Last updated: April 2026
Expert People Solutions (“EPS”, “we”, “us”, or “our”) is committed to protecting your personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, your rights as an individual, and who we share it with.
1. Who We Are
Expert People Solutions is an HR consulting and people solutions firm operating through expertpeoplesolutions.com. If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer (DPO):
| Data Protection Officer | Andrew Swinley |
| Organisation | Expert People Solutions |
| andrew@expertpeoplesolutions.com | |
| Website | www.expertpeoplesolutions.com/contact |
2. What Personal Data We Collect
Contact Form Enquiries
When you complete a contact form on our website, we collect:
- Full name
- Email address
- Phone number (if provided)
- Company name (if provided)
- The content of your message
This information is submitted through Fluent Forms and stored on our website server (hosted by Bluehost).
Client and CRM Data
In the course of providing HR consulting services, we may collect and store:
- Contact details (name, email, phone, address)
- Professional information (job title, company, industry)
- Contract details, project notes, invoices, and correspondence
- Any personal data you share with us as part of our engagement
Email Marketing
If you subscribe to our newsletter or marketing communications (via our website form or directly), we collect:
- Name
- Email address
- Your consent record and the date consent was given
Email marketing is managed through Mailchimp (The Rocket Science Group LLC, US).
Job Applicants
If you apply for a role at EPS or submit a speculative application, we collect:
- Name, email address, and phone number
- CV, cover letter, and any other documents you provide
- Interview notes and assessment records (if applicable)
Website Analytics
Our website uses Google Analytics (Google LLC, US) to understand how visitors use the site. This tool collects anonymised and pseudonymous data, including pages viewed, session duration, and general location. Your full IP address is not stored. This data is only collected after you have given cookie consent via our consent banner.
3. Why We Collect Your Personal Data
We collect and use your personal data only for the purposes we have disclosed to you. The table below sets out our processing purposes and the legal basis for each under the PDPA:
| Purpose | Legal Basis | Notes |
|---|---|---|
| Responding to contact form enquiries | Legitimate interest / Consent | Consent checkbox on form |
| Delivering HR consulting services | Contractual necessity | |
| Sending newsletters and marketing updates | Consent | Explicit opt-in required |
| Maintaining business records and CRM | Legitimate interest | |
| Processing job applications | Legitimate interest / Consent | Where applicant submits speculatively |
| Managing supplier / contractor relationships | Contractual necessity | |
| Website analytics and performance monitoring | Legitimate interest | Anonymised / pseudonymous data only |
| Complying with legal and regulatory obligations | Legal obligation | e.g. Income Tax Act, Employment Act |
We will not use your personal data for any purpose other than those listed above without first obtaining your consent.
4. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose it was collected, and in line with our Data Retention Policy:
| Data Category | Retention Period | Action on Expiry |
|---|---|---|
| Contact form enquiries (no engagement) | 12 months from submission | Permanently deleted |
| Active client records | Duration of engagement + 7 years | Deleted or anonymised |
| Email marketing subscribers (active) | While consent is active; re-confirmation after 12 months inactivity | Deleted or moved to suppression list |
| Unsubscribed email contacts (suppression) | Email address retained indefinitely to prevent re-subscription; all other data deleted within 30 days of unsubscribe | All other data deleted |
| Job applicants — unsuccessful | 6 months from rejection | Permanently deleted |
| Employee / contractor records | Duration of engagement + 7 years | Securely deleted or anonymised |
| Website analytics data | 26 months (Google Analytics default) | Automatically purged by Google Analytics |
| Supplier and contractor records | 7 years from end of relationship | Deleted or anonymised |
When data reaches the end of its retention period, it is securely deleted or anonymised so it can no longer be linked to you.
5. How We Protect Your Data
We take reasonable security measures to protect your personal data from unauthorised access, use, or disclosure. These include:
- Secure HTTPS encryption on our website
- Password protection and access controls on all systems holding personal data
- Two-factor authentication (2FA) on hosting, email, and cloud storage accounts
- Restricting data access to authorised personnel only
- Regular reviews of our data security practices
6. Who We Share Your Data With
We do not sell your personal data. We may share it with the following trusted third-party service providers who assist us in operating our business. All third-party providers are required to handle your data in accordance with applicable data protection laws and our data protection requirements.
| Service Provider | Role | Country | Safeguards |
|---|---|---|---|
| Mailchimp (The Rocket Science Group LLC) | Email marketing platform | United States | Standard Contractual Clauses / Mailchimp DPA |
| Google LLC (Google Analytics) | Website analytics | United States | Standard Contractual Clauses / Google DPA |
| Bluehost / Newfold Digital | Website hosting | United States | Data Processing Agreement |
| Fluent Forms (WPManageNinja) | Contact form processor | United States | Plugin terms; data stored on Bluehost server |
| Accountant / bookkeeper | Financial records | Singapore | Confidentiality obligations |
| Cloud storage provider (e.g. Google Drive) | File storage | United States | Google DPA / SCCs |
International transfers: Several of our service providers are based in the United States. Where personal data is transferred outside Singapore, we take steps to ensure it receives equivalent protection — including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) with each provider.
7. Your Rights Under the PDPA
Under the Singapore PDPA, you have the following rights:
| Right | What It Means | How to Exercise |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | Submit a DSAR to andrew@expertpeoplesolutions.com |
| Correction | Request correction of inaccurate or incomplete personal data | Contact the DPO in writing |
| Withdrawal of Consent | Withdraw consent at any time where processing is based on consent. This does not affect processing carried out before withdrawal. | Email DPO or click unsubscribe in any marketing email |
| Data Portability | Receive your personal data in a structured, machine-readable format (where technically feasible) | Submit a DSAR specifying portability |
| Lodge a Complaint | Complain to the PDPC if you believe your data has been mishandled | www.pdpc.gov.sg |
To exercise any of these rights, please contact our DPO at andrew@expertpeoplesolutions.com. We will acknowledge your request within 3 business days and respond in full within 30 calendar days.
8. Email Marketing and Unsubscribing
We only send marketing emails to individuals who have explicitly opted in using Mailchimp’s double opt-in process. Every marketing email we send includes an unsubscribe link.
If you no longer wish to receive marketing communications from us, you can:
- Click the unsubscribe link at the bottom of any marketing email, or
- Email us at andrew@expertpeoplesolutions.com with the subject line “Unsubscribe”
We will process your unsubscribe request promptly. Mailchimp typically processes unsubscribes within 24–48 hours. Your email address will be retained on our suppression list to prevent accidental re-subscription.
9. Cookies and Website Analytics
Our website uses cookies and analytics tools to understand how visitors use the site. When you first visit our website, a cookie consent banner (provided by CookieYes) will ask for your consent before any non-essential cookies are loaded. You can accept, reject, or customise your cookie preferences at any time using the cookie settings link on our website.
We use the following categories of cookies:
- Strictly Necessary — essential for the website to function (no consent required)
- Analytics — Google Analytics (Google LLC, US) to understand website usage (consent required)
- Functional — to remember your preferences (consent required)
Google Analytics collects anonymised and pseudonymous data. IP addresses are truncated and not stored in full. Data is retained for 26 months by default.
You can also control cookie settings through your browser preferences at any time.
10. Data Breach Notification
In the unlikely event of a data breach, we will take immediate steps to contain it and assess the impact. In line with the PDPA Notification Obligation:
- If the breach is likely to result in significant harm to affected individuals, or involves 500 or more individuals, we will notify the Personal Data Protection Commission (PDPC) within 3 calendar days of becoming aware of the breach.
- We will also notify affected individuals as soon as practicable where the breach is likely to cause significant harm to them.
Breach notifications to the PDPC are made through the PDPC’e online portal at www.pdpc.gov.sg.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the “Last Updated” date at the top of this page and, where the changes are significant, notify you by email or iea a notice on our website. We encourage you to review this page periodically.
12. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our Data Protection Officer:
| Organisation | Expert People Solutions |
| DPO | Andrew Swinley |
| andrew@expertpeoplesolutions.com | |
| Website | www.expertpeoplesolutions.com/contact |
| PDPCComplaint Portal | www.pdpc.gov.sg |
You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg if you believe your personal data has been handled in a manner not compliant with the PDPA.