Privacy Policy

Last Updated: January 15, 2026

Cornerstone Group is committed to protecting the privacy and personal data of individuals who interact with our consulting services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with Singapore's Personal Data Protection Act 2012 (PDPA) and other applicable data protection regulations.

1. Information We Collect

Personal Data Collected

We collect personal information that you provide to us directly when you inquire about or engage our consulting services. This may include:

• Name and contact details (email address, phone number, business address)
• Company name and role within the organization
• Business information relevant to consulting engagements
• Communication preferences and correspondence history
• Payment and billing information for engagement fees

Information Collected Automatically

When you visit our website, we may automatically collect certain information through cookies and similar technologies:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, referring source)
• Analytics data to understand site performance and user behavior

2. How We Use Your Information

We use your personal data for the following purposes:

Service Delivery

• Responding to inquiries about our consulting services
• Providing consulting engagements as agreed in our service agreements
• Communicating about engagement progress and deliverables
• Processing payments and maintaining financial records

Business Operations

• Improving our services and website functionality
• Conducting internal analysis and research
• Complying with legal obligations and regulatory requirements
• Protecting against fraud and unauthorized access

Marketing Communications

With your consent, we may send you information about our services, industry insights, or updates. You may opt out of marketing communications at any time by contacting us at [email protected].

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to deliver consulting services you've engaged
• Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving services
• Legal Obligation: When we must process data to comply with Singapore laws and regulations

4. Data Sharing and Disclosure

We do not sell or rent your personal data. We may share your information in the following limited circumstances:

Service Providers

We may engage third-party service providers to assist with business operations, such as website hosting, payment processing, or analytics. These providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose personal data when required by law, court order, or governmental authority, or when necessary to protect our rights or the safety of individuals.

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction:

• Secure servers with encryption for data transmission
• Access controls limiting data access to authorized personnel
• Regular security assessments and updates
• Secure document storage and disposal procedures
• Employee training on data protection obligations

While we take reasonable precautions, no method of transmission or storage is completely secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Client engagement data: Retained for 7 years after engagement conclusion for professional liability and regulatory purposes
• Financial records: Retained for 7 years as required by Singapore tax regulations
• Marketing communications: Retained until consent is withdrawn or contact becomes inactive
• Website analytics: Aggregated data retained indefinitely; individual data typically 26 months

When data is no longer needed, we securely delete or anonymize it in accordance with our data disposal procedures.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and collect usage information. Cookie types include:

Essential Cookies

Required for basic website functionality and security. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website through aggregated statistics.

For detailed information about our use of cookies and your choices, please review our Cookie Policy.

8. Your Rights

Under Singapore's Personal Data Protection Act, you have the following rights regarding your personal data:

Access

You have the right to request access to the personal data we hold about you. We will provide a copy of your data in a commonly used format.

Correction

You may request correction of inaccurate or incomplete personal data. We will make reasonable efforts to update your information promptly.

Withdrawal of Consent

Where we process data based on your consent, you may withdraw that consent at any time. This will not affect processing that occurred before withdrawal.

Objection to Processing

You may object to processing of your data for direct marketing purposes or when processing is based on legitimate interests.

Data Portability

You may request transfer of your data to another organization in a structured, machine-readable format where technically feasible.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete that information promptly.

10. International Data Transfers

We primarily process data within Singapore. If we transfer personal data outside Singapore, we ensure appropriate safeguards are in place to protect your data in accordance with PDPA requirements. This may include using standard contractual clauses or ensuring the receiving country has adequate data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice through email or our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response to your privacy concerns, you may lodge a complaint with the Personal Data Protection Commission of Singapore:

Personal Data Protection Commission
10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
Website: www.pdpc.gov.sg