Privacy Policy, Governuity
Legal

Privacy Policy

Last updated: April 2026

Governuity is the personal brand of Johan Grundlingh, operated under Carrots Consulting Pte Ltd, a company registered in Singapore. This policy explains what personal information we collect on governuity.com, why we collect it, and what we do with it.

This policy is written to comply with Singapore's Personal Data Protection Act (PDPA) and, where relevant, the EU General Data Protection Regulation (GDPR).

1. What we collect

We collect information you provide directly and information gathered automatically when you use this site.

  • Information you give us: name, email, company, job title, and any details you share in diagnostic request forms or direct enquiries.
  • Information collected automatically: IP address, browser type, device type, pages visited, and referral source.
  • Cookies: see the Cookie Policy.

2. Why we collect it

  • To respond to free 3DS diagnostic requests and deliver the one-page report
  • To route enquiries to the right firm in the CarrotsAlign ecosystem if delivery work is needed
  • To send occasional essays, commentary, or governance updates if you opted in
  • To improve the site and understand how visitors use it
  • To meet legal, accounting, and regulatory obligations in Singapore

3. Who we share it with

We never sell your data. We share personal information only with:

  • The firms in the CarrotsAlign ecosystem (Carrots Consulting, AlignSMA, TalentOwl) when routing an enquiry to the right specialist
  • Service providers we use to run the site (email, analytics, hosting)
  • Professional advisors where necessary
  • Government authorities where required by Singapore law

4. How long we keep it

Personal information is kept only as long as we need it, or as long as we are required to by law. Diagnostic request records are kept for 3 years. Client engagement records are kept for 7 years for tax and professional liability reasons.

5. Your rights

Under Singapore PDPA and GDPR, you have the right to:

  • Access the personal information we hold about you
  • Correct information that is inaccurate or incomplete
  • Withdraw consent we relied on to process your information
  • Ask us to delete your information (subject to legal retention)
  • Complain to the Personal Data Protection Commission of Singapore

6. Security

We use reasonable administrative, technical, and physical safeguards to protect personal information. No system is completely secure. If we become aware of a breach that affects you, we will notify you promptly as required by law.

7. International transfers

Our primary operations are in Singapore. Some service providers may store data in other countries. Where we transfer personal information outside Singapore, we take steps to ensure an equivalent level of protection.

8. Contact us

Questions or rights requests: [email protected]

9. Changes

We may update this policy from time to time. The date at the top of the page tells you when it was last changed.