Privacy Policy.
Maxicom Global Pte Ltd ("Maxicom", "we", "us") respects your privacy. This policy explains what personal data we collect when you visit maxicom.sg or engage our services, how we use it, who we share it with, and the rights the Singapore Personal Data Protection Act 2012 (PDPA) gives you. It applies to all website visitors, prospective customers, current customers, and anyone who corresponds with us by email, phone or WhatsApp.
What personal data we collect.
From website visitors — your browser sends an IP address, user-agent string, referring URL and timestamp on every page request. We log this for security and traffic analysis only; we do not link it to a name or email unless you choose to identify yourself.
From prospective customers — when you fill the /quote/, /sell-to-us/, /service-request/ or /buy-from-us/ forms, you provide: name, company name, role, email, phone, country, asset list (if applicable), and any free-text notes you write. The asset list itself may contain serial numbers, make/model and disposition preferences but no personal data of your end-users.
From customers under contract — we additionally collect billing details, signed Statement of Work, NDA where applicable, site-access contact information, photo evidence of pickup / destruction (which may incidentally include faces of our operators or yours), and the contents of email correspondence. We do not ingest your end-customers' personal data; data-bearing media are sanitised, not read.
From newsletter subscribers — only the email address you submit and the timestamp of subscription.
How we use your personal data.
We use the data above for: responding to your enquiry, issuing quotes, executing service contracts, billing and settlement, maintaining the audit trail the PDPA / MAS TRM ecosystem expects from a vendor handling retired enterprise IT, answering your follow-up questions, sending the occasional newsletter (only if you opted in), and meeting our legal obligations under Singapore law (tax, accounting, anti-money-laundering).
We rely on the PDPA's consent basis for newsletter and marketing communications, the contractual necessity basis for service execution, and the legitimate interests basis (Schedule 1 Part 3) for follow-up on quotes you've requested and security/anti-fraud monitoring of our website.
Who we share your data with — and what we never do.
- ♦ Sub-contractors strictly bound by written DPAs — secure-transport partner, NIST-grade destruction operator (when work is sub-contracted), accredited e-waste recycler.
- ♦ Banking partners — for SGD settlement processing only.
- ♦ Auditors — when you request our SOC-style attestation as part of your vendor DDQ; we share only what's needed to evidence the engagement.
- ♦ Legal authorities — when required by Singapore law, court order, or regulator notice (PDPA Section 26B, MAS notice production).
- ♦ We DO NOT sell personal data to third parties.
- ♦ We DO NOT share asset-list contents or serial numbers with anyone outside the engagement chain.
- ♦ We DO NOT cross-pollinate enquirer data between customers.
- ♦ We DO NOT use customer logos or names in marketing without explicit written permission.
How long we keep it.
Quote enquiries that don't convert — 24 months from last contact, then deleted. Reason: same enquirer often returns 6-18 months later for the same asset class.
Customer engagement records — 7 years from contract close, per Singapore tax and accounting retention requirements.
Per-job evidence packs (Certificate of Destruction, photo evidence) — 7 years, supporting your audit-defensibility window. We can extend on request.
Newsletter subscriber list — until you unsubscribe (one-click link in every email) or 36 months of inactivity, whichever is sooner.
Server access logs — 90 days, then aggregated.
What you can ask us to do.
The PDPA gives you specific rights over personal data we hold about you. Exercise any of these by emailing dpo@maxicom.sg (Data Protection Officer). We respond within 30 days; for complex requests we may extend by a further 30 days with notice.
- Access · Request a copy of personal data we hold about you. Free for the first request per year.
- Correction · Tell us a record is wrong. We correct within 14 days unless we have reason to dispute.
- Withdraw consent · Stop the newsletter, opt out of marketing follow-up. Effective immediately on receipt.
- Erasure (where applicable) · Where consent was the legal basis (eg newsletter), we delete on request. Records under contractual / statutory retention stay until that period expires.
- Object to direct marketing · We honour any opt-out signal — soft-opt-out, hard-opt-out, complaint to PDPC. We don't dispute.
Cookies and analytics.
This website uses minimal cookies. Strictly necessary cookies maintain your form session (so a 4-step RFQ doesn't lose state). We do not load Google Analytics, Meta Pixel, or any third-party tracking by default. If we add analytics in the future, we'll request explicit consent through a banner and update this page first.
See the separate Cookie Policy for the full list.
Security and breach notification.
We hold personal data on encrypted servers, behind access controls, with no unencrypted exports. Asset-list submissions are TLS 1.3 in flight and AES-256 at rest. Access is restricted to staff with a need-to-know.
If a notifiable data breach occurs (PDPA Part VIA), we notify the affected individuals and the PDPC within 72 hours of confirmation, as required by the PDPA Mandatory Data Breach Notification regime in force since February 2021.
Cross-border transfers.
Our infrastructure is hosted in Singapore. Limited operational data may transit through our UAE or Indian operating entities (Maxicom UAE, Maxicom India) under intra-group data-transfer arrangements that meet the PDPA's Section 26 transfer limitation. Customers can request that their data be processed Singapore-side only.
How to reach the Data Protection Officer.
Our Data Protection Officer can be reached at: dpo@maxicom.sg · 51 Goldhill Plaza #07-10/11, Singapore 308900 · +65 9747 6071.
If you're not satisfied with our response, you may complain to the Personal Data Protection Commission (PDPC) Singapore at www.pdpc.gov.sg.
Maxicom Singapore — frequently asked
Is Maxicom Singapore PDPA-registered?
There is no PDPA registry of companies; the PDPA applies automatically to every Singapore organisation handling personal data. We are PDPA-compliant by operating practice, with a Data Protection Officer at dpo@maxicom.sg as required under PDPA Section 11(3).
Where is my asset-list data stored?
Singapore-side, on encrypted infrastructure. We do not export asset-list contents from Singapore unless your engagement is explicitly cross-border (eg ASEAN re-export) and only then with your written consent.
Can I request that you delete my enquiry?
Yes. Email dpo@maxicom.sg referencing the original enquiry and we'll delete within 14 days, retaining only what statutory retention requires (eg invoices for 7 years if a contract executed).