Privacy Policy

• Information you give us. Your name, email address, and the contents of your message or booking — including any company name, project details, or scheduling preferences you choose to include — when you contact us or book a call.
• Engagement records. Information needed to deliver and bill the services, such as billing contact details and correspondence. Online payments are handled by our payment provider; we do not receive or store your card or banking details.
• Basic analytics. Standard, aggregate usage information such as pages viewed and approximate region, used to understand how the site is used. We do not build advertising profiles.

Please do not send us sensitive personal data unless we have specifically asked for it.

• To respond to your enquiry, schedule and hold a discovery call, and prepare a quotation.
• To deliver, manage, and bill an engagement you have asked us to carry out.
• To keep records we are required to keep, and to maintain the security of our systems.
• To understand, in aggregate, how the website is used so we can improve it.

We do not sell your personal data, and we do not use it for unrelated marketing without your consent.

We process personal data because you have consented by submitting it to us, because it is necessary to take steps at your request or to perform a contract with you, or because we have a legitimate or legal need to do so (such as keeping accounting records). Where we rely on your consent, you can withdraw it at any time, as described below.

We share personal data only with the service providers (data processors) we need to deliver what you have asked for, and only as far as they need it. These include:

• Billplz — our payment provider, where you choose to pay online. You enter your payment details with them directly.
• Our scheduling provider — used to offer and confirm discovery-call time slots.
• Hosting and analytics providers — who run the infrastructure the site operates on.

We may also disclose personal data where the law requires it. We require our processors to protect personal data and to use it only on our instructions.

We keep personal data only as long as we need it for the purpose it was collected: enquiry and booking details for as long as needed to follow up, and engagement and billing records for as long as required by law and our legitimate business needs. We then delete or anonymise it.

We take reasonable practical steps to protect personal data against loss, misuse, and unauthorised access, including access controls and reputable, secured service providers. No method of transmission or storage is completely secure, but we work to keep data protected in line with the PDPA Security Principle.

Under the PDPA you may ask us to:

• Access the personal data we hold about you.
• Correct it where it is inaccurate or incomplete.
• Limit how we process it, or withdraw a consent you have given.

To exercise any of these, email hello@hemmingle.com with enough detail to identify your request. We will respond within a reasonable time. Withdrawing consent may mean we can no longer provide a service that depends on the data.

We may update this policy from time to time; the date above shows when it last changed. For any privacy question, or to reach the person responsible for data protection at Hemmingle, email hello@hemmingle.com.