Marshall Consulting Pte Ltd 

Privacy Policy  

Last updated: 5 May 2026

Marshall Consulting Pte. Ltd. ("we," "us," "our") is committed to protecting your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This policy explains what data we collect, why, how we protect it, and the rights you have in relation to it.

1. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the PDPA. To contact our DPO — to access or correct your personal data, withdraw consent, or raise a privacy concern — please use our contact form and select "A privacy / PDPA matter" under "I'm interested in...". We aim to respond within 30 days.

2. What we collect and why

We collect personal data through inquiry forms, email, and the course of providing professional services. The categories we collect include:

  • Identifying and contact information — your name, email address, phone number, and (where relevant) organizational affiliation
  • Information you choose to share in your inquiry — anything you tell us about what you're seeking
  • Where you become a client — clinical, coaching, or session-related information necessary to provide our services, including notes, assessments, and correspondence

We collect this data only for the purposes notified to you at or before the point of collection.

3. Clinical records

Clinical and session information is treated with heightened confidentiality, consistent with the ethical standards of psychological practice and Singapore law. In line with Ministry of Health retention guidelines for psychological records, clinical records are retained for at least 7 years from the date of the last session, after which they are securely destroyed. Where the client was a minor at the time of service, records are retained until at least 7 years after the client reaches the age of 21. Records of deceased clients are retained for at least 5 years from the date of death.

4. Third parties who process data on our behalf

To deliver our services, we use trusted service providers in the following categories:

  • Website hosting and content delivery (Squarespace, Vercel)
  • Website analytics (Google Analytics)
  • Embedded content (YouTube videos)
  • Scheduling and bookings (Acuity Scheduling)
  • Video sessions (Zoom)
  • Payments (Stripe, PayPal, CardUp, Wise, and direct bank transfer)
  • Email and correspondence (Google Workspace / Gmail, Superhuman)
  • Newsletters and marketing emails (Mailchimp)
  • Transactional email (Resend)
  • Session transcription tools (Otter.ai, Granola) — used only after the client has given verbal consent within the session. Recordings and transcripts are deleted from these providers' servers after use.

These providers process personal data only on our instructions and under contractual obligations to protect it.

5. Overseas transfers

Several of the providers listed above store or process data outside Singapore (primarily in the United States and Europe). Where this occurs, we take reasonable steps to ensure your data receives a standard of protection comparable to that under the PDPA, including by using providers that publish privacy commitments and security certifications (such as SOC 2 or ISO 27001).

6. Cookies and analytics

Our website uses cookies and similar technologies to operate the site, understand how visitors use it, and embed third-party content. Specifically:

  • Essential cookies set by Squarespace and Vercel to deliver the site
  • Analytics cookies set by Google Analytics, which collect anonymized usage data to help us improve the site
  • Third-party cookies set by embedded YouTube videos when those videos load

You can disable or delete cookies through your browser settings. Doing so will not prevent you from using the site, but some features may be affected.

Outbound links: Our site contains a link to my LinkedIn profile. Clicking it takes you to a third-party site governed by LinkedIn's own privacy policy.

7. Security and retention

We apply reasonable administrative, technical, and physical safeguards to protect personal data against loss, theft, and unauthorized access, use, or disclosure. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law (see Section 3 for clinical records).

8. Your rights

You have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • withdraw consent for our continued use of your data, subject to legal or contractual obligations.

Requests should be directed to our DPO via the contact form.

9. Data breaches

In the event of a data breach that is likely to result in significant harm to affected individuals, or that affects a significant number of individuals, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA.

10. Complaints

If you have a privacy concern, please contact our DPO in the first instance. If you are not satisfied with our response, you may escalate the matter to the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the current version. For material changes affecting active clients, we will provide notice by email.