Scope

This policy covers personal data we handle through the site, forms, and chat widgets, sales and support by email or phone, webinars and events, and recruitment if you apply for a role with us. If a product or service has its own privacy terms, those terms apply in addition to this policy.

Key terms

Personal data means data that can identify you or relates to an identifiable person.

Data intermediaries are vendors that process personal data for us under written contracts.

What we collect

The personal data we collect depends on how you interact with us. It may include:

  • Identification and contact data, for example name, business email, phone, company, job title
  • Marketing preferences and event registrations
  • Support and sales records, for example messages and meeting notes
  • Technical and usage data, for example IP address, browser type, pages viewed, timestamps, referral source, cookies and similar identifiers
  • Hiring data if you apply, for example CV, portfolio, interview notes

We do not collect NRIC or FIN unless required by law or strictly necessary to accurately verify identity. We do not use NRIC or FIN for authentication.

Why we use personal data

We use personal data for these purposes:

  • Provide and operate the site and our services
  • Respond to enquiries, demos, and support requests
  • Manage customer accounts, proposals, and contracts
  • Improve the site, products, and user experience, including analytics and security
  • Send service messages, for example updates and notices
  • Send marketing with your consent or as allowed by PDPA, with opt out at any time
  • Plan and run events and webinars
  • Recruit and evaluate candidates

We rely on consent, deemed consent, and other PDPA bases such as legitimate interests with appropriate safeguards. You can withdraw consent at any time using the instructions below.

Cookies and analytics

We use cookies and similar technologies to make the site work, remember preferences, measure traffic and performance, and help us improve content and detect abuse.

You can control non-essential cookies through the Cookie Settings link on our site or through your browser settings. Blocking some cookies may affect features. We may use analytics services and ad platforms that set their own cookies. Review their policies for details.

Marketing and the Do Not Call Registry

If we send marketing by call, SMS, or fax to Singapore numbers, we will check the relevant Do Not Call Registers or rely on clear and unambiguous consent in evidential form. You can opt out of marketing emails by using the unsubscribe link or by contacting our Data Protection Officer.

Disclosing personal data

We disclose personal data only as needed for the purposes above, for example to hosting, cloud, analytics, email, and customer support providers, payment and accounting providers, marketing and event partners, security providers, professional advisers and auditors, and authorities where required by law. Vendors act as data intermediaries under written contracts and must protect personal data and use it only for our instructions. We do not sell personal data.

Overseas transfers

If personal data is transferred outside Singapore, we will ensure the recipient provides a standard of protection comparable to that required under the PDPA. We use safeguards such as contractual clauses and vendor assessments. Typical processing locations include data center regions operated by our cloud and email providers.

Retention

We retain personal data only as long as needed for business or legal purposes, then delete or anonymize it.

General guide:

  • Sales, support, and account records, up to 7 years from last interaction
  • Marketing preferences, until you opt out or the data is no longer needed
  • Recruitment data, up to 2 years from application unless you consent to a longer talent pool period

Protection

We use reasonable administrative, technical, and physical safeguards, including access controls, need-to-know restrictions, encryption in transit and at rest where appropriate, secure software development practices, vendor reviews, and staff training. No method of transmission or storage is perfectly secure, but we work to prevent unauthorised access, use, or disclosure.

Your rights and choices

Subject to exceptions under the PDPA, you may request access to your personal data, request correction of inaccurate personal data, withdraw consent, and opt out of marketing communications at any time.

To exercise your rights, contact our Data Protection Officer. We will respond within a reasonable time. We may need to verify your identity and may charge a reasonable fee for access requests as allowed by law.

Data breach notification

We assess suspected data incidents and will notify the Personal Data Protection Commission without undue delay and no later than 3 calendar days after assessment if a breach is notifiable under the PDPA. We will notify affected individuals as soon as practicable where required.

Children

Our site and services are intended for business users. We do not knowingly collect personal data from children. If you believe a child gave us personal data, contact our Data Protection Officer so we can delete it.

Third party links

The site may link to third party sites or services. Their privacy practices are their own. Review their policies before providing personal data.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will post a notice on the site. The updated policy takes effect when posted unless stated otherwise.

Contact our Data Protection Officer

If you have questions, requests, or complaints about personal data, please contact our DPO:

Email: dpo@gyreon.com

Please mark “Attention: DPO” and send to our registered address listed on the site.

We aim to resolve complaints quickly. If you are not satisfied, you may contact the Personal Data Protection Commission of Singapore.

Last updated: