Privacy Notice
This notice explains how GRX Consultancy Pte. Ltd. ("GRX", "we", "us"), a private limited company incorporated in Singapore, handles the personal data you give us through grxconsultancy.com (the "site"). We're a small consultancy and we keep our data handling correspondingly simple.
1. Who we are
GRX is the data controller for any personal data you submit through this site. We can be reached at [email protected] or +65 9232 0886.
2. What we collect
We only collect information that you actively give us, plus a small amount of technical metadata that any web server sees:
- Contact form submissions. Your email address (required), and optionally your name, company, and the message you send.
- Direct correspondence. Anything you choose to put in an email or text message to us.
- Technical information. Your IP address, the time of your request, your browser's user-agent string, and which pages were requested. This is logged briefly by our hosting provider (Cloudflare) for security and abuse prevention.
We do not use marketing cookies, tracking pixels, or third-party analytics on the site.
3. Why we use it
We use the personal data you give us for these purposes only:
- to read your message and reply to it;
- to discuss potential or actual professional engagements with you;
- to keep records of correspondence as part of our normal business operations;
- to detect and prevent abuse of the site (for example, blocking automated spam submissions).
We don't sell, rent, or share your personal data with any third party for marketing purposes. We don't use it for automated decision-making or profiling.
4. Legal basis
GRX is based in Singapore and complies with the Singapore Personal Data Protection Act (PDPA). We process your personal data on the basis that you provide it voluntarily for the purpose of contacting us, and on the basis of our legitimate interests in running and securing the site and responding to enquiries. Where you are protected by another regime (for example, the EU GDPR), the equivalent lawful bases (consent and legitimate interests) apply.
5. How long we keep it
We keep contact-form submissions and related correspondence only as long as we need to handle your enquiry and any engagement that may follow, plus a reasonable period for our own records and for legal, tax, and accounting obligations. Hosting-level access logs are kept by Cloudflare for a short period in line with their standard retention policies.
6. Who can see it
Contact form submissions are sent directly to a private mailbox owned by GRX. The only third parties involved in delivering your message are:
- Cloudflare. Hosting and edge security for the site (privacy policy).
- MailChannels. The transactional email relay we use to deliver form submissions (privacy policy).
- Our email provider. The inbox where the message lands so we can read and reply to it.
These providers act as our service providers and may only process your data on our instructions for the purposes above.
7. International transfers
The providers above may process your data outside Singapore, including in countries whose data-protection rules differ from Singapore's. Where this happens, we rely on standard contractual protections offered by those providers and require them to provide a comparable standard of protection to the PDPA.
8. Security
We take reasonable steps to protect personal data submitted through the site. The site is served entirely over HTTPS, the contact form uses spam-prevention measures (honeypot fields, rate limiting, optional CAPTCHA), and access to the inbox is restricted to authorised personnel of GRX. No internet transmission can be guaranteed completely secure, but we work to minimise risk.
9. Your rights
Under the PDPA (and equivalent laws if they apply to you) you have the right to:
- ask us what personal data we hold about you;
- ask us to correct it if it's inaccurate;
- ask us to delete it, where we no longer have a legitimate reason to keep it;
- withdraw your consent to further processing.
To exercise any of these rights, email [email protected]. We'll respond within a reasonable time.
10. Children
The site is intended for business audiences and is not directed at children. We do not knowingly collect personal data from anyone under 18.
11. Changes
We may update this notice from time to time. The "last updated" date above shows the most recent revision. Material changes will be flagged on the site.
12. Contact
Questions about this notice or about how we handle your data? Email [email protected].