TravelDoc

Privacy Policy

Last updated: March 2025

1. Who We Are

TravelDoc is a travel document assistance service operated by OF Ltd, a company registered in England and Wales. This Privacy Policy explains how we collect, use, store and protect your personal data when you use our website and services. We are committed to compliance with the UK GDPR and the Data Protection Act 2018.

Data controller: OF Ltd (trading as TravelDoc). Contact: contact@getsgac.com

2. Personal Data We Collect

We collect the following personal data when you use our services:

  • Identity data: full name, date of birth, sex, nationality, country of birth
  • Passport data: passport number, issue date, expiry date
  • Contact data: email address, phone number
  • Address data: residential address
  • Travel data: flight numbers, airline, accommodation details, purpose of visit
  • Payment data: we do not store your card details — payments are processed securely by Trust Payments

3. How We Use Your Data

We use your personal data solely for the purpose of providing our document assistance service:

  • To review and complete your travel arrival card application
  • To submit your application to the relevant immigration authority
  • To communicate with you about your application status
  • To respond to enquiries submitted through our contact form
  • To comply with our legal and regulatory obligations

We do not use your personal data for marketing purposes without your explicit consent. We do not sell your personal data to third parties.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract performance: processing your data is necessary to fulfil our service contract with you
  • Legitimate interests: maintaining records of transactions and preventing fraud
  • Legal obligation: complying with applicable laws and regulatory requirements

5. Data Sharing

We share your personal data only in the following circumstances:

  • Immigration authorities: we submit your arrival card application to the relevant government immigration authority (e.g. Singapore ICA, Thailand TM, Malaysia Immigration) as part of our service
  • Payment processors: Trust Payments processes payment transactions on our behalf and is subject to their own privacy policy
  • Legal requirements: we may disclose data if required to do so by law or court order

We do not share your data with any other third parties without your consent.

6. International Data Transfers

By using our service, you understand and consent that your personal data will be transferred to and processed by government immigration authorities outside the United Kingdom and the European Economic Area, including but not limited to:

  • Singapore (Immigration & Checkpoints Authority)
  • Thailand (Department of Immigration)
  • Malaysia (Immigration Department of Malaysia)

These transfers are necessary to perform the service you have requested. These countries may not have data protection laws equivalent to UK GDPR, but the transfer is required to fulfil our contract with you and is carried out at your explicit request.

7. Data Retention

We retain your personal data for a maximum of 12 months from the date of your application, after which it is securely deleted. We retain financial transaction records for 7 years in accordance with UK accounting and tax requirements.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include SSL/TLS encryption for all data in transit, secure access controls, and regular security assessments. We do not store payment card data — all card processing is handled by Trust Payments who are PCI DSS compliant.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of your personal data
  • Right to rectification: you can request correction of inaccurate data
  • Right to erasure: you can request deletion of your data (subject to legal retention requirements)
  • Right to restriction: you can request that we restrict processing of your data
  • Right to data portability: you can request your data in a machine-readable format
  • Right to object: you can object to certain types of processing

To exercise any of these rights, please contact us at contact@getsgac.com. We will respond within 30 days.

10. Cookies

Our website uses only essential cookies necessary for the operation of the site (such as session management). We do not use tracking, advertising or analytics cookies without your consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

12. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at ico.org.uk, or the relevant supervisory authority in your country.