CGWA Logo
Download App
CGWA Logo

Data Protection

Personal Data Protection Policy

1. Introduction

This policy outlines our practices regarding the collection, use, and protection of personal data in compliance with the Singapore Personal Data Protection Act 2012 (PDPA). We are committed to safeguarding the personal data of our clients and ensuring its confidentiality. We recognise the importance of proper management, protection, and processing of personal data that you have entrusted to us. 

2. Definition of Personal Data

“Personal Data” refers to any data that can identify an individual, whether true or not. This includes, but is not limited to, the following: 

  • Full name 
  • NRIC / Passport number 
  • Date of birth 
  • Gender 
  • Marital status 
  • Contact details 
  • Employment status 
  • Financial information 
  • Residential address 
  • Email address 
  • Phone number (including mobile) 
  • Occupation 
  • Income details 
  • Education level 
  • Dependents’ details 
  • Bank account / credit card details 
  • Photographs and images 
  • Other information, as may be required in the respective forms 

3. Purpose of Data Collection 

We collect personal data for the following purposes: 

  • Providing financial advisory services 
  • Managing and processing applications for financial products 
  • Responding to client inquiries and providing after-sales services 
  • Complying with legal and regulatory requirements 
  • Prospecting for potential clients through various channels 
  • Fact-finding of potential clients’ financial needs 
  • Developing financial plans for clients and recommending investment and / or insurance products 
  • Assisting clients to apply for recommended investment and / or insurance products through the relevant financial companies or institutions 
  • Keeping clients informed of new investment and insurance products that may be relevant to them 
  • Market research and analysis (using anonymised data) 

4. Consent and Withdrawal 

We require consent from individuals before collecting, using, or disclosing their personal data. Individuals may withdraw their consent at any time by contacting our Data Protection Officer. Please note that withdrawing consent may affect our ability to provide certain services. If you choose to withdraw consent previously given to us, you may opt out by sending a clearly worded email or mail to the Data Protection Officer. Your request shall be processed within 30 days. 

5. Disclosure of Personal Data 

We may disclose personal data to third parties such as regulators, financial institutions, service providers, and legal advisors, as necessary to fulfil the purposes outlined in this policy. This includes: 

  • Regulators and law enforcement officials 
  • Financial institutions providing investment and insurance products 
  • Lawyers and auditors 
  • Third-party service providers and consultants 
  • Credit, debit, and charge card companies, banks, and other entities processing payment 
  • Any agent or subcontractor acting on our behalf for the provision of our services 

 

We may also disclose your personal data in the occurrence of any of the following events: 

  • To the extent that we are required to do so by law 
  • In connection with any legal proceedings or prospective legal proceedings 
  • To establish, exercise or defend our legal rights 
  • To any person and / or entity for the purpose of processing such information on our behalf 
  • To third parties who provide services to us or on our behalf 
  • With your consent 
  • For the purposes of disaster recovery 

6. Data Protection Measures 

We employ physical, managerial and technical safeguards to protect personal data from unauthorised access, use, or disclosure. These measures include: 

  • Secure storage of personal data 
  • Access controls to personal data 
  • Security audits and assessments 

However, we cannot guarantee complete security against all risks. While we strive to protect personal data, we cannot ensure or warrant the security of any information transmitted to us. 

7. Access and Correction of Personal Data 

Individuals have the right to access and correct their personal data held by us. Requests for access or correction can be made through our Data Protection Officer, and we will respond within a reasonable time frame. We reserve the right to charge a reasonable administrative fee to meet your requests. If we are unable to provide you with any personal data requested, we will generally inform you of the reasons why we are unable to do so. 

8. Retention of Personal Data 

We will retain personal data only as long as necessary to fulfil the purposes for which it was collected or as required by law. Personal data will be deleted or anonymised when it is no longer needed for these purposes. 

9. Transfer of Personal Data Overseas 

Personal data may be transferred to jurisdictions outside of Singapore. We will comply with the PDPA in such events to ensure the protection of personal data. This includes: 

  • Overseas reference checks 
  • Validation of data provided using generally accepted practices and guidelines 
  • Ensuring that personal data is transferred securely and in compliance with applicable laws 

10. Contact Information 

For any queries regarding personal data, individuals can contact our Data Protection Officer at  

  1. Attn: DPO
  2. Email: enquiry@crownstreams-gwa.com OR
  3. Mailing Address:
    138 Robinson Road, #05-01, Oxley Tower
    Singapore 068906     

Updated as of 15 Dec 2025