GDPR Compliance

Your Data Protection Rights

1. Our Commitment to GDPR

Modern FrameWork Grain is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). Even though we are based in Singapore, we respect the data protection rights of all our customers, including those in the European Union.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill your pizza orders and provide our services
  • Consent: Where you have given clear consent for specific purposes (e.g., marketing communications)
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, improving services)
  • Legal Obligation: Processing required to comply with legal requirements

3. Your Rights Under GDPR

As a data subject, you have the following rights:

3.1 Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

3.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

3.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances, such as when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw your consent and there is no other legal ground for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

3.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or object to processing.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

3.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

3.7 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

4. How to Exercise Your Rights

To exercise any of these rights, please contact us using the following information:

Data Protection Officer

Email: [email protected]

Phone: +65 6678 9012

Address: 17 Holland Avenue, #01-08, Singapore 278925

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Order information: Retained for 7 years for accounting and legal purposes
  • Marketing consent: Until you withdraw consent or request deletion
  • Account information: Until you close your account or request deletion
  • Analytics data: Anonymized after 26 months

6. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Employee training on data protection
  • Incident response procedures
  • Regular backup and disaster recovery procedures

7. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority where required.

8. International Data Transfers

When we transfer your personal data outside of the European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding corporate rules

9. Third-Party Processing

We only work with third-party processors who provide sufficient guarantees to implement appropriate technical and organizational measures in compliance with GDPR requirements. All processors are bound by data processing agreements that meet GDPR standards.

10. Children's Data

We do not knowingly process personal data of children under 16 years of age without parental consent. If we become aware that we have collected data from a child under 16 without verification of parental consent, we will take steps to delete that information.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes GDPR. You can contact your local data protection authority in the EU or the Singapore Personal Data Protection Commission.

12. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Any significant changes will be communicated through our website and, where appropriate, directly to affected individuals.

13. Contact Information

For any questions or concerns regarding GDPR compliance or to exercise your rights, please contact:

Modern FrameWork Grain - Data Protection Officer

17 Holland Avenue, #01-08, Singapore 278925

Email: [email protected]

Phone: +65 6678 9012