Privacy Policy

1. Introduction

Pyxis Pay (PTE. LTD.) ("Pyxis", "we", "us", or "our") is a technology company incorporated in Singapore (UEN 202306267Z). We operate the website at pyxistech.co and provide technology development and consulting services to our clients.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or engage with our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our website.

We comply with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore ("PDPA") and its subsidiary regulations, and, where applicable, the European General Data Protection Regulation ("GDPR").

2. Information We Collect

2.1 Information You Provide Directly

We may collect the following categories of personal information that you voluntarily provide to us:

• Contact information: name, email address, phone number, and company name when you contact us, request a quote, or submit an enquiry.
• Project information: details you share about your project requirements, budget, or business needs.
• Communications: the content of emails, messages, or other correspondence you send to us.
• Contract and billing information: information required to enter into and perform service agreements, including invoicing details.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Log data: IP address, browser type and version, operating system, referring URL, pages viewed, and time/date of your visit.
• Device information: device type, screen resolution, and language preferences.
• Cookie data: information stored in cookies placed on your device (see Section 7 — Cookies).
• Analytics data: aggregated statistics about how visitors use our website, collected via third-party analytics tools.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• To respond to your enquiries and communicate with you about our services.
• To prepare and deliver proposals, quotations, and service agreements.
• To provide, manage, and improve our technology services.
• To process payments and manage our client relationships.
• To send you relevant updates, newsletters, or promotional materials (only where you have consented or where we have a legitimate interest).
• To comply with legal obligations under Singapore law and enforce our rights.
• To analyse website usage and improve our online presence and user experience.
• To detect, prevent, and address fraud, security issues, and technical problems.

4. Legal Basis for Processing

Under the PDPA, we collect, use, and disclose your personal data only for purposes that a reasonable person would consider appropriate in the circumstances, and for which you have given consent or where an exception under the PDPA applies:

• Consent: where you have voluntarily given us your consent to collect, use, or disclose your personal data for a specific purpose.
• Contractual necessity: processing required to enter into or perform a contract with you.
• Legitimate interests: processing necessary for our legitimate business interests, such as improving our services and communicating with clients, provided these do not override your rights under the PDPA.
• Legal obligation: processing required to comply with applicable Singapore laws and regulations.

5. Disclosure of Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service providers: trusted third-party vendors who assist us in operating our website and delivering services (e.g., cloud hosting providers, email service providers, analytics tools). These parties are contractually obligated to handle your data securely and only for the purposes we specify.
• Professional advisors: lawyers, accountants, and auditors, as necessary, under obligations of confidentiality.
• Legal requirements: where required by law, court order, or governmental authority in Singapore or other applicable jurisdictions, including disclosures to the Monetary Authority of Singapore (MAS) or other regulatory bodies.
• Business transfers: in connection with a merger, acquisition, or sale of all or part of our business, your information may be transferred to the relevant parties.

6. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required by law. Specifically:

• Contact enquiry data: up to 2 years from the date of last contact.
• Client project and contract data: up to 5 years from the end of the engagement (as required under Singapore law).
• Website analytics data: up to 26 months in aggregated form.

When personal data is no longer required, we will securely delete or anonymise it in accordance with the PDPA.

7. Cookies

Our website uses cookies — small text files stored on your device — to enhance your browsing experience and help us understand how our website is used.

Types of cookies we use:

• Essential cookies: necessary for the website to function correctly.
• Analytics cookies: help us understand how visitors interact with our website (e.g., Google Analytics). Data collected is aggregated and anonymous.
• Preference cookies: remember your settings and preferences for future visits.

You can control and delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction, in line with our obligations under the PDPA. These measures include:

• SSL/TLS encryption for all data transmitted to and from our website.
• Access controls limiting internal access to personal data.
• Regular security reviews and vulnerability assessments.
• Secure data storage on reputable cloud infrastructure providers with data centres in Singapore or jurisdictions with adequate protections.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in significant harm, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required by the PDPA.

9. International Data Transfers

Your information may be transferred to and processed in countries outside Singapore, including countries within the European Economic Area and the United States, where our service providers operate. We ensure that any such transfers are made in compliance with the PDPA's transfer limitation obligation and that the recipient provides a standard of protection comparable to that under the PDPA.

10. Your Rights

Under the Personal Data Protection Act 2012 and applicable law, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete personal data.
• Withdrawal of consent: withdraw consent for our collection, use, or disclosure of your personal data, subject to legal or contractual restrictions. Please note that withdrawal may affect our ability to provide services to you.
• Data portability: where applicable under the PDPA, request that your personal data be ported to another organisation in a commonly used machine-readable format.
• Objection: object to the processing of your data for direct marketing purposes.

To exercise any of these rights, please contact us via our website contact form. We will respond to your request within 30 days, as required under the PDPA.

11. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately so we may take appropriate steps to delete such information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact our Data Protection Officer via our website contact form. You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore if you believe your personal data rights have been infringed.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements under the PDPA, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date. We encourage you to review this policy periodically.