Skip to content

Privacy Policy

Last updated: 23 April 2026

1. Who we are

This Privacy Policy describes how NZmark Pte Ltd (UEN: 202411974C), operating under the programme brand “Impact Radar” (“we”, “us”, “our”), collects, uses, discloses, and protects personal data in compliance with the Singapore Personal Data Protection Act 2012 (“PDPA”).

Registered address: 62–68 Circular Road, Singapore 049422.

By using our website at impact-radar.com (“Site”) or submitting information to us, you consent to the practices described in this policy.

2. What we collect

2.1 Contact form

When you submit the contact form we collect:

  • Full name
  • Email address
  • Subject and message content
  • A SHA-256 hash of your IP address, used only for rate-limiting abuse of the form. The raw IP is never stored.

2.2 Newsletter subscription

If you subscribe to our newsletter we collect your email address, which is stored and processed by Mailchimp (The Rocket Science Group LLC).

2.3 Analytics

We use Vercel Analytics, a privacy-friendly, cookieless analytics service. It does not collect personal data, set cookies, or track users across sites. Aggregated metrics (page views, referrers, country) are retained for up to 24 months.

2.4 Error monitoring

We use Sentry for error monitoring. Sentry configuration scrubs IP addresses and default personally identifiable information from error payloads. Error events are retained for up to 90 days.

3. Why we collect it

  • Respond to enquiries submitted via the contact form
  • Send newsletter updates you have opted into
  • Refer interested donors to our IPC and foreign-partner donation pathways
  • Monitor and improve the Site's performance, availability, and security
  • Comply with legal and regulatory obligations

4. Legal basis

We rely on the following bases under the PDPA:

  • Consent — when you submit the contact form, subscribe to the newsletter, or otherwise affirmatively provide personal data
  • Legitimate interest — for aggregated, non-identifying analytics, security monitoring, and fraud prevention

5. How we store it

Personal data is stored across the following processors. All are contracted service providers processing data on our behalf.

  • Notion Labs, Inc. (US) — contact form submissions and content management
  • The Rocket Science Group LLC dba Mailchimp (US) — newsletter subscriber list and email delivery
  • Vercel Inc. (US) — website hosting and cookieless analytics
  • Functional Software, Inc. dba Sentry (US) — error monitoring (PII scrubbed)
  • Upstash, Inc. (US) — rate-limit counters keyed by hashed IP

6. Overseas transfer

The processors listed in Section 5 are located outside Singapore (primarily in the United States). By using the Site, you consent to the transfer of your personal data to those jurisdictions. We take reasonable steps to ensure that processors provide a standard of protection comparable to the PDPA, including through contractual commitments.

7. Retention

  • Contact form submissions: up to 24 months, then deleted
  • Newsletter subscriptions: until you unsubscribe
  • Aggregated analytics: up to 24 months
  • Error monitoring events: up to 90 days
  • Rate-limit counters: 1 hour rolling window

8. Cookies

Our Site does not set first-party cookies for analytics or advertising. Third-party functional cookies may be set by the embedded Mailchimp newsletter form. See our Cookie Policy for details.

9. Your rights under the PDPA

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct any inaccurate or incomplete data
  • Withdrawal of consent — withdraw your consent for us to collect, use, or disclose your personal data (note: this may affect our ability to provide certain services)

To exercise any of these rights, email our Data Protection Officer at pdpa@impact-radar.com. We will respond within 30 calendar days as required by the PDPA.

10. Children

The Site is not directed at children under 13 and we do not knowingly collect personal data from them. If you believe a child has submitted personal data to us, please contact our DPO and we will delete it.

11. Security

We implement reasonable technical and organisational security measures — including HTTPS, hashed IP addresses in rate limiting, PII scrubbing in error monitoring, and least-privilege access to our processor accounts — to protect personal data from unauthorised access, use, or disclosure. No method of transmission over the Internet or electronic storage is completely secure.

12. Complaints

If you are not satisfied with our response to a data protection enquiry or complaint, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at pdpc.gov.sg.

13. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with a revised “Last updated” date. We encourage you to review this policy periodically.

14. Contact the DPO

Data Protection Officer
NZmark Pte Ltd
62–68 Circular Road, Singapore 049422
pdpa@impact-radar.com