Privacy

Privacy Policy

We keep only the personal data we truly need in order to run our training programmes and reply to your enquiries. This page explains what we collect, why we collect it, and the choices you have.

Home Legal Privacy

Last updated: 17 July 2026

This Privacy Policy describes how BusinessLeap (UEN 202154198K, referred to below as “we”, “us” or “our”) collects, uses, discloses and protects the personal data of visitors to businessleap.pro, people who contact us, and participants in our training programmes. We comply with the Singapore Personal Data Protection Act 2012 (“PDPA”) and apply comparable safeguards for enquirers based in other jurisdictions.

1. Who is responsible for your data

BusinessLeap is the data controller for the personal information described in this policy. Our registered office is at 138 Cecil Street, #10-01, Cecil Court, Singapore 069538. Our appointed Data Protection Officer can be contacted by email at [email protected] or by post at the address above, addressed to the Data Protection Officer.

2. Personal data we collect

We only ask for the details we need for a specific purpose. The tables below summarise the categories of personal data we collect and why.

2.1 When you contact us through the website

  • Your full name, so that our facilitator can address you correctly.
  • Your email address, so that we can reply to your enquiry.
  • Your company or team name (optional), if you choose to share it.
  • Your enquiry topic, so we can route the message to the right person.
  • The content of your message, including any information you decide to include.
  • The date and time your message was received and the IP address of the sending device, kept for security and abuse-prevention purposes.

2.2 When you enrol in a programme

  • Your job role and seniority, so we can tailor the programme.
  • Invoicing details supplied by you or your employer.
  • Attendance records, exercise submissions and any feedback you provide during and after the programme.
  • Any accessibility requirements you share so that we can support them properly.

2.3 When you visit the website

  • Standard server logs including the pages you view, the referring URL, the type of browser and device you use, and a rounded timestamp. Logs are kept for security and diagnostic reasons and are automatically deleted after 60 days.
  • Anonymous, aggregated analytics if you have accepted analytics cookies. See our cookie policy for details.

3. How we use your personal data

We rely on one or more of the following bases when we process personal data:

  • Consent: when you submit our enquiry form, subscribe to updates, or agree to optional cookies. You can withdraw consent at any time.
  • Contractual necessity: when we deliver a training programme you (or your employer) have booked.
  • Legitimate interests: such as keeping our website secure, understanding aggregate visitor patterns, and improving the quality of our programmes. We balance these interests against your rights and freedoms and give you meaningful choices.
  • Legal obligation: where we must retain certain records for accounting, tax or regulatory reasons.

4. Sharing your personal data

We do not sell personal data. We share it only with carefully selected service providers who help us operate this website and deliver our programmes, and only to the extent needed for their service. Current providers include:

  • Our hosting partner, Hostinger International Ltd., based in Cyprus, which stores website data and outbound email queues.
  • Our accounting software provider, based in Singapore, which retains invoice records for statutory audit purposes.
  • Payment processors that handle any online invoice payments; we never see or store full card details.

When a provider is located outside Singapore, we ensure that a comparable level of protection is in place through contractual safeguards, in line with the PDPA transfer obligations.

We may also disclose personal data if we are required to do so by law, court order or a lawful request from a competent public authority.

5. How long we keep your personal data

  • Enquiries: retained for up to 24 months after the last contact, unless you ask us to delete them sooner.
  • Booking and programme records: retained for up to 7 years, which is the statutory retention period for accounting records in Singapore.
  • Server logs: rolling deletion after 60 days.
  • Marketing consents (if given): retained until you withdraw consent, plus a short internal audit trail.

6. Your rights

You have the right to ask us for a copy of the personal data we hold about you, to request correction of inaccurate data, to request deletion where we no longer need the data, to withdraw consent for any processing that relies on consent, and to lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC).

To exercise any of these rights, please write to [email protected] from the same email address you used to contact us or enrol. We aim to respond within 30 calendar days.

7. Security of your personal data

We apply organisational and technical measures proportionate to the sensitivity of the data we hold. These include encrypted transport (HTTPS) between your browser and our servers, hashed storage of any password-like tokens, role-based access to internal systems, and staff training on data-handling responsibilities. We review these controls periodically and update them as risks change.

8. International data transfers

Because our hosting partner is based in Cyprus and some of our email tooling is operated from data centres inside the European Union, personal data collected through this Website may be transferred outside Singapore. Where this happens, we make sure that a comparable standard of protection applies, using contractual clauses aligned with the Personal Data Protection (Transfer of Personal Data) Regulations issued by the PDPC.

You can always ask us for a short summary of the specific processors we currently use, together with their location and the safeguards we rely on. We keep this list under review and prefer, where operationally possible, providers with a presence inside Singapore.

9. Additional information about security

We take a defence-in-depth view of security. In addition to the controls summarised earlier, we operate a documented incident response process. If a security event occurs that materially affects personal data, we will notify affected individuals and, where required, the PDPC without undue delay and in any case within the timeframes required by law.

Only staff and contracted facilitators who have signed confidentiality obligations may access personal data, and their access is limited to what they need for their role. Backups are stored in encrypted form, and access to backup media is logged and reviewed periodically.

10. Children

Our services are intended for professional adults. We do not knowingly collect personal data from anyone under 16. If you believe we hold such data, please contact us and we will delete the record promptly.

11. Cookies and similar technologies

Cookies are described in a dedicated cookie policy, which also explains how you can change your cookie choices at any time.

12. Marketing communications

We do not send unsolicited marketing. If you have opted in to programme announcements, you will receive at most four short updates per year, and every message contains a one-click unsubscribe link. Unsubscribing takes effect immediately for the channel used to reach you and, within 30 days, across all channels we operate.

13. Changes to this policy

From time to time we may update this Privacy Policy to reflect changes in our practice or in applicable law. The most recent version will always be available at this URL, with the “last updated” date shown at the top. If the changes are material we will also highlight them on the home page for a reasonable period.

14. Contacting us

If you have questions about this policy, want to exercise your rights, or wish to raise a concern about how we have handled your data, please contact our Data Protection Officer using the details in section 1. We take every request seriously and aim to respond substantively within thirty calendar days, or sooner where the enquiry is straightforward. If you remain unsatisfied with our response, you are welcome to raise the matter with the Personal Data Protection Commission of Singapore, which can be reached through its official channels published on the PDPC website. We would, however, prefer the chance to resolve any issue directly with you first.