Privacy notice

The 1-Host Business Hub is an internal operational tool of 1-Group Pte Ltd, a Singapore-registered F&B hospitality group. We operate the Hub to manage the pre-conversion lead funnel for our portfolio of event venues: 1-Alfaro, 1-Altitude Coast, 1-Arden, 1-Atico, 1-Flowerhill, 1-Host, Monti, The Alkaff Mansion, The Garage, The River House, and The Summer House (collectively, “1-Group”).

Under the Personal Data Protection Act 2012 (Singapore), 1-Group is the data controller for personal data processed through the Hub. Our Data Protection Officer is Christopher Millar (contact below).

The Hub collects and processes the following categories of personal data:

From customers (event enquirers)

• Identity: name, business contact name
• Contact: email address, phone number, WhatsApp identifier
• Event details: event type, date, guest count, budget, venue preference
• Enquiry content: the substance of your enquiry across web form, email, WhatsApp, Instagram, Facebook, or in-person/phone
• Marketing attribution: referral source, UTM parameters, web pages visited (via a first-party cookie on our venue websites)
• Conversation history: the full message thread between you and our team across all channels

We do not collect NRIC numbers. We do not collect payment card details (payment is handled in Tripleseat after conversion).

From 1-Group staff

• Work email address (for authentication)
• Sign-in metadata (timestamp, IP address, user-agent)
• Performance metrics (number of leads handled, conversion rate)

• To respond to your enquiry about hosting an event at a 1-Group venue
• To convert your enquiry into a confirmed booking, including transferring the relevant context to our event-management system (Tripleseat)
• To improve our service through AI-assisted classification, summarisation, and routing of enquiries
• To measure marketing effectiveness across the channels that brought you to us
• For audit and security, including a 12-month log of sign-in events and significant actions

The Hub uses Anthropic’s Claude AI to classify, summarise, score, and draft follow-ups for customer enquiries. This means parts of your enquiry content are sent to Claude (US-based) for processing. Specifically:

• A status-classifier agent reads your enquiry and assigns a structured status
• A fit-scorer agent estimates whether the venue is a good match for your event
• A cadence-author agent drafts follow-up messages on behalf of the owner handling your enquiry
• An attribution-inferrer agent looks for clues about how you found us

Human-in-the-loop: every external-facing AI output (e.g., a drafted follow-up email) is reviewed by a 1-Group team member before any action is taken. AI is a co-pilot, not an autonomous decision-maker.

Your rights: you can request human review of any decision the Hub makes about you that was influenced by AI. Use the form at the bottom of this page (request type: Access or Correction) and we will explain the AI’s reasoning, the data it had access to, and provide a human re-review if you wish.

We have requested Anthropic’s Zero-Data-Retention configuration for our Claude API workspace, which means prompts containing your data are processed and immediately discarded by Anthropic, not stored.

• Web form submissions: express consent — you tick a box to accept the privacy notice on the form
• Email, WhatsApp, Instagram, Facebook messages to us: deemed consent by conduct (s.15(1)) — you initiated the contact for the purpose of enquiring about an event
• Walk-ins and phone calls: express consent at intake
• Conversion to a Tripleseat booking: contractual necessity — completing the booking you requested
• Marketing follow-ups beyond your immediate enquiry: separate opt-in consent

We share your data only with the following service providers, each under a written Data Processing Agreement requiring them to provide a standard of protection comparable to the PDPA:

Cross-border transfer of personal data outside Singapore is conducted in accordance with PDPA s.26 (Transfer Limitation) under contractual clauses requiring comparable protection. We do not sell, rent, or share your data with any party other than these named service providers.

• Active leads (you are in conversation with us): retained while the enquiry is open
• Lost leads (no reply / lost to competitor): 12 months after the loss is recorded
• Closed-won bookings (you attended an event with us): personal identifiers retained for 24 months post-event; financial records (booking value, deposit, invoice) retained for 5 years per the Singapore Companies Act
• AI processing logs: 12 months (for retrospective accuracy review)
• Audit logs (sign-ins, security events): 12 months minimum
• Attribution cookie (_1g_attr): 180 days, browser-side only

Automated retention jobs run weekly and enforce these periods. Anonymisation (rather than full deletion) is used where Singapore Companies Act mandates retention of financial records.

You have the right to:

• Access the personal data we hold about you
• Correct data that is wrong
• Withdraw consent to any processing you previously consented to
• Request erasure of your data (subject to legal retention requirements above)
• Receive a copy of your data in machine-readable form (data portability)
• Object to a specific use of your data, including marketing
• Lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg

We will respond to all requests within 30 days of receipt, after verifying your identity. Use the form below or email our DPO directly.

Use this form to exercise any of the rights in §8. We’ll respond within 30 days.

Christopher Millar, Data Protection Officer
Email: cjmm67@gmail.com
(Will move to dpo@1-group.sg ahead of public launch)

We may update this notice from time to time. Material changes will be communicated to you by email if we have an active relationship with you, or via a banner on the venue websites you visit. The version and effective date at the top of this notice will reflect the most recent update.