IB
Ironbloom Get in Touch

Legal

Privacy Policy

Last updated: 10 March 2026

1. Introduction

Ironbloom ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our programmes and services. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with Singapore's Personal Data Protection Act 2012 (PDPA).

This policy applies to all personal data collected through our website, registration forms, programme sessions, and communications. By engaging with our services, you acknowledge that you have read and understood this policy.

For questions or data-related requests, contact us at: [email protected]

2. Data We Collect

2.1 Information you provide directly

  • Full name and contact details (email address, phone number)
  • Postal address (if required for administrative purposes)
  • Programme enrolment information and payment records
  • Information shared during advisory sessions (treated as strictly confidential)
  • Feedback and survey responses

2.2 Information collected automatically

  • Website usage data (pages visited, time on site, browser type)
  • IP address and device information
  • Cookie data (see our Cookie Policy for details)

2.3 Legal basis for processing

We process personal data on the basis of: consent (for marketing communications); contractual necessity (for programme enrolment and delivery); and legitimate interest (for improving our services and communicating with participants).

3. How We Use Your Data

  • Processing programme enrolments and managing participant records
  • Communicating about session scheduling, programme materials, and updates
  • Delivering individual advisory sessions (Level 03 programme)
  • Processing payments and maintaining financial records
  • Improving programme content based on aggregated feedback
  • Responding to enquiries submitted through our website or by phone
  • Complying with applicable legal and regulatory requirements

We do not use personal data for automated decision-making or profiling. We do not sell participant data to any third party.

4. Data Sharing

We do not share personal data with third parties except in the following circumstances:

  • Service providers: Payment processing partners and administrative software providers, each bound by data protection obligations.
  • Legal requirements: Where disclosure is required by law, court order, or a government authority.
  • Business succession: In the event of a merger or acquisition, participants would be notified prior to any data transfer.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy. Specifically:

  • Programme records: 7 years from the completion of the programme
  • Financial records: 7 years in accordance with Singapore accounting requirements
  • Enquiry data (non-enrolled): 12 months from last contact
  • Website analytics data: Up to 26 months (anonymised after 13 months)

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

  • Secure, access-controlled storage of participant records
  • Encrypted communication channels for data transmission
  • Restricted internal access to participant information on a need-to-know basis
  • Regular review of our data handling practices

In the event of a data breach that poses a risk to affected individuals, we will notify the Personal Data Protection Commission (PDPC) and affected parties in accordance with the mandatory breach notification obligations under the PDPA.

7. Cookies

Our website uses cookies to improve user experience and analyse site usage. For detailed information on the types of cookies we use and how to manage your preferences, please see our Cookie Policy.

8. Your Rights

Under the PDPA, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right of correction: Request correction of inaccurate or incomplete data.
  • Right of withdrawal: Withdraw consent for data processing where consent was the basis for collection.
  • Right to data portability: Request a copy of your data in a commonly used, machine-readable format (where applicable).

To exercise these rights, email [email protected]. We will respond within 30 days. We may request verification of identity before processing certain requests.

9. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

10. Children's Privacy

Our programmes and website are intended for individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe we have collected information from someone under 18, please contact us promptly.

11. Regulatory Authority

Ironbloom's data processing activities are subject to oversight by the Personal Data Protection Commission (PDPC) of Singapore. If you believe your data has been handled improperly and your concerns have not been resolved to your satisfaction, you may lodge a complaint with the PDPC at www.pdpc.gov.sg.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or regulatory requirements. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

13. Contact

Data Controller: Ironbloom
Address: 5 Shenton Way, #33-01 UIC Building, Singapore 068808
Email: [email protected]
Phone: +65 6451 3789