Work CASCADE

Privacy Policy

This Privacy Policy applies to the design portfolio and consultancy practice of CASCADE, a design and data visualisation studio with presence in Singapore, New York, and Milan. It governs how personal data is collected, used, disclosed, and protected in connection with this website and any professional services rendered under the CASCADE brand.

This policy is drafted in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore, the EU General Data Protection Regulation (GDPR) and the Italian Personal Data Protection Code (Legislative Decree 196/2003), and the New York SHIELD Act, which together set out the baseline obligations for the collection, use, and disclosure of personal data by organisations and individuals operating in a professional capacity across these jurisdictions.

Scope

This policy applies to all visitors of this website and any individuals or organisations who engage CASCADE for professional services, including but not limited to graphic design, spatial and industrial design, data visualisation consultancy, and related creative work.

By accessing this site or initiating a professional engagement, you acknowledge that you have read and understood this policy.

What Personal Data We Collect

Personal data refers to data — whether true or not — about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access. This may include, but is not limited to:

  • Your name and job title
  • Contact information including email address
  • Company or organisation name
  • Project briefs, reference materials, and assets shared during a consultancy engagement
  • Communications sent via email or other channels

This website does not deploy cookies, tracking pixels, or third-party analytics that collect personal data passively. No account creation is required to browse the portfolio.

Purpose of Collection

In line with the purpose limitation principles of the PDPA, GDPR, and the New York SHIELD Act, personal data collected is used only for the purposes for which it was provided, which include:

  • Responding to enquiries or requests for proposal
  • Scoping, executing, and delivering design or consultancy projects
  • Issuing invoices or project documentation
  • Following up on completed work where agreed

Your personal data will not be used for unsolicited marketing, profiling, or any purpose beyond what was reasonably communicated at the time of collection.

Disclosure of Personal Data

CASCADE does not sell, rent, or trade your personal data to any third party. Data may only be shared in the following limited circumstances:

  • With your explicit written consent
  • Where required by law, regulation, or a court order in Singapore, the European Union (including Italy), the United States (including New York), or any other applicable jurisdiction
  • With trusted collaborators or sub-contractors directly involved in delivering your project, bound by equivalent confidentiality obligations

Any third party engaged in the delivery of services will handle your data in accordance with the PDPA, GDPR, and New York SHIELD Act, and will not use it for any other purpose.

Client Engagements and Confidentiality

All materials shared in the course of a consultancy engagement — including briefs, datasets, brand assets, business strategies, and internal communications — are treated as strictly confidential. This obligation persists beyond the conclusion of the engagement unless the information enters the public domain through no breach on our part.

Portfolio case studies, project writeups, or visual documentation derived from client work will only be published publicly with the client's prior written permission. Clients may request anonymisation or omission from the portfolio at any time.

Retention of Data

In accordance with the retention limitation principles of the PDPA, GDPR, and New York SHIELD Act, personal data will not be retained longer than is necessary for the fulfilment of the purpose for which it was collected. Upon completion of a project, data will be securely deleted or returned to the client within a reasonable period, unless a longer retention period is required by law or mutually agreed in writing.

Access and Correction

Under the PDPA, GDPR, and New York SHIELD Act, you have the right to request access to personal data held about you, and to request corrections (or, where applicable under the GDPR, erasure, restriction, portability, or objection) where the data is inaccurate, incomplete, or misleading. Such requests can be directed to hello@cascade-sg.com. We will respond within a reasonable timeframe and in compliance with applicable obligations under these laws.

Note that there may be circumstances under which we are unable to fulfil an access or correction request, for instance where it would unreasonably affect the privacy of another individual, or where the request is frivolous or vexatious.

Data Security

Reasonable technical and organisational measures are in place to protect personal data against unauthorised access, disclosure, modification, or loss. These include the use of encrypted communication channels and restricted access to project files.

However, no method of transmission over the internet is entirely secure. While every effort is made to protect your data, absolute security cannot be guaranteed. In the event of a data breach that is likely to result in significant harm, affected parties and, where required, the relevant supervisory authorities will be notified in accordance with the mandatory data breach notification requirements of the PDPA, GDPR, and New York SHIELD Act.

External Links

This portfolio contains links to external projects, live interactive visualisations, and third-party platforms hosted outside this domain. These sites are governed by their own privacy policies, which may differ from ours. CASCADE is not responsible for the content, accuracy, or data practices of any linked external site, and encourages you to review the privacy policies of any third-party site you visit.

Marketing and Do Not Call Preferences

CASCADE respects Singapore's Do Not Call (DNC) Registry, the United States' Federal and New York State Do Not Call Registries, and the marketing and consent requirements of the GDPR. No unsolicited marketing messages will be sent to telephone numbers registered on any applicable registry, or to recipients in the EU/EEA without a lawful basis under the GDPR. If you have provided your contact number as part of a business enquiry, it will be used solely in connection with that engagement.

Changes to This Policy

This Privacy Policy may be revised from time to time to reflect changes in our practices, applicable legislation (including updates to the PDPA, GDPR, and New York SHIELD Act), or industry standards. The current version will always be available at this page. Continued use of this website or engagement of our services following any update constitutes acceptance of the revised policy.

Contact and Feedback

If you have any questions, concerns, or feedback regarding this Privacy Policy, or wish to exercise your rights under the PDPA, GDPR, or New York SHIELD Act, please contact us at:

CASCADE
hello@cascade-sg.com

We take all privacy-related feedback seriously and will endeavour to respond within 10 business days.

Back to Top