Privacy Policy

We may collect, use, and process personal data including but not limited to:

a) Identification Information

• Full name
• NRIC/FIN (only when legally required)
• Passport details (if required for site access or compliance)
• Date of birth (where necessary)

b) Contact Information

• Email address
• Phone number
• Business address
• Residential address (if required for billing, legal, or contractual reasons)

c) Employment & Professional Information

• Job title
• Company name
• Work history (where relevant to contracts or pre-qualification)
• Business card information

d) Transactional & Contractual Data

• Quotation requests
• Contracts and agreements
• Invoices and payment records
• Project documentation

e) Technical & Digital Data

• IP address
• Browser type and device information
• Cookies and usage data
• Website interaction data

f) Visual & Security Data

• CCTV footage (where applicable at sites or offices)
• Site access logs
• Photographs or videos taken during projects or events

IRHA collects, uses, and discloses personal data for legitimate business purposes, including:

• Providing and managing services
• Preparing quotations and proposals
• Contract execution and project delivery
• Compliance with regulatory and legal obligations
• Billing, invoicing, and financial administration
• Customer service and support
• Safety, security, and access control
• Marketing and business communications (where consent is provided)
• Internal audits, governance, and risk management
• Fraud prevention and legal protection

We will not use personal data for purposes beyond what is reasonably necessary unless required by law or with your consent.

IRHA collects and processes personal data on one or more of the following legal bases:

• Your consent
• Necessity for contract performance
• Legal and regulatory compliance
• Legitimate business interests
• Emergency situations affecting life or safety

You may withdraw consent at any time by contacting us. Withdrawal of consent may affect our ability to provide certain services.

We may disclose personal data to:

• Employees and authorised representatives
• Professional advisors (lawyers, auditors, consultants)
• Regulatory authorities and government bodies
• IT service providers and cloud hosting providers
• Subcontractors and operational partners

All third parties are required to comply with confidentiality and data protection obligations.

Where personal data is transferred outside Singapore, IRHA ensures that receiving parties provide a standard of protection comparable to the PDPA through contractual obligations and safeguards.

IRHA implements appropriate technical, administrative, and physical safeguards including:

• Access control and authentication
• Encryption and secure storage
• Network security and monitoring
• Data minimisation practices
• Confidentiality agreements
• Regular internal security reviews

Despite our best efforts, no data transmission or storage system is completely secure. IRHA is not liable for unauthorised access beyond our reasonable control.

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Upon no longer being required, data will be securely deleted or anonymised.

We take reasonable steps to ensure personal data is accurate and complete.
You may request:

• Access to your personal data
• Correction of inaccurate data

Requests may be subject to legal exceptions and administrative fees.

Our website may use cookies and similar technologies to enhance user experience, improve performance, and analyse traffic. You may disable cookies via your browser settings, although this may affect site functionality.

We will only send marketing communications where you have provided consent or where permitted by law. You may opt out at any time using the unsubscribe link or by contacting us directly.

In the event of a data breach likely to result in significant harm, IRHA will:

• Take immediate remedial action
• Notify affected individuals where required
• Report the breach to the PDPC in accordance with legal requirements
• Conduct internal investigations and preventive improvements

IRHA does not knowingly collect personal data from individuals under the age of 13. Where personal data of minors is provided, consent must be obtained from a parent or legal guardian. IRHA will take reasonable steps to delete such data upon notification.

Users are responsible for ensuring that personal data provided is accurate, complete, and up to date. IRHA shall not be responsible for consequences arising from inaccurate or outdated personal data.

While IRHA implements reasonable technical and organisational measures, no online storage or transmission is completely secure. IRHA shall not be responsible for unauthorised access, cyberattacks, or misuse of personal data beyond its reasonable control, subject always to PDPA obligations.

IRHA reserves the right to update this Privacy Policy from time to time. Updated versions will be published on our website with the effective date stated.