This Privacy Policy explains how TrainRush (UEN 202438726M, “we”, “us” or “our”) handles personal data relating to visitors of trainrush.life, people who contact us, and participants in our Singapore-based training programmes. We follow the Singapore Personal Data Protection Act 2012 (“PDPA”) and apply equivalent safeguards for enquirers located outside Singapore.
1. Who is responsible for your data
TrainRush acts as the data controller for the personal information described below. Our registered office is at 331 North Bridge Road, #12-02 Odeon Towers, Singapore 188720. Our Data Protection Officer can be reached at [email protected] or by post to that address, marked for the attention of the Data Protection Officer.
2. Personal data we collect
We limit collection to what is necessary for each purpose. The categories below summarise the data we may hold and why.
2.1 When you contact us through the website
- Your name, so we can address you correctly in correspondence.
- Your email address, to send our reply.
- Your company or team name, if you choose to provide it.
- The topic you select, so we can route your message appropriately.
- The text of your message, including any details you include voluntarily.
- The submission timestamp and the IP address of the sending device, retained for security and abuse prevention.
2.2 When you enrol in a programme
- Your role and seniority, to tailor programme content.
- Billing information supplied by you or your employer.
- Attendance records, exercise submissions and feedback provided during or after the programme.
- Any accessibility requirements you share so we can accommodate them.
2.3 When you visit the website
- Standard server logs covering pages viewed, referring URL, browser and device type, and approximate timestamps. Logs are kept for security and diagnostics and deleted automatically after 60 days.
- Aggregated, anonymous analytics where you have accepted analytics cookies. See our cookie policy for details.
3. How we use your personal data
We process personal data on one or more of the following grounds:
- Consent: when you submit our contact form, opt in to updates, or accept optional cookies. You may withdraw consent at any time.
- Contractual necessity: when we deliver a programme you or your employer has booked.
- Legitimate interests: including maintaining website security, understanding aggregate usage patterns, and improving programme quality. We weigh these interests against your rights and offer meaningful choices.
- Legal obligation: where we must retain records for accounting, tax or regulatory purposes.
4. Sharing your personal data
We do not sell personal data. We share it only with service providers that help us operate the website and deliver programmes, and only to the extent required for their work. Current categories of provider include:
- Our hosting partner, Hostinger International Ltd. in Cyprus, which stores website data and outbound email queues.
- Our accounting software provider in Singapore, which retains invoice records for statutory audit purposes.
- Payment processors handling online invoice payments; we never store full card details.
Where a provider is located outside Singapore, we put contractual safeguards in place to ensure a comparable level of protection, consistent with PDPA transfer requirements.
We may also disclose personal data when required by law, court order, or a lawful request from a competent authority.
5. How long we keep your personal data
- Enquiries: up to 24 months after the last contact, unless you request earlier deletion.
- Booking and programme records: up to 7 years, matching Singapore’s statutory accounting retention period.
- Server logs: deleted on a rolling basis after 60 days.
- Marketing consents (if given): retained until withdrawn, plus a brief internal audit record.
6. Your rights
You may request access to the personal data we hold about you, ask us to correct inaccurate information, request deletion where we no longer need the data, withdraw consent for consent-based processing, and lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC).
To exercise any right, email [email protected] from the address you used to contact us or enrol. We aim to respond within 30 calendar days.
7. Security of your personal data
We apply technical and organisational measures proportionate to the sensitivity of the data we hold. These include HTTPS encryption, hashed storage of credential-like tokens, role-based access to internal systems, and staff training on data-handling duties. We review these controls regularly and update them as risks evolve.
8. International data transfers
Because our hosting partner operates from Cyprus and some email tooling runs from European data centres, personal data submitted through this website may be transferred outside Singapore. In such cases we ensure a comparable standard of protection through contractual clauses aligned with the Personal Data Protection (Transfer of Personal Data) Regulations issued by the PDPC.
You may request a summary of the processors we currently use, their locations, and the safeguards we rely on. We review this list periodically and prefer Singapore-based providers where operationally feasible.
9. Additional information about security
We maintain a documented incident response process. If a security event materially affects personal data, we will notify affected individuals and, where required, the PDPC without undue delay and within applicable legal timeframes.
Only staff and contracted facilitators bound by confidentiality obligations may access personal data, and access is limited to what their role requires. Backups are encrypted, and access to backup media is logged and reviewed.
10. Children
Our services are designed for working professionals. We do not knowingly collect personal data from anyone under 16. If you believe we hold such data, contact us and we will delete it promptly.
11. Cookies and similar technologies
Cookie use is described in our dedicated cookie policy, which also explains how to change your preferences at any time.
12. Marketing communications
We do not send unsolicited marketing. If you opt in to programme announcements, you will receive at most four brief updates per year, each with a one-click unsubscribe link. Unsubscribing takes effect immediately for the relevant channel and, within 30 days, across all channels we operate.
13. Changes to this policy
We may revise this Privacy Policy to reflect changes in our practices or applicable law. The current version will always appear at this URL with the “last updated” date shown above. Material changes will also be highlighted on the home page for a reasonable period.
14. Contacting us
For questions about this policy, to exercise your rights, or to raise a concern about our data handling, contact our Data Protection Officer using the details in section 1. We aim to respond substantively within thirty calendar days, or sooner for straightforward requests. If you remain dissatisfied, you may contact the Personal Data Protection Commission of Singapore through its official channels. We would appreciate the opportunity to resolve any issue with you directly first.