GDPR Compliance Statement
Last Updated: May 26, 2026
Our Commitment to Data Protection
Scott Rappr is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR), applicable data protection laws in Singapore, and international data protection standards.
This document outlines how we comply with GDPR requirements and your rights under this regulation.
Data Controller Information
Scott Rappr acts as the data controller for the personal information we collect and process. Our contact details are:
Scott Rappr
123 Robinson Road, #15-01 Robinson Tower
Singapore 068898
Email: [email protected]
Data Protection Officer: [email protected]
Legal Basis for Processing
We process your personal data only when we have a legal basis to do so. Our legal bases include:
Consent
We process certain personal data based on your explicit consent, such as:
- Marketing communications and newsletters
- Optional surveys and feedback collection
- Non-essential cookies and tracking technologies
Contractual Necessity
We process personal data necessary to fulfill our contractual obligations to you, including:
- Processing program applications and enrollments
- Delivering educational services and course materials
- Processing payments and maintaining financial records
- Providing customer support
Legitimate Interests
We process personal data when necessary for our legitimate business interests, such as:
- Improving our services and curriculum
- Website analytics and optimization
- Fraud prevention and security
- Internal administrative purposes
Legal Obligations
We process personal data to comply with legal obligations, including:
- Tax and accounting requirements
- Regulatory compliance in education sector
- Responding to legal requests and court orders
Your Rights Under GDPR
As a data subject, you have the following rights under GDPR:
Right to Access
You have the right to request access to your personal data and receive information about how we process it. We will provide you with a copy of your personal data in a commonly used electronic format.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data in certain circumstances, including:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restriction of Processing
You have the right to request restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making that produces such effects.
Right to Withdraw Consent
Where we process your personal data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us:
- Email: [email protected]
- Subject line: "GDPR Rights Request"
- Include: Your name, contact information, and specific request
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.
We may request additional information to verify your identity before processing your request.
Data Protection Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication measures
- Employee training on data protection
- Data minimization practices
- Regular backups and disaster recovery procedures
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by law.
International Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Transfers to countries with adequacy decisions
- Other legally recognized transfer mechanisms
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are based on:
- The nature and sensitivity of the data
- The purposes for which we process the data
- Legal and regulatory requirements
When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policy.
Children's Data
Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information.
Complaints
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In Singapore, you may contact:
Personal Data Protection Commission (PDPC)
Website: www.pdpc.gov.sg
For EU residents, you may contact your local data protection authority.
Updates to This Statement
We may update this GDPR compliance statement to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated statement on our website and updating the "Last Updated" date.
Contact Us
For questions about our GDPR compliance or to exercise your rights, please contact:
Data Protection Officer
Email: [email protected]
Phone: Available upon request
Address: 123 Robinson Road, #15-01 Robinson Tower, Singapore 068898