GDPR Compliance

Our Commitment to GDPR

InnerShift is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA). This page outlines how we fulfill our obligations under GDPR.

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for a contract we have with you or to take steps at your request before entering into a contract
• Legal obligation: Processing is necessary to comply with the law
• Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests do not override your rights

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data that we hold.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month of receipt. In some cases, this period may be extended by two additional months where necessary, taking into account the complexity and number of requests.

Data Protection Officer

For questions or concerns regarding data protection and GDPR compliance, you may contact our data protection contact at [email protected].

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your data, and whether we can achieve those purposes through other means.

International Data Transfers

If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements. This may include the use of standard contractual clauses approved by the European Commission.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

Right to Lodge a Complaint

If you believe we have not complied with GDPR or other data protection laws, you have the right to lodge a complaint with your local supervisory authority. In Singapore, you may contact the Personal Data Protection Commission (PDPC).

Updates to This Page

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

Contact Information

For any questions regarding GDPR compliance or to exercise your rights:

Email: [email protected]
Address: 52 Genting Lane, #07-01, Singapore 349560