GDPR Compliance

Our Commitment to GDPR

Hydat Emotional IQ is committed to protecting the privacy and personal data of individuals in the European Union and European Economic Area. This page outlines our compliance with the General Data Protection Regulation (GDPR) and your rights under this regulation.

Data Controller

For the purposes of GDPR, Hydat Emotional IQ is the data controller responsible for your personal data. Our contact details are:

Hydat Emotional IQ
71 Robinson Road, #14-01
Singapore 068895
Email: [email protected]

Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance

Processing necessary to perform our contract with you when you enroll in our programs or services.

Legitimate Interests

Processing necessary for our legitimate interests in:

  • Operating and improving our business
  • Communicating about our services
  • Ensuring security and preventing fraud
  • Analyzing website usage and performance

Consent

Processing based on your explicit consent, which you may withdraw at any time.

Legal Obligation

Processing necessary to comply with our legal and regulatory obligations.

Your Rights Under GDPR

Right to Access

You have the right to request access to the personal data we hold about you. We will provide a copy of your data in a commonly used electronic format.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note: This right is not absolute and may be limited by legal retention requirements.

Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Staff training on data protection and security
  • Data breach detection and response procedures

International Data Transfers

When we transfer personal data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing certain countries as providing adequate protection
  • Other appropriate safeguards as permitted by GDPR

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our retention periods are:

  • Program participation data: 7 years after program completion
  • Financial records: 7 years as required by applicable law
  • Marketing communications data: Until consent is withdrawn
  • Website analytics: 26 months

Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

Children's Data

Our services are not directed at children under 16. We do not knowingly process personal data of children without parental consent.

Updates to This Notice

We may update this GDPR compliance notice from time to time. We will notify you of material changes by posting the updated notice on our website.

EU Representative

While we are based in Singapore, we have appointed a representative in the European Union as required by GDPR Article 27. For GDPR-related inquiries, you may contact our EU representative at:

Email: [email protected]

Questions and Concerns

If you have questions about our GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer at:

Email: [email protected]