Privacy Policy

Buildwick Engineering Pte Ltd ("Buildwick", "we", "us", "our") respects your privacy and is committed to protecting your personal data in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA"). This Privacy Policy explains how we collect, use, disclose, retain, transfer and protect personal data you provide to us through this website (buildwick.sg) or in the course of our business.

We may collect the following categories of personal data:

• Contact details (name, email, phone, company, designation)
• Correspondence and enquiry content sent to us
• Tender, quotation, project specification and related documents
• Browser and device information when you visit our website (IP address, browser type, pages visited, referrer)
• Cookies set by our hosting provider for security and bot mitigation (see Section 11)
• Other data you voluntarily provide

We use personal data for purposes including:

• Responding to enquiries and providing information about our services
• Processing tender, quotation and project requests
• Compliance with legal, regulatory and contractual obligations (BCA, MOM WSH, PDPA, ACRA)
• Internal record-keeping, audit, quality assurance and continuous improvement
• Direct communications about ongoing or related projects (where consent is given)

We will only collect, use or disclose personal data for purposes that you have been notified of, unless an exception under the PDPA applies.

By providing personal data to us, you consent to its collection, use and disclosure for the purposes set out in this Policy. You may withdraw consent at any time by writing to our Data Protection Officer at the address in Section 9. Withdrawal of consent may affect our ability to provide services to you. We will respond to withdrawal requests within 14 days.

Personal data will not be disclosed to third parties without your consent except where required by law or to:

• Our service providers (cloud hosting, email, IT support, professional advisers) acting on our behalf and bound by confidentiality obligations consistent with the PDPA
• Government agencies, regulators, law enforcement or courts as required
• Project counterparties (consultants, sub-contractors, principals) where necessary for the performance of a contract

Personal data may be transferred outside Singapore as part of our use of cloud infrastructure providers (such as Cloudflare for website hosting and Vodien for email services). Where such transfers occur, we take reasonable steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection at least comparable to that under the PDPA, in accordance with PDPA Section 26 and the Personal Data Protection Regulations 2021.

We implement reasonable administrative, technical and physical safeguards to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks — including HTTPS encryption in transit, access controls, and vendor due diligence on processors.

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws, after which it is securely deleted or anonymised. Project records are typically retained for the duration of contractual obligations plus statutory limitation periods.

You may request access to or correction of your personal data, or withdraw your consent to its continued use, by contacting our Data Protection Officer at the details below. We may charge a reasonable administrative fee for access requests. We will respond to access and correction requests within 30 days where reasonably practicable, and notify you of our response.

In the event of a data breach that is likely to result in significant harm to affected individuals or is of a significant scale, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable, and in any event within the timeframes prescribed under the PDPA Part VIA Data Breach Notification obligation (currently within 72 hours of assessment).

Our website uses essential cookies set by our hosting provider (Cloudflare) for security and bot mitigation. We do not use tracking cookies, advertising cookies or third-party analytics that profile individuals. If this changes, we will update this Policy and provide an appropriate consent mechanism.

We have implemented internal data protection policies and practices in line with our obligations under the PDPA, including the appointment of a Data Protection Officer, regular review of our processing activities, and staff awareness on personal data handling.

For questions, requests, withdrawals of consent or complaints regarding personal data, please contact:

We may update this Privacy Policy from time to time. The latest version will always be available on this page with the "Last updated" date above. Material changes will be communicated via prominent notice on the website.