The Alkaff Mansion Privacy Notice

1. ABOUT THIS PRIVACY NOTICE

1-Mansion Pte. Ltd. (UEN: 201907373R) (“The Alkaff Mansion”, “we”, “us” or “our”) is committed to protecting the personal data of our guests, customers, event clients, business partners, job applicants, and visitors to our websites.

This Privacy Notice explains how we collect, use, disclose, store and protect your personal data, as well as the rights you may have in relation to your personal data.

We process personal data in accordance with the Singapore Personal Data Protection Act 2012 (“PDPA”), the Spam Control Act 2007, and other applicable laws and regulations in Singapore.

Please read this Privacy Notice carefully so that you understand our practices regarding your personal data. By accessing our websites, making a reservation or enquiry, subscribing to our marketing communications, attending an event, submitting your information to us, or otherwise interacting with us, you acknowledge that you have read and understood this Privacy Notice.

2. WHO WE ARE

The Alkaff Mansion is a Singapore-based hospitality and lifestyle destination operated by 1-Mansion Pte. Ltd. (UEN: 201907373R). References in this Privacy Notice to “The Alkaff Mansion”, “we”, “us” or “our” include the entities and brands operating within The Alkaff Mansion, including:

  • 1918 Heritage Bar
  • UNA
  • Wildseed Café

This Privacy Notice applies to personal data collected by or on behalf of The Alkaff Mansion through our Venues, websites, reservation and event enquiry channels, marketing communications, social media platforms, weddings and corporate event enquiries, and any other interactions with us.

Where applicable, this also includes personal data collected through loyalty programmes, promotional campaigns, surveys, contests, collaborations, or third-party booking and event platforms engaged by us.

We collect, use, disclose and process personal data in accordance with Singapore’s Personal Data Protection Act 2012 (“PDPA”) and other applicable laws and regulations. We may also collect, use or disclose personal data where required or permitted by law, including for regulatory, legal, security or operational purposes, to comply with lawful requests from governmental or law enforcement authorities, to protect the integrity and security of our websites and services, or to safeguard our legal rights and interests.

3. OUR DATA PROTECTION OFFICER

In accordance with the PDPA, we have appointed a Data Protection Officer (“DPO”) to oversee our data protection practices and support our compliance with the PDPA.

You may contact our DPO if you have any questions, requests or feedback relating to your personal data, or if you wish to make a data protection-related complaint.

The contact details of our DPO are set out in Section 19 (How to Contact Us).

4. WHO THIS NOTICE APPLIES TO

This Privacy Notice applies to individuals whose personal data we may collect, use, disclose or process in connection with The Alkaff Mansion and our Venues, including:

  • guests and customers, including diners, reservation holders, walk-in patrons, event guests, wedding clients, private-hire clients, and gift voucher recipients;
  • 1-Insider loyalty programme members, including current, prospective and former members;
  • marketing subscribers, including individuals who have subscribed to receive email, SMS, WhatsApp or other marketing communications from us;
  • business contacts and suppliers, including current, potential and former suppliers, partners, agents, contractors, vendors, service providers and their representatives;
  • job applicants and prospective workers, including applicants for full-time, part-time, casual, temporary or contractor roles, and applicants introduced through recruitment agencies;
  • website visitors, including visitors to The Alkaff Mansion website, our Venue websites, 1-Group platforms, campaign pages or microsites; and
  • individuals captured on CCTV at our Venues, or photographed, filmed or recorded at events, activations or experiences held at our Venues.

5. PERSONAL DATA WE COLLECT

The categories of personal data we collect depend on how you interact with us and our services. Such personal data may include:

Identity and contact data

  • Name, salutation, title, date of birth, gender and nationality.
  • Residential and/or business address, postal code and country of residence.
  • Email address, mobile number and other contact numbers.
  • Identity document details where required for lawful or operational purposes (for example, NRIC/FIN or passport details for tax invoice issuance, age verification or guest verification for certain events). We do not collect or retain full NRIC numbers except where required under applicable laws or regulations.

Reservation, event and customer data

  • Reservation details, including reservation date and time, party size, Venue, seating preferences, special occasions and notes submitted to our team.
  • Wedding, corporate event and private event enquiry details, including estimated guest count, budget range, preferred dates, dietary requirements, themes and vendor preferences.
  • Dietary, allergy, medical or accessibility information voluntarily provided to us so that we may accommodate your needs safely and appropriately. By providing such information, you consent to our use of it for these purposes.
  • Purchase, billing and transaction history relating to our Venues and services.

Loyalty programme data

  • 1-Insider membership information, including membership tier, points balance, redemption history, transaction history, communication preferences, visit preferences and customer feedback.

Financial and payment data

  • Payment and transaction details, including billing address, deposit and refund information, and invoicing details.
  • Credit and debit card information processed through our PCI-DSS-compliant payment service providers. We do not store full payment card details.

Marketing preferences and communications data

  • Marketing and communication preferences, including preferred communication channels, subscription status, opt-in and opt-out records, and language preferences.
  • Information relating to engagement with our marketing communications, including email opens, clicks and related analytics where tracking technologies are used.

Website, device and online usage data

  • Technical information such as IP address, browser type and version, device information, operating system, time zone setting and referring URLs.
  • Website usage information such as pages viewed, links clicked, searches performed, browsing behaviour, navigation paths, and dates and times of visits.
  • Marketing attribution and campaign data collected through cookies and similar technologies, including attribution information associated with reservations or enquiries submitted through our websites.

CCTV, photography and event imagery

  • CCTV footage captured at our Venues for security, safety, incident investigation and operational purposes.
  • Photographs and video recordings taken at events, weddings, activations and private functions held at our Venues, including where such materials may be used for marketing, publicity, editorial or social media purposes where permitted by law or with consent where required.

Job applicant data

  • Name, contact details, nationality, date of birth and work authorisation or permit status.
  • CVs, résumés, cover letters, employment history, qualifications and references.
  • Information provided during interviews and recruitment processes conducted in person, by phone or through video conferencing platforms.
  • Information obtained from recruitment agencies, referees and publicly available professional sources such as LinkedIn.
  • Background screening, right-to-work and criminal record information where lawfully required or relevant to the role applied for.

Correspondence and feedback data

  • Records and contents of communications with us, including emails, telephone calls, WhatsApp messages, enquiry forms, chat functions and correspondence with our reservations, customer service and events teams.
  • Reviews, testimonials, survey responses, complaints and other feedback voluntarily submitted to us.

We do not knowingly collect personal data from children under the age of 13 through our websites or online forms. Our reservation systems, marketing communications and loyalty programmes are not directed at children. If you believe that a child has provided us with personal data, please contact our DPO using the details set out in this Privacy Notice.

6. HOW WE COLLECT PERSONAL DATA

We may collect personal data through the following channels:

Directly from you

When you:

  • make a reservation or enquiry;
  • dine at or visit our Venues;
  • attend a wedding, private function, corporate event or activation at our Venues;
  • submit a wedding or event enquiry;
  • subscribe to our marketing communications;
  • join or interact with the 1-Insider programme;
  • purchase or redeem vouchers or promotions;
  • contact us by email, telephone, WhatsApp, social media or online forms;
  • complete surveys or provide feedback; or
  • apply for employment or otherwise interact with us.

Automatically through our websites and digital platforms

We may collect certain information automatically through cookies, pixels, scripts, SDKs and similar technologies used on our websites, booking systems and digital platforms. This may include technical, device and usage information. Please refer to Section 13 (Cookies and Tracking Technologies) for more information.

From third parties acting on our behalf or on your behalf

We may receive personal data from third parties, including:

  • reservation and booking platforms;
  • event and wedding enquiry platforms;
  • payment service providers;
  • recruitment agencies;
  • loyalty programme providers;
  • email, SMS and marketing service providers;
  • analytics and website technology providers;
  • social media platforms and advertising partners; and
  • our authorised vendors, partners and service providers.

From publicly available sources

We may collect information from publicly available sources, including professional networking platforms, business directories, social media platforms and publicly available reviews or commentary relating to our Venues, where relevant for recruitment, customer service, operational or business purposes.

From other individuals

We may receive your personal data from individuals acting on your behalf or as part of a group booking or event arrangement, including where:

  • a guest makes a reservation on behalf of others;
  • a wedding planner or organiser provides guest details;
  • a corporate client provides attendee information for an event; or
  • another individual includes your details in an enquiry or booking.

Where you provide us with personal data relating to another individual, you confirm that you are authorised to do so and that the individual has been informed of the purposes for which their personal data may be collected, used and disclosed in accordance with this Privacy Notice.

7. HOW WE USE PERSONAL DATA

We may use personal data for the following purposes:

To provide our services to you

This includes managing reservations and enquiries, hosting your visit, serving food and beverages safely, accommodating dietary, allergy or accessibility information you provide, facilitating weddings, corporate events and private hires, providing concierge and customer service support, and operating the 1-Insider loyalty programme.

To process transactions

This includes processing payments, issuing receipts and tax invoices, managing deposits and refunds, and responding to billing or payment-related queries.

To communicate with you

This includes sending reservation confirmations and reminders, responding to enquiries, coordinating event or wedding arrangements, providing service-related updates, and sending communications relating to your 1-Insider membership.

To send marketing communications

This includes sending newsletters, promotions, event announcements, seasonal offers and member-related benefits, where you have provided consent or where we are otherwise permitted to do so under the PDPA, the Spam Control Act 2007 and the Do Not Call provisions.

To personalise your experience

This includes remembering your preferences, such as preferred Venues, seating preferences, dietary requirements, special occasions, previous orders or visit history, so that we may improve your future visits and communications with us.

To operate, improve and secure our websites and digital platforms

This includes troubleshooting, analytics, performance monitoring, fraud prevention, abuse detection, security monitoring, and the use of marketing attribution technologies to understand how marketing channels contribute to enquiries, reservations and bookings.

To carry out research, analytics and reporting

This includes conducting market research and using aggregated or de-identified data to analyse guest behaviour, marketing effectiveness, campaign performance and operational performance across our Venues.

To recruit, assess and onboard staff

This includes processing job applications, assessing suitability for roles, conducting interviews, carrying out necessary checks, and supporting onboarding processes, as further described in Section 16.

For health, safety and security at our Venues

This includes operating CCTV systems, managing incidents, responding to emergencies, coordinating with emergency services, and supporting safety, security and loss-prevention measures at our Venues.

To comply with legal and regulatory obligations

This includes complying with tax, accounting, licensing, public health, employment and other legal or regulatory requirements, and responding to lawful requests from regulators, law enforcement agencies or other public authorities.

To protect our legal rights and interests

This includes establishing, exercising or defending legal claims, managing disputes, enforcing our terms and conditions, and protecting our business, staff, guests and assets.

For corporate transactions

This includes where necessary in connection with a merger, acquisition, restructuring, financing, sale of assets, transfer of business, or similar transaction involving 1-Group, The Alkaff Mansion or any of our Venues.

8. BASIS FOR COLLECTING, USING AND DISCLOSING PERSONAL DATA

Under the PDPA, we may collect, use or disclose personal data with your consent, or where an exception under the PDPA applies. The bases on which we may rely are set out below.

Consent

Where we ask for your consent, such as when you opt in to receive marketing communications, join the 1-Insider programme, or submit a wedding or event enquiry, we will use your personal data for the purposes notified to you at the time of collection.

Deemed consent

In certain circumstances, the PDPA treats consent as having been given. For example, where you voluntarily provide your personal data for an obvious purpose, such as providing your mobile number when making a reservation so that we may contact you about your booking, you are deemed to have consented to our use of that information for that purpose.

We may also rely on deemed consent by notification under the PDPA for certain secondary purposes that are reasonably necessary, where we have notified you of the purpose, given you a reasonable opportunity to opt out, and assessed that the use is unlikely to have any adverse effect on you.

Legitimate interests

We may rely on the legitimate interests exception under the PDPA for certain purposes where our legitimate interests in operating, securing and improving our business are not outweighed by any likely adverse effect on you. This may include fraud prevention, security at our Venues, internal audits, incident management and certain analytics activities.

Business improvement

We may rely on the business improvement exception under the PDPA for internal analysis and reporting to improve our products, services, operations, customer experience and marketing effectiveness.

Legal obligations and vital interests

We may collect, use or disclose personal data without consent where required or permitted by law, where necessary to respond to an emergency that threatens life, health or safety, or where another exception under the PDPA applies.

Withdrawing consent

Where we rely on your consent, you may withdraw your consent at any time by contacting our DPO. Withdrawing consent does not affect any collection, use or disclosure of personal data carried out before your withdrawal.

If you withdraw consent, we may be unable to continue providing certain services to you. For example, we may not be able to manage your 1-Insider membership if you withdraw consent for the use of your membership data. Where applicable, we will inform you of the likely consequences of your withdrawal.

9. HOW WE SHARE PERSONAL DATA

We may disclose or share your personal data with the following categories of recipients:

Within 1-Group

We may share personal data within 1-Group and across our Venues where necessary for operational, customer service, loyalty, marketing, analytics and business purposes.

For example, this may allow a 1-Insider member to be recognised across participating Venues, or allow our group-level teams to support guest experience, marketing and operational improvements.

Our service providers and data intermediaries

We engage third-party service providers and data intermediaries to process personal data on our behalf and under contract. These may include:

  • reservation and event management platforms;
  • loyalty programme platforms;
  • payment processors, point-of-sale providers and merchant-acquiring partners;
  • cloud, hosting and website technology providers;
  • productivity and communications providers;
  • email, SMS, WhatsApp and push notification service providers;
  • analytics, marketing attribution and advertising platforms;
  • customer feedback, review monitoring, survey and CRM tools;
  • recruitment, background screening and human resources platforms;
  • security, CCTV, IT security and fraud prevention providers; and
  • professional advisers, including lawyers, accountants, auditors and insurers.

We require our service providers and data intermediaries to process personal data only in accordance with our instructions, implement appropriate security measures, and comply with the PDPA and other applicable laws.

Other recipients

We may also disclose personal data to:

  • government agencies, regulators, courts, law enforcement agencies or other public authorities, where required or permitted by law;
  • prospective or actual buyers, investors, financiers or advisers in connection with any merger, acquisition, restructuring, financing, sale of assets, transfer of business or similar corporate transaction involving 1-Group, The Alkaff Mansion or any of our Venues, subject to appropriate confidentiality protections; and
  • other third parties where you have given your consent, or where the disclosure is made at your direction.

We do not sell your personal data, and we do not rent our marketing or membership lists to third parties for their own marketing purposes.

10. TRANSFERS OF PERSONAL DATA OUTSIDE SINGAPORE

Some of our service providers, including cloud hosting, payment processing, marketing technology, reservation, event management and loyalty programme providers, may be based outside Singapore or may use systems and infrastructure located outside Singapore.

As a result, your personal data may be transferred to, stored or processed in jurisdictions outside Singapore.

Where we transfer personal data outside Singapore, we will take appropriate steps in accordance with the PDPA to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection that is comparable to the protection under the PDPA. These steps may include entering into appropriate contractual arrangements with our service providers and relying on other transfer mechanisms recognised under Singapore law.

You may contact our DPO if you would like more information about our arrangements for the transfer of personal data outside Singapore.

11. HOW LONG WE KEEP PERSONAL DATA

We retain personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, regulatory, contractual or operational requirements.

When determining appropriate retention periods, we may consider:

  • the nature, volume and sensitivity of the personal data;
  • the purposes for which the personal data is collected, used or disclosed;
  • whether those purposes can be achieved through other means;
  • our legal, tax, accounting, licensing and contractual obligations; and
  • the potential risk of harm from unauthorised use or disclosure.

As examples:

  • reservation data is generally retained for the duration of the guest relationship and for a reasonable period thereafter to support customer service, operational needs and the management of potential claims;
  • 1-Insider member data is generally retained for the duration of your membership and for a reasonable period after dormancy, expiry or termination;
  • job applicant data for unsuccessful candidates is generally retained for up to 12 months after the recruitment decision, unless you ask us to retain it for a longer period for consideration of future roles;
  • financial and transaction records are retained in accordance with applicable legal, tax and accounting requirements; and
  • CCTV footage is generally retained for a short period, unless it is required for a specific incident investigation, legal matter, insurance claim or security purpose.

When personal data is no longer required, we will delete, anonymise or otherwise dispose of it in accordance with the PDPA and our internal data retention practices.

12. HOW WE PROTECT PERSONAL DATA

We implement reasonable physical, technical and organisational measures to protect personal data against accidental or unlawful loss, misuse, unauthorised access, disclosure, alteration or destruction.

These measures may include access controls, contractual safeguards with service providers, staff training, internal policies, secure system configurations and incident response procedures.

While we take reasonable steps to protect personal data, no method of transmission or storage is completely secure.

If we become aware of a data breach that is likely to result in significant harm to affected individuals, or is of a significant scale, we will notify the Personal Data Protection Commission (“PDPC”) and, where required, affected individuals in accordance with the PDPA’s Data Breach Notification Obligation.

13. COOKIES, ANALYTICS AND MARKETING ATTRIBUTION

We use cookies and similar technologies, such as pixels, scripts and SDKs, on our websites and in our marketing communications. These technologies help us recognise your device, remember your preferences, understand how our websites are used, measure marketing performance, and support fraud detection and website security.

Types of cookies we may use

  • Strictly necessary cookies — required for our websites to function properly, such as session management, security and form submission.
  • Performance and analytics cookies — used to understand how visitors use our websites and to improve website performance and user experience.
  • Marketing and advertising cookies — used to deliver relevant advertising, measure advertising effectiveness, and support remarketing or campaign reporting.
  • Attribution cookies — used to understand the source, medium or campaign that brought you to our website and, where applicable, link this information to a reservation, enquiry or booking you make.

You can control cookies through your browser settings and, where available, through our on-site cookie preference tools. Disabling certain cookies may affect the functionality or performance of our websites.

For more information about our use of cookies, please refer to our Cookie Notice, where published, or contact our DPO using the details set out in this Privacy Notice.

14. MARKETING COMMUNICATIONS, THE DNC REGISTRY AND THE SPAM CONTROL ACT

We send marketing communications only where we have a lawful basis to do so.

Email marketing

Marketing emails are sent in accordance with the Spam Control Act 2007. Our marketing emails will identify the sender and include an unsubscribe mechanism.

You may unsubscribe from marketing emails at any time by clicking the unsubscribe link in the email or by contacting our DPO.

SMS, telephone calls and fax — DNC compliance

Before sending marketing SMS, making marketing calls, or sending marketing faxes to a Singapore telephone number, we will either check the relevant Do Not Call (“DNC”) Registers maintained by the PDPC, or rely on your clear and unambiguous consent where permitted by law.

Where applicable, we may also rely on the ongoing relationship exception under the PDPA.

You may opt out of marketing SMS at any time by following the instructions in the message, where available, or by contacting our DPO. You may also register your number on the DNC Register.

Service-related communications

Communications that are not marketing in nature, such as reservation confirmations, event planning correspondence, 1-Insider account notices, payment updates and operational notices, are necessary for us to provide the relevant services to you.

You may not be able to opt out of these service-related communications while continuing to use the relevant service.

15. CCTV AT OUR VENUES

Our Venues may use CCTV for security, loss prevention, health and safety, incident investigation, and the protection of guests, staff and property.

Where CCTV is in operation, notices may be displayed at our Venues to inform visitors.

CCTV footage is retained for a short period and accessed only by authorised personnel for the purposes set out above, unless it is required for a specific investigation, legal process, insurance claim or other lawful purpose.

16. PHOTOGRAPHY & VIDEOGRAPHY AT EVENTS

We may take photographs and video recordings at our Venues, including during events, weddings, private functions, launches and other experiences held at The Alkaff Mansion.

Where such photographs or recordings are used for marketing, social media, publicity, editorial or promotional purposes, we will do so in accordance with the PDPA and any applicable consent arrangements, including where consent is provided through event agreements, booking terms or other interactions with us.

If you do not wish to appear in photographs or video recordings used for marketing or publicity purposes, please inform our event team or contact our DPO.

17. JOB APPLICANTS

When you apply for a role with us, we may use your personal data to assess your suitability, conduct interviews, carry out reference or background checks where relevant, communicate with you during the recruitment process, and, if successful, onboard you as an employee, worker or contractor.

Where your application is unsuccessful, we will generally retain your personal data for a reasonable period, typically up to 12 months, so that we may consider you for other suitable roles, unless you ask us to delete your personal data sooner.

We do not use solely automated decision-making to make significant decisions about your application.

18. YOUR RIGHTS UNDER THE PDPA

Subject to the requirements and exceptions under the PDPA, you may have the following rights in relation to your personal data:

  • Access — to request access to the personal data we hold about you, and information about how it has been used or disclosed within the year preceding your request.
  • Correction — to request that we correct any error or omission in the personal data we hold about you.
  • Withdrawal of consent — to withdraw any consent you have given for our collection, use or disclosure of your personal data.
  • Information on purposes — to be informed of the purposes for which your personal data is collected, used or disclosed.
  • Data portability — where applicable, and once the relevant provisions under the PDPA come into force, to request that your personal data be transmitted to another organisation in a structured, commonly used and machine-readable format.

We will respond to access and correction requests within 30 days, or inform you if more time is required. We may charge a reasonable fee for access requests, in accordance with the PDPA.

To exercise any of these rights, please contact our DPO using the details set out in Section 19. We may need to verify your identity before responding to your request.

19. HOW TO CONTACT US

Questions, comments, requests and complaints relating to this Privacy Notice, or to the way in which we handle your personal data, should be addressed to our DPO:

Data Protection Officer

The Alkaff Mansion
1-Mansion Pte. Ltd.
211 Henderson Road, #04-03, Singapore 159552
Email: enquiry@thealkaffmansion.sg

20. COMPLAINTS TO THE PDPC

If you are not satisfied with the way we have handled a privacy-related concern, you have the right to lodge a complaint with the Personal Data Protection Commission, Singapore:

Website: www.pdpc.gov.sg
Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438

We would, however, appreciate the opportunity to address your concern first — please contact our DPO before approaching the PDPC.

21. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time to reflect changes in our practices, our services, or the law. When we make material changes, we will indicate this by updating the “Last updated” date at the top of this Notice and, where appropriate, by giving you additional notice (for example, by email or by a banner on our website).

Please review this Notice periodically to stay informed about how we handle your personal data.

22. GOVERNING LAW

This Privacy Notice and our handling of your personal data are governed by the laws of Singapore.

23. CONTACT US

If you have questions about this Privacy Policy, please contact us by e-mail at enquiry@thealkaffmansion.sg

10 Telok Blangah Green, Singapore 109178

+65 8126 8844

enquiry@thealkaffmansion.sg

Concepts

Wildseed Cafe

1918 Heritage Bar

UNA

Events

Weddings

Corporate Events

Services

Delivery

1-Insider

About

Getting Here

Contact

Privacy Policy

Terms & Conditions

© 2025 The Alkaff Mansion | All Rights Reserved