Book a consultation with our business solution specialist today

Company PDPA Policy

BluTrust Pte. Ltd.

Last Updated: 09/02/2026

This company PDPA policy (“this Policy”) sets out how BluTrust Pte. Ltd. – including BluTrust Chartered Accountants LLP, BluTrust Corporate Services Pte. Ltd., Chiang’s Business Consultants Pte. Ltd. and CA Business Consultants Sdn. Bhd. (“we”, “us” or “our”) – collects, uses, discloses, and processes personal data of our clients in accordance with the Personal Data Protection Act (“PDPA”).

Our company PDPA policy applies to all personal data in our possession or under our control, including data held by third-party organisations engaged by us to collect, use, disclose, or process personal data on our behalf.

1.0 Purpose of This Company PDPA Policy

This company PDPA policy explains how we comply with our obligations under Singapore’s Personal Data Protection Act 2012 (PDPA), including the consent, purpose limitation, notification, access and correction, accuracy, protection, retention limitation, transfer limitation, data breach notification, accountability and data portability obligations, as may be updated from time to time.

Under this company PDPA policy, we are committed to managing personal data responsibly and transparently, in full compliance with Singapore’s PDPA. We have implemented internal policies, processes and training to ensure our staff handle personal data in a responsible and accountable manner.

2.0 Personal Data We Collect

As defined in this company PDPA policy, a “customer” refers to an individual who (a) has contacted us through any means to enquire about our goods or services, or (b) may have, or has, entered into a contract with us for the supply of goods or services.

“Personal data” means data, whether true or not, about a customer who can be identified from that data alone or in combination with other information we have access to.

Depending on the nature of your interaction with us, personal data we may collect under this Policy includes:

  • Name and identification information where permitted under applicable law and PDPC guidelines (e.g. NRIC number only where required by law or where necessary to accurately verify identity in situations involving significant safety, security, or fraud risks)
  • Contact information (e.g. address, email, telephone number)
  • Nationality, gender, date of birth, and marital status
  • Photographs and audio-visual information
  • Employment information
  • Financial information (e.g. credit card, debit card, or bank account details)

Where feasible, we will use alternative identifiers (such as customer ID, partial NRIC or other reference numbers) instead of collecting full NRIC numbers.

3.0 Collection, Use, and Disclosure of Personal Data

We will collect, use and disclose your personal data only with your knowledge and consent, or where such collection, use or disclosure without consent is permitted or required under the PDPA or other applicable laws (Consent Obligation). As stated in this company PDPA policy, we will collect, use and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances and that we have notified you about (Purpose Limitation and Notification Obligations).

Under this Policy, we generally do not collect your personal data unless (a) you or your authorised representative voluntarily provide it to us after being notified of the purposes for collection and having given written consent, or (b) collection without consent is permitted or required by the PDPA or other applicable laws.

In accordance with our company PDPA policy, we may collect and use your personal data for the following purposes:

  • Performing obligations related to the provision of services you have requested
  • Verifying your identity
  • Responding to and processing queries, requests, applications, complaints, and feedback
  • Managing your relationship with us
  • Processing payments or credit transactions
  • Sending you marketing information about our goods and services (including events, promotions and rewards programmes), where you have provided your consent or are deemed to have consented under the PDPA, and subject to your right to withdraw consent at any time
  • Complying with applicable laws, regulations, codes of practice, and assisting in law enforcement investigations by governmental or regulatory authorities
  • Transmitting data to third-party service providers, agents, and relevant authorities in Singapore or abroad for the above purposes
  • Any other incidental business purposes related to the above

As outlined in this Policy, we may also disclose your personal data where such disclosure is required for performing our service obligations, or to third-party service providers and agents engaged to carry out functions on our behalf.

The purposes stated in this company PDPA policy may continue to apply even after your relationship with us has ended, for a reasonable period thereafter, including where necessary to enforce our contractual rights.

3.1 Withdrawal of Consent

You may withdraw your consent for us to collect, use and/or disclose your personal data at any time, by contacting our Data Protection Officer using the contact details in Section 8 below. Upon receiving your request, we will inform you of the likely consequences of such withdrawal and will cease to collect, use and/or disclose your personal data, unless otherwise required or permitted under the PDPA or other applicable laws.

3.2 Accuracy of Personal Data

As part of this company PDPA policy, we will make reasonable efforts to ensure that personal data we collect is accurate and complete, particularly if it is likely to be used to make a decision that affects you or to be disclosed to another organisation.

4.0 Access to and Correction of Personal Data

Subject to the exceptions under the PDPA, you may request access to the personal data we hold about you and information about how we have used or disclosed it in the past one year. You may also request correction of any error or omission in your personal data.

We may charge a reasonable fee for processing access requests and will inform you of the fee and seek your confirmation before processing your request. We will respond to your request as soon as reasonably practicable.

If we correct your personal data, we will, where required under the PDPA, send the corrected data to other organisations to which the personal data was disclosed within the past one year, unless that organisation does not require the corrected data for any legal or business purpose.

5.0 Protection of Personal Data

A key commitment of this company PDPA policy is to safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, or disposal. We have implemented appropriate administrative, physical, and technical measures, including up-to-date antivirus protection, encryption, privacy filters, and need-to-know access controls for both internal staff and authorised third-party service providers.

While no method of electronic storage or internet transmission is completely secure, we continuously review and enhance our security measures to uphold the standards set out in this Policy.

We avoid using NRIC numbers as authentication credentials for access to personal data. In line with PDPC’s latest advisories, we will phase out any remaining use of NRIC numbers for authentication purposes by 1 September 2026.

6.0 Retention of Personal Data

In line with this company PDPA policy, we will cease to retain your personal data, or remove the means by which it can be associated with you, as soon as retention no longer serves the original purpose of collection and is no longer necessary for legal or business purposes.

We have implemented internal retention schedules that specify how long different categories of personal data are kept, having regard to legal, regulatory and business requirements.

7.0 Transfers of Personal Data Outside of Singapore

This company PDPA policy stipulates that we generally do not transfer personal data to countries outside of Singapore. However, should such a transfer be necessary, we will take appropriate steps to ensure that the receiving organisation provides a standard of protection for personal data that is at least comparable to the protection under the PDPA, and will obtain your consent where required.

8.0 Data Protection Officer

If you have any enquiries, feedback or complaints relating to your personal data or this company PDPA policy, or if you wish to make any request under the PDPA (including access or correction requests or withdrawal of consent), please contact our Data Protection Officer (DPO) at:

Data Protection Officer: Privacy Ninja
Email: contact@blutrust.com
Postal Address: The Adelphi #05-13A, 1 Coleman Street, Singapore 179803
Telephone: (65) 6323 5628

Our DPO’s business contact information is also published on our website and is available to the public.

9.0 Changes to This Company PDPA Policy

This company PDPA policy applies in conjunction with any other notices, contractual clauses, and consent clauses relating to the collection, use, and disclosure of your personal data by us.

We may revise this company PDPA policy from time to time without prior notice. You may determine if any revision has taken place by referring to the date on which this Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

A copy of this Policy is published on our website at blutrust-accounting.com.sg and is available to the public. You may also contact our DPO if you would like more information about our data protection policies and practices.

10.0 Data Breach Notification

We will assess and respond to data breaches in accordance with the PDPA and any applicable guidelines issued by the Personal Data Protection Commission (PDPC). Where a data breach results in, or is likely to result in, significant harm to affected individuals, or is of a significant scale, we will notify the PDPC no later than 3 calendar days after making that assessment, and will notify the affected individuals as soon as practicable, as required under the PDPA.

We will also take reasonable steps to contain the breach, conduct investigations, and prevent recurrence.

11.0 Accountability

We are responsible for personal data in our possession or under our control, including personal data transferred to third-party service providers for processing. We have designated a Data Protection Officer and implemented policies, processes and training to ensure compliance with the PDPA.

Information about our company PDPA policy, data protection policies and practices is available on our website and on request from our DPO.

12.0 Data Portability

Where the data portability provisions under the PDPA are in force and applicable, you may request that we transmit a copy of your personal data that is in our possession or under our control to another organisation in a commonly used, machine-readable format, subject to the requirements and exceptions under the PDPA.

As the data portability obligation is being implemented in stages, the availability and scope of this right may change over time in accordance with the PDPA and any regulations or guidelines issued by the PDPC. You may contact our DPO for the latest information on how to submit such a request.

Capital Allowances

Deductions for the decline in value of depreciating assets are available under the Uniform capital allowance (UCA) system. In addition to the rules for depreciating assets, deductions are allowed for certain other capital expenditure.

Small business entities have the option of choosing simplified depreciation rules. Under these rules, small business entities can claim an immediate deduction if the cost is below the relevant threshold or else add the asset to the small business depreciation pool.

Land, trading stock and most intangible assets (excluding exceptions such as intellectual property and in-house software) are not depreciating assets.

The decline in value is generally calculated by spreading the cost of the asset over its effective life, using one of two methods:

Prime cost method – decline in value each year is calculated as a percentage of the initial cost of the asset
Diminishing value method – decline in value each year is calculated as a percentage of the opening depreciated value of the asset
MORE: Australian Taxation Office (ATO) Decline in value calculator.

For most depreciating assets, taxpayers can either self-assess the effective life, or use estimates published by the ATO. Taxpayers can recalculate, either up or down, the effective life of an asset if the circumstances of use change and the effective life initially chosen is no longer accurate. An improvement to an asset that increases its cost by 10% or more in a year may result in an obligation to recalculate the effective life of the asset.

Decline in value of cars is restricted to the car limit. From 1 July 2022, the luxury car tax threshold for luxury cars is $64,741 (it was $60,733 for the year commencing 1 July 2021). Luxury car leases are treated as a notional sale and purchase, with decline in value restricted to the car limit.

The decline in value of certain depreciating assets with a cost or opening adjustable value of less than $1,000 can be calculated through a low-value pool. The decline in value for depreciating assets in the pool is calculated at an annual diminishing value rate of 37.5%.

Changes for 2022 and 2023

From 12 March 2020 until 31 December 2020, the asset cost threshold for the instant asset write-off (which is usually only available to small business entities) has increased from $30,000 to $150,000 and the eligibility criteria expended to cover entities with an aggregated turnover threshold of less than $500 million (up from $50 million).

Further, from 12 March 2020 until 30 June 2021 the Backing business investment measure applied to businesses with aggregated turnover below $500 million and provides either:

A deduction of 50% of the cost or opening adjustable value of an eligible asset on installation (existing depreciation rules apply to the balance of the asset's cost), or
For businesses using a small business depreciation pool, a deduction of 57.5% of the cost of the asset in the first year, with the balance added the asset to the small business pool
In addition, from 6 October 2020 to 30 June 2023, full expensing applies to allow eligible businesses with an aggregated turnover of less than $5 billion to deduct the full cost of new eligible depreciating assets. For businesses with aggregated turnover of less than $50 million, full expensing also applies to eligible second-hand assets.

Activity Statement

Businesses use activity statements to report and pay a number of tax obligations, including GST, pay as you go (PAYG) instalments, PAYG withholding and fringe benefits tax. Non-business taxpayers who need to pay quarterly PAYG instalments also use activity statements.

Activity statements are personalised to each taxpayer to support reporting against identified obligations.

Activity statements for businesses may be due either quarterly or monthly. Generally, businesses can lodge and pay quarterly if annual turnover is less than $20 million, and total annual PAYG withholding is $25,000 or less. Businesses that exceed one or both of those thresholds will have at least some monthly obligations. Non-business taxpayers are generally required to lodge and pay quarterly.

Taxpayers with small obligations may be able to lodge and pay annually. Some taxpayers may receive an instalment notice for GST and/or PAYG instalments, instead of an activity statement.

The Australian Taxation Office (ATO) web site provides instructions on lodging and paying activity statements. Detailed instructions are provided for each of the different tax obligations:

GST (Goods and Services Tax)
PAYG (Pay As You Go) Instalments
PAYG (Pay As You Go) Withholding
FBT (Fringe Benefit Tax)
LCT (Luxury Car Tax)
WET (Wine Equalisation Tax)
Fuel Tax Credits