GDPR Compliance Statement

Last Updated: May 26, 2026

Our Commitment to Data Protection

Scott Rappr is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR), applicable data protection laws in Singapore, and international data protection standards.

This document outlines how we comply with GDPR requirements and your rights under this regulation.

Data Controller Information

Scott Rappr acts as the data controller for the personal information we collect and process. Our contact details are:

Scott Rappr
123 Robinson Road, #15-01 Robinson Tower
Singapore 068898
Email: [email protected]
Data Protection Officer: [email protected]

Legal Basis for Processing

We process your personal data only when we have a legal basis to do so. Our legal bases include:

Consent

We process certain personal data based on your explicit consent, such as:

Contractual Necessity

We process personal data necessary to fulfill our contractual obligations to you, including:

Legitimate Interests

We process personal data when necessary for our legitimate business interests, such as:

Legal Obligations

We process personal data to comply with legal obligations, including:

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

Right to Access

You have the right to request access to your personal data and receive information about how we process it. We will provide you with a copy of your personal data in a commonly used electronic format.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, including:

Right to Restriction of Processing

You have the right to request restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making that produces such effects.

Right to Withdraw Consent

Where we process your personal data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

We may request additional information to verify your identity before processing your request.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by law.

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are based on:

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policy.

Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In Singapore, you may contact:

Personal Data Protection Commission (PDPC)
Website: www.pdpc.gov.sg

For EU residents, you may contact your local data protection authority.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated statement on our website and updating the "Last Updated" date.

Contact Us

For questions about our GDPR compliance or to exercise your rights, please contact:

Data Protection Officer
Email: [email protected]
Phone: Available upon request
Address: 123 Robinson Road, #15-01 Robinson Tower, Singapore 068898