Privacy Statement

Personal Data Protection

Your privacy is important to us. ACR Capital Holdings Pte Ltd and its subsidiaries (together referred to as “ACR Group”, “the Group”, or “we”) are committed to protecting the privacy of individuals whose personal data is provided to us. We recognise our responsibilities in relation to the data protection provisions under the Singapore Personal Data Protection Act 2012 (“PDPA”).ACR Group’s Personal Data Protection Statement can be found here

If you have any enquiries or feedback on our personal data protection policies and practices, wish to request for access to or change of your personal data, or will like to withdraw your prior consent, please complete and email or post to us the relevant request form(s):


Reach Us By Post

Data Protection Officer
ACR Capital Holdings Pte Ltd
6 Temasek Boulevard
#08-01 Suntec Tower 4
Singapore 038986

Reach Us By Email

Data Protection Officer


Your privacy is important to us. ACR Capital Holdings Pte Ltd and its subsidiaries (together referred to as “ACR Group”, “the Group” or “we”) are committed to protecting the privacy of individuals whose personal data is provided to us.


The purpose of this Personal Data Protection Statement (“Statement”) is to inform you on how the ACR Group manages personal data that is subject to provisions under the Singapore Personal Data Protection Act 2012 (“PDPA”). The PDPA’s Do-Not-Call provisions do not apply to the ACR Group.


“Personal data” refers to data, whether true or not, about an individual who can be identified from that data; and other information that the organisation has or is likely to have access to. It may refer to unique identifiers or a set of data which, when put together, would identify an individual. Whether a certain piece or set of data is personal data will depend on the context in which it is collected.


We will notify and obtain your consent before any use or disclosure of your personal data.

You will be notified of the purpose(s) for the collection, use or disclosure of your personal data unless:

  • a. You are deemed to have given your consent;
  • b. The data was collected before 2nd July 2014 and is used or disclosed for the same purpose for which it was collected;
  • c. The data falls within an exempted category of “other circumstances” for which your consent is not required under the PDPA or other legislation.

Depending on your relationship with us, for example, as an employee, job applicant, shareholder, director, shareholder or insured, personal data collected from you may include your name, passport or other identification numbers, telephone number(s), residential address, email address, bank account number, photographs, video image, names of your wife/children, employment and educational history, professional qualifications and affiliations etc.

Our customers are corporations and financial institutions including insurance firms and insurance intermediaries. Since these customers are organisations, not individuals, we do not collect, use or disclose customer personal data.

Our websites may also utilise *cookies, which allow our server to recognise a return visitor and collect information including, without limitation, the visitor’s IP address, time spent and pages visited on our websites. You can choose to disable the use of cookies at any time by changing the settings on your browser. This may mean however, that you may not be able to access certain section(s) of our websites. Finally, please note that we are not responsible for the privacy practices of websites operated by third parties that are linked to our websites, some of which may be co-branded with our logo or trademark.

*Cookies are small text files created on your computer when your web browser loads our websites, and which cannot access, read or modify any other data on your computer.


ACR Group collects, uses and discloses the personal data primarily for the following purposes:

  • a. Handling enquiries, feedback and requests;
  • b. Managing the personnel, administrative and business operations of the ACR Group and complying with internal policies and procedures in relation to compensation and benefits management, salary and taxation management, performance evaluation, training, remuneration benchmarking surveys and industry surveys;
  • c. Processing applications for positions that include pre-employment checks, such as background screening, reference checks, collecting information about candidates’ suitability for the position;
  • d. Complying with licence applications, regulatory reporting and disclosure requirements and ongoing fit-and-proper checks;
  • e. Preventing, detecting and investigating crime, including fraud and money-laundering, and analysing and managing commercial risks;
  • f. Compliance with any applicable laws, rules, regulations, codes of practices or guidelines or to assist in law enforcement and investigations with relevant authorities;
  • g. Processing applications for underwriting and claims transactions;
  • h. Varying, cancelling or renewing reinsurance policies;
  • i. Establishing, exercising or defending our legal rights and obligations.

ACR Group may make your personal data available, either within or outside of Singapore, to ACR Group’s related companies, and those who provide products or services to the ACR Group (such as professional advisors, insurers, lawyers, auditors, payroll administrators, recruitment agencies, vendors and other third party service providers), shareholders, regulatory authorities, potential or future employers, governmental or quasi-governmental organisations, potential purchasers of ACR Group or the business in which you work, and any other party to whom you authorise us to disclose your personal data to. Disclosures are made strictly on a need-to-know basis.


We will take reasonable measures to ensure that your personal data remains accurate and up-to-date. You can also keep us informed by email or post when there are updates to your personal data (please refer to item 10 for our contact information).


We will take reasonable steps to protect your personal data in our possession and ensure control against unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. We cannot however guarantee the security of your personal data in our possession, or that no harmful code will enter our website (for example bugs, viruses, Trojan horses, spyware etc.) which may compromise the security of your personal data in our possession. You should be aware of the risks associated with using websites including that of ACR Group. ACR Group accepts no liability whatsoever for any loss or misuse of your personal data should such loss or misuse arise from your usage of ACR website

We will cease to retain your personal data when it is reasonable to assume that the purpose for which the personal data was collected is no longer being served by retaining that personal data, and retention is no longer necessary for regulatory or business purposes.


You have the right to withdraw your consent, request for access to, and change your personal data that is in our possession or is being controlled by us.

Please note that:

  • a. You will be required to answer some questions as a means to verify your identity before we respond to your requests.
  • b. We will inform you of the consequences for withdrawal of consent. There are, however exceptions permitted under the PDPA whereby we are permitted to collect, use and disclose your personal data without consent. The exceptions from the need for consent include:
    • i. For purposes clearly in the interest of an individual;
    • ii. Where personal data is publicly available;
    • iii. Where the data is necessary for an investigation, proceedings or debt recovery;
    • iv. For the provision of or obtaining of legal services by the organization;
    • v. Where opinion data is kept solely for evaluative purposes.
  • c. We are not obligated to provide you access to your personal data in our possession based on exceptions permitted under the PDPA, which include:
    • i. if your personal data is part of opinion data that is kept solely for an evaluative purpose;
    • ii. if the burden or expense of providing access would be unreasonable to ACR Group or disproportionate to your interest;
    • iii. if the request is otherwise frivolous or vexatious.
  • d. We are not obligated to correct your personal data based on exceptions permitted under the PDPA, such as, in opinion data kept solely for an evaluative purpose.
  • e. We may charge you a reasonable fee for access to your personal data that reflects the time, effort and incremental costs incurred to respond to your request.

Any enquiries, feedback, consent withdrawals, requests for access and requests for change of individuals’ personal data that may arise in relation to the PDPA must be made in writing, with the relevant supporting forms or documents (where applicable) to the address below:

By Post to:

Data Protection Officer
ACR Capital Holdings Pte Ltd
6 Temasek Boulevard
#08-01 Suntec Tower 4
Singapore 038986

By Email to:

Data Protection Officer

We will respond to your enquiries within thirty (30) days from receiving your letter or email.


We will review and update this Statement from time to time to reflect changes to applicable laws and regulatory requirements or our business environment.