Privacy Policy

This Privacy Policy explains how DIQIT collects, uses, shares, and protects information about you when you visit our website, register for our webinars and events, contact us, or otherwise interact with our services.

We take privacy seriously. We process personal data only where we have a clear legal basis to do so, and we limit collection to what we actually need to deliver our services and run our business responsibly.

This Policy is written in plain English so you can understand it without legal training. If anything in it is unclear, please contact us using the details at the end.

DIQIT is a hospitality technology company headquartered in Singapore. We build restaurant and hotel operating platforms used by multi-store F&B and retail operators across the Asia-Pacific region, and we are actively expanding our services to the United Kingdom and Europe.

For the purposes of the EU and UK General Data Protection Regulation (GDPR), DIQIT is the data controller for information collected through our website, webinars, and direct business communications.

DIQIT is registered in Singapore as:

• Diqit Business Solutions Pte Ltd
• 7030 Ang Mo Kio Avenue 5, #01-23, Northstar @ AMK, Singapore 569880

Where we work with EU or UK customers, partners, or webinar registrants, we apply GDPR-equivalent protections to your personal data regardless of where it is stored or processed.

We collect different categories of information depending on how you interact with us. The categories below are exhaustive. We do not collect personal data outside these categories without telling you first.

• Name, job title, company, and business email when you register for our webinars or events.
• Company size, country, and operational focus (for example, number of outlets, business category) when you provide it on registration or contact forms.
• Email content and attachments when you contact us via sumita@diqit.com, neeraj@diqit.com, or any other listed DIQIT email address.
• Information you share during webinar Q&A sessions, polls, or chat, if you participate.

• Standard website analytics: IP address, browser type, device type, pages visited, and time spent. This is collected to understand which parts of our website are useful and to detect technical issues.
• Cookies and similar technologies (see Section 10 below).

• Registration data provided through Eventbrite when you register for a DIQIT-hosted webinar via the Eventbrite platform.
• Webinar attendance and engagement data (joining time, time present, questions asked) provided through Zoom when you attend a DIQIT-hosted Zoom session.
• Public professional information from sources you have already made public (for example, LinkedIn) when we research prospective partners or customers in a business-to-business context.

We use the information we collect for the following specific purposes:

• To process your webinar or event registration, send you confirmations and reminders, and deliver the session.
• To send you the webinar recording and follow-up materials after the event, where you have registered.
• To respond to your enquiries and provide information you have requested.
• To send you occasional updates, content, or invitations to future events, where you have consented or where we have a legitimate interest in doing so (and where you have not opted out).
• To improve our website, our services, and the quality of our webinars and content.
• To comply with our legal and regulatory obligations.
• To protect our business, our customers, and our partners from fraud, abuse, or misuse of our services.

We process your personal data on one or more of the following legal bases under Article 6 of the GDPR:

• Consent (Article 6(1)(a)): when you have given us specific, informed consent, for example when you register for a webinar or subscribe to our updates.
• Contract (Article 6(1)(b)): when processing is necessary to deliver a service you have requested, such as confirming your webinar registration and sending you the joining link.
• Legitimate interests (Article 6(1)(f)): when we have a clear business reason to process your data and our interest is balanced against your rights and freedoms. We rely on this basis for business-to-business outreach, for analytics, and for sending occasional updates to people we have an existing business relationship with.
• Legal obligation (Article 6(1)(c)): when we are required to process your data to comply with a law applicable to us.

You have the right to object to processing based on legitimate interests. See Section 9 below for how to do this.

We do not sell your personal data. We share your information only with the following categories of recipient, and only to the extent strictly necessary:

These are organisations that process data on our behalf, under contract, to deliver our services. They are bound to use your data only on our instructions and to protect it appropriately.

• Eventbrite (Eventbrite, Inc., USA): to host our event registration page and send confirmation and reminder emails for our webinars.
• Zoom (Zoom Video Communications, Inc., USA): to deliver our webinars and manage attendee participation, Q&A, and recordings.
• Our internal CRM system: to manage our relationships with prospective and existing partners and customers, and to track which content has been shared with whom.
• Email service providers: to send transactional and marketing emails where applicable.
• Website analytics providers: to understand site usage in aggregate.

• Our auditors, accountants, and legal advisers, where strictly necessary and bound by confidentiality.
• Law enforcement or regulatory authorities, where we are legally required to disclose information.

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your personal data may be transferred to the relevant party. We will notify affected individuals where required by law.

Because DIQIT is headquartered in Singapore and uses service providers in the United States and other regions, your personal data may be transferred outside the United Kingdom or the European Economic Area (EEA).

When we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, as applicable.
• Reliance on adequacy decisions where these exist for a destination country.
• Additional technical and organisational measures, such as encryption in transit and at rest, where appropriate.

You can request a copy of the safeguards in place for any specific transfer by contacting us using the details in Section 14.

We keep personal data only for as long as we need it for the purposes set out in this Policy, and in line with the following retention periods:

• Webinar registration and attendance records: up to 24 months after the event, for follow-up communications and to assess content performance.
• Marketing contacts and lead records: until you ask us to delete them, or until 36 months of inactivity, whichever is sooner.
• Email correspondence: up to 36 months from the last interaction, unless we are required to keep it longer for legal reasons.
• Website analytics and aggregated, non-identifying data: indefinitely, but in a form that does not identify you personally.
• Records we are legally required to keep (for example, financial records): for the period required by applicable law, typically up to 7 years.

When retention periods end, we will delete or fully anonymise your personal data.

You have the following rights in relation to your personal data:

• Right of access (Article 15): you can ask us for a copy of the personal data we hold about you, and for information about how we use it.
• Right to rectification (Article 16): you can ask us to correct inaccurate or incomplete information.
• Right to erasure (Article 17): you can ask us to delete your personal data, subject to certain exceptions (such as where we are required to keep it for legal reasons).
• Right to restrict processing (Article 18): you can ask us to limit how we use your data in certain circumstances.
• Right to data portability (Article 20): you can ask for a copy of your personal data in a structured, commonly used, machine-readable format, where processing is based on consent or contract.
• Right to object (Article 21): you can object to processing based on legitimate interests, including direct marketing. If you object to direct marketing, we will stop processing your data for that purpose.
• Right to withdraw consent: where we rely on consent, you can withdraw it at any time, without affecting the lawfulness of processing before the withdrawal.
• Right to lodge a complaint with a supervisory authority: in the UK, this is the Information Commissioner's Office (ico.org.uk). EEA residents can contact their local data protection authority.

To exercise any of these rights, contact us using the details in Section 14. We will respond within 30 days, or explain why we need additional time (up to a maximum of three months total, in line with GDPR).

Our website uses cookies and similar technologies in the following categories:

• Strictly necessary cookies: required for the website to function. These do not need your consent and cannot be disabled.
• Analytics cookies: help us understand how visitors use our site (which pages are read, how long they stay) so we can improve it. These run only if you accept them via our cookie banner.
• Marketing cookies: where we run them, they help us measure the performance of our advertising and content. They run only if you accept them via our cookie banner.

You can manage your cookie preferences at any time through our cookie banner or by adjusting your browser settings. Withdrawing consent to non-essential cookies will not affect your access to our website.

Our services and content are aimed at business professionals. We do not knowingly collect personal data from children under the age of 16. If you believe we have collected information from a child, please contact us and we will delete it promptly.

We use a combination of technical and organisational measures to protect your personal data, including encryption of data in transit and at rest, access controls, secure development practices, and regular review of our security posture.

No system is 100% secure. In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you directly where required by law.

We may update this Privacy Policy from time to time. The latest version is always available at diqit.com/privacy and shows the date of the most recent update at the top.

Where changes are material, we will notify registered users and active contacts by email and, where appropriate, through a banner on our website.

To exercise your rights, ask questions about this Policy, or raise a privacy concern, contact us at:

• DIQIT Privacy Team
• Email: privacy@diqit.com
• Diqit Business Solutions Pte Ltd
• 7030 Ang Mo Kio Avenue 5, #01-23, Northstar @ AMK, Singapore 569880

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local EEA supervisory authority.