We use cookies to enhance your browsing experience and analyze our traffic. By clicking "Accept", you consent to our use of cookies.

Conti Istit
  • Home
  • Services
  • About
  • Contact

GDPR Compliance

Last Updated: May 25, 2026

Our Commitment to GDPR

Conti Istit is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and explains your rights as a data subject.

Who We Are

Data Controller: Conti Istit
Address: Robinson Road, Singapore 068898, Singapore
Email: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. Under GDPR, these lawful bases include:

1. Consent

When you have explicitly agreed to our processing of your personal data for specific purposes, such as:

  • Subscribing to our newsletter or communications
  • Submitting inquiry forms
  • Accepting cookies on our website

2. Contract Performance

When processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract, such as:

  • Providing consulting services you've requested
  • Processing your service inquiries
  • Delivering agreed-upon project deliverables

3. Legal Obligation

When we must process your data to comply with legal requirements, such as:

  • Tax and accounting obligations
  • Regulatory compliance requirements
  • Response to lawful requests from authorities

4. Legitimate Interests

When processing is necessary for our legitimate business interests, provided these interests don't override your rights, such as:

  • Improving our services and website functionality
  • Fraud prevention and security
  • Internal administrative purposes

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your personal data in a commonly used electronic format.

Right to Rectification

You can request that we correct any inaccurate personal data or complete any incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there's no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Right to Restriction of Processing

You can request that we restrict processing of your personal data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification of legitimate grounds

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you can withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

  • Email: [email protected]
  • Subject line: "GDPR Rights Request"

We will respond to your request within one month. In complex cases, this may be extended by two additional months, and we will inform you of any such extension.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security audits and vulnerability assessments
  • Employee training on data protection
  • Data minimization practices
  • Regular backup and disaster recovery procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Inquiry data: Retained for up to 2 years after last contact
  • Client data: Retained for duration of contract plus 7 years for legal/tax purposes
  • Website analytics: Anonymized after 14 months
  • Marketing consent: Until consent is withdrawn

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for certain countries
  • Binding Corporate Rules where applicable

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Children's Data

We do not knowingly process personal data of children under 16 years of age without parental consent. Our services are directed at business professionals and enterprises.

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or direct notification.

Contact Our Data Protection Officer

For any questions or concerns about our GDPR compliance or data protection practices:

Data Protection Officer
Email: [email protected]
Address: Conti Istit, Robinson Road, Singapore 068898, Singapore

Supervisory Authority Contact

If you wish to raise a concern about our data processing practices, you may contact your local supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu

Conti Istit

Enterprise technology solutions built for lasting impact.

Services

  • Cloud Infrastructure
  • Cybersecurity
  • DevOps

Company

  • About Us
  • Contact
  • Privacy Policy

Legal

  • Terms of Use
  • GDPR
  • Cookies Policy

© 2026 Conti Istit. All rights reserved.