Privacy Policy

Last Updated: January 2025

noble-heights is committed to protecting your privacy and personal data. This policy explains how we collect, use, and safeguard your information in accordance with Singapore's Personal Data Protection Act (PDPA) and international privacy standards.

Data Controller Information

Company Details

Company: noble-heights Singapore

Address: 27 Mount Elizabeth, Orchard, Singapore 228516

Contact: [email protected]

Phone: +65 6418 9632

Regulatory Compliance

Jurisdiction: Singapore

Governing Law: Singapore Personal Data Protection Act (PDPA)

Supervisory Authority: Personal Data Protection Commission (PDPC)

Registration: Tourism Board Licensed Accommodation Provider

Information We Collect

Personal Information

We collect personal information that you provide directly to us when using our services:

  • Contact Information: Name, email address, phone number, mailing address
  • Booking Information: Property preferences, check-in/out dates, guest numbers, special requirements
  • Communication Data: Messages sent through contact forms, email correspondence, phone call records
  • Payment Information: Credit card details, billing addresses, transaction records (processed by secure third-party providers)

Automatically Collected Information

  • Usage Data: IP address, browser type, device information, pages visited, time spent on site
  • Cookie Data: Website preferences, session information, analytics data (see our Cookie Policy)
  • Location Data: General geographic location based on IP address for service localization

Legal Basis for Processing

Consent

For marketing communications, cookies, and optional services where you have explicitly agreed.

Contract

To provide requested accommodation services, process bookings, and fulfill our contractual obligations.

Legitimate Interest

For business operations, security, fraud prevention, and improving our services.

Legal Obligation

For tax records, regulatory compliance, and legal reporting requirements.

How We Use Your Information

Service Delivery

Process bookings, arrange accommodations, provide concierge services, and deliver requested amenities.

Communication

Respond to inquiries, send booking confirmations, provide service updates, and offer customer support.

Business Operations

Maintain records, process payments, prevent fraud, ensure security, and comply with legal obligations.

Service Improvement

Analyze usage patterns, improve website functionality, develop new services, and enhance customer experience.

Marketing (with consent)

Send newsletters, promotional offers, property updates, and personalized recommendations to interested clients.

Data Retention Periods

Data Type Retention Period Reason
Contact form submissions 3 years Business relationship maintenance
Booking and service records 5 years Customer service and dispute resolution
Financial and payment records 7 years Tax and regulatory compliance
Marketing communications Until consent withdrawn Marketing preferences
Website analytics data 26 months Google Analytics standard retention

Data Sharing and Third Parties

Service Providers

We share personal data with trusted third-party service providers who assist in delivering our services:

  • Payment processors for secure transaction handling
  • Email service providers for communication delivery
  • Analytics providers for website performance monitoring
  • Cloud hosting services for data storage and processing
  • Property management and concierge service partners

Data Protection Standards

All third-party service providers are required to maintain equivalent data protection standards, sign data processing agreements, and comply with applicable privacy laws.

Data Security Measures

Technical Safeguards

  • 256-bit SSL encryption for all data transmission
  • Secure cloud servers with regular security updates
  • Multi-factor authentication for system access
  • Encrypted data storage and backup systems
  • Regular security monitoring and threat detection

Organizational Measures

  • Staff training on data protection principles
  • Role-based access controls and permissions
  • Confidentiality agreements for all personnel
  • Incident response procedures and protocols
  • Regular security audits and assessments

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify the relevant authorities within 72 hours and inform affected individuals without undue delay, in accordance with PDPA requirements.

Your Privacy Rights

Right to Access

Request access to your personal data and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Data Portability

Receive your personal data in a portable format for transfer to another service.

Right to Object

Object to processing of your personal data for direct marketing or legitimate interests.

Right to Withdraw Consent

Withdraw consent for processing at any time where consent is the legal basis.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or use our contact form. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) if you believe your privacy rights have been violated.

Privacy Questions & Contact

If you have questions about this privacy policy or how we handle your personal data, please contact our privacy team.

Email: [email protected]
Phone: +65 6418 9632
Address: 27 Mount Elizabeth, Orchard, Singapore 228516
Response Time: Within 30 days