Rigon Falsa
Home About Services Contact

GDPR Compliance Statement

Last Updated: May 26, 2026

Our Commitment to GDPR

Rigon Falsa is committed to protecting the privacy and security of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This statement outlines how we comply with GDPR requirements.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our educational services contract with you
  • Consent: Where you have given explicit consent for specific processing activities
  • Legitimate Interests: For our legitimate business interests, such as improving services and communications
  • Legal Obligations: To comply with legal and regulatory requirements

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request access to your personal data and receive information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Under certain circumstances, you have the right to request deletion of your personal data ("right to be forgotten").

Right to Restriction

You can request that we restrict processing of your personal data in specific situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: [email protected]
  • Subject line: "GDPR Request"
  • Include: Your full name, contact details, and specific request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you accordingly.

Data Protection Officer

For questions regarding data protection or to exercise your GDPR rights, you may contact our Data Protection Officer:

Email: [email protected]
Subject: "Attention: Data Protection Officer"

Data Processing Activities

Categories of Personal Data We Process

  • Identity data (name, date of birth)
  • Contact data (email, address)
  • Educational data (academic records, learning progress)
  • Financial data (payment information)
  • Technical data (IP address, browser information)

Purpose of Processing

  • Provision of educational services
  • Student assessment and progress tracking
  • Communication regarding programs and sessions
  • Payment processing
  • Service improvement and analytics
  • Marketing (with consent)

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Active student records: Duration of enrollment plus 7 years
  • Financial records: 7 years from transaction date
  • Marketing consent records: Until consent is withdrawn
  • Website analytics: 26 months

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Secure data backup procedures
  • Incident response protocols

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with an adequacy decision
  • Other legally approved transfer mechanisms

Third-Party Processors

We work with carefully selected third-party processors who assist in delivering our services. All processors are contractually bound to:

  • Process data only on our instructions
  • Implement appropriate security measures
  • Comply with GDPR requirements
  • Assist with data subject requests

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all data breaches and remediation actions taken

Children's Data

For students under 16 years of age (or the age of digital consent in your jurisdiction), we obtain consent from parents or legal guardians before processing personal data. Parents have the right to access, rectify, or delete their child's personal data.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In Singapore, the relevant authority is:

Personal Data Protection Commission (PDPC)
Website: www.pdpc.gov.sg

Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. Material changes will be communicated to affected individuals.

Contact Information

For questions about our GDPR compliance or to exercise your rights:

Rigon Falsa
83 Clemenceau Avenue
Singapore 239920
Email: [email protected]

Rigon Falsa

Personalized education solutions that deliver real results for Singapore students.

Quick Links

  • About Us
  • Our Services
  • Contact

Legal

  • Privacy Policy
  • GDPR Compliance
  • Cookies Policy
  • Terms of Use

Connect

83 Clemenceau Avenue
Singapore 239920

[email protected]

© 2026 Rigon Falsa. All rights reserved.