GDPR Compliant

GDPR Compliance

Our commitment to protecting your personal data under the General Data Protection Regulation.

Last updated: Effective January 2026

Quick Navigation

Our Commitment Data Controller Legal Basis Your Rights Data Transfers Contact DPO

1 Our Commitment to GDPR

Infodeck Pte Ltd ("Infodeck", "we", "us", "our") is committed to protecting and respecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Privacy by Design

Data protection is built into our products and processes from the start.

Data Minimization

We only collect data that is necessary for the purposes specified.

Prompt Response

Data subject requests are processed within 30 days.

Transparency

Clear documentation of all data processing activities.

2 Data Controller Information

Infodeck Pte Ltd acts as the Data Controller for personal data collected through our website and services.

Registered Address:

68 Circular Road, #02-01
Singapore 049422

Data Protection Officer:

dpo@infodeck.io

When Infodeck processes data on behalf of our customers (e.g., maintenance data entered into the platform), we act as a Data Processor. Our customers remain the Data Controllers for their organizational data.

3 Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. The legal bases we rely on include:

Consent

You have given clear consent for us to process your personal data for a specific purpose.

Examples: Marketing communications, newsletter subscriptions, optional analytics

Contract

Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Examples: Account creation, service delivery, billing, customer support

Legal Obligation

Processing is necessary for us to comply with the law.

Examples: Tax records, fraud prevention, compliance reporting

Legitimate Interests

Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless your rights override those interests.

Examples: Security monitoring, product improvement, analytics (with opt-out)

4 Your Rights Under GDPR

As a data subject in the EU/EEA or UK, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you, how it's being used, and who it's shared with.

Right to Rectification

You can request correction of inaccurate personal data or completion of incomplete data we hold about you.

Right to Erasure

Also known as the 'right to be forgotten' - you can request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your data while concerns about accuracy or legality are being resolved.

Right to Data Portability

You can request your data in a structured, commonly used format and transfer it to another controller.

Right to Object

You can object to processing of your data for direct marketing or based on legitimate interests at any time.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting lawful processing done prior.

Right to Lodge a Complaint

You have the right to complain to a supervisory authority if you believe your data protection rights have been violated.

How to exercise your rights: Contact our DPO at dpo@infodeck.io. We will respond within 30 days. In complex cases, we may extend this by two months, but will inform you within the initial 30-day period.

5 International Data Transfers

As Infodeck is based in Singapore, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). These transfers are necessary to provide our services.

Transfer Destinations

Data may be transferred to: Singapore, Japan (AWS Tokyo), and Australia (AWS Sydney). These locations host our cloud infrastructure.

Safeguards We Use:

Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our data processors
Data Processing Agreements: Binding contracts with all sub-processors
Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Vendor Assessment: Security review of all third-party processors

6 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

1 Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
2 Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
3 Document all breaches, including facts, effects, and remedial actions taken

7 Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority.

UK Residents

Information Commissioner's Office (ICO)

www.ico.org.uk →

EU Residents

Your local Data Protection Authority

Find your DPA →

Contact Our Data Protection Officer

For any questions about this GDPR compliance page or to exercise your data protection rights: