Last updated: 1 March 2026
This privacy notice explains how the ResGuard group of companies ("ResGuard", "we", "us") collects, uses, stores and protects personal data when you visit our website, use our ResGuard Compliance Manager (RCM) platform, or otherwise interact with us.
We are committed to protecting your privacy and processing your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Singapore Personal Data Protection Act (PDPA) and all other applicable data protection legislation.
Depending on your region, one of the following entities acts as the data controller responsible for the processing of your personal data:
Our Data Protection Officer (DPO) can be contacted for any questions regarding the processing of your personal data or to exercise your data subject rights.
DPO: Sven Kreiter
Submit a Data Protection Request
When you visit our website, we may collect:
When you submit an enquiry through our contact form or by email, we collect:
When your organisation uses the ResGuard Compliance Manager platform, we process:
RCM platform data is processed on behalf of your organisation under a Data Processing Agreement (DPA). Your organisation is the data controller for the content it stores in the platform; ResGuard acts as a data processor.
When you apply for a position with us, we collect:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Delivering and securing our website | Legitimate interest (Art. 6(1)(f)) |
| Responding to enquiries and providing quotes | Pre-contractual measures (Art. 6(1)(b)) |
| Providing the RCM SaaS platform | Performance of contract (Art. 6(1)(b)) |
| Sending service-related communications (e.g. maintenance notices) | Legitimate interest (Art. 6(1)(f)) |
| Analytics and website improvement | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations (e.g. tax, accounting) | Legal obligation (Art. 6(1)(c)) |
| Processing job applications | Pre-contractual measures (Art. 6(1)(b)) |
| Protecting our IT infrastructure and preventing fraud | Legitimate interest (Art. 6(1)(f)) |
Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.
We may share your personal data with the following categories of recipients, only to the extent necessary for the purposes described above:
We do not sell your personal data to third parties.
As ResGuard operates across multiple jurisdictions (Singapore, Europe, Latin America), personal data may be transferred between our entities. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
Our website uses cookies and similar technologies. We distinguish between:
These are required for the website to function correctly (e.g. session management, CSRF protection). They cannot be disabled. Legal basis: legitimate interest.
We use Google Analytics (with IP anonymisation enabled) to understand how visitors use our website. These cookies are only set with your consent. You can withdraw consent at any time via your browser settings or by using the Google Analytics opt-out browser add-on.
You can manage your cookie preferences through your browser settings. Disabling non-essential cookies will not affect the core functionality of our website.
Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access (Art. 15) | Obtain confirmation of whether we process your data and request a copy |
| Rectification (Art. 16) | Correct inaccurate or incomplete personal data |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") |
| Restriction (Art. 18) | Request restriction of processing in certain circumstances |
| Data portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interest |
| Withdraw consent (Art. 7(3)) | Withdraw consent at any time, without affecting the lawfulness of prior processing |
To exercise any of these rights, please use our Data Protection Request Portal or contact our DPO. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. The relevant authority depends on your location:
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include:
For more details, please visit our Trust Center.
We do not use automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy notice of each website you visit.
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.
We may update this privacy notice from time to time to reflect changes in our processing activities or legal requirements. Material changes will be communicated via our website. The "last updated" date at the top of this notice indicates the most recent revision.