GDPR Compliance Statement

1. Our Commitment to GDPR Compliance

Prestige Homes is committed to compliance with the General Data Protection Regulation (GDPR) for all clients and website visitors from the European Economic Area (EEA), United Kingdom, and Switzerland. While our primary operations are based in Singapore, we recognize and respect the data protection rights of individuals covered by GDPR.

2. Applicability

This GDPR compliance statement applies when:

• You are located in the EEA, UK, or Switzerland
• You are an EEA/UK/Swiss national or resident using our services
• We process your personal data in connection with offering services to individuals in these regions

This statement supplements our main Privacy Policy with specific information required under GDPR.

3. Data Controller Information

For the purposes of GDPR, Prestige Homes acts as the data controller for personal data we collect and process. Our contact details are:

Prestige Homes
138 Market Street, #24-03 CapitaGreen
Singapore 048946
Email: [email protected]

4. Legal Basis for Processing

We process your personal data only when we have a valid legal basis under GDPR:

4.1 Consent

We obtain your explicit, freely given consent before processing personal data for specific purposes such as marketing communications or non-essential cookies. You may withdraw consent at any time.

4.2 Contract Performance

Processing is necessary to perform our contractual obligations when you engage our real estate services, including property transactions, consultations, and advisory services.

4.3 Legitimate Interests

We process data based on our legitimate business interests, such as:

• Improving our services and website functionality
• Fraud prevention and security
• Internal administration and record-keeping
• Network and information systems security

We conduct balancing tests to ensure your rights and freedoms are not overridden by our interests.

4.4 Legal Obligations

Processing is necessary to comply with legal obligations under Singapore law, international regulations, or court orders.

5. Your Rights Under GDPR

If you are an EEA/UK/Swiss resident, you have the following rights:

5.1 Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

5.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

5.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent and there's no other legal basis
• You object and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Legal obligations require deletion

This right is subject to exceptions, including legal obligations to retain certain records.

5.4 Right to Restriction of Processing

You can request we limit processing of your data in certain circumstances, such as when you contest data accuracy or object to processing.

5.5 Right to Data Portability

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

5.6 Right to Object

You can object to:

• Processing based on legitimate interests
• Direct marketing (we will cease immediately)
• Processing for scientific or statistical research purposes

5.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

5.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

6. Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with:

• A clear description of your request
• Identification verification (to protect your privacy)
• Any relevant details to help us locate your data

We will respond to your request within one month. In complex cases, we may extend this by two months and will notify you of any extension.

7. International Data Transfers

When we transfer personal data from the EEA/UK/Switzerland to Singapore or other jurisdictions, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Other legally recognized transfer mechanisms

You may request information about specific safeguards applied to your data transfers.

8. Data Security Measures

We implement technical and organizational measures appropriate to the risk, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures
• Vendor management and due diligence

9. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all breaches, including facts, effects, and remedial actions

10. Data Protection Impact Assessments

When processing operations are likely to result in high risk to your rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate those risks.

11. Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. Retention periods are determined based on:

• Nature and sensitivity of the data
• Purpose of processing
• Legal, regulatory, or contractual obligations
• Legitimate business purposes

When data is no longer needed, we securely delete or anonymize it.

12. Third-Party Processors

When we engage third-party processors, we:

• Conduct due diligence on their data protection capabilities
• Enter into written data processing agreements meeting GDPR requirements
• Ensure they provide appropriate security measures
• Monitor their compliance with data protection obligations

13. Children's Data

We do not knowingly collect or process personal data from children under 16 years of age (or the applicable age in your jurisdiction) without verifiable parental consent. If we discover we have inadvertently collected such data, we will delete it promptly.

14. Marketing Communications

We will only send marketing communications to EEA/UK/Swiss residents with your explicit opt-in consent. You can withdraw consent and unsubscribe at any time through:

• Unsubscribe links in marketing emails
• Contacting us directly
• Adjusting your communication preferences

15. Cookies and Tracking

We use cookies and similar technologies only with your consent, except for strictly necessary cookies required for website functionality. See our Cookies Policy for detailed information.

16. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in the EEA, UK, or Switzerland if you believe our processing of your personal data violates GDPR. Contact details for supervisory authorities can be found at:

• EEA: European Data Protection Board
• UK: Information Commissioner's Office (ICO)
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

We encourage you to contact us first so we can address your concerns directly.

17. Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The "Last Updated" date indicates the most recent revision. Continued use of our services constitutes acceptance of any changes.

18. Contact Us

For questions, concerns, or to exercise your GDPR rights, please contact:

Prestige Homes - Data Protection
Email: [email protected]
Subject Line: "GDPR Rights Request" or "GDPR Inquiry"

We will verify your identity before processing requests to protect your privacy and security.