Privacy POLICY JamesLeeStudio ("the Company") recognizes the importance of safeguarding personal data and respecting individuals' privacy rights. This Data Protection Policy outlines our commitment to protecting personal data in accordance with various data protection laws and regulations, which may include but are not limited to: The General Data Protection Regulation (GDPR) in Europe The California Consumer Privacy Act (CCPA) in the United States The Personal Data Protection Act (PDPA) in Singapore The Privacy Act in Australia This policy establishes the framework for how we collect, process, store, and manage personal data responsibly and in compliance with these laws. RESPONSIBILITIES EMPLOYEES All employees are responsible for ensuring the proper handling of personal data in their day-to-day activities. They must adhere to this policy and report any data protection concerns to the DPO. CONTRACTORS AND THIRD PARTIES Contractors and third parties engaged by the Company are also responsible for adhering to this policy and for ensuring the proper handling of personal data in their activities on behalf of the Company. They must comply with applicable data protection laws and regulations and report any data protection concerns to the DPO. DATA PROTECTION OFFICER (DPO) The Company has appointed a Data Protection Officer (James Lee) who is responsible for overseeing data protection matters, ensuring compliance with applicable laws, conducting regular audits or reviews of data processing activities, and acting as a point of contact for data subjects and regulatory authorities. DATA COLLECTION AND PROCESSING LAWFUL PROCESSING The Company will only collect and process personal data when it has a lawful basis to do so, including but not limited to: The consent of the data subject Contractual necessity Legal obligation Legitimate interests The protection of vital interests TRANSPARENCY Data subjects will be informed of the purposes for which their data is collected and processed, including the lawful basis for processing, at the point of data collection or before, and their rights in relation to their data. CONSENT Where consent is required for processing personal data, the Company will obtain explicit and freely given consent from data subjects. Consent will be obtained through clear and easily accessible means, and records of consent will be maintained. DATA SECURITY DATA BREACH RESPONSE A data breach is defined as any unauthorized access, disclosure, or acquisition of personal data that compromises its confidentiality, integrity, or availability. In the event of a data breach, the Company will promptly: Assess and mitigate the impact of the breach Notify affected data subjects in a timely manner, providing details of the breach and actions they can take to protect themselves Notify relevant regulatory authorities where required by applicable law DATA SUBJECT RIGHTS Data subjects have the following rights regarding their personal data: Right to Access: Data subjects can request access to their personal data. Right to Rectification: Data subjects can request corrections to their personal data. Right to Erasure: Data subjects can request the deletion of their personal data. Right to Data Portability: Data subjects can request the transfer of their personal data. Right to Object: Data subjects can object to the processing of their personal data. Right to Restriction of Processing: Data subjects can request the restriction of processing under certain circumstances. To exercise these rights, data subjects can contact the Data Protection Officer at the contact information provided below. CONTACT INFORMATION Data subjects can contact the Data Protection Officer at: James Lee - premierdkel@gmail.com APPROVAL AND EFFECTIVE DATE This Data Protection Policy was approved by James Lee and is effective from 5th May 2027.