Privacy Policy
Last Updated: January 2025
noble-heights is committed to protecting your privacy and personal data. This policy explains how we collect, use, and safeguard your information in accordance with Singapore's Personal Data Protection Act (PDPA) and international privacy standards.
Data Controller Information
Company Details
Company: noble-heights Singapore
Address: 27 Mount Elizabeth, Orchard, Singapore 228516
Contact: [email protected]
Phone: +65 6418 9632
Regulatory Compliance
Jurisdiction: Singapore
Governing Law: Singapore Personal Data Protection Act (PDPA)
Supervisory Authority: Personal Data Protection Commission (PDPC)
Registration: Tourism Board Licensed Accommodation Provider
Information We Collect
Personal Information
We collect personal information that you provide directly to us when using our services:
- Contact Information: Name, email address, phone number, mailing address
- Booking Information: Property preferences, check-in/out dates, guest numbers, special requirements
- Communication Data: Messages sent through contact forms, email correspondence, phone call records
- Payment Information: Credit card details, billing addresses, transaction records (processed by secure third-party providers)
Automatically Collected Information
- Usage Data: IP address, browser type, device information, pages visited, time spent on site
- Cookie Data: Website preferences, session information, analytics data (see our Cookie Policy)
- Location Data: General geographic location based on IP address for service localization
Legal Basis for Processing
Consent
For marketing communications, cookies, and optional services where you have explicitly agreed.
Contract
To provide requested accommodation services, process bookings, and fulfill our contractual obligations.
Legitimate Interest
For business operations, security, fraud prevention, and improving our services.
Legal Obligation
For tax records, regulatory compliance, and legal reporting requirements.
How We Use Your Information
Service Delivery
Process bookings, arrange accommodations, provide concierge services, and deliver requested amenities.
Communication
Respond to inquiries, send booking confirmations, provide service updates, and offer customer support.
Business Operations
Maintain records, process payments, prevent fraud, ensure security, and comply with legal obligations.
Service Improvement
Analyze usage patterns, improve website functionality, develop new services, and enhance customer experience.
Marketing (with consent)
Send newsletters, promotional offers, property updates, and personalized recommendations to interested clients.
Data Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form submissions | 3 years | Business relationship maintenance |
| Booking and service records | 5 years | Customer service and dispute resolution |
| Financial and payment records | 7 years | Tax and regulatory compliance |
| Marketing communications | Until consent withdrawn | Marketing preferences |
| Website analytics data | 26 months | Google Analytics standard retention |
Data Sharing and Third Parties
Service Providers
We share personal data with trusted third-party service providers who assist in delivering our services:
- Payment processors for secure transaction handling
- Email service providers for communication delivery
- Analytics providers for website performance monitoring
- Cloud hosting services for data storage and processing
- Property management and concierge service partners
Data Protection Standards
All third-party service providers are required to maintain equivalent data protection standards, sign data processing agreements, and comply with applicable privacy laws.
Data Security Measures
Technical Safeguards
- 256-bit SSL encryption for all data transmission
- Secure cloud servers with regular security updates
- Multi-factor authentication for system access
- Encrypted data storage and backup systems
- Regular security monitoring and threat detection
Organizational Measures
- Staff training on data protection principles
- Role-based access controls and permissions
- Confidentiality agreements for all personnel
- Incident response procedures and protocols
- Regular security audits and assessments
Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify the relevant authorities within 72 hours and inform affected individuals without undue delay, in accordance with PDPA requirements.
Your Privacy Rights
Right to Access
Request access to your personal data and information about how we process it.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data under certain circumstances.
Right to Data Portability
Receive your personal data in a portable format for transfer to another service.
Right to Object
Object to processing of your personal data for direct marketing or legitimate interests.
Right to Withdraw Consent
Withdraw consent for processing at any time where consent is the legal basis.
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected] or use our contact form. We will respond to your request within 30 days.
You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) if you believe your privacy rights have been violated.
Privacy Questions & Contact
If you have questions about this privacy policy or how we handle your personal data, please contact our privacy team.