Privacy Policy
Effective Date: July 07, 2025
1. Introduction and Scope
MICE Depot (“we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains:
- What personal data we collect (including via cookies and similar technologies)
- Why we collect it, and on what legal basis
- How we protect it (in line with our ISO 27001:2022 Information Security Management System)
- Your rights under Singapore’s PDPA and the EU’s GDPR
- How to contact us
This policy applies to all MICE Depot online services and platforms, including micedepot.com, any subdomains, mobile applications, APIs and other digital tools (collectively, “Services”).
2. Data Protection Frameworks
-
ISO 27001:2022
We maintain an ISMS aligned with ISO 27001:2022 requirements and are currently undergoing certification. Annex A.18.1.4 mandates that personal data be protected in accordance with applicable privacy regulations. -
PDPA (Personal Data Protection Act 2012, Singapore)
We comply with the Personal Data Protection Act and PDPC’s Advisory Guidelines. Our Data Protection Officer can be reached at [email protected]. -
GDPR (General Data Protection Regulation, EU)
We apply GDPR standards when processing personal data of individuals in the European Economic Area (EEA). The EEA comprises all European Union (EU) member states plus Iceland, Liechtenstein and Norway. We rely on lawful bases such as consent and legitimate interests and uphold data subject rights.
3. What Personal Data We Collect
- Directly provided data: through contact forms, newsletter signup, event inquiries (e.g. name, email, phone).
-
Automatically collected data:
- IP address, device/browser characteristics
- Pages visited, session times
-
Cookies and similar technologies, detailed below
4. Cookies and Similar Technologies
4.1 Categories of Cookies
| Category | Purpose | Typical Examples |
|---|---|---|
| Strictly necessary | Enable core site functionality, load-balancing, session management | [SessionCookieID] |
| Preferences | Remember your choices (language, region) | [lang_pref], [theme_choice] |
| Statistics / Analytics | Understand site usage, performance | _ga, _gid |
| Marketing / Targeting | Deliver personalized ads, measure campaign performance | [fbp], [_gcl_au] |
Note: Third-party widgets (e.g. YouTube embeds, social plugins) may set their own cookies.
4.2 Cookie Details
| Cookie name | Category | Purpose | Retention |
|---|---|---|---|
| [cookie_name] | Strictly necessary | Session identifier | Session |
| [cookie_name] | Analytics | Google Analytics client-id | 2 years |
| [cookie_name] | Marketing | Facebook Pixel tracking | 3 months |
| [cookie_name] | Preferences | Remembers language selection | 1 year |
We will display a cookie-consent banner on first visit. You may accept all, decline non-essential cookies, or customize by category. Your choice is stored via a [CookieConsent] cookie for 1 year.
5. Legal Bases for Processing (GDPR)
- Consent: for non-essential cookies and direct marketing
- Legitimate interests: for analytics (improving our Services)
-
Performance of a contract: when you request a quote or event service
6. PDPA & GDPR Rights
You have the right to:
- Access your personal data
- Correct errors or omissions
- Withdraw consent (for cookies & direct marketing)
- Object to processing (where based on legitimate interests)
- Erasure (“right to be forgotten”)
- Restrict processing or obtain data portability
To exercise any of these rights, please contact our Data Protection Officer at [email protected].
7. Data Security & Retention
- We implement ISO 27001:2022 controls (A.9, A.12, A.18) to protect your data against unauthorized access, alteration, disclosure or destruction.
- We engage third-party security service providers, including MonSpark and Indruder.io, to perform regular vulnerability assessments, intrusion detection, and monitoring. These providers adhere to industry-standard security controls and are bound by contractual data protection obligations.
- Personal data is retained only as long as necessary for the purposes collected, or as required by law (whichever is longer).
8. International Transfers
If we transfer your data outside Singapore or the EEA, we ensure adequate safeguards (e.g. Standard Contractual Clauses, Binding Corporate Rules).
9. Changes to This Policy
We may update this policy from time to time. The “Effective Date” at the top will reflect the most recent revision.
Contact Us
If you have any questions about this Privacy Policy or its applicability to any of our online Services, please contact our Data Protection Officer at [email protected].