Privacy Policy

Effective Date: 29.09.2025

At PRISMATICA GROWTH PTE. LTD ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our website, marketing and consulting services, or interact with us. As a data-driven marketing agency operating across APAC, EU, MENA, and the Americas, we understand the importance of transparent data practices and your right to privacy. This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR), Singapore Personal Data Protection Act (PDPA), California Consumer Privacy Act (CCPA), and other relevant regulations.

1. Information We Collect

We collect personal and non-personal information to provide you with an optimal experience and deliver our marketing services. The types of information we collect depend on how you interact with us:

1.1 Personal Data You Provide Directly

When you contact us, request services, or use our website, we may collect:

• Contact Information: Name, email address, phone number, company name, job title, and business address.
• Account Information: Username, password (encrypted), and account preferences when you create an account or access our client portal.
• Communication Data: Content of emails, messages, inquiries, feedback, and any other communications you send to us.
• Marketing Information: Information about your marketing objectives, target audience, budget, campaign preferences, and business goals when you engage our services.
• Payment Information: Billing address, payment method details (processed securely through third-party payment processors), and transaction history.
• Professional Information: Industry, company size, business model, and other professional details relevant to our services.

1.2 Information Collected Automatically

When you visit our website or use our services, we automatically collect:

• Usage Data: IP address, browser type and version, device information (type, model, operating system), pages visited, time spent on pages, click patterns, scroll behavior, search queries, referral sources, and exit pages.
• Technical Data: Log files, error reports, system configuration, language preferences, time zone, and access times.
• Location Data: General geographic location based on IP address (country, region, city level) to provide localized content and comply with regional regulations.
• Cookies and Tracking Technologies: Small text files and similar technologies used to enhance user experience, analyze site performance, track marketing campaign effectiveness, deliver personalized content, and remember your preferences. For detailed information, see our Cookie Policy.

1.3 Information from Third Parties

We may receive information about you from:

• Service Providers: Analytics platforms (e.g., Google Analytics, GA4), advertising networks, social media platforms, and marketing tools that help us deliver our services.
• Business Partners: Referral partners, strategic alliances, and other business relationships.
• Public Sources: Publicly available information from business directories, social media profiles, and professional networks (when relevant to our services).
• Client Data: When providing marketing services, we may process data on behalf of our clients in accordance with our service agreements and applicable data processing agreements.

1.4 Marketing and Campaign Data

When you engage our marketing services, we collect and process:

• Campaign performance metrics, conversion data, attribution information, and ROI measurements.
• Audience insights, segmentation data, and behavioral analytics.
• A/B test results, hypothesis validation data, and experimentation outcomes.
• Marketing dashboard data, KPI tracking, and performance reports.

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Consent: When you have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications, cookies).
• Contract Performance: To perform our contractual obligations and provide the marketing services you have requested.
• Legal Obligation: To comply with applicable laws, regulations, court orders, or government requests.
• Legitimate Interests: To operate our business, improve our services, prevent fraud, ensure security, and conduct marketing activities (where permitted and balanced against your rights).
• Vital Interests: To protect your or another person's vital interests in emergency situations.

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Provide, operate, maintain, and improve our website and marketing and consulting services.
• Process inquiries, coordinate personalized marketing consultations, and deliver tailored marketing strategies, campaigns, and reports.
• Set up and manage marketing dashboards, analytics implementations (GA4, Consent Mode v2), and tracking systems.
• Conduct A/B testing, hypothesis validation, and performance optimization.
• Manage client accounts, process payments, and handle billing and invoicing.

3.2 Communication

• Respond to your inquiries, requests, and support needs.
• Send service-related communications, updates, and notifications.
• Send marketing communications, newsletters, and informative content about marketing strategies, industry insights, and business growth (with your consent and opt-out options).
• Conduct surveys, research, and gather feedback to improve our services.

3.3 Analytics and Improvement

• Analyze website traffic, user behavior, and engagement patterns to improve website functionality and user experience.
• Measure marketing campaign performance, track KPIs, and optimize our service offerings.
• Conduct data analysis, research, and statistical analysis to enhance our marketing methodologies and strategies.
• Develop new services, features, and capabilities based on user needs and market trends.

3.4 Legal and Security

• Comply with legal obligations, regulatory requirements, and industry standards.
• Detect, prevent, and address fraud, security threats, and unauthorized access.
• Enforce our Terms of Service, Privacy Policy, and other agreements.
• Protect our rights, property, and safety, as well as those of our clients and third parties.
• Respond to legal processes, court orders, and government requests.

3.5 Business Operations

• Manage our business operations, including client relationships, partnerships, and vendor relationships.
• Conduct business analytics, financial reporting, and strategic planning.
• Facilitate mergers, acquisitions, or other business transactions (with appropriate safeguards).

4. Sharing Your Information

We do not sell your personal data. We may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We share information with trusted third-party service providers who help us deliver our services, under strict confidentiality agreements and data processing agreements:

• Analytics Platforms: Google Analytics, GA4, and other analytics tools to measure website and campaign performance.
• Cloud and Hosting Providers: Secure cloud storage and hosting services for data storage and website hosting.
• Email Service Providers: Email delivery and marketing automation platforms.
• Payment Processors: Secure payment processing services (we do not store full payment card details).
• Marketing Platforms: Advertising networks (Google, Meta, TikTok, LinkedIn), marketing automation tools, and campaign management platforms.
• Customer Relationship Management (CRM): CRM systems to manage client relationships and communications.
• IT and Security Services: IT support, security monitoring, and technical infrastructure providers.

4.2 Legal Requirements

We may disclose your information when:

• Required by law, legal processes, court orders, or government requests.
• Necessary to protect our rights, property, or safety, or that of our clients, employees, or third parties.
• Required to enforce our Terms of Service, Privacy Policy, or other agreements.
• Necessary to prevent or investigate fraud, security threats, or illegal activities.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 With Your Consent

We may share your information with your explicit consent for specific purposes related to our marketing services or other business activities.

4.5 International Data Transfers

As we operate across APAC, EU, MENA, and the Americas, your information may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
• Adequacy decisions where applicable.
• Other legally recognized transfer mechanisms and safeguards.

By using our services, you consent to the transfer of your information to these countries, subject to the safeguards described above.

5. Data Security

We implement comprehensive security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction:

• Encryption: Data encryption in transit (TLS/SSL) and at rest using industry-standard encryption algorithms.
• Access Controls: Role-based access controls, least-privilege access principles, multi-factor authentication, and regular access reviews.
• Network Security: Firewalls, intrusion detection and prevention systems, and secure network architecture.
• Secure Storage: Secure data centers with physical security measures, environmental controls, and redundancy.
• Regular Audits: Security assessments, vulnerability scanning, penetration testing, and compliance audits.
• Employee Training: Regular security awareness training and strict confidentiality obligations for all employees.
• Incident Response: Incident response procedures and breach notification protocols in accordance with applicable laws.
• Data Backup: Regular backups and disaster recovery procedures to ensure data availability and integrity.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. As a marketing agency handling sensitive business information, we maintain industry-standard security practices and regularly review and update our security protocols.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Active Client Data: Retained for the duration of our business relationship and for a reasonable period thereafter for legal, accounting, and business purposes.
• Marketing Communications: Retained until you unsubscribe or withdraw consent, plus a reasonable period to process your request.
• Website Usage Data: Retained for analytics purposes as specified in our Cookie Policy, typically up to 26 months for Google Analytics.
• Legal Requirements: Retained as required by applicable laws, regulations, or legal proceedings (e.g., tax records, contract documentation).
• Deletion Requests: Deleted within 30 days of a valid deletion request, subject to legal and contractual obligations.

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable laws.

7. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixels, and similar tracking technologies to enhance your browsing experience, analyze site performance, track marketing campaign effectiveness, and deliver personalized content. We use the following categories:

• Strictly Necessary Cookies: Required for core website functionality and security (cannot be disabled).
• Analytics Cookies: Help us understand how users interact with our site and improve our services (requires consent in certain jurisdictions).
• Advertising Cookies: Used to deliver targeted marketing content and measure campaign effectiveness (requires consent).
• Functional Cookies: Remember your preferences and enhance functionality (requires consent).

You can manage or disable cookies through your browser settings or our cookie consent banner. For detailed information about our use of cookies, including specific cookies we use, their purposes, and retention periods, please refer to our Cookie Policy.

8. Your Data Protection Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

8.1 Rights Under GDPR (European Economic Area)

• Right of Access: Request access to your personal data and receive a copy of the data we hold about you.
• Right to Rectification: Request corrections to inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal and contractual obligations.
• Right to Restrict Processing: Request restriction of processing in certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

8.2 Rights Under CCPA (California)

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information).
• Right to Non-Discrimination: Exercise your rights without discrimination.

8.3 Rights Under PDPA (Singapore)

• Access and Correction: Request access to and correction of your personal data.
• Withdrawal of Consent: Withdraw consent for collection, use, or disclosure of your personal data.
• Complaint: File a complaint with the Personal Data Protection Commission (PDPC) of Singapore.

8.4 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframes required by applicable law (typically 30 days, or 45 days for complex requests under CCPA). We may need to verify your identity before processing your request.

You can also:

• Update your preferences through your account settings (if applicable).
• Unsubscribe from marketing emails using the unsubscribe link in our emails.
• Manage your cookie preferences through our cookie consent banner or browser settings.

9. Automated Decision-Making and Profiling

We may use automated decision-making and profiling in our marketing services to:

• Analyze campaign performance and optimize ad targeting and bidding.
• Segment audiences and personalize marketing content.
• Predict user behavior and preferences to improve service delivery.

When we use automated decision-making that produces legal effects or significantly affects you, we will:

• Inform you about the logic involved and the significance and consequences of such processing.
• Provide you with the right to human intervention, express your point of view, and contest the decision.
• Ensure appropriate safeguards are in place.

10. Children's Privacy

Our services are not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. Third-Party Links and Services

Our website may contain links to third-party websites, including marketing tools, analytics platforms, social media platforms, and partner sites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by PRISMATICA GROWTH PTE. LTD.

When you use third-party services integrated with our website (e.g., social media login, payment processors), your interactions with those services are governed by their respective privacy policies.

12. Data Processing Agreements

When we process personal data on behalf of our clients as a data processor, we do so in accordance with:

• Written data processing agreements that specify the scope, purpose, and duration of processing.
• Our clients' instructions and applicable data protection laws.
• Appropriate technical and organizational measures to protect the data.

In such cases, our clients are the data controllers, and you should contact them directly regarding your data protection rights.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons. Changes will take effect immediately upon publication on this page. We will notify you of significant changes by:

• Posting a prominent notice on our website.
• Sending an email to the address associated with your account (if applicable).
• Other methods as appropriate and required by law.

The "Effective Date" at the top of this policy indicates when it was last updated. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or wish to exercise your data protection rights, please contact us:

PRISMATICA GROWTH PTE. LTD
Data Protection Officer: Rustams Kozlovskis
Phone: +371 24 978 094
Email: finance@prismatica-growth.com
For data protection inquiries, please include "Privacy Policy" in the subject line.

14.1 Supervisory Authorities

If you are located in the EEA and are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local data protection authority. For Singapore residents, you may contact the Personal Data Protection Commission (PDPC). For California residents, you may contact the California Attorney General's Office.

15. Additional Information for Specific Regions

15.1 European Economic Area (EEA)

For users in the EEA, PRISMATICA GROWTH PTE. LTD acts as a data controller for personal data collected through our website and services. Our legal representative in the EEA (if applicable) can be contacted using the information above.

15.2 Singapore

We comply with the Personal Data Protection Act (PDPA) of Singapore. For more information about your rights under PDPA, please visit the PDPC website.

15.3 California

We comply with the California Consumer Privacy Act (CCPA). We do not sell personal information. California residents have specific rights as outlined in Section 8.2 above.

16. Consent

By using our website and services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our website or services.

You may withdraw your consent at any time by contacting us or using the opt-out mechanisms provided (e.g., unsubscribe links, cookie preferences). However, withdrawal of consent may affect your ability to use certain features of our services.