At Skeleton Key Pte. Ltd. (“Skeleton Key”, “we”, “us”, or “our”), we are committed to providing excellent service and handling all legal requests and personal data inquiries with care, transparency, and professionalism. This page outlines how individuals, regulatory authorities, and other entities can submit legal requests or Data Subject Access Requests (“DSARs”) under Singapore’s Personal Data Protection Act 2012 (PDPA). We aim to process all requests promptly and fairly.
Please submit your legal request or DSAR through one of these channels:
Post: Data Protection Team, Skeleton Key Pte. Ltd., 109 North Bridge Road #05-21 Funan, Singapore 179097
If you need assistance or accommodations to submit your request, please let us know. We are here to help.
Skeleton Key welcomes cooperation with regulatory bodies such as the Personal Data Protection Commission (PDPC), Monetary Authority of Singapore (MAS), or other relevant authorities. To assist us in responding efficiently, please provide:
Official contact details for the requesting authority
Required format for information submission (forms, file types, etc.)
Statutory timeframe for response
Instructions for handling confidential or sensitive information
Legal requests such as court orders, subpoenas, or law enforcement requests should include:
Contact details and availability of the requestor
Relevant account or transaction identifiers
Legal timeframe for compliance, if applicable
Instructions for handling sensitive information
Acknowledgement: We will confirm receipt within 3 business days.
Progress Updates: For complex requests, we will provide a written update within 15 business days with the expected resolution timeline.
Resolution: We aim to resolve requests as quickly as possible while ensuring compliance with legal obligations.
Your Rights Under the PDPA
Under Singapore’s Personal Data Protection Act 2012, you have the right to:
Access personal data we hold about you
Correct inaccurate or incomplete personal data
Withdraw consent to our collection, use, or disclosure of your personal data (where consent was the legal basis)
Request deletion of your personal data in certain circumstances
When We Process Your Personal Data
We process personal data only when permitted by law, typically based on:
Contractual necessity: To provide our services or manage your account
Legal obligation: To comply with Singapore regulations (e.g., AML/KYC requirements)
Legitimate interests: To improve our services, prevent fraud, or ensure security
Consent: Where you have explicitly agreed
Security Measures
We implement robust security to protect your personal data:
Encryption of data in transit and at rest
Secure password storage using industry-standard hashing
Role-based access controls enforced at the database level
Server-side session validation on every request
Input validation on all API endpoints
Audit logging for account and organisational events
Hosted on managed cloud infrastructure with automated security patching
Data Breach Procedures
If we suspect a data breach, we follow PDPA requirements:
Immediate Assessment: Identify and contain the breach
PDPC Notification: Notify the Personal Data Protection Commission within 72 hours if the breach poses a notifiable risk
Affected Individuals: Notify you without undue delay if high-risk breach
Records: Maintain detailed breach records
Remediation: Implement measures to prevent recurrence
If you suspect your data may be compromised, contact us immediately at privacy@skeletonkey.xyz.
How to Make a DSAR
For efficient processing, please include:
Clear statement: “Data Subject Access Request”
Full name and any previous names
Company name (if applicable) registered with Skeleton Key
