Your data protection rights under the General Data Protection Regulation
Therm Smagr is committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (GDPR). This page explains how we process personal data of individuals located in the European Economic Area (EEA) and the rights you have under GDPR.
For the purposes of GDPR, Therm Smagr acts as the data controller for personal information collected through our website and services. Our contact details are:
Therm Smagr
71 Robinson Road, #14-01
Singapore 068895
Email: [email protected]
We process your personal data under the following legal bases:
As a data subject under GDPR, you have the following rights:
You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
You have the right to request correction of any inaccurate personal data we hold about you, and to have incomplete data completed.
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Where we rely on your consent to process your data, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
As a Singapore-based company, personal data collected from EEA residents may be transferred to and processed in Singapore. We ensure that such transfers are protected by appropriate safeguards, including:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our retention periods are determined based on:
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
To exercise any of your rights under GDPR, please contact us at:
Email: [email protected]
We will respond to your request within one month. In certain circumstances, we may extend this period by two months, in which case we will inform you of the extension and the reasons for it.
If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority. For EEA residents, this would be the data protection authority in your country of residence.
We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated effective date.
Last updated: January 2024