Data Protection Policy

Prakal Pte Ltd “Legal and Compliance Department”

This document is strictly for Prakal Pte Ltd (“we”,”us”,”our”, the Company”, “Service Providers”) and, where appropriate, its operating subsidiaries’ internal use. Copies of this document shall not be made or published unless written permission has been obtained from at least the relevant department head of the Company.

Chapter 1: Overview

The Data Protection Policy (“Policy”) sets out the basis upon which we may collect, use, disclose or otherwise process personal data of site users in accordance with the Personal Data Protection Act (“PDPA”).  Site Users means any Person that has access, made use of, or visited and/or


For ease of reference and/or will be collectively referred to as “Websites”, “Service Providers”


  • Purpose

The purpose of this policy is to set out the Company’s procedures on protection of personal data of individuals under the Company’s custody. It contains important information about how we collect(s), uses and disclose personal data of individuals and other organizations. This Policy takes into consideration of the PDPA 2012 and all applicable PDPA advisory guidelines.

Chapter 2: Personal Data Protection Act 2012


The PDPA establishes a data protection law in Singapore that comprises various rules governing the collection, use, disclosure, access to, correction and care of individuals’ personal data by organisations. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.


The PDPA contains 2 main sets of provisions, covering data protection (effective 2 July 2014) and a Do Not Call (“DNC”) Registry (effective 2 January 2014).






The DNC provisions generally prohibits organisations from sending certain marketing messages (in the form of voice calls, text, or fax messages) to individuals with Singapore telephone numbers, registered with the DNC Registry.

By using and accessing our Websites, Site Users that key in their personal data on our websites agree to subject themselves with our PDPA policy.


We intend to comply with all applicable provisions covering data protection by implementing certain procedures as set out below.

Chapter 3 the Company’s Personal Data Inventory List

Site Users

The Company collects personal data of any Site User that visits, access or participate(s) in any activity stated on our websites. The Company reserves the absolute right to collect the following:

  • NRIC number (last 4 digits)
  • Passport numbers and details
  • Home addresses
  • Nationality details
  • Gender Details
  • Telephone numbers (Mobile and LandLines)
  • Wallet Address
  • Driving License
  • Government IDs

For ease of reference (a) to (i) shall be referred to as User Data.

Chapter 4 the Company Data Protection Policy

  1. Transparency: We will be clear and transparent as to how we collect and use data, including providing data subjects with a statement of how we may use their data where required.
  2. Fair and lawful usage: We will only collect, process and store data lawfully and where we have a legitimate reason to do so.
  • Limited purposes: We will collect and process data for specified and lawful purposes, and will not use it for further, incompatible purposes without first taking all steps necessary under applicable data privacy laws and regulations.
  1. Data minimisation and adequacy: We will ensure our collection, retention and processing of data is proportionate. We will strike an appropriate balance to ensure that we process sufficient data to carry on our business and achieve any specified lawful purpose, while making sure that we do not collect, retain or process excessive amounts of data.
  2. Data quality and accuracy: We will maintain appropriate standards of data quality and integrity, and we will implement policies in respect of data accuracy, including taking steps to avoid becoming out of date where appropriate.
  3. Data security and retention: We will retain data securely, implement appropriate data retention policies, and we will dispose of data securely once it is no longer required. We will ensure that appropriate processes are put in place so only our colleagues with a business requirement to access such data are authorised and able to do so.
  • Training and awareness: We will ensure that our colleagues with access to data are trained appropriately on their obligations regarding those data.
  • Data subject rights: We will ensure that data subjects’ rights are observed in accordance with applicable data privacy laws and regulations, including any timeline establish thereby.
  1. Third parties: Where we appoint a vendor or agent, we will require them to apply standards equivalent to our Data Privacy Principles. We will only disclose data to governmental or judicial bodies or law enforcement or agencies or our regulators where this is allowed by applicable data privacy laws and regulations, or otherwise required by applicable laws and regulations.
  2. Data transfers: Where we voluntarily transfer data to another one of our entities, third party or to another jurisdiction, we will ensure that the data transfer is lawful and that the recipient is required to apply the same, or equivalent, standards as our Data Privacy Principles.


Chapter 5 Websites Policy

Cookies: We will use cookies to access your usage and activities on our website(s) to improve on the Site User(s) experience.

THIRD PARTY SITES: Our website may contain links to other websites operated by third parties. Your use and access of such links is governed by our internal Policy, and we are not responsible for the privacy practices of such websites. Usage of such third party sites will be at the own risks of the Site User.

Chapter 6 Liability Policy

Legal Liability: By using our website(s) you agree not to pursue or threaten to pursue in any capacity whatsoever, any claims, and/or legal proceedings against the Company. You agree to indemnify and to hold harmless and defend the Company’s officers, directors, members, and employees against all claims and suits by third parties for damages, injuries to persons, property damages (including physical and digital assets property) including losses and expenses, including court, arbitration costs and all attorney fees, arising out of usage from our Website(s).