Privacy & Data Protection Policy

Data Protection Notice

This Data Protection Notice (“Notice”) sets out the basis which Sarah Whyte Consulting (the ‘Data Controller”) may collect, use, disclose or otherwise process personal data of Sarah Whyte Consulting’s customers in accordance with Singapore’s Personal Data Protection Act (“PDPA”) and the European Union (“EU”) General Data Protection Regulation (the “GDPR”). This Notice applies to personal data in the possession or under the control of Sarah Whyte Consulting.

Personal Data

1.     As used in this Notice:

 “customer” means an individual who:

a)    has contacted the Data Controller through any means to find out more about any goods or services the Data Controller provides, or

b)    may, or has, entered into a contract with the Data Controller for the supply of any goods or services by Sarah Whyte Consulting; and

personal data” means data, whether true or not, about a customer who can be identified:

c)     from that data; or

d)     from that data and other information to which the Data Controller has or is likely to have access.

2.     Depending on the nature of customer interaction with Sarah Whyte Consulting, some examples of personal data which the Data Controller may collect from customers include your name, identification information and your contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information and financial information such as credit card numbers, debit card numbers or bank account information.

3.     Sarah Whyte Consulting does not process any personal data classified as ‘special’ under the GDPR (i.e. racial, ethnic origin, sexual orientation, philosophical beliefs).


4.     Sarah Whyte Consulting uses cookies which collect some data about you when you visit the website  

5.     Cookies are small files of letters and numbers which is stored on your browser or hard drive. They help a website to run effectively and provide the best experience for visitors, allowing visitors to navigate and use key features on a website.

6.     Sarah Whyte Consulting’s website uses:

a)     some necessary cookies to allow visitors to navigate the site and use key features, such as the shopping cart and checkout, and URL redirects.

b)    Analytics and Performance Cookies to identify unique visitors and track a visitor’s session on the site

7.     You can block or deactivate cookies in your browser settings.

Consent to Collection, Use and Disclosure of Personal Data

8.     The Data Controller only collects customers’ personal data if:

a)     it is provided to the Data Controller voluntarily by a customer directly or via a third party who has been duly authorised by a customer to disclose their personal data to the Data Controller (their “authorised representative”) after

i.     the customer (or their authorised representative) have been notified of the purposes for which the data is collected, and

ii.     the customer (or their authorised representative) has provided written consent to the collection and usage of their personal data for those purposes, or

b)     collection and use of personal data without consent is permitted or required by the PDPA or other laws.  

9.     The Data Controller may collect and use customers’ personal data for any or all of the following purposes:

a)     performing obligations in the course of or in connection with Sarah Whyte Consulting’s provision of the goods and/or services requested by customers;

b)     responding to, handling, and processing queries, requests, applications, complaints, and feedback from customers;

c)     managing customers’ relationship with Sarah Whyte Consulting;

d)     sending customers newsletters where they have opted to receive them;

e)     complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

f)      any other purposes for which customers have provided information;

g)     transmitting to any unaffiliated third parties including Sarah Whyte Consulting’s third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and

h)     any other incidental business purposes related to or in connection with the above. 

10.  The Data Controller may disclose customers’ personal data:

a)     where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by customers; or

b)    to third party service providers, agents and other organisations the Data Controller has engaged to perform any of the functions listed in clause 5 above for Sarah Whyte Consulting.

11.  The purposes listed in the above clauses may continue to apply even in situations where the customer’s relationship with the Data Controller (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable the Data Controller to enforce its rights under any contract with the customer).

Withdrawing Consent

12.  The consent that customers provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by the customer in writing. Customers may withdraw consent and request the Data Controller to stop using and/or disclosing their personal data for any or all of the purposes listed above by submitting their request via email to the Data Controller at

13.  Upon receipt of a customer’s written request to withdraw their consent, the Data Controller will process their request and notify them of the consequences of doing so, including any legal consequences which may affect their rights and liabilities to Sarah Whyte Consulting. In general, the Data Controller shall seek to process customers’ requests without undue delay. 

14.  Whilst the Data Controller respects customers’ right to withdraw their consent, please note that, the Data Controller may not be able to continue providing goods or services to you and the Data Controller shall, in such circumstances, notify customers of this immediately.

Access to & Correction of Personal Data

15.  If customers wish to make:

a)     an access request for access to a copy of the personal data which the Data Controller hold about you or information about the ways in which the Data Controller use or disclose your personal data, or

b)     a correction request to correct or update any personal data which the Data Controller holds, customers may submit their request via email to the Data Controller at

16.  The Data Controller will respond to customers’ requests as soon as reasonably possible.

Protection of Personal Data

17.  To safeguard customers personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, the Data Controller has introduced appropriate administrative, physical and technical measures such as up-to-date antivirus software, encryption and the use of privacy filters to secure all storage and transmission of personal data by Sarah Whyte Consulting, and disclosing personal data both internally and to Sarah Whyte Consulting’s authorised third party service providers

18.  Customers should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, the Data Controller strives to protect the security of y customers’ information and is constantly reviewing and enhancing Sarah Whyte Consulting’s information security measures. 

Reporting of Personal Data Breaches

19.  In the event of a security leak and/or the leaking of data, the Data Controller shall, to the best of its ability, inform customers and/or the relevant regulatory authority(ies) within 72 hours of the leak. This duty to report applies irrespective of the impact of the leak. The Data Controller will endeavour that the furnished information is complete, correct and accurate. 

20.  If required by law and/or regulation, the Data Controller shall cooperate in notifying the relevant authorities and/or customers. The Data Controller remains the responsible party for any statutory obligations in respect thereof. 

21.  The duty to report includes in any event the duty to report the fact that a leak has occurred, including details regarding: 

a)     the (suspected) cause of the leak;

b)    the (currently known and/or anticipated) consequences thereof;

c)     the (proposed) solution;

d)    the measures that have already been taken. 

Accuracy of Personal Data

22.  The Data Controller generally relies on personal data provided by customers (or their authorised representative). In order to ensure that customers’ personal data is current, complete and accurate, please update the Data Controller with changes to personal data by informing the Data Controller via email.

23.  The Data Controller will rectify any inaccurate personal data without undue delay.

Retention of Personal Data

24.  The Data Controller may retain customers’ personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

25.  The Data Controller will cease to retain customers’ personal data, or remove the means by which the data can be associated with customers, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

Transfer of Personal Data Outside of Singapore

26.  Aside from Sarah Whyte Consulting’s third-party service providers, the Data Controller generally does not transfer customers’ personal data to countries outside of Singapore. However, if the Data Controller does so, the Data Controller will obtain customers’ consent for the transfer to be made and the Data Controller will take steps to ensure that customers’ personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA and the GDPR.

Data Controller

27.  Customers may contact the Data Controller Dr Sarah Whyte if they have any enquiries or feedback on Sarah Whyte Consulting’s personal data protection policies and procedures, or if they wish to make any request, via email at

Effect of Notice and Changes to Notice

28.  This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of customers personal data by Sarah Whyte Consulting. 

29.  The Data Controller may revise this Notice from time to time without any prior notice. Customers may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Customers continued use of Sarah Whyte Consulting’s services constitutes their acknowledgement and acceptance of such changes.


30.  The Data Protection Notice and the implementation thereof will be governed by Singapore law. 

31.  Any dispute arising in connection with and/or arising from this Data Protection Notice will be referred to the competent Singapore court in the district where the Data Controller has its registered office.