Data Protection Agreement

Last updated: September 18, 2024

1. Data Processing Principles

We follow the following data processing principles to ensure your data is fully protected:

  • Lawfulness: Process personal data based on legal grounds
  • Fairness: Process data in a fair and transparent manner
  • Purpose Limitation: Use data only for specified, legitimate purposes
  • Data Minimization: Collect only necessary data
  • Accuracy: Ensure data is accurate and up-to-date
  • Storage Limitation: Retain data only as long as necessary
  • Security: Implement appropriate technical and organizational measures

2. Legal Basis for Processing

We process personal data based on the following legal grounds:

Consent

When you explicitly consent to the processing of your personal data for specific purposes.

Contract Performance

When processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.

Legitimate Interest

When we have a legitimate interest in processing your data, such as improving our services or preventing fraud.

Legal Obligation

When processing is necessary for compliance with a legal obligation to which we are subject.

3. Data Categories We Process

We process the following categories of personal data:

Identity Data

  • • Name, title, date of birth
  • • Contact information (email, phone, address)
  • • Professional information (job title, company)

Financial Data

  • • Payment card details (encrypted)
  • • Billing and transaction history
  • • Bank account information (if applicable)

Technical Data

  • • IP address, browser type and version
  • • Device information and operating system
  • • Login data and usage patterns

Business Data

  • • Vending machine locations and status
  • • Sales and inventory data
  • • Customer preferences and behavior

4. Data Security Measures

We implement comprehensive security measures to protect your personal data:

Technical Safeguards

  • • SSL/TLS encryption for data transmission
  • • AES-256 encryption for data at rest
  • • Multi-factor authentication for access
  • • Regular security updates and patches
  • • Intrusion detection and prevention systems

Organizational Safeguards

  • • Data protection training for all staff
  • • Access controls and role-based permissions
  • • Regular security audits and assessments
  • • Incident response procedures
  • • Data breach notification protocols

Physical Safeguards

  • • Secure data centers with 24/7 monitoring
  • • Biometric access controls
  • • Environmental controls (temperature, humidity)
  • • Backup and disaster recovery systems
  • • Secure disposal of physical media

5. Data Subject Rights

Under applicable data protection laws, you have the following rights:

Right of Access

You can request information about what personal data we hold about you and how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request limitation of processing in certain circumstances.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this agreement:

Retention Schedule:

  • • Account data: Until account closure + 1 year
  • • Financial data: 7 years (legal requirement)
  • • Marketing data: Until consent withdrawal + 1 year
  • • Technical data: 2 years from collection
  • • Business data: 3 years from last activity

7. International Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with data processors
  • Adequacy decisions by relevant data protection authorities
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • • Notify the relevant supervisory authority within 72 hours
  • • Inform affected individuals without undue delay
  • • Provide details of the breach and measures taken
  • • Offer guidance on protective actions you can take

9. Contact Information

For any data protection inquiries or to exercise your rights, please contact us:

Data Protection Officer: dpo@point-insight.com

General Inquiries: privacy@point-insight.com

Phone: +65-1234-5678

Address: POINT INSIGHT INNOVATION PRIVATE LIMITED, Singapore

Response Time: We will respond to your request within 30 days