1. Definitions
For the purposes of this Privacy Policy, the following definitions shall apply:
1.1 “Tetra Consultants” refers to the company duly incorporated and existing under the laws of Singapore, with its headquarter located therein, engaged in the provision of business consultancy and corporate support services across various international jurisdictions.
1.2 “Website” refers to https://www.tetraconsultants.com/
1.3 “User” refers to any individual who accesses the website of Tetra Consultants, engages its services, submits personal data, or whose personal data is otherwise collected, used, or disclosed by Tetra Consultants in the course of its operations.
1.4 “Personal Data” means any data, whether true or not, about an individual who can be identified:
a. From that data; or
b. From that data and other information to which Tetra Consultants has or is likely to have access, in accordance with the definition under Singapore’s Personal Data Protection Act 2012 (PDPA).
c. For the purposes of the General Data Protection Regulation (GDPR), “personal data” also includes any information relating to an identified or identifiable natural person, including identifiers such as name, identification number, location data, online identifiers, or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
d. For the purposes of the General Data Protection Regulation (GDPR), “personal data” also includes any information relating to an identified or identifiable natural person, including identifiers such as name, identification number, location data, online identifiers, or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
1.5 “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, erasure, or destruction.
1.6 “Data Subject” refers to the individual to whom the personal data relates. Under this Policy, the term “User” shall be used synonymously with “data subject” where applicable.
1.7 “Data Intermediary” means an organization that processes personal data on behalf of another organization but does not include an employee of that organization, as defined under the PDPA.
1.8 “Consent” refers to any voluntary, informed, and unambiguous indication of the User’s wishes by which the User, by a statement or by clear affirmative action, signifies agreement to the processing of their personal data.
1.9 “Third Party” refers to any individual, company, government agency, or entity other than Tetra Consultants and the User, including vendors, contractors, service providers, and professional advisers.
1.10 “PDPA” refers to the Personal Data Protection Act 2012 of Singapore and its subsidiary legislation, guidelines, and advisory documents issued by the Personal Data Protection Commission (PDPC).
1.11 “GDPR” refers to the General Data Protection Regulation (EU) 2016/679, which governs the protection of natural persons with regard to the processing of personal data within the European Union and European Economic Area.
1.12 “Data Breach” means any unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks to personal data, whether accidental or intentional, that results in the loss, corruption, or compromise of personal data.
2. General
2.1 This Privacy Policy outlines how Tetra Consultants collects, uses, discloses, and protects personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore, the General Data Protection Regulation (GDPR) of the European Union and other international privacy laws where applicable.
2.2 By accessing our website, engaging our services, or submitting any personal data, the User acknowledges and agrees to the practices set out in this Policy. If the User does not agree with the terms herein, the User should refrain from providing personal data or using the services of Tetra Consultants.
2.3 This policy does not override any existing data protection policies that offer additional or equivalent protection of personal data. However, if there are inconsistencies, this policy will take precedence where it introduces stricter requirements or provides a higher standard of protection. For clarity, nothing in this policy obliges Tetra Consultants to act in violation of any applicable local and international laws.
3. Collection of Personal Data
3.1 Tetra Consultants may collect Personal Data from the User directly or indirectly in the course of the User’s engagement with Tetra Consultants, including through the submission of forms, email communications, telephonic or in-person conversations, the use of Tetra Consultants’ Website, or interaction with Tetra Consultants’ personnel, agents, or representatives.
3.2 Personal Data may also be obtained through third-party sources, including but not limited to publicly available registers, professional intermediaries, affiliates, regulatory authorities, and service providers acting on behalf of or in cooperation with Tetra Consultants, provided such collection is in compliance with applicable data protection laws and the User’s rights under this Policy.
3.3 Tetra Consultants collects and Processes Personal Data only to the extent reasonably necessary and in a manner consistent with the following principles:
a. Lawfulness and Fairness: Personal Data shall be collected and processed lawfully, fairly, and in good faith, with due regard to the rights and reasonable expectations of the Data Subject, in accordance with applicable laws and regulatory requirements.
b. Consent: Where the Data Subject has given clear, informed, and unambiguous consent for the processing of their Personal Data for one or more specified purposes. Consent may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice.
c. Purpose Limitation: Personal Data shall be collected only for specified, explicit, and legitimate purposes, and shall not be further processed in any manner incompatible with those purposes, unless otherwise permitted under applicable law.
d. Transparency: The Data Subject shall be provided with clear and accessible information regarding the collection, use, and disclosure of their Personal Data, including the purposes thereof, the legal basis for such processing, and the categories of recipients, where applicable.
e. Vital Interests: Where the processing is necessary to protect the vital interests of the Data Subject or of another natural person, particularly in cases of emergency or where the Data Subject is physically or legally incapable of giving consent.
f. Public Interest or Official Authority: Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Tetra Consultants, where applicable.
3.4 Where the User provides Personal Data relating to a third party (e.g. directors, shareholders, employees, or beneficiaries of a corporate client), the User warrants and represents that:
a. Such disclosure is authorised,
b. Appropriate notice has been given to the third party, and
c. Requisite consent has been obtained from such third party for Tetra Consultants to collect, use, and disclose their Personal Data in accordance with this Policy.
3.5 Tetra Consultants shall not collect Personal Data that is excessive or irrelevant to the purposes for which it is being collected and shall ensure that any Processing of Personal Data is done in a manner that is lawful, fair, and transparent.
4. Use of Personal Data
4.1 Tetra Consultants shall use the Personal Data collected from the User only for purposes which are lawful, legitimate, and reasonably necessary for its business operations, and in accordance with applicable data protection laws including, but not limited to the Personal Data Protection Act 2012 of Singapore (“PDPA”), the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and other data protection laws in jurisdictions where Tetra Consultants operates or provides services.
4.2 The purposes for which the User’s Personal Data may be used (the “Purposes”) include, but are not limited to, the following:
a. To perform and discharge contractual obligations entered into between Tetra Consultants and the User, including the provision of corporate, consultancy, regulatory, or administrative services;
b. To initiate, facilitate, or process the User’s applications, service requests, including the onboarding and verification of clients or counterparties for compliance with anti‑money laundering, counter‑terrorism financing, and other regulatory obligations;
c. To manage and administer the User’s account, including invoicing, communications, internal audits, and relationship management;
d. To communicate with the User in connection with matters arising from or relating to the services rendered, including notices, updates, or information relevant to such services;
e. To send marketing communications, newsletters, publications, event invitations, and other promotional materials to the User, subject to the User’s prior consent or deemed consent, and without prejudice to the User’s right to withdraw such consent at any time;
f. To improve and enhance the services provided by Tetra Consultants through market research, service reviews, customer feedback, and data analytics;
g. To investigate or prevent any fraudulent, unauthorised, or illegal activity, misuse of the Website or services, or violation of any agreement or applicable law;
h. To comply with any applicable laws, regulations, codes of practice, guidelines, rules, court orders, or directions issued by a regulatory or governmental authority having jurisdiction over Tetra Consultants;
i. To manage the internal business operations of Tetra Consultants, including data and records management, IT and systems administration, staff training, and business continuity planning;
j. To conduct or support corporate transactions including mergers, acquisitions, restructurings, or sale of assets, provided that appropriate data protection safeguards are implemented.
4.3 Where Personal Data is to be used for a purpose that has not been disclosed at the time of collection, Tetra Consultants shall obtain the express consent of the User prior to such use unless otherwise permitted under applicable law.
4.4 The User acknowledges and agrees that the use of Personal Data for the above-stated purposes may involve the sharing of Personal Data with third parties, including data intermediaries, professional advisors, regulatory authorities, or other lawful recipients, in accordance with Clause 6 of this Policy.
5. Rights of the User
5.1 Subject to legal exceptions, the User shall be entitled to:
a. Access Personal Data held by Tetra Consultants concerning the User;
b. Request correction of inaccurate, incomplete, or outdated Personal Data;
c. Request erasure of the User’s Personal Data, to the extent required by applicable law;
d. Request restriction of Processing in certain circumstances;
5.2 Requests pertaining to the rights set forth in Clause 5.1 shall be submitted in writing to the contact details provided herein. The requestor may be required to provide identification or proof of authority. Tetra Consultants shall respond within thirty (30) days, or within such longer period as permitted under applicable law, and shall inform the User of any refusal, including reasons, unless prohibited by law.
6. Disclosure of Personal Data to Third Parties
6.1 Tetra Consultants is committed to maintaining the confidentiality of your personal data. Tetra Consultants may, in the course of its business and in accordance with applicable data protection laws, disclose the User’s Personal Data to third parties strictly on a need-to-know basis and solely for lawful and legitimate purposes. Such disclosures shall be limited to the following circumstances:
a. Compliance with Legal and Regulatory Obligations: Where the disclosure is required by any applicable law, regulation, rule, directive, code of practice, or pursuant to any request or order issued by a court of competent jurisdiction, governmental authority, law enforcement agency, or regulatory body in Singapore or any other relevant jurisdiction.
b. Consent or Deemed Consent: Where the User has provided express consent to the disclosure of Personal Data, or where consent is deemed under the provisions of the Personal Data Protection Act 2012 or other applicable law, provided that the User has been notified of the purposes for such disclosure.
c. Engagement of Data Intermediaries, Subcontractors or Platforms: Where Personal Data is disclosed to third-party service providers, data intermediaries, or subcontractors engaged by Tetra Consultants for the purpose of providing administrative, technological, or professional services in support of its operations, provided that such third parties are contractually bound to ensure confidentiality, integrity, and security of the Personal Data in a manner consistent with the standards prescribed under the applicable laws.
d. Intra-Group Disclosures: Where disclosure is necessary to other affiliated entities or network member firms of Tetra Consultants for purposes consistent with the original purpose for which the User provided the Personal Data, or to deliver relevant services or communications reasonably expected by the User.
e. Corporate Transactions: Where disclosure is required in connection with any merger, acquisition, sale, reorganisation, or other corporate transaction involving Tetra Consultants, in which case the transferee or acquiring entity shall be contractually bound to comply with data protection obligations equivalent to those contained in this Policy.
6.2 Third-party service platforms with which Tetra Consultants has entered into contractual arrangements for specific services shall, for the avoidance of doubt, be deemed data intermediaries and subject to the obligations set out in Clause 6.1(c).
6.3 Tetra Consultants shall take reasonable measures to ensure that all third parties to whom Personal Data is disclosed implement and maintain appropriate security safeguards that are at least comparable to the standards employed by Tetra Consultants under applicable laws.
7. Security of Personal Data
7.1 Tetra Consultants shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against unauthorized access, disclosure, alteration, destruction, or corruption. Such measures shall include, without limitation:
a. Access control management and role-based access;
b. Encryption of data in transit and at rest;
c. Secure authentication protocols and password policies (if applicable);
d. Physical security measures at storage facilities;
e. Regular training of personnel handling Personal Data;
f. Audit logs, vulnerability assessments, and incident response procedures.
8. Access to and Correction of Personal Data
8.1 Subject to the provisions of applicable data protection laws, including but not limited to the Personal Data Protection Act 2012 of Singapore (“PDPA”), Tetra Consultants shall, upon the written request of the User, grant the User access to the User’s Personal Data that is in the possession or under the control of Tetra Consultants. Such access shall include information regarding the manner in which the User’s Personal Data has been or may have been used or disclosed by Tetra Consultants within a period of one (1) year prior to the date of the request, or such other period as may be prescribed by applicable law.
8.2 The User shall submit any request for access to Personal Data in writing through the contact form available on the official website of Tetra Consultants at https://www.tetraconsultants.com/ or by such other means as may be specified by Tetra Consultants from time to time. Tetra Consultants reserves the right to require the User to provide sufficient information to verify the identity of the requestor and to facilitate the processing of the access request.
8.3 Tetra Consultants shall make reasonable efforts to respond to an access request within thirty (30) days from the date of receipt of such request. In the event that Tetra Consultants is unable to respond within the prescribed period, Tetra Consultants shall inform the User in writing of the reason for the delay and the estimated time required to respond to the request.
8.4 Tetra Consultants may, in accordance with the PDPA or other applicable laws, impose a reasonable administrative fee for the processing of access requests, particularly where the request is manifestly unfounded, excessive, or repetitive in nature.
8.5 Notwithstanding the foregoing, Tetra Consultants shall not be obliged to provide access to the User’s Personal Data in any of the following circumstances:
a. Where providing access would reasonably be expected to threaten the safety, health, or life of any individual;
b. Where such access would cause immediate or grave harm to the interests of the individual or another individual;
c. Where the request for access relates to Personal Data which, if disclosed, would reveal Personal Data about another individual, unless the other individual has consented to the disclosure or the disclosure is otherwise permitted under applicable law;
d. Where the information is protected by legal privilege or was generated in the course of a formal dispute resolution process;
e. Where the access would be contrary to national interest, public interest, or would prejudice investigations or legal proceedings;
f. Where such access is otherwise prohibited or exempted under applicable data protection or other laws.
8.6 In the event that Tetra Consultants refuses, whether wholly or partially, to grant access to the User’s Personal Data, Tetra Consultants shall, to the extent permitted by law, provide the User with a written statement setting out the reasons for such refusal. Nothing in this Clause shall be construed as limiting the rights of the User under the GDPR, where applicable, including the right to obtain confirmation as to whether or not Personal Data concerning the User is being processed, and, where that is the case, access to the Personal Data and supplementary information as prescribed under Article 15 of the GDPR.
9. Correcting Your Personal Data
9.1 The User may submit a written request to Tetra Consultants to correct any error or omission in the User’s Personal Data that is in the possession or under the control of Tetra Consultants. Such request shall clearly specify the nature of the inaccuracy or omission and shall be submitted either through the contact form available on the official website of Tetra Consultants or via such other written means as may be prescribed from time to time.
9.2 Upon receipt of a valid correction request, and unless Tetra Consultants is satisfied on reasonable grounds that a correction should not be made, Tetra Consultants shall take reasonable steps to correct the Personal Data as soon as is practicable, and in any event, within thirty (30) days from the date of receipt of the request.
9.3 Where applicable, Tetra Consultants shall, upon effecting such correction, transmit the corrected Personal Data to any third party to whom the Personal Data was disclosed within a period of one (1) year prior to the date of correction, unless such third party does not require the corrected data for any legal or business purpose. Tetra Consultants may, with the written consent of the User, transmit the corrected data only to specific third parties as designated by the User.
9.4 Tetra Consultants is committed to maintaining Personal Data that is accurate, complete, and up-to-date, and shall take reasonable steps to ensure the integrity of such data in accordance with applicable data protection laws.
10. Withdrawal of Consent
10.1 The User may, at any time, withdraw consent that has been previously provided or is deemed to have been provided for the collection, use, or disclosure of the User’s Personal Data by Tetra Consultants, subject to the provisions of applicable data protection laws and any legal or contractual obligations.
10.2 Any withdrawal of consent shall be made in writing and submitted through the contact form available on the official website of Tetra Consultants, or by such other method as Tetra Consultants may reasonably prescribe from time to time.
10.3 Upon receipt of a valid withdrawal request, Tetra Consultants shall, within a reasonable time and in any event no later than ten (10) business days from the date of receipt, cease the collection, use, and/or disclosure of the User’s Personal Data, unless continued retention or processing of such Personal Data is required or authorised under applicable law, including without limitation for compliance, regulatory, tax, accounting, dispute resolution, or legal enforcement purposes.
10.4 The User acknowledges and agrees that the withdrawal of consent may result in Tetra Consultants being unable to continue providing certain services to the User, or to fulfil its contractual or legal obligations to the User. In such circumstances, Tetra Consultants shall not be liable for any loss or damage arising as a consequence of the withdrawal of consent.
10.5 Tetra Consultants shall inform the User of the likely consequences of the withdrawal of consent at the time such request is made, to the extent required by applicable law.
11 Transfer of Personal Data outside of Singapore
11.1 Tetra Consultants may, in the course of its operations, transfer the User’s Personal Data to jurisdictions outside of Singapore or the jurisdiction in which the data was originally collected, for purposes consistent with this Policy. Such transfers shall only occur in accordance with the requirements prescribed under applicable data protection laws, including but not limited to the Personal Data Protection Act 2012 of Singapore (“PDPA”) and the General Data Protection Regulation (EU) 2016/679 (“GDPR”), where applicable.
11.2 Prior to any cross-border transfer of Personal Data, Tetra Consultants shall take appropriate steps to ensure that the recipient organisation or jurisdiction affords a standard of protection to the Personal Data that is comparable to the standard required under the PDPA and, where applicable, is compliant with the GDPR. Such measures may include, without limitation:
a. Entering into legally binding data transfer agreements with the recipient, incorporating the European Commission’s Standard Contractual Clauses (SCCs), or other applicable model clauses;
b. Verifying the recipient’s participation in an approved certification mechanism or binding corporate rules (BCRs), as recognised under the GDPR;
c. Conducting due diligence to assess the legal framework and data protection practices of the recipient jurisdiction;
d. Obtaining explicit consent from the User, where permitted under applicable law, and after informing the User of the potential risks involved in such transfer;
e. Ensuring that the transfer is otherwise exempted under Article 49 of the GDPR, where applicable.
11.3 Tetra Consultants shall implement appropriate contractual, technical, and organisational safeguards to protect the integrity, confidentiality, and availability of Personal Data during and after such transfer.
11.4 The User acknowledges and accepts that Personal Data may be stored or processed in jurisdictions which may not afford the same level of data protection as the User’s home jurisdiction. Nevertheless, Tetra Consultants shall remain responsible for ensuring the continued protection of such Personal Data in accordance with this Policy and applicable law.
12. Website Privacy and Use of Cookies
12.1 This Data Protection Policy shall apply to all Personal Data collected by Tetra Consultants through its websites, including any associated subdomains or online platforms operated and controlled by Tetra Consultants.
12.2 The websites of Tetra Consultants may employ cookies and similar tracking technologies on certain webpages. Cookies are small data files stored on the User’s device that facilitate improved navigation, personalization, analytics, and the proper functioning of the site. The use of such cookies constitutes a standard industry practice.
12.3 The User may, through appropriate settings on the User’s browser or device, disable or refuse the use of cookies. The User acknowledges, however, that disabling or blocking cookies may limit certain functionalities or features of the website and may adversely affect the User’s browsing experience.
12.4 The User may also, at any time, delete cookies stored on the User’s device after visiting the website of Tetra Consultants, by following the browser’s deletion instructions.
12.5 Tetra Consultants may, for the purpose of enhancing the User’s online experience, provide hyperlinks to third-party websites. Such external websites operate independently of Tetra Consultants and are governed by their own data protection and privacy policies.
12.6 Tetra Consultants disclaims any responsibility or liability for the data protection practices, content, or policies of such third-party websites. The User is strongly advised to review the privacy policies applicable to any external websites prior to disclosing any Personal Data to such third parties.
13. Data Breach Notification and Remedial Actions
13.1 In the event of an actual or suspected Data Breach, Tetra Consultants shall:
a. Promptly undertake a risk assessment and containment procedure;
b. Where required by PDPA, notify the Personal Data Protection Commission within three (3) calendar days of becoming aware of a Notifiable Data Breach;
c. Where required by GDPR, notify the competent supervisory authority within seventy‑two (72) hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons;
d. Communicate to affected Users where the breach is likely to result in a high risk to their rights and freedoms, detailing the nature of the breach, likely consequences, and the measures taken or proposed;
e. Maintain a record of any Data Breach, its effects, and remedial actions taken.
14. Modifications
Tetra Consultants reserve the right to modify or amend this Policy at any time. The effective date will be displayed at the beginning of this Policy. To keep you informed, we will notify changes to this Policy by prominently identifying the alteration for a period of not less than two weeks on our home page at https://www.tetraconsultants.com/.
15. Contact Us
If you have any questions or concerns about this Privacy Policy or our handling of your personal data, please contact us through the contact form on our website at https://www.tetraconsultants.com/. You can also contact us at enquiry@tetraconsultants.com.