GDPR Compliance Statement

Last Updated: May 27, 2026

Our Commitment to GDPR

Vbex Divet is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA) and United Kingdom. This statement outlines how we fulfill our obligations under GDPR.

Data Controller Information

Data Controller: Vbex Divet
Registered Address: 8 Marina Boulevard, #15-07 Marina Bay Financial Centre, Singapore 018981
Contact Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis under Article 6 of GDPR:

1. Contractual Necessity

Processing is necessary to perform our service contracts with clients, including:

• Delivering AI economic analysis and strategic consultation
• Managing client relationships and project deliverables
• Invoicing and payment processing

2. Legitimate Interests

We process data where necessary for legitimate business interests, such as:

• Improving service quality and website functionality
• Preventing fraud and ensuring security
• Internal administrative purposes

3. Consent

Where required, we obtain explicit consent for:

• Marketing communications
• Non-essential cookies and tracking
• Sharing information beyond contractual requirements

4. Legal Compliance

We process data to comply with legal obligations, including tax laws, financial regulations, and professional standards.

Your Rights Under GDPR

Right to Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and receive a copy of that data. We will respond to access requests within one month.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete information.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you may request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent and no other legal basis exists
• You object to processing and no overriding legitimate grounds exist
• Data has been unlawfully processed

Right to Restriction (Article 18)

You can request that we limit how we use your data while verifying accuracy or assessing objections to processing.

Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller.

Right to Object (Article 21)

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

Rights Related to Automated Decision-Making (Article 22)

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts without human intervention.

Data Protection Principles

We adhere to GDPR's core principles by ensuring personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Retained only as long as necessary
• Processed securely with appropriate safeguards

International Data Transfers

When transferring personal data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent protection in destination countries
• Binding Corporate Rules for intra-organizational transfers
• Explicit consent where no other mechanism applies

Data Security Measures

We implement technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security testing and vulnerability assessments
• Access controls limiting data access to authorized personnel
• Incident response procedures and breach notification protocols
• Regular staff training on data protection obligations

Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware
• Inform affected individuals without undue delay if the breach poses a high risk
• Document the breach, including facts, effects, and remedial action taken

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when processing operations are likely to result in high risks to individual rights and freedoms, particularly when using new technologies or large-scale systematic monitoring.

Exercising Your Rights

To exercise any of your GDPR rights, contact us at:

Email: [email protected]
Subject Line: "GDPR Rights Request"

Please include:

• Full name and contact information
• Description of the right you wish to exercise
• Any relevant details to help us locate your information
• Proof of identity (if required for security purposes)

We will respond to requests within one month, though this may be extended by two additional months for complex requests. We will inform you of any extension within the first month.

Complaints and Supervisory Authority

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or where an alleged infringement occurred.

Key EU/UK Supervisory Authorities:

• Ireland: Data Protection Commission (dpc.ie)
• UK: Information Commissioner's Office (ico.org.uk)
• Germany: Federal Commissioner for Data Protection and Freedom of Information
• France: Commission Nationale de l'Informatique et des Libertés (CNIL)

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our processing activities or legal requirements. Material changes will be communicated through our website and, where appropriate, directly to affected individuals.

Contact Our Data Protection Officer

For questions specifically related to GDPR compliance or data protection practices, you may contact our Data Protection Officer at:

Email: [email protected]