Privacy Policy

Effective Date: June 2025

1. Introduction & Scope

This policy applies to Skystone Asset Management Pte. Ltd. (“Skystone,” “we,” “us,” or “our”). We collect personal data when you visit skystone.com.sg, complete forms, subscribe to insights, or engage our services. We are committed to protecting your personal data in accordance with the Personal Data Protection Act (PDPA) and MAS CMS requirements.

2. Consent & Purpose of Collection

By submitting your personal data, you consent to our collection, use, and disclosure for specified purposes:

  • Providing fund management services and venture or project‑related financing;
  • Communicating insights, updates, newsletters, or marketing (with prior consent);
  • Verifying identity and conducting due diligence;
  • Complying with our regulatory obligations (e.g. AML/CFT, audits, MAS reporting).
    We do not use your data for unrelated purposes without your clear, additional consent.

3. Types of Data Collected

Depending on our interaction, we may collect:

  • Identity: name, NRIC/FIN, date of birth, nationality
  • Contact: address, email, phone number
  • Professional: company, role, credentials
  • Financial & investment: portfolio, income sources, assets under management
  • Device & usage: IP address, cookies, browsing data
  • Other: as required for regulatory compliance

4. Withdrawal of Consent & Data Subject Rights

You may withdraw consent or request access and correction under PDPA. We typically respond within 30 business days, subject to verification and legal constraints.

5. Disclosure & Cross‑Border Transfers

We may share data with:

  • MAS, auditors, regulators, or law enforcement as required;
  • Service providers (IT, legal, accounting, CRM) under PDPA-compliant agreements;
  • Joint venture partners and affiliates as necessary.
    If data is transferred overseas, we ensure comparable data protection or obtain your consent.

6. Security, Retention & Disposal

We use administrative, technical, and physical safeguards (such as encryption and access controls) to protect data. Personal data is retained only for as long as necessary and securely deleted or anonymised thereafter.

7. Data Breach Protocol

Should a notifiable data breach occur (e.g., posing risk or affecting 500+ individuals), we will:

  1. Contain and assess the breach.
  2. Notify PDPC within 3 calendar days.
  3. Notify affected individuals promptly with guidance on mitigation.
  4. Notify MAS if the breach involves licensed activities.

8. Cookies & Tracking

We use cookies to enhance user experience and analyze website usage. Non-essential cookies require your explicit consent; you may withdraw it at any time via your browser or our cookie manager.

9. Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

10. Children & Special Data

Our services target individuals aged 18 or older. We do not knowingly collect data from minors. Sensitive personal data is only processed if legally required for compliance (e.g., AML/CFT).

11. Data Protection Officer (DPO)

Our DPO is responsible for PDPA compliance and handling enquiries or concerns.

  • Email: Contact Form
  • Office: 1 Kim Seng Promenade #11-01, Great World City Office, East Tower, Singapore, 237994

12. Updates to This Policy

Changes will be published here, and we’ll update the “Effective Date.” Continued use implies acceptance of any changes.