such communication relevant to services you have previously engaged. Every marketing email includes a clear unsubscribe mechanism. We do not use personal data to make guaranteed performance claims. ContentSpark provides professional marketing services; outcomes depend on many factors outside our control, as described in our Terms of Use and site-wide marketing disclaimer.
15. Children's data
Our services and website are directed at business professionals. We do not knowingly collect personal data from individuals under eighteen years of age. If you believe we have inadvertently collected such data, please contact [email protected] and we will take steps to delete it.
16. Third-party links and embeds
Our site may link to social media platforms, partner resources, or tools operated by third parties. Those organisations collect and process data under their own privacy policies. We encourage you to review their terms before submitting personal data on external platforms.
17. Change log
We review this privacy policy periodically to reflect changes in law, technology, or business practice. Material updates are posted on this page with a revised last-updated date.
- 9 July 2026: Initial publication of this privacy policy for contentsparkco.pro, covering website visitors, enquiry handling, client engagements, cookie practices, PDPA rights, and Data Protection contact details.
Continued use of the website after a material update constitutes acknowledgement of the revised policy where permitted by law. For significant changes affecting how we use personal data already collected, we will take additional steps to notify you where required by the PDPA.
18. Contact summary
For privacy questions, access requests, correction requests, consent withdrawals, or complaints:
ContentSpark Co Pte. Ltd.
55 Neil Road #02-03, Singapore 088892
UEN 202563841K
Email: [email protected]
General enquiries: [email protected]
Phone: +65 6223 4167