Int Imvigil
  • Home
  • About
  • Courses
  • Contact

GDPR Compliance

Last updated: May 26, 2026

Our Commitment to Data Protection

Int Imvigil complies with the General Data Protection Regulation (GDPR) and Singapore's Personal Data Protection Act (PDPA) for all data processing activities involving individuals in the European Economic Area and Singapore.

This document outlines our GDPR-specific practices and your rights under the regulation.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contractual necessity: Processing required to deliver training services you've enrolled in
  • Legitimate interests: Website analytics, service improvement, and fraud prevention
  • Consent: Marketing communications and optional data collection, where explicitly provided
  • Legal obligation: Compliance with financial, tax, and business regulations

Data Controller Information

Int Imvigil acts as data controller for personal information collected through our website and training programs.

Controller contact information:
Int Imvigil
18 Robinson Road, #15-01
Singapore 048547
Email: [email protected]

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request confirmation of what personal data we process and receive a copy of that data. We provide this information free of charge within one month of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal information. We will update records within 30 days and notify any third parties who received the incorrect data.

Right to Erasure

You can request deletion of your personal data when it's no longer necessary for the purposes collected, you withdraw consent, or you object to processing. This right is subject to our legal obligations to retain certain records.

Right to Restriction

You can request we limit processing of your data in specific circumstances, such as when contesting data accuracy or objecting to processing.

Right to Data Portability

You can receive your personal data in structured, machine-readable format and request transfer to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Exercising Your Rights

To exercise any GDPR rights, submit a request to [email protected] with:

  • Your full name and email address used for enrollment
  • Specific right you wish to exercise
  • Any relevant details to help us locate your information

We will verify your identity before processing requests and respond within one month. Complex requests may require up to three months, and we will inform you of any extension.

Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by law:

  • Enrollment and billing records: 7 years (tax and business record requirements)
  • Course completion data: Indefinitely (credential verification)
  • Marketing consent records: Until consent withdrawn plus 3 years
  • Website analytics: 26 months
  • Support inquiries: 3 years after resolution

International Data Transfers

When personal data is transferred outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Processing in countries with adequacy decisions
  • Other approved transfer mechanisms as applicable

You can request copies of relevant safeguards by contacting our data protection officer.

Data Breach Notification

In the event of a personal data breach likely to result in high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

Notification will include the nature of the breach, likely consequences, and measures taken or proposed to address it.

Third-Party Processors

We use third-party service providers who process personal data on our behalf as data processors. All processors are bound by data processing agreements ensuring GDPR compliance.

Current processor categories include:

  • Cloud hosting and infrastructure providers
  • Email and communication platforms
  • Payment processors
  • Analytics services

Consent Management

Where we rely on consent as legal basis for processing, you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

To withdraw consent for marketing communications, use the unsubscribe link in emails or contact [email protected].

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

For Singapore-based operations, you may contact the Personal Data Protection Commission (PDPC). For EEA residents, you may contact your local data protection authority.

We encourage you to contact us first at [email protected] so we can address your concerns directly.

Updates to This Policy

We review and update this GDPR compliance statement annually or when significant changes occur in our data processing practices. Material changes will be communicated to active participants via email.

Int Imvigil

Professional IT security and digital literacy training for modern organizations.

Navigate

  • About
  • Courses
  • Contact

Legal

  • Privacy Policy
  • GDPR
  • Cookies Policy
  • Terms of Use

© 2026 Int Imvigil. All rights reserved.