NexChat

Privacy Policy

GDPR & Singapore PDPA Compliant Data Protection Policy

Effective Date: September 1, 2025

Last Updated: September 1, 2025

📋 Compliance Statement

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and Singapore's Personal Data Protection Act (PDPA). We are committed to protecting your personal data and respecting your privacy rights.

1. Data Controller Information

Company Name: NexChat Technology Pte. Ltd.

Registered Address: Singapore

Data Protection Officer (DPO): [email protected]

General Inquiries: [email protected]

Customer Support: [email protected]

Contact Email: [email protected]

Phone: +65 67331539

2. Data We Collect

2.1 Account Information

  • Name and username
  • Email address
  • Phone number
  • Company name and position
  • Billing address

2.2 Usage Data

  • IP address and device information
  • Browser type and version
  • Access time and date
  • Page viewing history
  • Service usage statistics

2.3 Communication Data

  • Customer service conversation records
  • Customer contact information
  • Support tickets and feedback

2.4 Payment Information

  • Transaction records
  • Invoice information
  • Payment method (we do not store full payment card information)

3. Legal Basis for Data Collection

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing your orders, providing services, managing accounts
  • Legitimate Interests: Improving services, preventing fraud, ensuring security
  • Legal Obligations: Complying with legal requirements, tax and accounting obligations
  • Consent: Sending marketing communications (you may withdraw consent at any time)
  • Vital Interests: Protecting your life or that of others in emergency situations

4. Purpose of Data Use

We use your data only for the following purposes:

  • Providing and maintaining our services
  • Processing transactions and billing
  • Providing customer support
  • Sending service notifications and updates
  • Improving product and service quality
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations
  • Marketing activities with your consent

5. Your Data Rights

Under GDPR and PDPA, you have the following rights:

📌 Right to Access

Obtain a copy of the personal data we hold about you

✏️ Right to Rectification

Request correction of inaccurate or incomplete data

🗑️ Right to Erasure (Right to be Forgotten)

Request deletion of your personal data in certain circumstances

⏸️ Right to Restriction of Processing

Request restriction of processing of your data

📦 Right to Data Portability

Receive your data in a structured, commonly used format

🚫 Right to Object

Object to data processing based on legitimate interests

🤖 Right to Refuse Automated Decision-Making

Not be subject to decisions based solely on automated processing

↩️ Right to Withdraw Consent

Withdraw previously given consent at any time

To exercise these rights, please contact our Data Protection Officer: [email protected]

6. Data Sharing and Disclosure

We share your data only in the following circumstances:

  • Service Providers: Trusted third parties that help us provide services (e.g., cloud storage, payment processing)
  • Legal Requirements: In response to court orders, legal processes, or government requests
  • Business Transfers: In case of merger, acquisition, or sale of assets
  • Your Consent: With your explicit consent

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. International Data Transfers

7.1 Your data may be transferred and stored in Singapore and other countries providing cloud services.

7.2 For data transferred from the European Economic Area (EEA), we ensure:

  • The receiving country has an adequacy decision
  • Implementation of Standard Contractual Clauses (SCCs)
  • Adoption of other appropriate safeguards

7.3 All data transfers are conducted through encrypted channels to ensure transmission security.

8. Data Security Measures

We implement comprehensive technical and organizational measures to protect your data:

🔒 Technical Measures

  • • AES-256 end-to-end encryption
  • • SSL/TLS encrypted transmission
  • • Firewalls and intrusion detection
  • • Regular security audits
  • • Multi-factor authentication

🏢 Organizational Measures

  • • Employee confidentiality agreements
  • • Regular security training
  • • Access control and permission management
  • • Data processing records
  • • Incident response plan

9. Data Retention Period

We retain your data according to the following principles:

  • Active Accounts: Retained while you use the service
  • After Account Closure: Retained for 30 days for recovery, then deleted
  • Legal Requirements: Retained as required by applicable law (e.g., tax records for 7 years)
  • Anonymized Data: May be retained indefinitely for analytics
  • Backups: Data in backups retained for up to 90 days

10. Cookies and Tracking Technologies

10.1 We use the following types of cookies:

  • Essential Cookies: Required for website functionality
  • Functional Cookies: Remember your preferences
  • Analytics Cookies: Understand website usage (optional)
  • Marketing Cookies: Personalized advertising (requires consent)

10.2 You can manage cookie preferences through browser settings. Disabling cookies may affect certain features.

11. Children's Privacy Protection

11.1 Our services are not directed to children under 16.

11.2 We do not knowingly collect personal information from children under 16.

11.3 If we discover we have inadvertently collected children's information, we will delete it immediately.

11.4 If you believe we may have information about a child, please contact us immediately.

12. Third-Party Websites and Services

12.1 Our services may contain links to third-party websites or services.

12.2 We are not responsible for the privacy practices of third parties.

12.3 We recommend reviewing the privacy policies of any third-party websites you visit.

13. Data Breach Response

In the event of a data breach:

  • We will notify relevant regulatory authorities within 72 hours
  • If the breach poses a high risk to your rights and freedoms, we will notify you directly
  • We will take all necessary measures to mitigate damage
  • We will document the breach and take preventive measures

14. Policy Updates

14.1 We may update this Privacy Policy periodically.

14.2 Material changes will be notified via email or in-service notification.

14.3 Continued use of the service constitutes acceptance of the updated policy.

14.4 You can view the last update date at the top of this page.

15. Complaint Rights

If you are dissatisfied with our data processing, you have the right to:

  • First contact our Data Protection Officer: [email protected]
  • Lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore
  • If you are in the EU, lodge a complaint with the data protection authority in your country

16. Contact Information

Company Name: NexChat Technology Pte. Ltd.

Data Protection Officer: [email protected]

Privacy Inquiries: [email protected]

General Support: [email protected]

Contact Email: [email protected]

Phone: +65 67331539

Mailing Address: Singapore

17. EU Representative (GDPR Article 27)

As required by GDPR, our EU representative information:

(EU representative information will be provided here if applicable)

✅ Your Privacy Matters to Us

We are committed to protecting your personal data and ensuring you have control over your information. If you have any questions, please contact our data protection team.