top of page

Privacy Policy of nxt4sap Pte. Ltd.
Last updated: 1. January 2026


1. Introduction
This Privacy Policy explains how nxt4sap Pte. Ltd. (“nxt4sap”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA) and, where applicable, the European Union General Data Protection Regulation (EU Regulation 2016/679, GDPR).
This Policy applies to:
• visitors to our website https://www.nxt4sap.com,
• users of our NXT WebApp Launchpad and related services,
• business partners, suppliers, and other individuals whose personal data we may process.
By accessing our websites or using our services, you acknowledge that you have read and understood this Policy.


2. Personal Data We Collect
We collect and process only the personal data necessary for our business operations and contractual obligations. Depending on your interaction with us, this may include:

 

 

 

 

 

 

 

 

We do not require sensitive data (e.g., health, biometric, or racial information) unless expressly needed by law or contract.
 
3. Purposes and Legal Bases of Processing
We process your personal data for the following purposes:

 

 

 

If you are based in the EU/EEA, you may withdraw consent or object to processing at any time (see Section 9).


4. How We Collect Data
• Directly from you (via web forms, registration, correspondence, or support).
• Automatically through our platforms (e.g., log files, cookies, analytics).
• From authorized partners or resellers who act under contract with nxt4sap.
We always inform you of the purpose of collection and obtain consent where required.


5. Use and Disclosure of Personal Data
We may disclose personal data to:
• our affiliated entities and authorized employees on a need-to-know basis;
• third-party service providers (e.g., Microsoft Azure, SAP BTP, analytics, email hosting);
• professional advisors, auditors, or regulators;
• government or law-enforcement agencies where required by law.
All third parties are bound by confidentiality and data-processing agreements that ensure protection equivalent to this Policy.


6. Cross-Border Data Transfers
We may transfer personal data to servers or processors located outside Singapore or the EU.
Such transfers are protected by:
• EU Standard Contractual Clauses (SCCs) for GDPR compliance, and
• PDPA Transfer Limitation Obligations ensuring a comparable level of protection.
A list of key processing locations (e.g., Singapore, Germany, Ireland) is available upon request.


7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described above or to comply with legal and accounting requirements.

 

Data is securely deleted or anonymised once no longer required.
 
8. Data Security
We implement administrative, technical, and physical safeguards, including:
• AES-256 encryption at rest and TLS 1.3 in transit;
• strict role-based access control and MFA;
• regular vulnerability assessments and backups;
• confidentiality undertakings for staff and processors.
While no system is entirely risk-free, we continuously review and enhance our security posture.


9. Your Rights
Under GDPR (Arts. 7, 15–21) and PDPA
You have the right to:
1. Access – obtain a copy of personal data we hold about you.
2. Rectification – correct inaccurate or incomplete data.
3. Erasure – request deletion where legally permissible.
4. Restriction – limit processing under certain conditions.
5. Portability – receive data in a structured, machine-readable format.
6. Objection – object to processing based on legitimate interests or direct marketing.
7. Withdraw Consent – withdraw previously given consent at any time.


Requests can be submitted through our Privacy Request Center (available on our website) or by contacting our DPO. We will acknowledge within 5 business days and fulfil within 30 calendar days unless law requires otherwise.
EU residents may also lodge a complaint with their local supervisory authority.


10. Cookies and Analytics
Our website uses necessary and optional cookies:

Non-essential cookies are set only with your consent via our cookie banner.
You may change settings anytime in your browser or the cookie-preferences panel.
To disable Google Analytics, visit https://tools.google.com/dlpage/gaoptout.


11. External Links & Social Media
Our sites may contain links or social-media widgets operated by third parties.
We are not responsible for their privacy practices; please review their respective policies before sharing personal data.


12. Children’s Data
Our services are intended for professional and business use only. We do not knowingly collect personal data from children under 18 years of age.


13. Contact — Data Protection Officer
Data Protection Officer (DPO)
nxt4sap Pte. Ltd.
68 Circular Road #02-01, Singapore 049422
Email: dpo@nxt4sap.com


14. Updates to This Policy
We may update this Policy from time to time to reflect changes in our operations or legal requirements. The latest version will always be available at https://www.nxt4sap.com/privacy-policy.
Material changes will be notified via our website or by email where appropriate.


15. Governing Law
This Policy is governed by the laws of the Republic of Singapore.
Where the GDPR applies, your mandatory EU rights remain unaffected.

 

NXT4SAP Privacy policy 1.png
NXT4SAP Privacy policy 2.png
NXT4SAP Privacy policy 3.png
NXT4SAP Privacy policy 4.png
bottom of page