GDPR Compliance Statement

Last Updated: May 13, 2026

Our Commitment to GDPR

Sulc Visionary is committed to compliance with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Union (EU) and European Economic Area (EEA).

Data Controller

For the purposes of GDPR, Sulc Visionary acts as the data controller for personal data collected through our website and services.

Contact:
Email: [email protected]
Address: 138 Robinson Road, #22-04 Oxley Tower, Singapore 068906

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

1. Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This information is provided in our Privacy Policy.

2. Right of Access

You have the right to request access to your personal data. We will provide you with a copy of the personal data we hold about you.

3. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

4. Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent
  • You object to the processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

5. Right to Restriction of Processing

You have the right to request restriction of processing your personal data in certain circumstances.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

7. Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month of receipt. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you of this extension.

Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary to fulfill a contract with you
  • Legal Obligation: Processing is necessary to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests

Data Protection Principles

We adhere to the following data protection principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and transparently
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only the data that is adequate, relevant, and necessary
  • Accuracy: We keep data accurate and up to date
  • Storage Limitation: We retain data only as long as necessary
  • Integrity and Confidentiality: We process data securely
  • Accountability: We are responsible for and can demonstrate compliance

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Transfers to countries with an adequacy decision
  • Other legally approved transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary based on:

  • The nature of the data
  • The purpose for which it was collected
  • Legal obligations
  • Legitimate business interests

Third-Party Processors

We carefully select third-party processors and ensure they provide sufficient guarantees regarding GDPR compliance. We maintain contracts with processors that meet GDPR requirements.

Children's Data

Our services are not directed to children under 16 years of age. We do not knowingly collect or process personal data from children without parental consent where required by law.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred.

Updates to This Statement

We may update this GDPR compliance statement from time to time. Significant changes will be communicated through our website.

Contact Information

For any questions about our GDPR compliance or to exercise your rights:

Email: [email protected]
Address: 138 Robinson Road, #22-04 Oxley Tower, Singapore 068906