Privacy Policy

How OPIFEX PTE. LTD. handles personal data collected through this website, aligned with the Singapore Personal Data Protection Act (PDPA) and, where applicable, the European Union General Data Protection Regulation (GDPR).

Last updated: 25 May 2026

1. Who we are

This website (opifex.sg) is operated by OPIFEX PTE. LTD. (UEN 202309531H), a Singapore-incorporated private limited company with its registered office at 320 Serangoon Road, #13-05, Centrium Square, Singapore 218108. For the purposes of the Singapore Personal Data Protection Act 2012 (the “PDPA”) and, where applicable, the EU General Data Protection Regulation (the “GDPR”), OPIFEX PTE. LTD. is the data controller of the personal data processed through this website.

You can reach our data protection contact at info@opifex.sg.

2. What personal data we collect

We aim to collect only the personal data that is necessary for the purposes described below. The categories of personal data we may process are:

  • Information you submit through the contact form: name, company, business e-mail address, phone or messenger number (optional), and the content of your message.
  • Technical metadata attached to a submission: the IP address used to submit the form, your browser User-Agent string and a server-side timestamp. This is used to prevent abuse, debug delivery problems and comply with our security obligations.
  • Anti-bot challenge data: when you interact with the contact form, Cloudflare Turnstile runs a passive challenge in your browser to confirm that the request is not automated. Cloudflare may process limited technical signals (e.g. interaction patterns, browser characteristics, IP address) for this purpose. See section 8.
  • Server access logs: our web server records standard access entries (timestamp, requested URL, response code, IP, User-Agent) on a short-lived rotation, used only for security monitoring and diagnostics.

We do not set any analytics, advertising or social tracking cookies on this website. We do not buy or sell personal data.

3. Why we process your personal data

  • To respond to your inquiry. When you contact us through the form or by e-mail, we use your contact details and message to evaluate your request, prepare a response and, where appropriate, follow up on commercial cooperation.
  • To protect the website and our communication channels. We use anti-bot challenges, rate limits and server logs to prevent spam, brute-force attempts and abusive behaviour.
  • To comply with legal obligations. Where we are required by law to retain certain records (for example, fiscal or compliance records related to commercial communications), we keep them for the legally required period.

4. Legal basis for processing

Under the PDPA, we process personal data on the basis of your deemed or express consent at the time you submit information through the website, as well as on the basis of legitimate business interests permitted under the PDPA.

For visitors to whom the GDPR applies, the legal bases on which we rely are:

  • your consent (Art. 6(1)(a) GDPR) when you submit the contact form or accept non-essential cookies;
  • our legitimate interests (Art. 6(1)(f) GDPR) in operating a secure website, preventing abuse and responding to business inquiries;
  • compliance with a legal obligation (Art. 6(1)(c) GDPR) where applicable.

5. How long we keep personal data

  • Contact form submissions: retained in our mailbox and business records for up to 24 months after the last meaningful interaction, after which they are deleted or anonymised, unless a longer period is required by law or by an ongoing matter.
  • Server access logs: typically retained for up to 30 days on a rolling basis, then overwritten.
  • Anti-bot challenge data: retained by our provider (Cloudflare) according to its own retention policies; we do not store these signals ourselves beyond the moment of validation.

6. Who we share personal data with

We do not sell or rent personal data. We share personal data only with service providers who help us operate this website and our business communications, and only to the extent necessary for them to provide their service:

  • Hetzner Online GmbH (Germany) — hosting of the website and of the mailbox that receives form submissions.
  • Cloudflare, Inc. (United States) — provider of the Turnstile anti-bot challenge used on the contact form.
  • Google LLC (United States) — provider of the embedded Google Maps view on our contact page. The map is only loaded after you have given consent to non-essential cookies.

We may also disclose personal data when required by applicable law, court order, lawful request by a public authority, or to protect our rights, property or the safety of others.

7. International transfers

Some of our service providers are located outside Singapore and outside the European Economic Area. Where personal data is transferred to such jurisdictions, we rely on transfer mechanisms recognised under the PDPA (comparable level of protection) and, where the GDPR applies, on the European Commission’s Standard Contractual Clauses or other valid transfer tools used by the receiving provider.

8. Cookies and similar technologies

This website uses a small number of cookies and similar technologies. Cookies that are strictly necessary for the website to function (including the anti-bot challenge that protects the contact form) are set by default. All other cookies are only set after you have given consent via our cookie banner. You can review or change your choice at any time by clicking “Cookie Settings” in the page footer.

A full description of each cookie category is available in our Cookie Policy.

9. Your rights

You have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request withdrawal of consent for future processing (this will not affect the lawfulness of processing carried out before the withdrawal);
  • request deletion of your personal data, subject to applicable retention obligations;
  • request a copy of your personal data in a structured, commonly used format (data portability), where the GDPR applies;
  • object to processing based on our legitimate interests, where the GDPR applies.

To exercise any of these rights, please contact us at info@opifex.sg. We may need to verify your identity before responding.

10. Complaints

If you are not satisfied with how we handle your personal data, you can lodge a complaint with the Singapore Personal Data Protection Commission (pdpc.gov.sg) or, where the GDPR applies, with your local data protection authority in the European Economic Area.

11. Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. Traffic to this website is served over TLS. Access to the mailbox that receives inquiries is restricted and protected by authentication. No method of transmission over the Internet is, however, completely secure, and you remain responsible for the protection of your own credentials.

12. Children

This website is aimed at business audiences and is not directed at children. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when it was last revised. Material changes will be communicated through a visible notice on the website where appropriate.

14. Contact

Questions about this Privacy Policy or our processing of personal data should be addressed to:

OPIFEX PTE. LTD.
320 Serangoon Road, #13-05, Centrium Square, Singapore 218108
E-mail: info@opifex.sg