Balen Disti
Home Solutions About Contact

GDPR Compliance

Last updated: May 26, 2026

Our Commitment to GDPR Compliance

Balen Disti is committed to protecting the privacy and personal data of all individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to organizations that process personal data of individuals in the European Economic Area (EEA), regardless of where the organization is located.

Data Controller Information

For the purposes of GDPR, Balen Disti acts as the data controller for personal information collected through our website and services.

Data Controller:
Balen Disti
71 Robinson Road, #14-01
Singapore 068895
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so under GDPR Article 6:

  • Consent (Article 6(1)(a)): You have given clear, affirmative consent for us to process your personal data for specific purposes, such as receiving marketing communications
  • Contract (Article 6(1)(b)): Processing is necessary to fulfill a contract we have with you or to take steps at your request before entering into a contract
  • Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with legal obligations to which we are subject
  • Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, such as improving our services, fraud prevention, or network security, provided your rights and freedoms do not override these interests

Your Rights Under GDPR

As an individual whose personal data we process, you have the following rights under GDPR:

Right to Access (Article 15)

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data along with information about how it is processed.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to have incomplete personal data completed.

Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request deletion of your personal data under certain circumstances, including:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

Data Protection Principles

We adhere to the following GDPR data protection principles:

  • Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes
  • Data minimization: We collect only personal data that is adequate, relevant, and limited to what is necessary
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date
  • Storage limitation: We retain personal data only for as long as necessary for the purposes for which it was collected
  • Integrity and confidentiality: We implement appropriate technical and organizational measures to ensure security of personal data
  • Accountability: We are responsible for and can demonstrate compliance with these principles

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery planning

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules
  • Certifications under approved mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Our retention periods are based on:

  • The nature of the services provided
  • Legal and regulatory requirements
  • Legitimate business purposes
  • Your consent or legitimate expectations

Children's Data

Our services are not directed at children under the age of 16. We do not knowingly collect or process personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. However, we encourage you to contact us first so we can address your concerns directly.

Updates to This Page

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

Contact Us

If you have questions about our GDPR compliance or wish to exercise your rights, please contact us:

Balen Disti
71 Robinson Road, #14-01
Singapore 068895
Email: [email protected]

Balen Disti

Enterprise technology infrastructure and digital transformation services

Services

  • Cloud Infrastructure
  • System Integration
  • AI Implementation
  • Security & Compliance

Company

  • About Us
  • Contact

Legal

  • Privacy Policy
  • GDPR
  • Cookies Policy
  • Terms of Use

© 2026 Balen Disti. All rights reserved.