Your data protection rights under the General Data Protection Regulation
Puzza Acoem is committed to ensuring the protection of personal data in accordance with the General Data Protection Regulation (GDPR). Although we are based in Singapore, we respect the rights of individuals in the European Economic Area (EEA) and process their data in compliance with GDPR requirements.
Puzza Acoem acts as the data controller for personal information collected through our website and services. Our contact details are:
Puzza Acoem
391A Orchard Road, Ngee Ann City Tower A
Singapore 238873
Email: [email protected]
We process personal data under the following lawful bases:
If you are located in the EEA, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you and information about how we process it.
You have the right to request correction of inaccurate or incomplete personal data.
You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for its original purpose.
You have the right to request that we limit the processing of your personal data in certain situations.
You have the right to receive your personal data in a structured, machine-readable format and to transfer it to another controller.
You have the right to object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
Where processing is based on consent, you have the right to withdraw that consent at any time.
As we operate from Singapore, your data may be transferred to and processed in Singapore. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses approved by relevant authorities.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and enforce our agreements. Specific retention periods are outlined in our Privacy Policy.
We implement technical and organizational measures to protect personal data, including:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.
To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. There is no fee for exercising your rights, although we may charge a reasonable fee for excessive or unfounded requests.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside or work.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated effective date.