top of page

PRIVACY POLICY

Last Updated: 23 Nov 2025

Applies to: Website visitors, business contacts and corporate customers.

 

This Privacy Policy explains how Nijhof Consulting & Solutions Pte Ltd (“Nijhof Consulting & Solutions”, “we”, “us”, “our”) handles personal data when you:

  • visit our website www.nijhofcs.com (“Site”),

  • contact us via email, phone, or the Contact Us page, or

  • interact with us in the course of business.

 

We process personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore and related guidelines issued by the Personal Data Protection Commission (PDPC). 

This Policy is intended primarily for business users (B2B) — for example, shipping companies, maritime operators, insurers, yards and other corporate entities — and their employees or representatives who act on their behalf. However, it also applies to any individual who communicates with us in a personal capacity.

In simple terms

  • We do not run this website with the aim of collecting your personal data.

  • We only receive personal data from the Site if you deliberately choose to contact us (for example via the Contact Us form or by emailing us). Some limited technical information (such as IP address and cookies) is collected automatically when you browse the Site, as explained in this Policy.

  • We do not offer online accounts, online orders, or newsletter sign-ups on this Site.

  • Most of the personal data we hold about people comes from direct business dealings (meetings, calls, agreed email correspondence), not from browsing this website.

 

We really are not in the business of harvesting data from this website, and we do not want you to submit any more personal data than is necessary for us to respond to you.


That said, whenever we do handle personal data - whether obtained via this Site or through other business interactions - we will treat it in line with the PDPA and this Policy.

 

We are committed to being accountable for the personal data we hold. We have appointed a Data Protection Officer (DPO) and maintain internal policies and procedures to manage personal data in accordance with the PDPA.

If you have any questions or complaints about how we handle your personal data, you can contact our DPO (see Section 10).

CLAUSES

1. Personal Data We Collect

1.1 When you simply browse our Site

When you visit our Site and do not actively send us any information, we do not directly identify you from this technical information and we do not attempt to link it to named individuals. Where such information constitutes personal data under the PDPA, we handle it in accordance with this Policy.

 

Like most websites, certain technical information is automatically sent by your browser and our servers may log it, for example:

  • IP address and approximate location,

  • browser type and version,

  • device type and operating system,

  • pages visited and the date/time of the visit,

  • basic cookie information (see Section 6).

 

Under PDPC guidelines, online identifiers such as IP addresses and cookie identifiers can be personal data if they can identify an individual, alone or together with other information. 

 

We use this kind of technical information only as reasonably necessary to:

  • deliver the Site to you,

  • maintain IT security (for example, detecting misuse or attacks), and

  • understand general, aggregated usage patterns of the Site.

 

We do not use this technical data to build individual marketing profiles or track you across unrelated websites.

 

1.2 When you contact us via the Site or directly

If you choose to contact us, we may collect the following types of personal data:

  • Identification & contact details:

    • name,

    • business email address,

    • business phone number,

    • company name,

    • job title or role.

  • Message content:

    • any information you include in your enquiry or message (for example, details of your company’s needs or context about a vessel, department or project).

 

You can contact us in three main ways:

  • by using the Contact Us form on the Site,

  • by emailing the address shown on the Site, or

  • by calling us (if a phone number is provided).

 

Using the Contact Us form is entirely optional. If you prefer, you can always contact us directly by email or phone instead.

1.3 When we interact with you in the course of business (offline / direct)

Most of the personal data we handle arises outside the website, for example when:

  • we meet you in person or speak over the phone,

  • we correspond with you by email,

  • we work with you on an engagement, project or training programme.

 

In those cases, we may collect:

  • your name and business contact information,

  • your role, team, vessel/department, and related professional information,

  • details relevant to the delivery of our services (for example, schedules, training attendance, feedback, requirements).

 

Under the PDPA, “business contact information” (such as an individual’s name, position, business telephone number and business email address used for business purposes) is excluded from most of the Data Protection Provisions in Parts 3 to 6A, although organisations are still expected to manage it responsibly.

We do not collect NRIC numbers, passport details, financial information or similar sensitive identifiers through this Site, and we will only request such data in very limited cases where it is strictly necessary and clearly explained.

2. How We Collect Your Data

We collect personal data through:

  • forms you choose to submit on our Site (for example, the Contact Us form),

  • emails or calls you initiate with us,

  • business meetings, calls, webinars or other events,

  • information you voluntarily provide in the course of an engagement, and

  • automated technical means (server logs and cookies) when you browse our Site (see Section 6).

 

If you provide us with personal data about other individuals (for example, colleagues who will participate in a training or project), you should ensure that:

  • you are authorised to do so, and

  • where required, those individuals have been informed and have consented to you sharing their data with us.

3. Why We Use Your Personal Data

We only use personal data for purposes that a reasonable person would consider appropriate in the circumstances, and in line with the PDPA’s purpose limitation obligation.

We may use personal data for the following purposes:

  1. To respond to you

    • Handling and responding to your enquiries or requests.

    • Providing information about our services when you ask us.

  2. To perform or prepare for a contract with your organisation

    • Preparing proposals, scopes of work or advisory services.

    • Administering engagements, projects or training programmes.

  3. To manage our relationship with you / your company

    • Coordinating meetings, calls and follow-up actions.

    • Managing basic records of interactions with business contacts.

  4. To operate, secure and improve our Site and systems

    • Ensuring the Site displays and functions correctly.

    • Monitoring and protecting against security threats, misuse or abuse.

    • Using aggregated or anonymised information, where possible, to understand general usage patterns and improve our services. 

  5. To comply with law and manage risk

    • Complying with applicable laws, regulations, codes of practice or guidance.

    • Cooperating with lawful requests from regulators and authorities in Singapore (for example, the PDPC) where required. 

 

We do not:

  • use this Site to run targeted advertising or behavioural profiling,

  • sell, rent or trade your personal data to third parties, or

  • use personal data collected via this Site to create large marketing lists.

 

If we ever wish to use your personal data for a new purpose that is not covered by this Policy (for example, a specific marketing initiative), we will notify you of the new purpose and, where required, obtain your consent before doing so.

4. PDPA Grounds for Collection, Use and Disclosure

Under the PDPA, organisations must have a valid basis to collect, use and disclose personal data and must notify individuals of the purposes involved. 

Depending on the context, we may rely on one or more of the following:

  • Your consent
    When you provide personal data via the Contact Us form or by emailing us, you generally consent to our use of that data to respond to you and handle your request.

  • Deemed consent by conduct or contractual necessity
    When you voluntarily provide information in the context of a business relationship (for example, sharing contact details to coordinate a project), you may be taken to have consented to our use of that data for that purpose.

  • Legitimate business interests / business improvement exceptions             Where permitted under the PDPA (for example, under the Legitimate Interests Exception or Business Improvement Exception), we may use personal data without consent for certain legitimate purposes (such as ensuring IT security or improving internal processes), but only where those purposes are reasonable, we have taken appropriate steps to mitigate any likely adverse effects on you, and your interests do not override our purposes.

  • Legal or regulatory obligations
    We may process and disclose personal data to comply with legal obligations, regulatory requirements or lawful orders of courts and authorities in Singapore.

 

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw consent, we will cease the collection, use or disclosure of your personal data for the affected purposes, unless an exception under the PDPA applies (for example, where retention is required by law). 

5. Disclosure and Transfer of Personal Data

We only disclose personal data on a need-to-know basis and for the purposes described in this Policy.

We may disclose personal data to:

  • our employees and authorised representatives who need the information to perform their duties,

  • IT, hosting, security, communication and other service providers that process data on our behalf as data intermediaries,

  • professional advisers (for example, lawyers, auditors) where reasonably necessary,

  • training or implementation partners directly involved in delivering a programme or project that you or your organisation have asked us to deliver,

  • regulators, law enforcement or other authorities, where required by law or pursuant to valid legal process.

 

If personal data is transferred outside Singapore (for example, to cloud services with data centres overseas), we will take steps to ensure that the receiving organisation is bound to provide a standard of protection comparable to that under the PDPA, in line with the Transfer Limitation Obligation and PDPC guidance. 

Where our service providers act as data intermediaries, we require them (through contracts or other appropriate means) to:

  • act only on our documented instructions, and

  • implement reasonable security measures to protect personal data in line with the PDPA.

 

We do not sell your personal data to third parties.

6. Cookies and Similar Technologies

6.1 What are cookies?

Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to site owners. Some cookies may involve online identifiers which can be treated as personal data if they can be linked to an identifiable individual.

6.2 How we use cookies

Our Site uses cookies and similar technologies primarily to:

  • remember certain basic preferences (for example, cookie consent choices),

  • help ensure the security and stability of the Site, and

  • understand, at an aggregated level, how the Site is used (for example, pages visited and approximate geography), so that we can improve content and navigation.

 

We aim to minimise the personal data handled through cookies and to rely on aggregated or anonymised information where feasible. 

6.3 Your choices

You can control cookies in several ways:

  • by using the cookie settings or opt-out function on our Site (where available), and

  • by changing your browser settings (for example, to block or delete cookies).

 

If you disable certain cookies, parts of the Site may not function properly. However, the Site should remain generally usable.

If we introduce any non-essential cookies (for example, for advanced analytics) in future, we will clearly explain them and give you a meaningful choice to allow or reject them, in line with PDPA consent and notification requirements.

7. Data Retention

We retain personal data only for as long as reasonably necessary to:

  • fulfil the purposes described in this Policy,

  • manage our relationship with you or your organisation, or

  • comply with applicable legal, regulatory or business record-keeping requirements.

 

The PDPA’s Retention Limitation Obligation prohibits organisations from keeping personal data longer than necessary for legal or business purposes.

When personal data is no longer required, we will delete or anonymise it in a secure manner, unless we are legally required (or permitted) to retain it for a longer period.

8. Protection of Personal Data

We implement reasonable administrative, technical and physical safeguards to protect personal data in our possession or under our control against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, in line with the PDPA’s Protection Obligation and PDPC’s guidance on data protection practices for ICT systems. 

Examples of measures we may use (appropriate to the sensitivity and volume of data) include:

  • access controls and need-to-know restrictions,

  • secure configuration of systems and applications,

  • appropriate authentication and password practices,

  • staff awareness on data protection responsibilities.

 

However, no method of transmission over the Internet or method of electronic storage is completely secure. You understand that there are inherent risks in using websites and email, and we cannot guarantee absolute security.

 

If we become aware of a data breach that is likely to result in significant harm to affected individuals, or that is of a significant scale, we will promptly assess the breach and, where the criteria under the PDPA are met (for example, where the breach is likely to result in significant harm to affected individuals or is of a significant scale), we will notify the PDPC and affected individuals as soon as practicable.

9. Accuracy of Personal Data

We will take reasonable steps to ensure that personal data in our possession or under our control is accurate and complete, where the data is likely to be used to make decisions that affect you or to be disclosed to another organisation. 

To help us keep your information up to date, please inform us if your personal data (such as your business contact details or role) changes during your relationship with us.

10. Your Rights and Contacting Our Data Protection Officer

Under the PDPA, and subject to certain exceptions, you may:

  1. Request access
    Ask us whether we hold personal data about you and request access to that data, as well as information about how it has been used or disclosed in the past year.

  2. Request correction
    Ask us to correct any errors or omissions in your personal data that we hold.

  3. Withdraw consent
    Withdraw consent for our collection, use or disclosure of your personal data for one or more purposes, subject to legal or contractual restrictions.

 

If you make a request, we may need to verify your identity and clarify the scope of the request. We may charge a reasonable fee to cover the costs of processing an access request, in line with PDPC guidance. 

We aim to respond to all legitimate requests within a reasonable time and will inform you if we need additional time or are unable to fulfil a request due to PDPA exemptions.

Data Protection Contact (DPO):
Email: crew@nijhofcs.com
Address: 331 North Bridge Road #12-03 Odeon Towers, Singapore 188720
Please indicate “PDPA Request” in your subject line if your enquiry relates to personal data.

You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) if you believe we have not handled your personal data in accordance with the PDPA.

When the Data Portability Obligation under the PDPA comes into force, we will update this Policy to reflect any additional rights that apply.

11. Third-Party Websites

Our Site may contain links to third-party websites or services. These websites are not operated by us and have their own privacy policies and practices.

 

We are not responsible for the privacy practices of third-party websites, and we encourage you to review the privacy policies of any sites you visit before providing them with personal data.

12. Updates to This Policy

We may update this Privacy Policy from time to time, for example to:

  • reflect changes in our business practices,

  • reflect changes in the PDPA, PDPC guidelines or other applicable laws, or

  • clarify our data protection practices.

 

When we make material changes, we will post the updated Policy on this page with a new “Last Updated” date. Where appropriate, we may also provide additional notice (for example, via a notice on our Site).

Your continued use of our Site or continued interactions with us after any update will constitute your acknowledgement of the updated Policy.

13. Contact Us

If you have any questions about this Policy or how we handle personal data, please contact our Data Protection Officer at crew@nijhofcs.com

bottom of page