Privacy Policy

1. Who we are

INDesign Marketing Services ("we", "us", "our") is the organisation responsible for this website and the personal data collected through it.

• Legal entity: INDesign Marketing Services
• UEN: 53201307K
• Registered address: No. 12 Purvis Street, #02-559, Singapore 188591
• Website: https://indesignms.com
• Email: info@indesignms.com
• Phone: +65 8840 2273
• Data Protection Officer: info@indesignms.com

Under Singapore's Personal Data Protection Act 2012 ("PDPA") we are the organisation responsible for your personal data. Under the EU General Data Protection Regulation and UK GDPR we act as the data controller. Under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") we are the business.

2. Scope and applicable laws

This policy applies to all personal data we collect through indesignms.com and its subdomains, including quiz interactions, email subscriptions, and contact forms.

This policy is designed to satisfy the requirements of:

• Singapore Personal Data Protection Act 2012 (PDPA), including the Personal Data Protection (Notification of Data Breaches) Regulations 2021
• Singapore Spam Control Act 2007
• EU General Data Protection Regulation (Regulation 2016/679) — note: we do not actively serve EU visitors; see Section 16
• UK General Data Protection Regulation — note: we do not actively serve UK visitors; see Section 16
• California Consumer Privacy Act as amended by CPRA
• U.S. Children's Online Privacy Protection Act (COPPA)
• Google Ads advertising policies and remarketing privacy requirements
• Meta Business Tools Terms

3. What personal data we collect

We collect the following categories of personal data:

We do not knowingly collect: financial account numbers, credit card details, passwords, government identifiers, health information, precise geolocation, or biometric data.

4. How we collect personal data

• Directly from you when you complete our quiz, submit a contact form, subscribe to our email list, or correspond with us.
• Automatically via cookies, web beacons, pixel tags, and server logs when you browse the website.
• From third parties such as Google, Meta, and our email service provider, who provide us with aggregated analytics and advertising performance data.

5. Purposes of processing

We use personal data for the following purposes:

1. Delivering the quiz experience — calculating your archetype, displaying results, sending your result by email.
2. Email marketing — sending helpful tips, educational content, and promotional offers (only with your consent or as permitted under PDPA deemed consent for existing customers).
3. Affiliate marketing — recommending relevant products and services; tracking click-throughs for commission accounting.
4. Advertising — measuring ad performance, building lookalike audiences, remarketing to past visitors, and targeting personalised ads on Google and Meta platforms.
5. Analytics and improvement — understanding how visitors use our site so we can improve content and user experience.
6. Security and fraud prevention — detecting suspicious activity, preventing automated abuse, protecting our systems.
7. Legal compliance — responding to lawful requests, enforcing our terms, and meeting regulatory obligations.

6. Legal bases for processing (GDPR / UK GDPR)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract (Art. 6(1)(b)): delivering the quiz result you requested.
• Consent (Art. 6(1)(a)): marketing emails, advertising cookies, profiling for personalised ads. You may withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)): aggregate analytics, security, and fraud prevention. You may object at any time.
• Legal obligation (Art. 6(1)(c)): responding to lawful government requests and tax/accounting records.

7. Cookies and tracking technologies

We use cookies and similar technologies to operate the website, analyse usage, and deliver advertising. Our cookie categories are:

• Necessary — required for the site to function (e.g., cookie consent record). Always active.
• Analytics — help us understand how visitors use the site (Google Analytics). Active only with your consent.
• Marketing — enable personalised advertising and measurement (Google Ads, Meta Pixel, Microsoft UET). Active only with your consent.

See our full Cookie Policy for the list of specific cookies, their providers, purposes, and durations.

Google Consent Mode v2

We implement Google Consent Mode version 2 on this site. Until you grant marketing consent, all advertising signals to Google (ad_storage, ad_user_data, ad_personalization, analytics_storage) remain set to "denied" for visitors in the EEA, UK, Switzerland, and California.

Global Privacy Control

We honor the Global Privacy Control ("GPC") browser signal as a valid request to opt out of the sale or sharing of your personal information. If your browser sends Sec-GPC: 1, we automatically disable advertising cookies and signal to Google and Meta not to use your data for personalised advertising.

8. Third parties we share personal data with

We share personal data only with service providers who help us operate the business, and only to the extent necessary. Current recipients include:

We do not sell personal data in the traditional sense of exchanging it for money. However, under California CCPA/CPRA's broader definition of "sharing for cross-context behavioural advertising," our use of Google Ads and Meta Pixel may constitute "sharing." California residents can opt out — see Section 15 or visit our Your Privacy Choices page.

9. Google advertising disclosures

The following disclosures are required by Google Ads advertising policies (support.google.com/google-ads/answer/2549063) because we use Google remarketing, Customer Match, and Enhanced Conversions.

We use Google Ads remarketing, Customer Match, and Enhanced Conversions features. Third-party vendors, including Google, show our ads on sites across the Internet. Third-party vendors, including Google, use cookies and device identifiers to serve ads based on your past visits to this website.

We may share customer data (including hashed email addresses) with Google so Google can perform ad measurement, attribution, and targeting services on our behalf. Google processes this data in accordance with its own privacy policy.

You can opt out of Google's use of cookies for personalised advertising by visiting Google Ads Settings. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on. You can opt out of third-party vendors' use of cookies for personalised advertising by visiting aboutads.info or networkadvertising.org.

Google's privacy policy is available at policies.google.com/privacy. Information about Google's advertising partners is available at policies.google.com/technologies/partner-sites.

10. Meta Pixel and advertising disclosures

We use Meta Business Tools (Meta Pixel and Conversions API) provided by Meta Platforms, Inc. These tools collect device information, IP address, browser type, pages viewed, quiz completion events, and hashed email addresses to measure advertising effectiveness, build Custom and Lookalike Audiences, and deliver personalised ads on Facebook, Instagram, and across Meta's advertising network.

Meta acts as an independent controller for its own purposes and as a joint controller with us for certain processing under the Meta Controller Addendum (facebook.com/legal/controller_addendum).

You may manage your ad preferences on Meta at facebook.com/adpreferences and review Meta's privacy policy at facebook.com/privacy/policy.

11. International data transfers

Personal data may be transferred from Singapore to the United States (where Google, Meta, Microsoft, ClickBank, and WarriorPlus are located) and other countries. We ensure a comparable standard of protection, as required by PDPA Section 26, through:

• Service provider contracts that require compliant handling of personal data.
• Reliance on the recipient's certifications and recognized privacy frameworks where available.
• The EU Standard Contractual Clauses (Commission Implementing Decision 2021/914) where we process data of EU residents.

12. Data retention

13. Security measures

We implement reasonable technical and organisational measures consistent with PDPA Section 24 and GDPR Article 32, including: TLS encryption in transit, access controls on administrative systems, principle of least privilege, vendor due diligence, periodic security reviews, and data minimisation. No transmission over the Internet is 100% secure; we cannot guarantee absolute security but we work hard to protect your data.

14. Your rights

Depending on where you live, you have the following rights:

All visitors (Singapore PDPA baseline)

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate or incomplete data.
• Withdraw consent: withdraw your consent to marketing at any time.
• Complaint: lodge a complaint with the Personal Data Protection Commission of Singapore (pdpc.gov.sg).

California residents (CCPA/CPRA)

See Section 15.

How to exercise your rights

Email info@indesignms.com with the subject "Privacy Rights Request" or use the form on our Your Privacy Choices page. We respond within 30 days (or sooner where required by law). We may need to verify your identity before fulfilling a request.

15. California privacy rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by CPRA:

• Right to know what personal information we collect, use, disclose, and share.
• Right to delete personal information we have collected from you (subject to exceptions).
• Right to correct inaccurate personal information.
• Right to opt out of sale/sharing of your personal information, including for cross-context behavioural advertising.
• Right to limit use of sensitive personal information (we do not use sensitive personal information for secondary purposes).
• Right to non-discrimination for exercising any of your rights.

Categories of personal information collected in the past 12 months

• Identifiers (email, IP address, cookie IDs)
• Internet or electronic network activity (browsing, pages viewed, quiz answers)
• Inferences (archetype assignment)

Categories we "sell" or "share"

We do not sell personal information in the traditional sense. However, our use of Google Ads and Meta Pixel constitutes "sharing for cross-context behavioural advertising" under CPRA. The categories shared are identifiers and internet activity.

How to opt out

Click Your Privacy Choices in the footer of any page, or enable the Global Privacy Control signal in your browser. We honor GPC automatically.

We do not knowingly sell or share personal information of consumers under 16 years of age.

16. EU / UK / EEA visitors

If you are an EU/UK/EEA resident and have a privacy concern, please contact info@indesignms.com and we will cooperate in good faith.

17. Children's privacy

Our services are not directed to children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have collected personal data from a child without proper consent, please contact info@indesignms.com and we will promptly delete it.

Under the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. Under California law, we do not knowingly sell or share personal information of consumers under 16.

18. Data breach notification

In the unlikely event of a data breach that is likely to result in significant harm to individuals or affects 500 or more individuals, we will notify the Personal Data Protection Commission of Singapore within 3 calendar days of the assessment as required by the Personal Data Protection (Notification of Data Breaches) Regulations 2021, and will notify affected individuals as soon as practicable.

19. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page with an updated "Last updated" date at the top. Material changes will be communicated to email subscribers. Please review this page periodically.

20. Contact us