Home About Services Contact

GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR

Puzza Acoem is committed to ensuring the protection of personal data in accordance with the General Data Protection Regulation (GDPR). Although we are based in Singapore, we respect the rights of individuals in the European Economic Area (EEA) and process their data in compliance with GDPR requirements.

Data Controller

Puzza Acoem acts as the data controller for personal information collected through our website and services. Our contact details are:

Puzza Acoem
391A Orchard Road, Ngee Ann City Tower A
Singapore 238873
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases:

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format and to transfer it to another controller.

Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

International Data Transfers

As we operate from Singapore, your data may be transferred to and processed in Singapore. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses approved by relevant authorities.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and enforce our agreements. Specific retention periods are outlined in our Privacy Policy.

Data Security Measures

We implement technical and organizational measures to protect personal data, including:

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. There is no fee for exercising your rights, although we may charge a reasonable fee for excessive or unfounded requests.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside or work.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated effective date.