Policy notice
PDPA Notice
This notice explains how Kronos Digital Strategies ("Kronos") adheres to the Personal Data Protection Acts (PDPA) across Singapore, Malaysia, and other Asia-Pacific jurisdictions when conducting B2B outreach.
Last updated:
Consent & notification
Kronos works with clients to document consent sources or deemed consent grounds before activating campaigns. Collection notices describe the intended purposes, data categories, and opt-out mechanisms available to recipients.
Access, correction & retention
Individuals may request access to or correction of their personal data by contacting Kronos or the client controller. Responses are coordinated within statutory timelines. Retention schedules limit storage to the duration necessary for outreach analytics plus legally required suppression logs.
Protection obligations
Technical and organisational controls include TLS encryption, role-based access, and incident response runbooks. Breach reporting procedures align with Singapore PDPC guidance and relevant local authorities.
Cross-border data flows
Personal data leaving originating jurisdictions is protected via contractual clauses that impose comparable protection standards on processors and downstream vendors. Vendor assessments confirm adherence to PDPA protection and accountability principles.