Privacy Policy – Mice Depot

1. INTRODUCTION

MICE Depot Pte Ltd (“MICE Depot,” “we,” “us,” or “our”) is committed to:

Protecting privacy and Personal Identifiable Information (“PII”) in accordance with ISO/IEC 27001:2022 Annex A.5.34, the Singapore PDPA, the EU GDPR, and other applicable laws and contractual requirements;

Promoting sustainable practices in our information-security management and data lifecycle; and

Aligning our Information Security Management System (ISMS) to the requirements of ISO/IEC 27001:2022.

This Policy outlines our principles, legal bases, and controls for PII protection, sustainable data handling, and ISO 27001:2022 compliance.

2. SCOPE

Applies to all PII of employees, applicants, clients, vendors, and any individuals whose data we process, as well as to our ISMS processes and environmental impact of our data-management activities.

3. STANDARDS & REGULATIONS

ISO/IEC 27001:2022 – Information Security Management System requirements

ISO/IEC 27002:2022 – Code of practice for information-security controls

PDPA (Singapore) – Personal Data Protection Act

GDPR (EU) – General Data Protection Regulation

Relevant contractual, statutory, and regulatory data-protection obligations

4. PRINCIPLES

We uphold the following, consistent with ISO/IEC 27001:2022 Annex A.5.34 and ISO/IEC 27002:2022 Clause 5.34:

Principle	Description
Lawfulness, Fairness	Process PII on lawful grounds and with transparency.
Purpose Limitation	Collect PII only for specified, legitimate purposes.
Data Minimization	Limit PII to what is necessary for the intended purpose.
Accuracy	Keep PII accurate and current.
Storage Limitation	Retain PII only as long as necessary per retention schedule.
Integrity & Confidentiality	Implement ISO/IEC 27001:2022 controls (encryption, access control, logging) to protect PII.
Accountability	Demonstrate compliance through our ISMS processes, audits, and management reviews.
Sustainability	Minimize environmental impact with energy-efficient storage, reduced paper usage, and responsible e-waste disposal.

5. LEGAL BASES & GDPR REQUIREMENTS

Jurisdiction	Legal Bases
PDPA (SG)	Consent, contract, legal obligation, legitimate interest
GDPR (EU)	Consent, contract, legal obligation, vital interests, public interest, legitimate interest

We respect GDPR rights—including access, rectification, erasure, portability, restriction, and objection—and comply with PDPA obligations on consent, notification, and breach reporting.

6. ISO/IEC 27001:2022 ALIGNMENT

We maintain an ISMS certified to ISO/IEC 27001:2022.

Annex A.5.34 controls on PII protection form part of our ISMS control set.

Quarterly management reviews assess PII controls, GDPR compliance, and sustainable-IT metrics.

7. IMPLEMENTATION CONTROLS

Technical: AES-256 encryption at rest; TLS 1.2+ in transit; role-based access with MFA; SIEM logging.

Administrative: Privacy Impact Assessments for new projects; vendor due-diligence; staff training on ISO 27001 and data protection.

Physical: Secure data-centre access; locked cabinets for paper; e-waste recycling through certified partners.

8. DATA SUBJECT RIGHTS & BREACH NOTIFICATION

Access & Correction: Respond within 30 days.

Erasure & Portability: Provided under GDPR, subject to legal obligations.

Breach Reporting:

· Notify PDPC within 72 hours of a significant PDPA breach.

· Notify EU Supervisory Authorities and data subjects within 72 hours of a GDPR breach.

9. RETENTION & DISPOSAL

Record Type	Retention Period	Disposal Method
Employee PII	7 years post-termination	Secure wipe/shredding & recycle
Client/Supplier	5 years post-relationship	As above
Marketing Consents	Until withdrawal	Secure deletion

10. GOVERNANCE & REVIEW

DPO: Oversees GDPR/PDPA compliance and ISO 27001 integration.

Internal Audit: Annual audits of privacy, ISO 27001 controls, and sustainability practices.

Management Review: Quarterly ISMS and sustainability performance reporting to Top Management.

14. CONTACT US

Data Protection and Sustainability Officer

Email: dataprivacy@micedepot.com

©2025 Mice Depot, All Rights Reserved.