Last updated:  September 1, 2021

General Data Protection Regulation (GDPR):
The European Union’s (EU) General Data Protection Regulation (GDPR) is effective from May 25, 2018. The GDPR is a new regulation that enables greater data protection for individuals across the Europe, which the EU citizens have a degree of control over their personal data and the regulation governs the companies controlling or processing the data.  (“we”, or “our”) is taking appropriate measures towards GDPR to help ensure our customers benefit from increased control and clarity with the consent to process the personal data and with the compliance to the GDPR.

Our Commitment: as a Data Processor, is committed to comply with the GDPR regulations with the following principles:

Due diligence – We are committed to comply with the GDPR regulations, process personal information fairly and lawfully and will be aware of the law changes to the GDPR

Consent for processing data – We will only process the personal data on behalf of the customer with the consent from the customer

Data retention – We will only store the personal data within the agreed data retention period

Right to be Forgotten – EU citizens have their rights to erase the personal data when it is no longer being processed

Data breaches reporting – We will notify a personal data breach to the supervisory authority (i.e. Data Protection Controller) and the customer in the event of data breaches

Children – We do not engage in any children related business hence no data processing activity for the child is carried out

Data Subject Rights under GDPR:
In response to the key changes for the data subject rights under GDPR, we have made several adjustments associated with the personal data:

Breach Notification
We will notify the supervisory authority (i.e. Data Protection Controller) and the customers within 72 hours without undue delay after first becoming aware of a data breach. For the details, please see the Data Breaches Reporting section below.

Right to Access
We will obtain the confirmation from the customers (i.e. Data Controller) for any personal data being processed and explain where and what purpose of processing the data to the customers.

Right to be Forgotten
We will erase the personal data and cease further dissemination of the data after the agreed data retention period or upon requests.

Data Portability
We will provide a method for the data portability to transmit the personal data to another controller in a human readable format.

Privacy by Design
We will take the privacy into our system design such that the data absolutely necessary for the completion of its duties (data minimization) is held and processed and the system limits the access to personal data to those needing to act out the processing.

Our Compliance Plan:
In order to be GDPR compliance, there is a collaborative effort between and the customers: We have the Data Processor responsibility while the customer has the Data Controller responsibility. We take the customers’ compliance requirements, privacy and security seriously.

For the compliance, we periodically review and update our internal process, privacy policies and system. We liaise with our vendors and suppliers to ensure both the Data Controller and Data Processor comply with the GDPR regulations.

Regarding the privacy, we respect and understand the importance of the privacy and we have updated our Privacy Policy and Terms and Conditions in line with the GDPR requirements. On the other hand, we asses any risks associated with privacy for our vendors holding personal data.

Data Breaches Reporting:
We have appropriate procedures in place to detect, report and investigate a personal data breach (i.e. a security breach that leads to the accidental or unlawful destruction, loss, alternation, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed). In the event of data breaches, we will notify the breach incident to the supervisory authority (i.e. Data Protection Controller) and the customer. The following information of the breach incident shall be provided:

  • The contact details of the responsible person for the data protection compliance
  • The detailed description of the breach incident (e.g. date, time, victims, reason, etc.)
  • Any remedial action taken to mitigate the effects of the breach incident when a personal data breach is detected

There is no Data Protection Officer as we are not public authorities or organizations that engage in large scale systematic monitoring nor large scale processing of sensitive personal data.

Changes to This Statement:
We may update this statement from time to time. We will notify you of any changes by posting the new statement on this page. For more information regarding the privacy of personal data, please visit our Privacy Policy.

You are advised to review this statement periodically for any changes. Changes to this statement are effective when they are posted on this page.

How to contact us?
If you have any questions about this GDPR Privacy Notice or want to exercise your rights set out in this GDPR Privacy Notice, please contact us at, as independent data controller of the personal information collected via the Site, will work to appropriately respond to your inquiries or requests related to that personal information.