1. Introduction

 

This Personal Data Protection Notice (“Notice”) outlines how Bestar entities incorporated in Singapore—including Bestar Consulting Pte. Ltd., Bestar HR Consulting Pte. Ltd., Bestar Services Pte. Ltd., and Bestar Assurance PAC (collectively “Bestar”, “we”, “us”, or “our”)—collect, use, disclose, and process your personal data in accordance with the Personal Data Protection Act 2012 (PDPA).

​

This Notice applies to personal data under our control, including data processed by the Bestar global network of firms engaged to act on our behalf. These provisions remain applicable for a reasonable period following the termination or alteration of your relationship with us to ensure we can fulfill legal and contractual obligations.

​​

​

2. Scope of Application

​

This Notice applies to:

​​

• Prospective and current clients (and their personnel/customers).

• Job applicants and current Bestar personnel.

• Third-party vendors, suppliers, and subcontractors.

• Visitors to our website (bestar-sg.com) and social media platforms.

​​​

​

3. Personal Data Defined

​

"Personal data" refers to any data, whether true or not, about an individual who can be identified:

​​

1. From that data alone; or

2. From that data combined with other information we possess or are likely to access.

​​​

​

4. Collection, Use, and Disclosure

​

We strictly adhere to the principle of Purpose Limitation, collecting only the data necessary for identified purposes.

​​

How We Collect Data:

​​

• Voluntary Disclosure: Data provided directly by you or via an authorized representative.

• Professional Services: Data obtained while performing audits, tax filings, or payroll for your employer.

• Public Sources: Information from platforms like LinkedIn.

• Digital Interaction: Data from website cookies, event registrations, and marketing subscriptions.

​

Purposes by Category:

​​

Category                                Primary Purposes

​

Clients                                    Service delivery, contract management, tax/accounting, and legal defense.

Service-Related Individuals  Quality assurance, financial auditing, and payroll processing.

Job Applicants / Alumni       Recruitment screening, onboarding, and maintaining alumni networks.

Suppliers / Vendors               Relationship management, conflict of interest checks, and AML/CFT compliance.

Marketing / Events                CRM management, event registration, and promotional communications.

​​​

​

5. Legitimate Interests

​

Consistent with the PDPA, we may process personal data without consent under the Legitimate Interests Exception for:

​​

• Fraud detection and prevention.

• Network security and preventing misuse of services.

• Credit analysis and financial crime prevention.

• Data loss prevention on company-issued devices.

​​​

​

6. Managing Your Consent

 

Your consent remains valid until withdrawn in writing.

​

• Withdrawal: Contact our Data Protection Officer (DPO). We will acknowledge receipt within 3 business days and provide a resolution within 30 days.

• Consequences: Withdrawing consent may limit our ability to provide certain services or fulfill your requests.

• Exceptions: We may continue to process data without consent where required or permitted by law.

​​​

​

7. Access, Correction, and Accuracy

​​

• Access/Correction: You may request a copy of your data or update inaccuracies by contacting the DPO.

• Fees: A reasonable administrative fee may apply for access requests; we will notify you of any costs beforehand.

• Your Responsibility: Please ensure your data is accurate and notify us of any changes.

​​​

​

8. Data Security and Retention

​

• Security: We employ administrative, physical, and technical safeguards, including encryption, anonymization, regular patching, and strict access controls.

• Retention: Data is kept only as long as necessary for the purpose it was collected, or as required for legal/business reasons. Once no longer needed, data is securely deleted or de-identified.

​​​

​

9. International Transfers

​​

As part of a global network, Bestar may transfer your data to entities outside of Singapore. We ensure that any overseas recipient provides a standard of protection comparable to the PDPA.

​​

​

10. Minors

​

Our services and website are not intended for individuals under sixteen (16) years of age. If we inadvertently collect such data, we will delete it upon notification by a parent or guardian.

​​

​

11. Contact Our Data Protection Officer (DPO)

​

For queries, feedback, or data requests, please contact:

​

Data Protection Officer

​

• Phone: 62994730

• Email: admin at bestar-sg.com

• Address: 23 New Industrial Road, #04-08 Solstice Business Center, Singapore 536209

​

For our Global Privacy Statement, please click here.