Privacy policy

Last updated: 19 Nov 2025

1. Who we are

This Privacy Policy explains how ACID (“ACID”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data in the course of our business as a strategic communications consultancy.

We are based in Singapore and work with founders, senior leaders, and organisations in Asia Pacific and other international markets.

This policy covers:

  • Visitors to our websites and online properties

  • Prospective and existing clients and their teams

  • Media, analysts, partners, and event contacts

  • Talent, contractors, and other professional contacts

If you do not agree with this policy, please do not use our website or provide personal data to us.

2. The data we collect

The type of personal data we collect depends on how you interact with ACID. Broadly, we may collect:

2.1 Information you provide directly

  • Contact details

    • Name, job title, company, work email, phone number, country or city

  • Business correspondence

    • Emails, messages, meeting notes, briefing documents, feedback

  • Project and engagement information

    • Context you share about your company, role, stakeholders, communications challenges, and objectives

  • Media and stakeholder details

    • Name, role, publication or organisation, professional contact details and areas of interest, where relevant to outreach

  • Events and meetings

    • Registration information, attendance, dietary or accessibility preferences (where provided), and post-event feedback

  • Talent and partner information

    • CVs, portfolios, professional profiles, references, and any information you choose to share in the context of potential collaboration or work

2.2 Information collected automatically

When you visit our website or interact with our content, we may automatically collect:

  • Device and browser information

  • IP address and approximate location

  • Pages visited, time spent, and navigation paths

  • Referring sites or campaigns

  • Basic engagement metrics from emails and newsletters (such as opens and clicks)

This is typically collected through cookies, pixels, and similar technologies. See “Cookies and analytics” below.

2.3 Information from third parties

Where lawful, we may receive information from:

  • Public sources (company websites, public filings, LinkedIn and other public profiles, media coverage)

  • Referrals and partner firms

  • Event organisers and platforms

  • Third party tools used for CRM, email, analytics, or marketing

We use this information strictly for professional and business-related purposes.

3. How we use personal data

We process personal data only where it is relevant to our work as a communications consultancy. Typical uses include:

  • Providing and improving our services

    • Scoping, planning, and delivering communications, brand, media, and stakeholder engagement work

    • Preparing proposals, statements of work, and project documentation

    • Managing our relationship with you and your organisation

  • Communications and relationship management

    • Responding to enquiries and requests

    • Sharing updates relevant to ongoing work

    • Maintaining media, stakeholder, and partner contact lists for targeted outreach

  • Business development and marketing

    • Following up on inbound enquiries and referrals

    • Sending occasional updates, insights, or invitations that we reasonably believe may be relevant to you in a professional context

    • Understanding how people engage with our website and content so we can improve it

  • Operations, governance, and compliance

    • Invoicing, billing, and accounting

    • Managing contracts, NDAs, and similar agreements

    • Complying with legal obligations and responding to lawful requests from authorities

    • Protecting our rights, security, and the integrity of our services

Where we process personal data on behalf of a client (for example, media lists, stakeholder maps, or internal comms work), we do so in line with our contractual obligations and the client’s instructions.

4. Legal bases for processing

As a Singapore-based consultancy, we primarily operate under the Personal Data Protection Act (PDPA). Where applicable, for individuals in the UK or EU, we may also rely on legal bases under the UK GDPR or EU GDPR.

Depending on the situation, our legal bases may include:

  • Your consent, where you have actively agreed to a specific use (for example, receiving certain kinds of marketing communication, or sharing optional information in a form).

  • Contractual necessity, where processing is required to enter into or perform a contract or engagement with you or your organisation.

  • Legitimate interests, where we have a reasonable business interest that is not overridden by your rights and interests (for example, maintaining professional contact lists, basic business development, or ensuring network and information security).

  • Legal obligations, where we must process or retain certain data to comply with law or regulatory requirements.

You can object to processing based on legitimate interests or withdraw consent at any time by contacting us. This will not affect processing carried out before withdrawal.

5. How we share personal data

We do not sell your personal data.

We may share personal data in the following limited circumstances:

  • With service providers and partners

    • Providers of email, CRM, file storage, project management, and analytics tools

    • Event platforms and virtual meeting providers

    • Professional advisers such as accountants or lawyers

    These parties are given only the data necessary to perform their services and are expected to protect it appropriately.

  • With clients and stakeholders, where appropriate

    • For example, where your contact details are included in stakeholder maps or meeting lists, or where a client specifically requests an introduction or contact.

  • Where required by law or to protect rights

    • To comply with applicable laws, regulations, or legal processes

    • To respond to lawful requests from regulatory or government authorities

    • To investigate or protect against suspected fraud, security incidents, or harm to our rights or the rights of others

In client work, we follow the confidentiality and data handling requirements set out in our contracts and NDAs.

6. International transfers

We are headquartered in Singapore, and many of the tools we use are operated from other jurisdictions. This means your personal data may be stored or processed in countries outside your own.

Where required, we take steps designed to ensure that any international transfer is subject to appropriate safeguards, such as:

  • Contractual clauses or data protection agreements with our service providers

  • Assessing the privacy and security practices of vendors before engagement

If you would like further information on international transfers that relate to your data, please contact us.

7. Data retention

We retain personal data only for as long as is reasonably necessary for the purposes described in this policy, or as required by law, regulation, or professional obligations.

Broadly:

  • Project-related records and correspondence are typically retained for the duration of the engagement and a reasonable period afterwards for reference, audit, and potential dispute resolution.

  • Media and stakeholder contact details are retained while there is an ongoing professional relationship or reasonable expectation of future engagement, and removed when no longer relevant or upon request where applicable.

  • Financial and invoicing records may be retained for longer periods in line with legal and tax requirements.

When personal data is no longer required, we aim to delete it or anonymise it in a secure manner.

8. Cookies and analytics

Our website may use cookies, pixels, and similar technologies to:

  • Ensure the site functions properly

  • Remember basic preferences (for example, language)

  • Understand how visitors use our site and content so we can improve it

  • Measure basic performance of any campaigns directing traffic to our site

Where required by law, you will see a notice when you first visit the site that allows you to manage non-essential cookies.

You can usually control cookies through your browser settings, but disabling some types of cookies may affect how certain parts of the site function.

9. Marketing communications

We may, from time to time, send you:

  • Insights, articles, or content that may be relevant to you professionally

  • Invitations to events, briefings, or workshops

  • Occasional updates about ACID’s work and services

You can opt out of these communications at any time by:

  • Clicking the unsubscribe link provided in the email, or

  • Contacting us directly using the details below

We will continue to send non-promotional communications as needed where they relate to active engagements or necessary business correspondence.

10. Your rights

Depending on your location and applicable law, you may have some or all of the following rights in relation to your personal data:

  • Access – to know whether we hold your personal data and to request a copy.

  • Correction – to request that inaccurate or incomplete personal data be corrected or updated.

  • Deletion – to request that we delete your personal data in certain circumstances.

  • Restriction – to request that we limit the way we use your personal data in certain circumstances.

  • Objection – to object to certain types of processing, such as direct marketing or some processing based on our legitimate interests.

  • Data portability – to request that we provide certain personal data in a structured, commonly used, machine-readable format, where technically feasible and required by law.

  • Withdrawal of consent – where processing is based on consent, to withdraw that consent at any time.

We will respond to all legitimate requests within a reasonable period and in line with applicable law. We may need to verify your identity before acting on a request.

To exercise any of these rights, please contact us using the details below.

11. Children’s data

Our services and website are intended for professionals and organisations. We do not knowingly collect personal data from children under 18 in a targeted way.

If you believe we have collected personal data from a minor without appropriate consent, please contact us so we can address the issue.

12. Third-party links and content

Our website and materials may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices or content of those third parties.

We encourage you to review the privacy policies of any third-party sites or services you visit.

13. Information security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration, including:

  • Using reputable service providers with appropriate security measures

  • Restricting access to personal data to personnel and partners who need it for legitimate business purposes

  • Using passwords, access controls, and other safeguards for our systems and tools

However, no method of transmission or storage is completely secure. You share information with us at your own risk, and we encourage you to take appropriate precautions when sending sensitive information.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations.

When we do so, we will update the “Last updated” date at the top of this page. In cases of material change, we may also provide a more prominent notice.

Your continued use of our website or services after any changes are posted will indicate that you have read and understood the updated policy.

15. Contact us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

ACID Communications LLP
Email: hello@acidcomms.com

If you are based in a jurisdiction that provides a right to lodge a complaint with a data protection authority, you may also contact the relevant authority if you believe your rights have been infringed. We would, however, appreciate the opportunity to address your concerns first.