GDPR Compliance

Your data protection rights

Our Commitment to Data Protection

While Crimson Crust is based in Singapore, we recognize the importance of the General Data Protection Regulation (GDPR) for our European customers and visitors. We are committed to protecting your personal data and respecting your privacy rights.

Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: To fulfill your pizza orders and provide delivery services
  • Consent: When you opt-in to marketing communications or use optional features
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security
  • Legal Obligations: To comply with applicable laws and regulations

Your GDPR Rights

If you are located in the European Economic Area (EEA), you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you, including information about how we use it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to our processing of your personal data for direct marketing purposes or based on legitimate interests.

Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Data Retention

We retain your personal data only for as long as necessary to:

  • Provide our pizza delivery services
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements

Order information is typically retained for 7 years for accounting and legal purposes. Marketing data is retained until you withdraw consent.

International Data Transfers

As we are based in Singapore, your personal data may be transferred to and processed in Singapore. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Staff training on data protection

Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

Data Protection Officer

For questions about our data protection practices or to exercise your rights, please contact our Data Protection Officer:

Email: [email protected]
Subject line: "GDPR Request"

Supervisory Authority

If you are located in the EEA and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

Updates to This Notice

We may update this GDPR notice from time to time. We will notify you of any material changes by posting the updated notice on our website.

Contact Information

For any questions or to exercise your rights, please contact us:

Crimson Crust
45 Tiong Bahru Road, #02-12, Singapore 168737
Email: [email protected]
Phone: +65 6234 5678