
Privacy
Privacy Policy
How ArrowBiome collects, uses, and protects the limited personal data you share with us through this website.
This Privacy Policy explains how ARROWBIOME PTE. LTD. ("ArrowBiome", "we", "us", or "our") handles personal data collected through our website. We are a business-to-business biotechnology company supplying engineered microbiome actives to brand owners and formulators. This website is a corporate and marketing site directed to business professionals; it is not intended for consumers or children, and we do not sell products or process payments through it.
1. Who is responsible for your data
The data controller responsible for personal data collected through this website is ARROWBIOME PTE. LTD. (UEN 202209446W), a private company limited by shares with its registered office at 3 Biopolis Drive, #06-11, Synapse, Singapore 138623. ArrowBiome may share data within its group, including with its European affiliate, under appropriate safeguards (see "International transfers" below).
For any privacy matter, or to reach our Data Protection Officer, contact us at info@arrowbiome.com or by post at the registered address above.
2. What personal data we collect
We practise data minimisation and collect only what we need. When you use this website, we may collect:
- Contact form data: your name, company, business email address, your selected area of interest, and any message you choose to send us.
- Email correspondence: the contents of any message you send us and the contact details you provide.
- Technical and server log data: limited information automatically recorded by our hosting infrastructure, such as IP address, browser type, and timestamps, used for security, diagnostics, and to keep the website running reliably.
We do not collect special categories of data (such as health data) through this website, we do not run advertising, and we do not carry out automated decision-making or profiling. We do not knowingly collect data from children.
3. Why we use it, and our legal basis
We use the personal data described above for the following purposes, on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Responding to your enquiry and following up on a potential business relationship | Our legitimate interest in business-to-business communication (GDPR Art. 6(1)(f)); under the Singapore PDPA, with your consent or as permitted for legitimate business purposes. |
| Maintaining the security, integrity, and reliability of the website | Our legitimate interest in protecting our systems (GDPR Art. 6(1)(f)); reasonable security and business purposes under the PDPA. |
| Complying with legal, regulatory, and record-keeping obligations | Compliance with a legal obligation (GDPR Art. 6(1)(c)) and applicable Singapore law. |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You can object to this processing at any time (see your rights below). We do not use your details for unrelated marketing without an appropriate basis, and you can ask us to stop contacting you at any time.
5. International transfers
ArrowBiome operates from Singapore and works with affiliates and service providers located in other countries, including within the European Union and the United States. Where personal data is transferred across borders, including from the EU/EEA to Singapore or elsewhere, we put appropriate safeguards in place, such as the European Commission's Standard Contractual Clauses, and we take steps to ensure your data continues to receive an adequate level of protection wherever it is processed.
6. How long we keep it
We keep personal data only for as long as necessary for the purposes described above:
- Contact and enquiry data: for as long as our dialogue or business relationship with your organisation is active, and for up to 24 months after our last meaningful contact, unless a longer period is required or permitted by law. If we receive no response or engagement, we delete the data within 12 months.
- Server and security logs: typically up to 90 days, and no longer than 12 months unless needed for security investigation or legal reasons.
- Where an enquiry leads to a contract, related records are kept for the duration of the contract plus applicable statutory limitation periods.
When personal data is no longer needed for any business or legal purpose, we securely delete or anonymise it.
7. Your rights
Depending on where you are located, you have rights over your personal data. We honour the following rights for all website visitors:
- Access: request confirmation of whether we process your data and a copy of it.
- Correction / rectification: ask us to correct inaccurate or incomplete data.
- Erasure: ask us to delete your data where it is no longer needed or where you withdraw a consent we relied on.
- Restriction and objection: ask us to restrict processing, or object to processing based on our legitimate interests. You may object to any direct marketing at any time, and we will stop.
- Withdraw consent: where we rely on your consent, you may withdraw it at any time, without affecting processing carried out before withdrawal.
- Data portability: where applicable, receive certain data in a portable format.
- Complain: lodge a complaint with a supervisory authority (see below).
To exercise any right, email us at info@arrowbiome.com. We may ask for information to verify your identity. We will respond within 30 days; for the EU/EEA we respond within one month, extendable by up to two further months for complex requests, and at no charge unless a request is manifestly unfounded or excessive.
If you are in Singapore, you may contact the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg. If you are in the EU/EEA, you may lodge a complaint with your local data protection authority. We would, however, appreciate the chance to address your concerns first.
9. How we protect your data
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. Data is transmitted over encrypted (HTTPS/TLS) connections, access is limited to authorised personnel on a need-to-know basis, and our service providers are contractually required to maintain equivalent safeguards. No transmission over the internet is ever completely secure, so we cannot guarantee absolute security, but we work to protect your data and to respond promptly if anything goes wrong.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will indicate material changes by updating the effective date below and, where appropriate, by providing more prominent notice. Please review this page periodically.
