UXArmy is fully compliant with the General Data Protection Regulation (GDPR). We began to dedicate internal resources to the GDPR in 2012.

Our customers, and their customers, rights to privacy are UXArmy’s priority because of this, compliance with and to international law and regulations are very important to us.

What is GDPR?

The GDPR regulates the processing of personal data about individuals in the EU including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual, also called a “data subject”.

It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.

The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj

What is the Personal Data Protection Act? ( PDPA )

The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. It comprises various requirements governing the collection, use, disclosure and care of personal data in Singapore.

The PDPA recognises both the need to protect individuals’ personal data and the need of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

A data protection regime is necessary to safeguard personal data from misuse and to maintain individuals’ trust in organisations that manage their data.

By regulating the flow of personal data among organisations, the PDPA also aims to strengthen Singapore’s position as a trusted hub for businesses.

For more information, please refer to www.pdpc.gov.sg/overview-of-pdpa/the-legislation/personal-data-protection-act

How is UXArmy compliant?

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at info@uxarmy.com

For further assistance you may also contact UXArmy’s EU Representative Akshay Goyal on the email ID – akshay@uxarmy.com

In certain circumstances, you have the following data protection rights:

• the right to access, update or to delete the information we have on you;
• the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
• the right to object. You have the right to object to our processing of your Personal Data;
• the right of restriction. You have the right to request that we restrict the processing of your personal information;
• the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
• the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;

Please note that we may ask you to verify your identity before responding to such requests.

Additionally, we may not be able to provide Service without some necessary data.

We appreciate that our customers have requirements under the GDPR and PDPA that are directly impacted by their use of our Services. Below are several GDPR and PDPA initiatives that have been implemented across our Services:

1. Investment in security – We’ve increased our investment in security. This includes implementing dependency vulnerability detection, improved auditing and logging across all services, new internal security policies, staff security training, improved password and secret management, 2FA enforcement, stronger password policies, and more.
2. Employee training – We ensure our team is trained in handling client data and personal information, and that they maintain the confidentiality and security of that data.
3. Updated terms – We have updated the structure and language used in all of our terms and policies to more clearly communicate what information we collect, what we use it for, who we share it with, what your rights are, and more.
4. Data Processing Agreement – We support the EU’s Standard Contractual Clauses through a Data Processing Agreement that you can sign and return to us.
5. Data Sub-Processors – We list all of our third-party data sub-processors and share information on what we use them for and where they are located.
6. Data Subject Access Request procedure – We’ve streamlined our Data Subject Access Request procedure and documented the procedure on our website.
7. Data portability – We’ve improved our data export features so customers may export customer data and personal information in a machine-readable format at any time.
8. Data storage – You can choose to host certain data you upload to your UXArmy workspace in our data center located in Singapore.

Legal bases and purposes for processing personal data

UXArmy uses your Personal Data for a number of different purposes, as explained in the UXArmy Privacy Policy. Some are essential for us to provide the Site, Platform, and Services you use or to fulfill our legal obligations. Some help us run the Site, Platform, and Services efficiently and effectively and some enable us to provide you with more relevant and personalized offers and information. In all cases, we have a Legitimate Business Purpose and a legal ground for processing your Personal Data. Some of the most common legal grounds we rely on are briefly explained below:

• Performance of a Contract: we may process your Personal Data for the purposes of a contract to which you are a party, in other words your ability to use the Platform or Services. For instance, if you want to be a Participant, we need to process your Personal Data, including your payment information, in order to enable you to do so and to pay you.
• Legitimate Business Purposes: we may process Personal Data where it is necessary for our legitimate business interests as listed in the UXArmy privacy policy , but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. When we rely on these legal bases, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under applicable data protection laws.
• Consent: UXArmy may rely on consent where it is required, such as with respect to Recording Data being accessible to Clients and certain information collected via cookies and similar technologies (other than strictly necessary cookies), or when we are asking you to confirm your marketing preferences. When we rely on consent, you’ll be asked to confirm that you give your permission to UXArmy to process your Personal Data. Details of the processing, such as why UXArmy would like to process your data, how it will be used and if your Personal Data will be shared, will be provided at the time of asking you for your consent. You have the right to withdraw your consent at any time if you no longer wish to have UXArmy process your Personal Data.
• Legal Obligation: UXArmy will on occasion be under a legal obligation to obtain and disclose your Personal Data. Where possible, we will notify you when processing your data due to a legal obligation, however this may not always be possible. For instance, UXArmy may need to provide your data in order to prevent criminal activity or help to detect criminal activity, in which case we may share information with law enforcement. This is done in a safe and secure manner. It’s essential that UXArmy complies with its legal, regulatory and contractual requirements, so if you object to this processing, UXArmy will not be able to provide its Services to you.

The table below explains in further detail how the aforementioned legal grounds for processing may relate to our major reasons for processing various categories of Personal Data: