Privacy Policy (Singapore)

 

Version 1.0 – June 18, 2026

 

This Privacy Policy is issued pursuant to the Personal Data Protection Act 2012 (PDPA) of Singapore and describes how Least Authority Pte. Ltd. processes personal data in the context of its website, products, services, and contractual relationships. For data protection information relating to our German operations, please refer to the Privacy Policy of Least Authority TFA GmbH, available here.

 

Least Authority Pte. Ltd. (“Organization,” “we,” “us”) is committed to protecting your privacy while you use our website, products and/or services. We want you to understand what information we collect about you, how we collect it, how that information is used, and what choices you have with respect to that information. Below is our Privacy Policy, made pursuant to the Personal Data Protection Act 2012 (“PDPA”) of Singapore, which applies to all interactions you have with us, including:

  • Visitors of our website
  • Users of our products and services
  • Subscribers to our mailing lists
  • Individuals contacting us via email or online forms
  • Clients of our security consulting and audit services
  • Job applicants

This Privacy Policy does not apply to any third-party applications or software that integrate with our services, or any other third-party products, services, or businesses.

 

I. Data Controller

The organization responsible for the collection and processing of personal data under this Policy is:

Least Authority Pte. Ltd.
160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914
UEN: 202604483H
Data Protection OfficerEmail: dpo@leastauthority.com

 

II. Collecting, Processing and Storing of Personal Data

We collect personal data in the course of operating our business and providing our products and services in Singapore. “Personal data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.

Please note that “business contact information” is not covered by the PDPA or this Policy. Business contact information refers to an individual’s name, position name or title, company name, business telephone number, business address, business email address or business fax number, and any other similar information about the individual not provided by the individual solely for their personal purposes.

We collect and process personal data primarily on the basis of your consent. In certain circumstances, we may also rely on deemed consent by notification — where we notify you of a new purpose and give you a reasonable opportunity to opt out — or on our legitimate interests, where we have assessed that those interests are not outweighed by any adverse effect on you.

We will keep personal data no longer than is necessary for the purpose it was collected for or any business or legal purposes. We will take all reasonable steps to ensure that all personal data is destroyed, permanently deleted or anonymised if it is no longer required for those purposes.

1. Our Website

You may use our website for purely informational purposes without disclosing your identity. To display the website to you, certain access data is transmitted to our hosting provider. When using our website, the following data may be collected automatically:

  • IP address
  • Browser type and version
  • Operating system used
  • Language and version of the browser software
  • Website from which the request comes (referrer URL)
  • Content of the request (specific page)
  • Date and time of the server request
  • Access status / HTTP status code
  • Amount of data transmitted

This data is processed for the purpose of ensuring the functionality, integrity, and security of the website.

2. Cookies 

Cookies are small text files stored on your device by your web browser when you visit a website. We only use session cookies (also known as temporary or transient cookies), which are stored for the duration of your visit and deleted automatically when you close your browser or your session ends. These cookies are strictly necessary for the website to function and cannot be disabled through our system settings.

You may configure your browser to block or alert you to cookies; however, please be aware that doing so may prevent certain parts of the website from working correctly.

3. Mailing List

If you wish to receive updates about our work, you may subscribe to our mailing list. To prevent misuse of your email address, registration consists of a double opt-in procedure: you will receive a confirmation email and will only be added to the mailing list once you confirm your address.

The email address you provide is used solely for the purpose of sending you our newsletter and is not shared with any parties other than our mailing list service provider. You may unsubscribe at any time using the link at the bottom of any newsletter email, or by contacting us at at newsletter@leastauthority.com.

4. Contacting Us

You can contact us via email or by filling out a form on our website. If you do so, your personal data will be saved and used only for the processing of the relevant enquiry or conversation.

If you schedule a call via our website using a third-party scheduling tool, you will voluntarily provide certain information to that tool, including your name and email address. Please review the privacy policy of any such tool before use.

5. Consultancy Services

If you engage our services, we collect your name, contact information, and other information provided in the course of communicating about the desired services. Providing your personal data is required in order to send proposals and contracts for signing.

6. Job Applications

If you apply for a position with us, the data you provide — such as your name, contact information, professional background, and references — will be processed solely for the purpose of evaluating your application.

 

III. Transfer to Third Parties 

We will never sell, rent, or lease your personal data to a third party. However, we may share personal data with third-party service providers that assist us in operating our business and delivering our services (for example, hosting providers, payment processors, scheduling tools, and document management platforms). Such providers are contractually bound to protect your personal data and to use it only for the specific purposes for which it is disclosed.

We may also share personal data with third parties if required to do so by law, by a court order, or by a regulatory or government authority in Singapore.

We only transfer personal data to third parties where we have a lawful basis to do so under the PDPA — in particular, where you have given consent, where the transfer is necessary for the provision of our services, or where required or permitted by applicable law.

If all or part of our organization is sold, merged, or otherwise transferred to another entity, your personal data may be transferred as part of that transaction. If that occurs, we will take reasonable steps to ensure your personal data continues to be treated consistently with this Privacy Policy.

 

IV. Transfer of Personal Data Outside Singapore

As far as necessary for our purposes, we may transfer your personal data to recipients outside of Singapore. We only do so in accordance with the Transfer Limitation Obligation under the PDPA, which requires us to ensure that the recipient provides a standard of protection comparable to that under the PDPA.

Mechanisms through which we ensure an adequate level of protection include:

  • Contractual arrangements binding the overseas recipient to data protection standards comparable to the PDPA;
  • Certification of the recipient under the APEC Cross-Border Privacy Rules (CBPR) system or Privacy Recognition for Processors (PRP) system; or
  • Such other binding legal instruments as recognized under the PDPA and its subsidiary regulations.

You may contact our Data Protection Officer if you have any questions about overseas transfers.

 

V. Your Rights as a Data Subject

Subject to the exceptions set out in the PDPA, you have the right to request from us at any time:

  • Access to your personal data held by us, including information about the purposes for which it is being used and the third parties to whom it has been disclosed;
  • Correction of any inaccurate, incomplete, misleading, or out-of-date personal data;
  • Withdrawal of consent to the collection, use, or disclosure of your personal data for any specified purpose; and
  • Portability of your personal data in a commonly used machine-readable format, where technically feasible and as required under applicable PDPC guidelines.

To exercise any of the above rights, please submit a written request to our Data Protection Officer at dpo@leastauthority.com, specifying the information or processing activity to which your request relates. We will respond within 30 days of receipt. We may charge a reasonable administrative fee for access requests.

You may also lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg .

 

VI. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of any third-party website, and we strongly recommend that you read the privacy statements of any third-party websites you visit.

 

VII. Data Breach Notification

We are committed to protecting the information that we receive from you. We take appropriate security measures to protect your information against unauthorised access to or unauthorised alteration, disclosure or destruction of data.

In the event of a data breach that is likely to result in significant harm to affected individuals, or that affects 500 or more individuals, we will notify the PDPC and the affected individuals as required under the PDPA — in any case no later than three calendar days from our assessment that the breach is notifiable. We maintain a Data Breach Management Policy to ensure timely detection, containment, assessment, and notification of data incidents. If you have reason to believe that your personal data held by us has been compromised, please contact our Data Protection Officer immediately.

 

VIII. Our Commitment to Privacy by Design

We believe in privacy by design and privacy by default. We develop products and provide services in a manner that integrates data protection from the outset, rather than as an afterthought. Our approach is guided by the principle of data minimisation — collecting only the personal data that is necessary for the specific purpose at hand — and the principle of least authority — ensuring that access to personal data is limited to those who genuinely require it to perform their functions.

 

IX. Changes to This Privacy Policy

We may modify this Privacy Policy at any time to comply with legal requirements as well as developments within our organisation. When we do, we will update the version number and revise its date. Each visit or interaction with our services will be subject to the new Privacy Policy. We will record past versions of this Privacy Policy through an archive on this page. We encourage you to review our Privacy Policy whenever you use our services to stay informed about our policies. By using our services, you acknowledge and agree that it is your responsibility to review our Privacy Policy periodically and to be aware of any modifications.

 

XI. Contact Information

For any questions, feedback, or data protection enquiries — including requests to access or correct your personal data or to withdraw your consent — please contact us at dpo@leastauthority.com.

 

Version 1.0 – June 18, 2026