Hardvest | Privacy Policy

Effective: February 02, 2026

We are committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) describes the ways HARDVEST PTE. LTD., a company duly incorporated in and registered under the laws of the Republic of Singapore, with company registration number 202403819Z, having a registered office at 195 Pearl's Hill Terrace #03-38A, Singapore (168976) (“Hardvest,” “us”, “our” or “we”) collects, stores, uses, discloses or otherwise processes personal information of our users (“users” or “you”) in connection with their use of website available at hardvest.marketing (“Website”). Additionally, this Policy describes the rights and choices concerning your information that may apply to you.
This Policy is prepared in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”) of Singapore.
By “Personal Data”, we refer to data that relates to you as an identified or identifiable natural person. The term “Personal Data” may include, for example, your name, your postal address, your telephone number, your e-mail address. Anonymous or de-identified information, which we are not able to identify you, does not qualify as “Personal Data”. Data protection laws also do not apply to information about legal entities (for example, limited liability companies).
By using the Website or submitting personal data to us, you acknowledge that you have reviewed this Policy.

1. PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT IT?
When you interact with or use our Website, we are collecting personal information about you. Sometimes we collect personal information automatically when you interact with our Website and sometimes we collect the personal information directly from you when you use our Website.
A. Information We Collect Automatically
When you access the Website, it automatically processes only strictly necessary technical information required for the proper functioning of the Website. The Website uses technical (essential) cookies that are standard for most websites and are required to:

ensure the basic operation and stability of the Website;
enable core functionality.

These cookies are not used for analytics, marketing, profiling, tracking, or advertising purposes. The Website does not automatically collect, process, or store any other personal data, including but not limited to:

behavioral or clickstream data;
analytics or usage statistics;
device identifiers;
advertising or tracking identifiers;
email tracking pixels or similar technologies.

B. Information We Collect From You Directly (You Choose to Share with Us)
In some cases, we collect your personal data directly from you. For example, when you fill out a contact form on our Website.
We do not request or seek to elicit sensitive or special categories of information. We do not receive your personal data from third parties.

2. WHAT PERSONAL DATA DO WE PROCESS, FOR WHAT PURPOSES, AND ON WHAT LEGAL BASIS?
Depending on which features of the Website you use, we will process your personal data based on one or more of the following legal bases (we have included some examples):
Your consent: you can give us permission to process your data.
Legitimate interest: we may process your personal data based on our legitimate interests in order to manage our Website better. For example, we may use your personal data in order to identify and fix bugs.
Legal obligation: We may be obligated to process some of your personal data to comply with applicable laws and regulations.
Below, we describe the purposes for which we process your personal data and our lawful bases for doing so, including some basic examples:

Purpose of processing	To ensure the normal operation of the Website, to monitor technical problems in the webwork of the Website and fix them
Legal basis for processing	Legitimate interest
Example	Processing of essential technical cookies and server-level technical data strictly necessary to maintain the Website’s functionality, ensure security, detect and resolve technical errors, and support basic operational stability.
Purpose of processing	To respond to your inquiries, provide feedback on a directed request, offer assistance or support, and, where applicable, provide information about or provide our services.
Legal basis for processing	Legitimate interest: · your interest in receiving a response to your inquiry and/or a solution to a problem; · our interest in communicating with users, providing requested services, and improving the quality and functionality of the Website.
Example	Processing of personal data provided by you when contacting us via the “Contact us” form, email, or other communication channels (including social media), such as your name, email address, telephone number, company or organization name, and any other information you voluntarily include in your message, for the sole purpose of responding to your request, providing support, and communicating regarding requested services.

3. PRINCIPLES OF PROCESSING
Data minimisation and purpose limitation: we only process personal data for the specific purposes for which it was collected or authorised by you.
No sale of personal data: we do not sell or rent your personal data for money. We will only share your personal data as outlined in this Policy.

4. SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
In certain cases, we may share your personal data with third parties. We do this only in the situations described in this Policy. In any case, we strive to transfer your personal data in a secure manner and, if required by applicable law, based on an agreement between us and each recipient. We will make all reasonable efforts to ensure that each recipient understands the principles of the data protection directive and complies with them in accordance with the law and/or the specific agreement.
We share your personal data to third-party as follows:

Category of Third Parties	Purpose(s) of Sharing	Categories of Personal Information
Public authorities, courts, law enforcement bodies, regulatory authorities	Compliance with legal obligations; responding to lawful requests; compliance with court orders; initiation, exercise, or defence of legal claims; prevention and detection of fraud or other unlawful activities	Contact details and communication content voluntarily provided by the user; limited technical data disclosed where legally required
Service providers and business partners assisting in the operation of the Website (non-tracking)	Ensuring technical operation of the Website; processing and responding to user enquiries; maintenance and security of the Website	Contact details and message content voluntarily submitted via contact form or direct communication
Hosting providers	Hosting, storage, and technical maintenance of the Website; ensuring security, availability, and integrity of infrastructure	Limited technical data (e.g. IP address, timestamp) generated by the hosting environment; contact form submissions stored on the server

5. INTERNATIONAL TRANSFERS
Where personal data is transferred outside Singapore, we will ensure that the receiving organisation provides a comparable standard of protection as required under the Transfer Limitation Obligation (Section 26 PDPA).
To comply with Section 26, we may implement:

legally enforceable obligations requiring the overseas recipient to protect personal data in accordance with PDPA standards;
contractual data protection clauses, including intra-group transfer agreements;
PDPC-approved transfer mechanisms, where applicable;
consent-based transfers, where you are informed that the overseas recipient may not be bound by Singapore law;
exceptions permitted under the PDPA’s First and Second Schedules for legal, regulatory, or emergency situations.

We continue to remain responsible for the protection of personal data transferred overseas.

6. COOKIES POLICY
The Website uses strictly necessary technical cookies that are essential for the proper functioning, security, and stability of the Website. These cookies do not identify users, do not track behaviour across websites, and are not used for analytics, advertising, or profiling purposes.
We do not use analytical, performance, advertising, targeting, or social media cookies. In particular, the Website does not deploy cookies for analysing usage patterns, measuring traffic, monitoring user behaviour, or personalising content.
The technical cookies used on the Website are limited to what is necessary to:

ensure basic website functionality;
maintain security and protect against malicious activity;
support server-side operations required for correct content delivery.

These cookies are set either directly by the Website or by the hosting infrastructure and cannot be disabled through the Website without affecting its functionality.
We do not carry out automated profiling, behavioural tracking, or analytics when you browse the Website.
Our hosting provider may automatically generate limited technical logs, such as IP address and timestamp, strictly for purposes of ensuring the security, integrity, and reliability of the hosting environment.
These logs:

are not used by us to identify individual users;
are not used for analytics, tracking, or profiling;
are not combined with other data by us;
are retained and managed by the hosting provider in accordance with its internal policies and applicable law.

Such server logs do not constitute analytical or advertising cookies and are not used by us for independent processing of personal data.
The Website does not integrate third-party services that set cookies or otherwise collect data for analytics, advertising, or behavioural tracking purposes, including but not limited to Google Analytics, Meta Pixel, Hotjar, or similar tools.

7. RETENTION OF PERSONAL DATA
We retain your personal information for as long as it is reasonably necessary to fulfil the purposes for which it was collected, unless we are required by law to delete or if we accept your request to delete the personal data pursuant to applicable law (for example in situation when you exercised the “right to be forgotten”). We will also retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When we no longer require your personal information, we will look to delete, destroy, or anonymize it pursuant to our typical procedures. If this is not possible (for example, because your personal information has been stored in backup archives), then we will apply security measures to your personal information and isolate it from any further processing until deletion or destruction can occur pursuant to our typical procedures. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

8. YOUR PRIVACY RIGHTS
Under the PDPA, you have certain rights in relation to your personal data. These rights allow you to access, correct, and manage the use of your personal data that is in our possession or under our control. We will handle all requests in accordance with the requirements of the PDPA, including verification procedures and permitted exceptions under the First and Second Schedules to the PDPA.
You may exercise your rights by submitting a written request to us using the contact details provided in this Policy.

8.1. Right of Access (Section 21 PDPA)
You have the right to request:

confirmation of whether we hold personal data about you;
access to such personal data; and
information about how your personal data has been used or disclosed within the past 12 (twelve) months.

Access may be refused in cases permitted under the PDPA, including where disclosure would reveal confidential commercial information or involve the personal data of another individual.

8.2. Right to Correction (Section 22 PDPA)
You have the right to request correction of any error or omission in your personal data that we hold.
If we are satisfied that the correction is reasonable and supported by evidence, we will:

make the necessary correction as soon as practicable; and
where appropriate, send the corrected data to third parties to whom the data was previously disclosed.

If we decline to make a correction, we will annotate the personal data with your request and our reason for not making the correction, in accordance with Section 22(3) PDPA.

8.3. Right to Withdraw Consent
You may withdraw your consent to our collection, use, or disclosure of your personal data at any time by submitting a request to our DPO.
Upon withdrawal of consent:

we will cease the collection, use, or disclosure of your personal data, unless such processing is required or authorised under written law;
the withdrawal may affect our ability to respond to your enquiry or provide services.

We will inform you of the likely consequences of withdrawal of consent before acting on your request.

8.4. Right to Information
You may request information regarding:

the types of personal data we collect;
the purposes for which personal data is collected, used, or disclosed;
the data protection policies and practices we have implemented to ensure compliance with the PDPA.

This right derives from the Openness Obligation (Section 11 PDPA).

8.5. Right to Contact the PDPC
If you are unable to resolve a concern with us after contacting us, you may obtain further information regarding your options or lodge a complaint with the Personal Data Protection Commission (PDPC):
https://www.pdpc.gov.sg/
However, please note that the PDPA does not explicitly grant individuals a statutory “right to complain” in the same sense as GDPR; rather, the PDPC provides regulatory avenues to address unresolved data protection issues.

8.6. Exceptions and Limitations
Your rights under the PDPA are subject to exceptions permitted by law, including where:

complying with your request would likely compromise the privacy of another individual;
disclosure would reveal confidential commercial information;
retention is required for legal proceedings, regulatory compliance, or record-keeping;
access is denied under the First or Second Schedules to the PDPA.

Be aware that these rights are subject to certain limitations and exceptions as provided by law. To exercise any of these rights or for further inquiries, please contact us using the provided contact information (via e-mail address or at our legal address). Please note we may deny a request under certain circumstances, in particular if we are unable to verify your identity or locate your information on our systems. If we are unable to fulfill all or part of your request, we will explain our reasons for denying the request.
We will review your request as soon as possible, but not more than within one (1) month. Please keep in mind that this period may be extended for an additional two (2) months, if necessary, based on the complexity and number of your requests. In that case, we will tell you about the extension within one (1) month of receipt of your request and explain the reasons for the delay.

9. SECURITY MEASURES
We implement reasonable and appropriate administrative, technical, and physical safeguards to protect personal data in our possession or under our control, in accordance with the PDPA.
These safeguards include:

restricting access to authorised personnel on a need-to-know basis;
using secure hosting environments and industry-standard security practices provided by our service providers;
applying appropriate measures to protect personal data during transmission and storage; and
maintaining internal policies and procedures to prevent unauthorised access, disclosure, modification, or loss.

Where personal data is processed by third-party service providers, we require them to implement security protections that are comparable to the requirements of the PDPA.
We periodically review our security arrangements to ensure they remain effective and appropriate.

10. CHILDREN’S PRIVACY
Our Website is not intended for individuals under the age of 16, and we do not knowingly collect, use, or disclose personal data from minors.
We request that individuals under the age of 16 do not submit any personal data through the Website or contact forms. If we become aware that personal data has been provided by a minor without verifiable parental or guardian consent, we will take reasonable steps to delete such data as soon as practicable, in accordance with the Protection Obligation and Retention Limitation Obligation under the PDPA.
If you believe that a minor has provided personal data to us, please contact so that appropriate action may be taken.

11. CHANGES TO THE POLICY
This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. Your continued use of the Website after the effective date of the updated Policy will be subject to the new Privacy Policy.

12. LINKS TO OTHER WEBSITES
Our Website does not currently contain links to external websites or online services. If links to third-party websites are added in the future, please note that such websites are not operated or controlled by us. We are not responsible for the content, privacy practices, or policies of any third-party websites. We recommend reviewing the privacy terms of any external website you may visit.

13. CONTACT US
If you have any questions regarding would like to exercise your data protection related rights you can submit your request to our e-mail support@hardvest.marketing or by post to 195 Pearl's Hill Terrace, #03-38A, Singapore (168976).