Privacy Policy

This is the Privacy Policy ("Policy") of RAY BUSINESS TAX ADVISOR PTE. LTD. (UEN: 201625618K) and RAY BUSINESS ADVISORS (UEN: 53193090D), collectively referred to as "Ray Business", "we", "us" or "our" in this Policy. This Policy sets out how we collect, use, disclose and protect the personal data of our clients, website visitors, business partners and other individuals we interact with, in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore.

Application. This Policy applies to all personal data that you provide to us, or that we may collect about you in the course of our business operations, including through our website at www.raybiz.com.sg, our services, and communications with us. Please do not provide any personal data to us if you do not accept this Policy.

Compliance. We are committed to complying with the PDPA and ensuring that all personal data we handle is managed responsibly. If you notify us that you do not consent to our collection or use of your personal data, we may not be able to provide certain services to you.

Contacting Our Data Protection Officer. If you have any feedback, queries or concerns relating to your personal data or this Policy, or wish to make a complaint, you may contact our Data Protection Officer (DPO) at:

Amendments to this Policy. We may update this Policy from time to time to reflect changes in applicable law or our data practices. The updated Policy will supersede all earlier versions and will apply to personal data previously provided to us. We will make the updated Policy available on our website and, where required, notify you in writing.

We collect, use and disclose your personal data where:

• you have given us consent;
• it is necessary to comply with our legal or regulatory obligations;
• it is necessary for our legitimate business interests, provided this does not override your interests or fundamental rights; and/or
• it is necessary to perform a contract or service that you have entered into or requested from us.

What personal data we collect. The personal data we collect depends on the purpose for which it is required and what you choose to provide. This may include:

• Full name, NRIC/FIN/passport number and date of birth
• Contact information — mailing address, email address and telephone number
• Business details — company name, UEN, director/shareholder information
• Financial information — bank account details, income particulars and tax-related records (provided directly by you for service purposes)
• Correspondence records — emails, letters and documents you submit to us
• Any other information you voluntarily provide to us

How we collect personal data. We collect personal data directly or indirectly through various channels, including when:

• you engage our services or enter into transactions with us (or express interest in doing so);
• you contact us via phone, email, WhatsApp, or in person at our office;
• you fill in a form on our website or submit an enquiry;
• you provide documents required for corporate secretarial, accounting, tax or audit services;
• you attend meetings, events or training sessions organised or hosted by us;
• we receive your personal data from third parties such as ACRA, IRAS or other regulatory bodies in the course of providing services; or
• you submit your personal data to us for any other reason.

Cookies and website technologies. Our website may use cookies and related tracking technologies to improve your browsing experience and analyse website usage. You may disable cookies in your browser settings; however, some website features may not function correctly as a result. We do not use cookies to identify you personally unless you have provided your personal data to us.

Voluntary provision of personal data. Your provision of personal data to us is voluntary. You may withdraw consent at any time by contacting us. However, withdrawal may affect our ability to provide services to you. We will inform you of the implications before processing your withdrawal request.

Personal data of others. If you provide us with personal data belonging to other individuals (e.g., directors, shareholders or family members), you are responsible for ensuring that those individuals are aware of this Policy and have consented to the collection, use and disclosure of their personal data.

Accuracy. You must ensure that all personal data provided to us is accurate, complete and up to date, and promptly notify us of any changes.

Minors. Our services are directed to businesses and adults. We do not knowingly collect personal data from individuals under 18 years of age without the consent of a parent or guardian. If you are a parent or guardian and believe your child has submitted personal data to us without consent, please contact us to request its removal.

We collect, use and disclose personal data only for the purposes for which it was collected, or for related purposes that you would reasonably expect.

Service delivery purposes. We collect and use your personal data to:

• provide accounting, bookkeeping, tax filing, GST advisory, audit, and corporate secretarial services;
• incorporate companies, register directors, and manage corporate governance obligations on your behalf;
• prepare and submit tax computations, annual returns, financial statements and regulatory filings;
• manage your relationship with us, including billing and correspondence;
• respond to your enquiries and provide customer support;
• maintain proper records for compliance, audit and regulatory purposes;
• engage third-party vendors and service providers required to fulfil our obligations to you; and
• conduct training, internal quality reviews and service improvement activities.

Marketing purposes. With your consent, we may use your personal data to:

• send you newsletters, updates and information about our services, promotions and regulatory changes relevant to your business;
• personalise and tailor communications based on your industry or service engagement; and
• invite you to events, seminars or workshops organised by us.

You may opt out of marketing communications at any time by contacting us or using the unsubscribe option provided in our emails.

Legitimate business interests. We may also process personal data for our legitimate business interests, including:

• protecting our legal rights and those of our clients;
• preventing fraud, unauthorised access and misuse of our services;
• improving our services, systems and processes;
• managing business continuity and operational resilience; and
• sharing data in connection with any business restructuring or acquisition.

Regulatory and legal purposes. We may collect, use and disclose personal data as required by law, including to comply with requests from IRAS, ACRA, MAS, PDPC or other competent authorities.

Contacting you. We may contact you by mail, email, telephone, WhatsApp, or any other reasonable means for the above purposes. We will obtain your consent before contacting you for marketing purposes and will not use your telephone number for marketing unless specifically consented to.

Disclosure to third-party service providers. We may disclose your personal data to third parties engaged to support our service delivery, including:

• IT service providers and software platforms used for accounting, tax filing and corporate secretarial work;
• professional advisors such as lawyers and auditors where necessary;
• government agencies such as ACRA, IRAS, CPF Board and MOM, as required for regulatory filings;
• banking institutions and financial service providers where required in connection with client services; and
• cloud storage and document management service providers.

Safeguards on disclosure. When disclosing personal data to third parties, we will take reasonable steps to ensure that those parties protect your personal data in a manner consistent with this Policy and applicable law, including through contractual arrangements where appropriate.

Legal disclosures. We may disclose your personal data without consent if required or permitted by applicable law, including in response to a court order, law enforcement request or regulatory investigation.

Business transfers. In the event of a business merger, acquisition or restructuring, personal data held by us may be transferred as part of the transaction. We will notify you of any such change that materially affects the handling of your personal data.

Transfers outside Singapore. In the course of providing services, we may need to transfer your personal data to countries outside Singapore, for example, where a cloud platform, software vendor or professional partner is based overseas.

Safeguards. Before transferring personal data outside Singapore, we will ensure that the recipient country provides a standard of protection comparable to the PDPA, or we will put in place binding contractual arrangements that require the recipient to protect your personal data to an equivalent standard. You may contact us to obtain details of the safeguards applied.

Security measures. We take reasonable and appropriate technical and organisational measures to protect personal data in our possession against unauthorised access, collection, use, disclosure, copying, modification, disposal or loss. These measures include:

• password-protected systems and restricted access controls;
• encrypted storage and secure transmission of sensitive data;
• regular review of our data handling and security practices; and
• staff awareness and training on data protection obligations.

Retention period. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. For most business and tax records, we retain data for a minimum of 5 to 7 years in accordance with Singapore's statutory limitation and tax record-keeping requirements. Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised.

Anonymised data. We may anonymise personal data so that it no longer identifies any individual. Such anonymised data may be retained and used without restriction for business analysis, service improvement and statistical purposes.

Limitations. While we take reasonable precautions to protect your personal data, no system is entirely immune to security risks. We cannot guarantee absolute security against unauthorised access, hacking, cyberattacks or other events beyond our control. We encourage you to take steps to protect your own communications with us, such as using secure email and keeping your account credentials confidential.

Data breach notification. In the event of a data breach that is likely to result in significant harm to affected individuals, we will notify the Personal Data Protection Commission (PDPC) and, where required, the affected individuals, in accordance with the mandatory breach notification requirements under the PDPA.

Under the PDPA, you have the following rights in relation to your personal data that we hold:

How to exercise your rights. To exercise any of the above rights, please submit a written request to our Data Protection Officer at raybusiness2011@gmail.com. We may require you to verify your identity before processing your request. Where permitted by law, a reasonable administrative fee may apply.

Response timeline. We will endeavour to respond to your request within 30 business days of receipt. If we are unable to respond within this timeframe, we will notify you in writing and inform you of the expected response date. Where we are unable to grant your request, we will provide reasons, except where we are not required to do so under applicable law.

Limitations. Please note that there are legal and regulatory limitations on your rights. For example:

• we may decline an access request if it would reveal personal data of another individual;
• we may retain certain data for legal or audit purposes even after a withdrawal of consent;
• withdrawal of consent may affect our ability to continue providing services to you.

Complaints. If you are dissatisfied with our handling of your personal data or your request, you may also lodge a complaint directly with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.