+65 9340 7012Get a Quote
Privacy Policy
Legal

Privacy Policy

How AXIS LINK PTE. LTD. collects, uses, discloses, and protects personal data under Singapore's Personal Data Protection Act 2012.

Version2.1
Effective Date1 June 2025
Last Reviewed1 June 2025
JurisdictionRepublic of Singapore

1. Introduction and Scope

AXIS LINK PTE. LTD. ("AXIS LINK", "we", "our", "us") is a company incorporated in Singapore and registered with the Monetary Authority of Singapore (MAS) as an insurance intermediary. We are committed to safeguarding the privacy and personal data of our clients, website visitors, business contacts, and all individuals whose data we process.

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data in compliance with the Personal Data Protection Act 2012 (PDPA) of Singapore and its associated regulations and advisory guidelines issued by the Personal Data Protection Commission (PDPC).

This Policy applies to all personal data processed by AXIS LINK in connection with our insurance brokerage and financial planning services, our website at axislinkpte.com, and all related digital and physical communications. By engaging our services or submitting personal data via our website, you consent to the practices described in this Policy unless consent is withdrawn in accordance with Section 9 below.

2. Definitions

For the purposes of this Policy, the following terms have the meanings set out below:

  • Personal Data — any data about an individual who can be identified from that data, or from that data combined with other information we have access to.
  • Processing — any operation performed on personal data, including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, or erasure.
  • Data Subject — the individual to whom the personal data relates.
  • Insurer — any licensed general insurer or life insurer with whom AXIS LINK places or arranges insurance on behalf of clients.
  • Third Party — any entity other than AXIS LINK and the data subject.

3. Categories of Personal Data We Collect

Depending on the service you require, we may collect and process the following categories of personal data:

3.1 Identity and Contact Data

  • Full legal name, NRIC/FIN number, passport number
  • Date of birth, gender, nationality
  • Residential and mailing address
  • Email address, telephone and mobile numbers

3.2 Financial and Employment Data

  • Occupation, employer name, employment status
  • Annual income and gross monthly earnings
  • Existing financial products and insurance holdings
  • Bank account details (where required for premium payments or claim settlements)
  • CPF account information (where relevant to financial planning advice)

3.3 Insurance-Specific Data

  • Vehicle registration numbers, make, model, and year of manufacture
  • Property address, type, and valuation
  • Claims history and no-claims discount (NCD) records
  • Health declarations and medical history (for health and life-related products)
  • Travel itinerary and passport details (for travel insurance)
  • Business registration details, revenue, and employee headcount (for commercial insurance)

3.4 Technical and Usage Data

  • IP address, browser type and version, device identifiers
  • Pages visited, time spent on the Site, referring URLs
  • Cookie and tracking technology data (see our Cookie Policy)

4. How We Collect Personal Data

We collect personal data through the following channels:

  • Directly from you — via enquiry forms, telephone calls, email correspondence, office visits, or during the policy quotation and application process.
  • From insurers and intermediaries — where a policy is transferred to us from another broker, or where an insurer shares relevant data as part of an underwriting or claims process.
  • From publicly available sources — such as the Accounting and Corporate Regulatory Authority (ACRA) for business information, or other public registers.
  • Through our website — via contact forms, chat tools, cookies, and analytics services.

5. Purposes of Collection and Use

We collect and use personal data for the following purposes:

  • Providing insurance quotations and arranging insurance policies on your behalf
  • Submitting applications to insurers and managing policy documentation
  • Conducting identity verification and anti-money laundering (AML) checks as required by MAS
  • Processing premium payments and reconciling accounts
  • Assisting with insurance claims — preparation, submission, and follow-up
  • Managing policy renewals and providing proactive coverage reviews
  • Providing financial planning advice and recommendations
  • Complying with legal, regulatory, and reporting obligations
  • Maintaining internal business records and audit trails
  • Sending service-related communications (policy documents, renewal reminders)
  • Sending marketing communications about relevant products and services (with your consent)
  • Improving the functionality, content, and user experience of our website
  • Responding to enquiries, complaints, and feedback

6. Legal Basis for Processing

We process personal data on one or more of the following lawful bases under the PDPA:

  • Consent — where you have given explicit consent for a specific purpose, including marketing communications.
  • Contractual necessity — where processing is necessary to perform a contract with you (e.g., arranging and administering your insurance).
  • Legal obligation — where we are required by Singapore law or MAS regulation to process your data.
  • Legitimate interests — where processing is necessary for our legitimate business interests, such as fraud prevention, business analytics, and service improvement, provided these interests are not overridden by your rights.

7. Disclosure of Personal Data

We may disclose your personal data to the following categories of recipients for the purposes described in Section 5:

  • Insurers — to obtain quotations, underwrite policies, and process claims.
  • Reinsurers — where an insurer passes risk to a reinsurer as part of their risk management.
  • Loss adjusters and claims investigators — during the assessment and settlement of claims.
  • Credit reference agencies and fraud prevention bodies — to verify identity and prevent financial crime.
  • MAS, the PDPC, and other regulatory authorities — where required by law or regulatory direction.
  • Law enforcement agencies — where required by court order or statutory obligation.
  • Professional advisors — lawyers, auditors, and accountants acting under strict confidentiality obligations.
  • Technology and service providers — IT systems, cloud storage, and CRM providers operating under data processing agreements that ensure PDPA compliance.

We do not sell, rent, or trade personal data to third parties for marketing purposes. Any data sharing is limited to what is necessary for the stated purpose.

8. International Data Transfers

Some of our insurer partners and technology service providers operate or store data outside Singapore. Where personal data is transferred to countries that do not have equivalent data protection standards to Singapore, we take appropriate measures to ensure adequate protection, including contractual safeguards and data processing agreements that impose PDPA-equivalent obligations on recipients.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, contractual, or regulatory requirements. The following minimum retention periods apply:

Data Category Retention Period Basis
Policy documents and correspondence 7 years from policy expiry MAS regulatory requirement
Claims records 7 years from claim settlement Legal and regulatory
Financial planning records 6 years from last advice FAA / MAS guidelines
Identity verification records 5 years after business relationship ends AML/CFT obligations
Website enquiry data 2 years from last contact Legitimate interest
Marketing consent records Until consent withdrawn + 1 year PDPA compliance

At the end of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents recovery.

10. Your Rights Under the PDPA

As a data subject, you have the following rights under the PDPA:

  • Right of access — to request a copy of the personal data we hold about you and information about how it is used.
  • Right of correction — to request correction of inaccurate or incomplete personal data.
  • Right to withdraw consent — to withdraw consent for any processing based on consent, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to data portability — to request that we provide your personal data in a machine-readable format where technically feasible.

To exercise any of these rights, contact our Data Protection Officer at support@axislinkpte.com or in writing to our registered office. We will respond within 30 days of receiving your request. We may require proof of identity before processing your request.

11. Data Security

We implement a range of technical and organisational security measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These include:

  • TLS/SSL encryption for all data transmitted via our website and email systems
  • Role-based access controls limiting data access to authorised personnel only
  • Regular staff training on data protection obligations and security practices
  • Secure physical document handling and disposal protocols
  • Periodic security reviews and vulnerability assessments of our digital systems
  • Incident response procedures for detecting and responding to personal data breaches

In the event of a data breach that poses a significant risk of harm, we will notify the PDPC and affected individuals in accordance with the Mandatory Data Breach Notification requirements under the PDPA.

12. Cookies

Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for a full explanation of the types of cookies we use, their purposes, and how to manage your cookie preferences.

13. Children's Privacy

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from children under 18 without the consent of a parent or legal guardian. If we become aware that personal data has been collected from a child without appropriate consent, we will take steps to delete that information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance. The version number and effective date at the top of this page will be updated accordingly. Material changes will be communicated to you by email or via a prominent notice on our website prior to the change taking effect. Your continued use of our services after the effective date of any update constitutes acceptance of the revised Policy.

15. Data Protection Officer & Contact

For any queries, complaints, or requests relating to your personal data or this Privacy Policy, please contact our Data Protection Officer:

AXIS LINK PTE. LTD.
Data Protection Officer
143 Potong Pasir Avenue 2, #11-16
Singapore 350143
Email: support@axislinkpte.com
Phone: +65 9340 7012

If you are not satisfied with our response, you may also lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.