PRIVACY POLICY

pineweb.digital

Welcome to https://pineweb.digital/ (the "Website"), owned and operated by PineWeb Digital Ltd. ("PineWeb", "we", "our", or "us"). This Privacy Policy explains how we handle personal data when you use the "Website".

We are incorporated in Singapore and comply with the Personal Data Protection Act (PDPA). For users outside Singapore, we also take into account key international standards such as the General Data Protection Regulation (GDPR) for individuals in the EEA, UK, and Switzerland.

1. What We Collect (and What We Don't)
We keep data collection to a minimum:

• Contact information you share with us voluntarily (e.g., name, email, details you provide by reaching out to us).
• Technical information that is essential for the Website to function (browser type, operating system, language settings, limited session cookies, IP addresses processed temporarily for security).

We do not knowingly collect data from minors under 18. If we learn that we have such information, we delete it.
We do not engage in hidden tracking, advertising profiles, or third-party data resale.

2. How We Use Your Information
Your data is used for limited and specific purposes:

• running and maintaining the Website;
• responding to inquiries;
• protecting security, preventing misuse, and ensuring performance;
• meeting legal or regulatory requirements.

We do not use automated decision-making or profiling that could have legal or significant effects on you.

3. Cookies and Online Identifiers
We keep cookies to an absolute minimum. The only ones in use are strictly necessary cookies — small text files that enable navigation, security, and load balancing. For example, they ensure that pages load correctly, maintain continuity during your browsing session, and support background security checks. These cookies do not track your activity across the Internet, create user profiles, or feed into advertising technologies. They operate only for the duration of your interaction with the Website and expire once no longer required.

Under the ePrivacy Directive (2002/58/EC) and the Planet49 ruling (CJEU, C-673/17), strictly necessary cookies are exempt from the requirement of prior consent. You may still disable them through your browser settings, but doing so may significantly impair the Website’s functionality.

4. Legal Basis

• Under Singapore PDPA: we collect, use, and disclose data only with consent, for legitimate purposes, and to the extent necessary.
• Under GDPR (for EEA/UK/Swiss users): processing is based on Article 6(1)(b) (contract necessity), 6(1)(c) (legal obligation), and 6(1)(f) (legitimate interests, e.g. security).

5. Sharing and Transfers
We do not sell or rent your data. We may share it only when required by law or with service providers acting under written agreements.

Because our Website operates internationally, data may be transferred outside your country. Safeguards such as Standard Contractual Clauses (GDPR) or equivalent mechanisms under Singapore PDPA are applied.

6. How Long We Keep Data

• General inquiries: stored until resolved + 90 days, then erased or anonymised.
• Compliance records: retained as required by law or for a reasonable time to protect our rights.
• If a contract is signed: retention will follow contractual and statutory obligations.

7. Security
We design security with a layered approach — part technology, part process, part common sense.

On the technical side, traffic between you and the Website is encrypted using modern standards (TLS 1.3). Access to systems is restricted by role, and activity is continuously logged and reviewed. Our infrastructure is regularly tested for weaknesses, and outdated protocols are actively phased out.

On the organisational side, only authorised staff can handle data, and they are trained to follow confidentiality and security practices. We also apply a data minimisation rule: we don't keep what we don't need, and what we must keep is erased once the purpose is over.

No online environment is immune to risk. While our measures significantly reduce exposure, information sent over the Internet can never be guaranteed 100% safe. For sensitive details, we recommend using secure channels.

8. Your Rights
Users in the EEA, UK, and Switzerland (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Article 15) — to know whether we process your data and to obtain a copy.
• Right to rectification (Article 16) — to request correction of inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten," Article 17) — to ask us to delete your data where legal grounds apply.
• Right to restriction of processing (Article 18) — to request that we limit the processing of your data under specific circumstances.
• Right to object (Article 21) — to object to processing based on legitimate interests, including direct marketing.
• Right to data portability (Article 20) — to receive your data in a structured, machine-readable format and to transfer it to another controller.
• Right to withdraw consent (Article 7(3)) — where processing relies on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Users in Singapore (PDPA)
If you are located in Singapore, you are covered by the Personal Data Protection Act (PDPA), which gives you the right to:

• request access to personal data we hold about you,
• request correction of inaccurate or incomplete personal data,
• withdraw your consent to processing at any time, subject to legal or contractual restrictions.

You can exercise any of the above rights by contacting us at ceo@pineweb.digital. We may need to verify your identity before fulfilling your request. We will respond within one month under GDPR or within 30 days under PDPA, unless an extension is legally permissible.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint:

• with your local Data Protection Authority if you are in the EEA, UK, or Switzerland;
• with the Personal Data Protection Commission (PDPC) if you are in Singapore.

9. Updates
We may update this Privacy Policy from time to time. The "Effective date" at the top will indicate the latest version. Continued use of the Website means you accept any changes.

10. Contact
For questions, concerns or privacy requests you may contact us at ceo@pineweb.digital