S H Λ N Club Logo
Sign In
Legal Framework

Privacy Policy

SHAN Club is committed to protecting your personal data and privacy. This Privacy Policy describes how we collect, use, process, and disclose your personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA), the General Data Protection Regulation (GDPR), and other applicable global privacy regulations.

Version V.2026.03Effective: July 18, 2026

Section 1: Introduction and Scope

SHAN Holdings (together with its affiliates, "we", "us", or "our") operates the SHAN Club membership platform, including shan.club (the "Portal"), our mobile applications, and our concierge services (collectively, "Services"). We respect the privacy of our Members and visitors ("you" or "Data Subject") and are dedicated to maintaining the absolute confidentiality of the personal data you entrust to us.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you apply for membership, log in to our Portal, utilize our Services, or interact with our Concierge team. By using our Services, you consent to the practices described in this Privacy Policy.

Section 2: Personal Data We Collect

We collect personal data that identifies you or can be used to identify you. The categories of personal data we collect include:

  1. Identity Data: Full name, username or member ID, passport number, passport expiration date, nationality, gender, date of birth, and photos (where required for identification).
  2. Contact Data: Email address, billing address, home address, phone number, and social media/messenger handles (e.g., Telegram details for AI Copilot integrations).
  3. Financial Data: Bank account details, payment card information (though processed securely via vetted PCI-DSS compliant gateways), and billing histories.
  4. Technical Data: IP address, login credentials (passwords, OIDC tokens), browser type and version, time zone setting, location data, operating system, and device identifiers.
  5. Profile Data: Membership tier (Voyager, Prestige, Sovereign), interests, preferences (including dietary requirements, allergy information, room type selections, pillow preferences), feedback, and survey responses.
  6. Usage Data: Information about how you interact with our Portal, experiences search queries, and utilize our concierge desk.
  7. Special Category Data: For certain bespoke travel itineraries, we may collect details relating to health requirements (e.g., physical accessibility constraints) or religious dietary restrictions. We process this data strictly with your explicit consent.

Section 3: Methods of Data Collection

We collect your personal data through different methods, including:

  • Direct Interactions: You provide us with your Identity, Contact, and Financial data by filling in registration forms, applying for membership, booking experiences, participating in message threads, or communicating with the SHAN Concierge by email, phone, or chat.
  • Automated Technologies: As you interact with our Portal, we automatically collect Technical and Usage data through session states, server logs, and functional cookie protocols.
  • Third Parties and Suppliers: We may receive personal data about you from independent luxury travel providers, airlines, hotels, or corporate sponsors who facilitate your membership or travel arrangements.

Section 4: Purposes and Legal Bases for Processing Data

Under the Singapore Personal Data Protection Act (PDPA) and GDPR, we must have a legal basis to process your personal data. We utilize your data for the following purposes and legal bases:

Purpose / ActivityType of DataLegal Basis for Processing (under GDPR / PDPA)
To register you as a new MemberIdentity, ContactExecution of a contract
To verify your identity via secure credentialsIdentity, Contact, TechnicalExecution of a contract / Legitimate Interests
To curate, book, and process luxury itinerariesIdentity, Contact, Financial, ProfileExecution of a contract
To manage payments, billing, and settlementsIdentity, Contact, FinancialExecution of a contract
To operate, secure, and optimize our PortalTechnical, UsageLegitimate Interests (system administration, security)
To handle inquiries, feedback, and customer supportIdentity, Contact, Profile, UsageExecution of a contract / Legitimate Interests
To comply with legal and regulatory obligationsIdentity, Contact, FinancialCompliance with legal obligations

Section 5: Disclosures of Your Personal Data

To deliver bespoke travel and concierge experiences, we may share your personal data with:

  1. Service Providers and Suppliers: Luxury hotels, private villa estates, yacht charter companies, airlines, destination management companies, and local guides who perform services required to fulfill your booking.
  2. Third-Party Contractors: IT hosting partners, secure database services, payment gateways, and communications software platforms.
  3. Professional Advisors: Bankers, lawyers, auditors, and insurers located in Singapore and other operating jurisdictions.
  4. Law Enforcement and Regulators: Government authorities, tax offices, and security services where required by law or in defense of legal claims.

We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own marketing purposes.

Section 6: Cross-Border Data Transfers

As a global private club, the execution of your travel itineraries will frequently require transferring your personal data outside of Singapore or the European Economic Area (EEA), to the locations of your selected destinations and accommodation partners.

When we transfer your personal data across borders, we ensure a similar degree of protection is afforded to it. In accordance with the PDPA and GDPR, we ensure that transfer mechanisms are secured by standard contractual clauses, binding corporate rules, or that the country has been deemed to provide an adequate level of data protection.

Section 7: Data Security Measures

We have implemented robust administrative, technical, and physical security measures designed to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized manner:

  • Encryption: All data in transit is encrypted using Secure Socket Layer (SSL/TLS) protocols. Data at rest is secured via advanced cryptographic standards.
  • Access Control: Access to your personal data is strictly limited to employees, concierge agents, and contractors who have a legitimate business need to know. They operate under strict confidentiality obligations.
  • Security Audits: We perform regular security reviews and penetration testing to identify vulnerabilities and harden our systems against intrusion.

Section 8: Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements. Upon expiration of the retention period, your personal data will be permanently deleted, anonymized, or securely destroyed.

Section 9: Your Legal Rights

Under applicable data protection laws, you possess the following rights regarding your personal data:

  • Right of Access: You can request details of the personal data we hold about you and receive a copy of that data.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data under certain conditions.
  • Right to Restrict Processing: You can ask us to suspend processing your personal data.
  • Right to Data Portability: You can request the transfer of your data to another organization in a structured, machine-readable format.
  • Right to Withdraw Consent: Where we rely on your consent to process your data, you can withdraw your consent at any time.

To exercise any of these rights, please contact our Data Protection Officer (DPO) at [email protected]. We will respond to your request within thirty (30) days.

Section 10: Data Protection Officer (DPO) and Contact Details

If you have any questions about this Privacy Policy or our privacy practices, please contact our DPO:

SHAN Holdings Attn: Data Protection Officer Email: [email protected] Portal: shan.club (Member Inquiry Desk)

Note: In alignment with our commitment to member privacy and security, physical addresses and local telephone hotlines are reserved exclusively for registered members and are accessible via the secure member dashboard or by contacting the Concierge directly.

Agreement