ReachSpark
  • Home
  • Services
  • Work
  • About
  • FAQ
  • Contact

PRIVACY

Privacy Policy

Last updated: 13 July 2026

This Privacy Policy explains how ReachSpark Pte. Ltd. ("ReachSpark", "we", "us" or "our") collects, uses, discloses, stores and protects personal data when you visit reachspark.pro, contact us, engage our marketing agency services, or otherwise interact with us. We are committed to complying with the Personal Data Protection Act 2012 of Singapore ("PDPA") and applicable subsidiary legislation, including the Personal Data Protection Commission ("PDPC") advisory guidelines where relevant.

Please read this policy carefully. By using our website, submitting an enquiry, or engaging our services, you acknowledge that you have read and understood this Privacy Policy. Where consent is required under the PDPA, we will obtain it in a manner that is clear, informed and not bundled with unrelated terms unless the data use is reasonably necessary for the bundled service.

1. Organisation identity

The data controller responsible for personal data processed in connection with this website and our agency operations is:

ReachSpark Pte. Ltd.
UEN: 202418736K
Registered address: 26 Duxton Hill, #02-01, Singapore 089608
Telephone: +65 6229 3175
General enquiries: [email protected]
Privacy and data protection enquiries: [email protected]

ReachSpark Pte. Ltd. is a Singapore-registered marketing agency providing brand strategy, paid media management, creative production, social campaigns, conversion optimisation and analytics services for client brands. We are a professional services firm — not a training provider, software-as-a-service product, financial adviser, or media publisher. Our business activity involves processing personal data of website visitors, prospective clients, current clients, suppliers, and individuals whose data we handle on behalf of clients under contract.

Where we process personal data on behalf of a client as a data intermediary (for example, when managing advertising platforms, CRM systems, or analytics properties under a retainer), the client remains the organisation primarily responsible for determining the purposes and means of that processing. In such cases, our role, obligations and safeguards are defined in our service agreement and any applicable data processing terms. This Privacy Policy primarily addresses data for which ReachSpark acts as the organisation responsible for personal data under the PDPA.

2. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity and contact data: name, job title, company name, business email address, telephone number, postal address, and similar details you provide via our contact form, email correspondence, phone calls, or in-person meetings at our Duxton Hill studio.
  • Enquiry and communications data: the content of messages you send us, campaign brief details, budget indications, channel preferences, and records of our responses.
  • Technical and usage data: IP address, browser type and version, device identifiers, operating system, referring URLs, pages viewed, time spent on pages, click paths, and similar information collected through cookies, pixels and server logs when you browse reachspark.pro. See Section 10 and our Cookie Policy for details.
  • Client and project data: billing contacts, authorised signatories, stakeholder names, access credentials metadata (not passwords), campaign performance reports, creative approvals, and contractual records necessary to deliver agency services.
  • Marketing preferences: your choices regarding newsletters, event invitations, or other optional communications, where applicable.

We do not intentionally collect sensitive personal data (such as NRIC numbers, financial account numbers, health information, or data relating to children) through this website unless you voluntarily provide such information and we have a lawful basis to process it. We ask that you do not submit sensitive personal data via our general contact form unless we have expressly requested it for a defined purpose.

3. Purposes of collection, use and disclosure

We collect and use personal data only for purposes that a reasonable person would consider appropriate in the circumstances, and not beyond what is reasonable to achieve those purposes. Our primary purposes include:

  • Responding to enquiries: to read, assess and reply to messages submitted through our website, email, or telephone, and to schedule introductory calls or studio visits.
  • Delivering agency services: to plan, execute, report on and optimise marketing campaigns for clients, including media buying, creative production, SEO recommendations, content support, social campaign management, and analytics.
  • Contract administration: to prepare proposals, scopes of work, service agreements, invoices, and to manage billing, payment follow-up and account governance.
  • Website operation and improvement: to maintain site security, diagnose technical faults, understand aggregate traffic patterns, and improve content and user experience.
  • Analytics and measurement: where you have consented or where permitted, to measure campaign effectiveness, attribute traffic sources, and evaluate advertising performance using analytics tools and advertising pixels.
  • Legal and regulatory compliance: to comply with applicable laws, respond to lawful requests from authorities, enforce our Terms of Use, protect our rights, and maintain records required for audit or dispute resolution.
  • Business operations: to manage relationships with suppliers, freelancers and partners who support our agency work, and to conduct internal reporting and quality assurance.

We may disclose personal data to third parties only where necessary for the purposes above, including to:

  • Cloud hosting and infrastructure providers that store website and email systems;
  • Analytics and advertising technology vendors (subject to your cookie consent choices);
  • Professional advisers such as lawyers and accountants, under confidentiality obligations;
  • Payment processors or banks where relevant to invoicing;
  • Government authorities or regulators when required by law.

We do not sell personal data. We do not use your contact details to promote unrelated third-party products. Any case studies or portfolio references involving client work are handled with anonymisation or explicit client approval; we do not publish identifiable personal data without permission.

4. Legal bases and consent

Under the PDPA, organisations must not collect, use or disclose personal data unless the individual has given consent, or an exception applies. ReachSpark relies on the following bases, as appropriate to each processing activity:

  • Consent: Where you tick an affirmative consent checkbox on our contact form (never pre-ticked), submit an enquiry with clear expectation of a response, opt in to optional marketing communications, or accept non-essential cookies via our cookie banner, you provide consent for the stated purposes. You may withdraw consent at any time by contacting [email protected], subject to legal or contractual restrictions and reasonable notice periods needed to implement your request.
  • Contractual necessity: Processing needed to respond to your pre-contractual enquiry, perform a service agreement, or take steps at your request before entering a contract — for example, preparing a media plan using stakeholder contact details you supply.
  • Legitimate interests: Processing that is necessary for our legitimate business interests, provided those interests are not overridden by your data protection interests. Examples include basic website security logging, fraud prevention, and maintaining business records. Where we rely on this basis for optional analytics or advertising cookies, we obtain consent through our cookie mechanism instead.
  • Legal obligation: Processing required to comply with Singapore law, tax requirements, court orders, or regulatory inquiries.
  • Deemed consent by notification: In limited circumstances permitted under the PDPA, where we have notified you of the purpose of collection and you have not opted out, and where such collection is not contrary to your interests. We use this approach sparingly and in line with PDPC guidance.

For marketing communications that are not directly related to an existing contractual relationship, we will obtain clear opt-in consent. You may unsubscribe from optional emails using the link provided or by writing to us. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

When we act as a data intermediary processing client campaign data, we process personal data only in accordance with our client's documented instructions and our contractual data protection obligations, including security measures and breach notification procedures agreed with the client.

5. Data Protection Officer and contact

ReachSpark has appointed a Data Protection Officer ("DPO") to oversee compliance with the PDPA and to handle privacy enquiries, access requests, and complaints. You may contact our DPO at:

Email: [email protected]
Postal address: Data Protection Officer, ReachSpark Pte. Ltd., 26 Duxton Hill, #02-01, Singapore 089608
Telephone: +65 6229 3175 (Mon–Fri 09:00–18:00 SGT)

We aim to acknowledge privacy enquiries within five business days and to resolve straightforward requests within thirty days, though complex matters may require additional time as permitted under the PDPA. When you contact us, please provide sufficient information to verify your identity and describe your request clearly so we can assist you efficiently.

6. Retention of personal data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law, contractual obligation, or legitimate business need. Our general retention practices are:

  • Website enquiry records: retained for up to twenty-four months from last meaningful contact unless a client relationship develops, in which case records may be incorporated into the client file.
  • Client contract and project files: retained for the duration of the engagement and for up to seven years thereafter for legal, tax and dispute-resolution purposes, unless a longer period is required by law.
  • Invoicing and financial records: retained in accordance with Singapore accounting and tax requirements, typically seven years.
  • Server and security logs: retained for up to twelve months unless needed for an active security investigation.
  • Cookie consent preferences: stored locally in your browser for six months, after which the cookie banner will reappear for you to refresh your choices. See our Cookie Policy.
  • Marketing opt-in records: retained until you unsubscribe or withdraw consent, plus a minimal suppression record to honour your preference.

When personal data is no longer needed, we take reasonable steps to destroy or anonymise it securely. Anonymised aggregate data that cannot reasonably identify an individual may be retained indefinitely for statistical analysis.

7. Access, correction and other individual rights

Under the PDPA, you have the right to request access to personal data about you that is in our possession or under our control, and to request correction of any error or omission, subject to exceptions set out in the Act. To exercise these rights:

  1. Submit a written request to [email protected] with sufficient detail to identify the data concerned.
  2. We may request reasonable proof of identity before disclosing or correcting data to prevent unauthorised access.
  3. We will respond within thirty days, or inform you if an extension is required under the PDPA.
  4. A reasonable administrative fee may be charged for manifestly unfounded or excessive access requests, in line with PDPC guidance. We will inform you of any fee before processing the request.

Where we process your data on behalf of a client (for example, as a recipient of marketing communications from a client's campaign), we may direct you to contact the client directly, as they are the primary organisation responsible for that data. We will assist our clients in responding to such requests where contractually required.

You may also:

  • Withdraw consent for optional processing (such as non-essential cookies or marketing emails) without affecting core enquiry handling where another legal basis applies;
  • Request that we limit certain optional uses of your data while a complaint is being reviewed;
  • Lodge a complaint with us if you believe we have handled your personal data contrary to the PDPA.

We will investigate complaints fairly and respond with our findings and any remedial steps taken. If you remain dissatisfied after our internal review, you may escalate the matter to the PDPC as described below.

8. PDPC contact and complaints

If you believe that we have not handled your personal data in accordance with the PDPA, we encourage you to contact our DPO first so we can attempt to resolve the matter promptly. If the issue is not resolved to your satisfaction, you may contact the Personal Data Protection Commission:

Personal Data Protection Commission (PDPC)
Website: www.pdpc.gov.sg
General enquiries and complaint filing guidance are available on the PDPC website.

The PDPC administers and enforces the PDPA in Singapore. Filing a complaint with the PDPC does not affect your right to seek remedies through the courts where applicable.

9. Security measures

We implement reasonable administrative, technical and physical safeguards to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. Measures include, where appropriate:

  • HTTPS encryption for data transmitted via reachspark.pro;
  • Access controls limiting staff access to personal data on a need-to-know basis;
  • Secure password policies and multi-factor authentication on critical systems;
  • Regular software updates and monitoring for suspicious activity on hosting infrastructure;
  • Confidentiality obligations in contracts with employees, freelancers and vendors;
  • Secure disposal procedures for hardware and paper records containing personal data.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for keeping any account credentials confidential and for using secure channels when sending us sensitive business information.

In the unlikely event of a data breach posing a significant risk of harm, we will notify affected individuals and the PDPC as required under the PDPA's data breach notification provisions, and take steps to contain and remediate the incident.

10. Cookies and similar technologies

Our website uses cookies, local storage, and similar technologies to enable core functionality, remember your cookie consent choices, and — with your permission — support analytics and advertising measurement. Non-essential cookies are not placed until you accept them via our cookie banner or customise preferences in the cookie modal.

For a detailed description of cookie categories, vendors, storage duration (including the six-month consent storage period), and opt-out mechanisms, please read our Cookie Policy. You may change your preferences at any time by clearing site data and revisiting reachspark.pro, or by using the "Customise" option in the cookie banner when it is displayed.

11. Overseas transfers

Some of our service providers may process or store data on servers located outside Singapore, including in regions where our hosting, email, analytics, or advertising partners operate. Where personal data is transferred overseas, we take steps required under the PDPA to ensure that the recipient organisation provides a standard of protection comparable to that under the PDPA, such as contractual data protection clauses, verification of binding corporate rules, or reliance on applicable PDPA transfer exceptions. Details of specific sub-processors may be provided on request for client engagements where relevant.

12. Third-party links

Our website may contain links to third-party websites, social media platforms, or advertising networks. This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices of third parties and encourage you to review their policies before providing personal data.

13. Children

Our services are directed at business professionals and are not intended for individuals under eighteen years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact [email protected] and we will take steps to delete it.

14. Marketing disclaimer

ReachSpark provides marketing and advertising services for client brands. We do not guarantee specific rankings, reach, virality, leads, sales, revenue or return on investment. Any performance figures referenced in correspondence or on our website are illustrative of past work and not promises of future results. This Privacy Policy does not constitute legal advice. For legal questions about your own compliance obligations, consult a qualified adviser.

15. Change log

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice on reachspark.pro or by direct communication to affected clients.

  • 13 July 2026: Initial publication of this Privacy Policy for reachspark.pro, covering website enquiries, agency service delivery, cookie consent practices, DPO contact at [email protected], retention schedules, PDPA individual rights, PDPC escalation path, and security overview.

We encourage you to review this page periodically. Continued use of our website after an update constitutes acknowledgement of the revised policy, subject to any additional consent requirements for new processing activities.

Related policies

  • Cookie Policy
  • Terms of Use
  • Legal imprint

ReachSpark

Demand & paid-media marketing agency · Tanjong Pagar / Duxton Hill, Singapore

ReachSpark Pte. Ltd.
26 Duxton Hill, #02-01, Singapore 089608
+65 6229 3175 · [email protected]

UEN 202418736K · Mon–Fri 09:00–18:00 SGT

Explore

  • Services
  • Work
  • About
  • Contact
  • FAQ

Legal

  • Privacy
  • Terms
  • Cookies
  • Legal

ReachSpark provides marketing and advertising services including strategy, paid media, SEO, content, social, creative, CRM and lifecycle support, and analytics for client brands. We do not guarantee specific rankings, reach, virality, leads, sales, revenue or return on investment. Marketing outcomes depend on budget, market conditions, product and competition. Case study metrics reflect past work and are not promises of future performance. This is a professional marketing services firm — not a course, SaaS product, or financial advice. Hosted in Singapore.

© 2026 ReachSpark Pte. Ltd. All rights reserved.

We use cookies for site functionality, analytics and advertising pixels. Consent choices are stored for six months. Cookie policy

Cookie preferences

Necessary (required)Always on

Stored for six months. See our cookie policy.