Privacy Policy for Mosaic Atelier Studio

Effective date: 7 May 2026

1. Introduction and company information

This Privacy Policy explains how Mosaic Atelier Studio (“we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data in connection with our design-studio services, website, communications, consultations, project work, and related business activities.

Mosaic Atelier Studio is the data controller responsible for your personal data under applicable Singapore privacy laws, including the Personal Data Protection Act 2012 of Singapore (“PDPA”).

Company details:

• Legal name: Mosaic Atelier Studio
• Address: Mosaic Atelier Studio, 36 Robinson Road, #12-01 City House, Singapore 068877, Singapore
• Email: [email protected]
• Phone: +65 6837 4926

By engaging with us, visiting our website, contacting us, or using our services, you acknowledge that your personal data may be handled in accordance with this Privacy Policy.

2. Data collection and processing

We may collect and process the following categories of personal data, depending on your interactions with us:

• Identity and contact data: name, email address, phone number, company name, job title, postal address, and other contact details.
• Project and service data: design briefs, preferences, specifications, feedback, correspondence, meeting notes, project requirements, and content you provide for design work.
• Billing and transaction data: invoicing details, payment status, billing address, and transaction records.
• Technical data: IP address, browser type, device information, operating system, referral source, pages visited, and usage data collected through cookies or similar technologies.
• Communication data: emails, messages, call records, consultation notes, and other communications with us.
• Marketing and preference data: your preferences regarding our services, newsletters, events, and promotional communications.
• Any other information you choose to provide: including files, images, mood boards, brand assets, or other materials relevant to our design services.

We generally collect personal data directly from you, but we may also receive it from third parties such as business partners, referral sources, payment providers, analytics providers, or publicly available sources where permitted by law.

3. Purpose of data processing

We process personal data for the following purposes:

• to respond to enquiries and provide quotations, proposals, and consultations;
• to assess project suitability and manage client onboarding;
• to deliver design-studio services, including creative development, project management, and client support;
• to communicate with you about your project, appointments, deliverables, and updates;
• to issue invoices, process payments, and manage accounts;
• to maintain business records, internal administration, and service quality;
• to improve our website, services, workflows, and customer experience;
• to send marketing communications where permitted and/or consented to;
• to comply with legal, regulatory, tax, accounting, and contractual obligations;
• to protect our rights, property, and safety, and to prevent fraud, misuse, or security incidents.

4. Legal basis for processing

Where applicable under Singapore law and, if relevant, other laws, we process personal data on one or more of the following bases:

• Consent: where you have given us consent to process your personal data for a specific purpose, including certain marketing activities.
• Contractual necessity: where processing is necessary to enter into or perform a contract with you, including providing design services and managing client relationships.
• Legitimate interests: where processing is necessary for our legitimate business interests, such as improving services, securing our systems, managing operations, and communicating with clients, provided such interests are not overridden by your rights and interests.
• Legal obligation: where processing is required to comply with applicable laws, regulations, court orders, or lawful requests from authorities.
• Business improvement and administrative purposes: where permitted under the PDPA and other applicable laws.

Where consent is required, you may withdraw it at any time, subject to legal or contractual restrictions and reasonable notice.

5. Data sharing and third parties

We may disclose personal data to third parties only where necessary and lawful, including:

• Service providers: IT hosting providers, cloud storage providers, email service providers, analytics providers, customer relationship management tools, and website support vendors;
• Professional advisers: lawyers, accountants, auditors, insurers, and consultants;
• Payment and banking partners: payment processors, financial institutions, and invoicing platforms;
• Business partners and subcontractors: freelancers, contractors, printers, photographers, developers, or other specialists engaged to assist with project delivery;
• Authorities and regulators: where required by law, court order, or lawful request;
• Successors in business: in connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards.

We require third parties to handle personal data in a manner consistent with applicable privacy obligations and only for the purposes for which the data was disclosed.

6. Data transfer to third countries

Some of our service providers or business partners may be located outside Singapore. As a result, your personal data may be transferred to, stored in, or accessed from countries outside Singapore.

Where such transfers occur, we will take reasonable steps to ensure that the recipient provides a standard of protection comparable to that required under applicable Singapore privacy laws, including appropriate contractual safeguards and security measures where appropriate.

7. Storage duration

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law, contract, or legitimate business needs.

Retention periods may vary depending on the type of data and the context in which it was collected. In general:

• client and project records may be retained for the duration of the project and for a reasonable period thereafter;
• billing, accounting, and tax records may be retained for the period required by applicable law;
• marketing data is retained until you unsubscribe, withdraw consent, or object where applicable;
• technical logs and security records are retained for a limited period unless needed for investigation, compliance, or legal proceedings.

When personal data is no longer required, we will delete, anonymise, or securely destroy it in accordance with our retention practices and legal obligations.

8. User rights (access, rectification, erasure, restriction, data portability, objection)

Subject to applicable law, you may have the following rights in relation to your personal data:

• Access: to request confirmation of whether we hold your personal data and to obtain a copy of it;
• Rectification: to request correction of inaccurate, incomplete, or outdated personal data;
• Erasure: to request deletion of personal data in certain circumstances;
• Restriction: to request that we limit the processing of your personal data in certain circumstances;
• Data portability: to request a copy of personal data you provided to us in a structured, commonly used, and machine-readable format, where applicable;
• Objection: to object to certain processing activities, including direct marketing where applicable.

To exercise any of these rights, please contact us using the details below. We may need to verify your identity before responding. We will respond within a reasonable time and in accordance with applicable law.

9. Withdrawal of consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time by contacting us at [email protected].

Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal. In some cases, withdrawing consent may affect our ability to provide certain services or communications to you.

10. Right to complain

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can address your concerns directly.

You also have the right to lodge a complaint with the Personal Data Protection Commission of Singapore (“PDPC”) or any other relevant supervisory authority if you believe your rights have been infringed or your personal data has been handled unlawfully.

11. Data security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction.

These measures may include access controls, password protection, secure storage, encryption where appropriate, staff confidentiality obligations, and vendor due diligence. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of any credentials or information you share with us and for notifying us promptly if you suspect any unauthorised access or security incident.

12. Contact information

If you have any questions, requests, or concerns regarding this Privacy Policy or our handling of personal data, please contact:

• Mosaic Atelier Studio
• Address: Mosaic Atelier Studio, 36 Robinson Road, #12-01 City House, Singapore 068877, Singapore
• Email: [email protected]
• Phone: +65 6837 4926

13. Changes to privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updated version will be posted on our website with a revised effective date.

We encourage you to review this Privacy Policy periodically to stay informed about how Mosaic Atelier Studio handles personal data. Your continued use of our services after any changes become effective constitutes your acknowledgment of the updated Privacy Policy, to the extent permitted by law.