IV. Data Protection Statement
1. Data Protection Principles
VenusLab strictly adheres to the Singapore Personal Data Protection Act (PDPA) and applicable international data protection standards (e.g., EU GDPR, if services involve EU users). We uphold the following principles when processing your personal and enterprise data:
- Lawfulness: Process data only based on your consent, contract fulfillment obligations, or compliance with laws.
- Necessity: Collect only information necessary for the service, avoiding excessive collection of unrelated data.
- Transparency: Clearly inform you of data processing purposes and methods via privacy policies and service agreements.
- Security: Implement technical and organizational measures to ensure data security, preventing leakage, alteration, or loss.
2. Data Security Safeguards
(1) Technical Safeguards
- Transmission Security: Use SSL/TLS 1.3 encryption to prevent data interception during transmission between you and our servers.
- Storage Security: Use compliant cloud servers within Singapore (e.g., AWS Singapore Region), employing AES-256 encryption for sensitive data storage.
- Access Control: Implement multi-level permissions for data systems; only authorized personnel (e.g., customer service, technical support) can access necessary data, with all operations logged.
(2) Organizational Safeguards
- Staff Training: Conduct regular data protection regulation training, clarifying employee responsibilities and confidentiality obligations.
- Audit Mechanism: Perform quarterly internal data security audits to identify vulnerabilities and update protection strategies.
- Incident Response: Maintain a Data Breach Response Plan. In case of a breach, notify affected users and regulators within 72 hours and take remedial actions.
3. Core Rights of Data Subjects
Under PDPA and relevant regulations, you as a data subject have the following rights. We provide convenient channels for exercising them:
Right of Access
Inquire about your data collected by us and its processing purposes.
Right to Correction
Request correction of inaccurate or incomplete data.
Right to Deletion
Request deletion of data no longer needed for service purposes.
Right to Restrict Processing
Request suspension of non-essential data processing.
Right to Object
Object to data analysis based on "legitimate interests"; we will review and respond within 14 working days.
To exercise these rights, email service@venuslabtech.com with the subject "Data Subject Rights Request" and provide verification details. We will prioritize your request.
4. Cross-Border Data Transfer
If cross-border data transfer is necessary for international projects, we take these compliance measures:
- Transfer only data essential for the service, ensuring the recipient meets data protection standards.
- Sign a Data Processing Agreement (DPA) with the recipient, clarifying data protection responsibilities.
- Use end-to-end encryption for transferred data or obtain transfer authorization via EU Standard Contractual Clauses (SCCs).
5. Compliance Supervision and Responsibility
We appoint a Data Protection Officer (DPO) to supervise compliance, handle inquiries, and complaints (email: service@venuslabtech.com). If data loss results from our intentional misconduct or gross negligence, we bear compensation liability per law and cooperate with regulatory investigations.
6. Statement Updates
This statement may be updated following revisions to data protection laws or business adjustments. The effective date will be announced on the website. Continued use constitutes acceptance of updates.