Skeleton Key Legal and Data Subject Access Requests
Updated: 30 March 2026
At Skeleton Key Pte. Ltd. (“Skeleton Key”, “we”, “us”, or “our”), we are committed to providing excellent service and handling all legal requests and personal data inquiries with care, transparency, and professionalism. This page outlines how individuals, regulatory authorities, and other entities can submit legal requests or Data Subject Access Requests (“DSARs”) under Singapore’s Personal Data Protection Act 2012 (PDPA). We aim to process all requests promptly and fairly.
Where to Submit Requests
Please submit your legal request or DSAR through one of these channels:
Email: support@skeletonkey.xyz
Post: Data Protection Team, Skeleton Key Pte. Ltd., 109 North Bridge Road #05-21 Funan Singapore 179097
If you need assistance or accommodations to submit your request, please let us know. We are here to help.
Requests from Regulatory Authorities
Skeleton Key welcomes cooperation with regulatory bodies such as the Personal Data Protection Commission (PDPC), Monetary Authority of Singapore (MAS), or other relevant authorities. To assist us in responding efficiently, please provide:
- Official contact details for the requesting authority
- Required format for information submission (forms, file types, etc.)
- Statutory timeframe for response
- Instructions for handling confidential or sensitive information
Other Legal Requests
Legal requests such as court orders, subpoenas, or law enforcement requests should include:
- Contact details and availability of the requestor
- Relevant account or transaction identifiers
- Legal timeframe for compliance, if applicable
- Instructions for handling sensitive information
What to Expect
- Acknowledgement: We will confirm receipt within 3 business days.
- Progress Updates: For complex requests, we will provide a written update within 15 business days with the expected resolution timeline.
- Resolution: We aim to resolve requests as quickly as possible while ensuring compliance with legal obligations.
Data Subject Access Requests (DSAR)
Your Rights Under the PDPA
Under Singapore’s Personal Data Protection Act 2012, you have the right to:
- Access personal data we hold about you
- Correct inaccurate or incomplete personal data
- Withdraw consent to our collection, use, or disclosure of your personal data (where consent was the legal basis)
- Request deletion of your personal data in certain circumstances
When We Process Your Personal Data
We process personal data only when permitted by law, typically based on:
- Contractual necessity: To provide our services or manage your account
- Legal obligation: To comply with Singapore regulations (e.g., AML/KYC requirements)
- Legitimate interests: To improve our services, prevent fraud, or ensure security
- Consent: Where you have explicitly agreed
Security Measures
We implement robust security to protect your personal data:
- Encryption of data in transit and at rest
- Secure password storage using industry-standard hashing
- Role-based access controls enforced at the database level
- Server-side session validation on every request
- Input validation on all API endpoints
- Audit logging for account and organisational events
- Hosted on managed cloud infrastructure with automated security patching
Data Breach Procedures
If we suspect a data breach, we follow PDPA requirements:
- Immediate Assessment: Identify and contain the breach
- PDPC Notification: Notify the Personal Data Protection Commission within 72 hours if the breach poses a notifiable risk
- Affected Individuals: Notify you without undue delay if high-risk breach
- Records: Maintain detailed breach records
- Remediation: Implement measures to prevent recurrence
If you suspect your data may be compromised, contact us immediately at privacy@skeletonkey.xyz.
How to Make a DSAR
For efficient processing, please include:
- Clear statement: “Data Subject Access Request”
- Full name and any previous names
- Company name (if applicable) registered with Skeleton Key
- Contact details (email, phone, postal address)
- Account number or transaction references
- Specific information requested
- Preferred delivery method (secure email/post)
- Any accessibility requirements
Submit to:
or Data Protection, Skeleton Key Pte. Ltd., 20 Collyer Quay, Singapore 049319
What to Expect from Your DSAR
- Acknowledgement: Within 3 business days
- Response Time: Within 30 calendar days (may extend to 60 days for complex requests with notice)
- Format: Clear, accessible format (usually secure email)
- Verification: We verify identity to protect your data
- Fees: No charge for standard requests. Reasonable fees may apply for manifestly unfounded or excessive requests.
Escalation and Further Recourse
If dissatisfied with our response, you may:
- Contact our Data Protection Team: privacy@skeletonkey.xyz
- Lodge a complaint with the Personal Data Protection Commission (PDPC):
Website: www.pdpc.gov.sg
Hotline: 6371 3131
Email: info@pdpc.gov.sg
Important Notes
- Skeleton Key reserves the right to verify requester identity
- Complex requests may require additional time to retrieve data
- This information is for guidance only and does not constitute legal advice
- We process requests in accordance with PDPA and other applicable laws
For questions about your data rights or our practices, contact:
privacy@skeletonkey.xyz
