Personal Data
Protection Notice

Introduction

CyberG7 Technologies Pte Ltd ("CyberG7", "we", "us", or "our") is committed to protecting the personal data of our clients, partners, website visitors, and other individuals whose personal data we may collect and process. We recognise the importance of the personal data you have entrusted to us and we take our responsibilities under Singapore's Personal Data Protection Act 2012 (No. 26 of 2012) ("PDPA") seriously.

This Personal Data Protection Notice ("Notice") sets out the basis on which we collect, use, disclose, and otherwise process personal data in accordance with the PDPA. This Notice applies to personal data in our possession or under our control, including personal data held by organisations that we have engaged to collect, use, disclose, or process personal data on our behalf.

Data Protection Officer

We have appointed a Data Protection Officer ("DPO") to oversee our compliance with the PDPA. If you have any questions, concerns, or feedback regarding our data protection policies and procedures, or if you wish to make any request relating to your personal data, please contact our DPO at:

Data Protection Officer
CyberG7 Technologies Pte Ltd
Email: [email protected]

Personal Data We Collect

We may collect the following categories of personal data from you, depending on the nature of your interaction with us:

Contact Details

• Full name
• Email address
• Telephone or mobile number
• Mailing or business address

Business Information

• Company or business name
• Unique Entity Number (UEN)
• Industry or business sector
• Job title or designation
• Business registration details

Website Usage Data

• IP address (anonymised where possible)
• Browser type and version
• Device information and operating system
• Pages visited, time spent on pages, and navigation patterns
• Referring website or source

Communication Records

• Correspondence via email, contact forms, or messaging platforms
• Records of enquiries, service requests, or feedback
• Meeting notes and project-related communication

Purposes for Collection, Use and Disclosure

We collect, use, and may disclose your personal data for the following purposes:

Providing Website Design Services

To deliver, manage, and support the website design and development services you have engaged us for. This includes understanding your business requirements, developing your website, conducting quality assurance, and delivering the completed project.

Communicating About Projects

To communicate with you regarding project progress, design approvals, revision requests, technical matters, delivery timelines, and any other matters related to the services we provide to you.

Processing Payments

To process payments for our services, issue invoices and receipts, manage billing enquiries, and maintain financial records as required by law.

Improving Our Services

To analyse website usage patterns, gather feedback, conduct internal research, and improve the quality of our website, services, and customer experience. Data used for this purpose is aggregated and anonymised wherever possible.

Compliance with Laws

To comply with applicable laws, regulations, codes of practice, guidelines, directives, or rules issued by any legal or regulatory authority, including but not limited to the Inland Revenue Authority of Singapore (IRAS), Accounting and Corporate Regulatory Authority (ACRA), and the Personal Data Protection Commission (PDPC).

Consent

How We Obtain Consent

We obtain your consent before collecting, using, or disclosing your personal data for the purposes described in this Notice. Consent may be obtained expressly (such as through a written or electronic form) or through your voluntary provision of personal data for a clearly stated purpose.

Deemed Consent

In certain circumstances, your consent may be deemed in accordance with the PDPA. For example, if you voluntarily provide your personal data to us for a specific purpose (such as submitting an enquiry form on our website), you are deemed to have consented to our collection, use, and disclosure of that personal data for that purpose and any reasonably related purposes.

Withdrawal of Consent

You may withdraw your consent for the collection, use, or disclosure of your personal data at any time by contacting our Data Protection Officer at [email protected]. We will process your request within a reasonable time and inform you of the likely consequences of your withdrawal, which may include our inability to continue providing certain services to you. Please note that withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal.

Access and Correction

Right to Access

You have the right to request access to the personal data we hold about you and to obtain information about the ways in which your personal data has been or may have been used or disclosed within the past year. We will respond to your request within 30 days of receiving it, or such other period as permitted by the PDPA.

Right to Correction

You have the right to request that we correct any error or omission in your personal data that is in our possession or under our control. We will correct your personal data as soon as practicable and, where necessary, send the corrected data to every other organisation to which the data was disclosed within the past year, unless that organisation does not need the corrected data for any legal or business purpose.

Process for Requests

To make an access or correction request, please contact our Data Protection Officer at [email protected] with the following information:

• Your full name and contact details
• A clear description of the personal data you wish to access or correct
• The purpose of your request
• Any supporting documentation (if applicable)

We may need to verify your identity before processing your request. A reasonable fee may be charged for providing access to personal data, in accordance with the PDPA.

Protection of Personal Data

We take the protection of your personal data seriously and have implemented reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks. Our security measures include:

• Access Controls: We restrict access to personal data to authorised personnel who have a legitimate business need to access such data. Staff are required to observe confidentiality obligations.
• Encryption: We use industry-standard encryption protocols (including SSL/TLS) to protect personal data transmitted over the internet and stored on our systems.
• Secure Storage: Personal data is stored on secure servers with appropriate physical and electronic safeguards, including firewalls, intrusion detection systems, and regular security audits.
• Regular Reviews: We regularly review and update our security policies and practices to ensure they remain adequate and effective against evolving threats.
• Third-Party Security: We ensure that any third-party service providers who process personal data on our behalf maintain adequate security standards consistent with the PDPA.

Retention of Personal Data

We retain your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations. Once the retention period has expired or the personal data is no longer needed, we will dispose of it in a secure manner.

As a general guide:

• Client project data is retained for a period of five (5) years from the completion of the project, after which it is securely deleted or anonymised.
• Financial and billing records are retained for a period of five (5) years in accordance with IRAS requirements.
• Enquiry and communication records are retained for two (2) years from the date of the last communication, unless a longer retention period is required for legal or business purposes.
• Website usage data collected through analytics cookies is retained in accordance with the settings of our analytics tools (typically up to 26 months), after which it is automatically deleted.

Disposal of personal data is carried out through secure deletion, shredding, or anonymisation, as appropriate to the format of the data.

Transfer of Personal Data

CyberG7 Technologies primarily processes personal data within Singapore. However, in certain circumstances, personal data may be transferred to and processed in jurisdictions outside of Singapore. This may occur when we use cloud-based services or third-party providers whose servers are located overseas.

Where personal data is transferred outside of Singapore, we will ensure that the receiving organisation provides a standard of protection to the personal data that is comparable to the protection under the PDPA, through contractual arrangements, compliance with binding corporate rules, or other mechanisms recognised under the PDPA.

Currently, the primary overseas transfer involves analytical data processed by Google Analytics, which may be stored on Google's servers located in various jurisdictions. Google has committed to appropriate safeguards for such transfers under its data processing terms.

Data Breach Management

CyberG7 Technologies has implemented a data breach management plan to address personal data breaches promptly and effectively. In the event of a data breach that is likely to result in significant harm to individuals or is of a significant scale, we will:

1. Contain the breach: Take immediate steps to contain the breach and prevent further unauthorised access, use, or disclosure of personal data.
2. Assess the breach: Conduct an assessment of the breach to determine the nature, extent, and likely impact of the breach on affected individuals.
3. Notify the PDPC: Notify the Personal Data Protection Commission as soon as practicable, and in any case no later than three (3) calendar days after making a preliminary assessment that a notifiable data breach has occurred, as required under the PDPA.
4. Notify affected individuals: Notify the affected individuals as soon as practicable if the breach is likely to result in significant harm to them, providing information about the nature of the breach, the data involved, and the steps they can take to protect themselves.
5. Remediate: Take appropriate steps to remediate the breach, prevent recurrence, and mitigate any harm to affected individuals.

Your Rights Under the PDPA

As an individual whose personal data we process, you have the following rights under the PDPA:

Right to Access

You have the right to request and obtain information about the personal data we hold about you and how it has been used or disclosed within the past year.

Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal data in our possession or under our control.

Right to Withdrawal of Consent

You have the right to withdraw your consent for the collection, use, or disclosure of your personal data at any time, subject to legal or contractual restrictions and reasonable notice.

Right to Data Portability

Under the data portability provisions of the PDPA (where applicable), you may have the right to request that we transmit your personal data that we hold to another organisation in a commonly used machine-readable format. This right is subject to the conditions and exceptions set out in the PDPA and any applicable regulations.

How to Contact Us

If you have any questions, concerns, or requests regarding this Notice or the handling of your personal data, please contact us through the following channels:

Data Protection Officer
CyberG7 Technologies Pte Ltd
Email: [email protected]

We aim to respond to all enquiries and requests within 30 business days.

Complaints to the PDPC

If you are not satisfied with our response or believe that we are not complying with the PDPA, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC). Complaints can be submitted through the following channels:

• Website: www.pdpc.gov.sg
• Email: [email protected]

We encourage you to contact our DPO first so that we may have the opportunity to address your concerns before you approach the PDPC.

Updates to This Notice

We may revise this Notice from time to time to reflect changes in our data protection practices, operational requirements, or amendments to the PDPA. When we make material changes to this Notice, we will update the "Last updated" date at the top of this page and may provide additional notice through our website.

We encourage you to review this Notice periodically to stay informed about how we protect your personal data. Your continued use of our website and services after any changes to this Notice constitutes your acknowledgement of the updated terms.