Privacy
Rajah & Tann (Thailand) Limited Privacy Policies
CLIENT PRIVACY NOTICE
1. Introduction
Rajah & Tann (Thailand) Limited (“we”, “our” or “us”) has prepared this privacy notice (“Privacy Notice”) to describe how we handle personal data of our clients, potential clients and any persons related to our clients in accordance with the Personal Data Protection Act B.E. 2562 (2019), including subordinate laws issued thereunder and any amendment which may be made thereto (“Laws on Personal Data Protection”).
2. Data Subjects From Whom We Collect Personal Data
Under this Privacy Notice, data subjects from whom we collect and process personal data are as follows:
2.1 “Client”, which means any individual or natural person who we provide our services to, including any potential client or any other persons having similar characteristics, such as participants of our business events, visitors, persons who make contact to request for information or services from us, etc.
2.2 “Persons related to the Client”, which means any individual or natural person whose personal data is processed by us in connection with the provision of services to our non-individual or entity Clients, including any other persons having similar characteristics, such as directors, executives, board members, shareholders, employees, representatives, personnel, attorneys-in fact or other authorized persons of such non-individual or entity Clients, as well as persons whose personal data appears in relevant documents and processes, such as witnesses, cheque payers, messengers, consignees, individuals relating to counterparties, target companies or any other similar entities, etc.
In this Privacy Notice, unless the context otherwise requires, any reference to the “Client” shall be construed so as to include the “Persons related to the Client” and the terms “you” “your” or “yours” shall have a corresponding meaning.
3. How We Collect Your Personal Data
3.1 Typically, we collect your personal data in the following ways:
(a) Directly from you
We may directly collect your personal data from you, for instance:
- When you contact us, whether in written or oral communications, and whether by face-to-face interaction or using any other channels such as telephone, fax, e-mail, mail, website, or any other media platforms;
- When you express an intention to use our services, engage or enter into a contract, letter of engagement and/or confidentiality agreement with us;
- When you deliver documents containing personal data to us; or
- When you attend business events, or any other activities organized by us, on our behalf or in which we participated.
(b) From other sources or third parties
We may collect your personal data from other sources or third parties, such as:
- Your contact persons, secretaries, representatives, personnel, attorneys-in-fact and/or other authorized persons;
- Our business partners or service providers, such as mailing services and payment services;
- Our offices and affiliates across the Rajah & Tann Asia network, including Singapore, Cambodia, China, Indonesia, Laos, Malaysia, Myanmar, Philippines and Vietnam; or
- Government agencies, courts.
In some cases, we may collect your personal data from public sources which provide information relating to your business, irrespective of whether you have disclosed the personal data by yourself or have provided consent to those sources to disclose your personal data.
When you are an individual relating to the Client’s counterparties, target companies or any other similar entities, we may collect your personal data from the Client or Persons related to the Client (as the case may be). For example, when the Client or Persons related to the Client provide information and/or documents containing your personal data to us in connection with the provision of our services.
3.2 Where we have previously collected your personal data before the Laws on Personal Data Protection have become effective, we will continue collecting and using your personal data only for the original purposes of such collection. Nevertheless, if you do not intend for us to continue collecting and using your personal data and if we have relied on your consent as a basis for processing your personal data, you may contact us by using the contact details provided in Clause 10 (How to Contact Us) of this Privacy Notice to request for the withdrawal of your consent. We reserve the right to consider your request for the withdrawal of consent and proceed in accordance with the Laws on Personal Data Protection.
4. Personal Data We Collect
We may collect and process the following categories of your personal data:
4.1 Identity Information, such as first name, last name, birthdate, place of birth, age, gender, nationality, identification number, passport number, photograph, and signature, etc.
4.2 Contact information, such as telephone number, fax number, e-mail, home address, work address, delivery address, billing address and user IDs for communication applications (e.g., Line, WhatsApp) or other social media platforms (e.g., LinkedIn), etc.
4.3 Business information, such as name of company you work for, your company’s affiliated agency or organization, your job title, position, division, and department, etc.
4.4 Financial information, such as bank account details, personal data contained in invoices, tax invoices, receipts, and other financial details, etc.
4.5 Information contained in documents, contracts or agreements, such as personal data contained in the original and/or copy of documents you provided to us, including the national identification card, passport, visa document, work permit, house registration book, power of attorney, company’s affidavit, memorandum of association, articles of association, list of shareholders, VAT registration certificate, fee proposals, letters of engagement, or any other documents or agreements having similar characteristics, etc.
4.6 Sensitive Personal Data, such as health data (i.e., results of ATK/PCR tests for COVID-19), etc.
4.7 Technical information, such as log file and IP Address, etc.
4.8 Other information, such as license plate number, type of vehicles, records of mail/courier delivery and receipts, and records of e-meetings and telephone conversations, etc.
5. Purposes and Legal Bases for the Processing of Personal Data
5.1 We process your personal data for the following purposes (collectively, the “Purposes”) and under the following legal bases:
No. | Purposes | Legal Bases |
(a) | For the purposes of identifying and verifying your identity before commencing work on a matter or prior to entering into any agreement with you. | · Legitimate interests basis: the processing of your |
(b) | For the purpose of conducting our internal search to identify any conflicts of interest. | · Legitimate interests basis: the processing of your |
(c) | For the purposes of preparing, proposing and negotiating our fee quotation as well as executing any agreement or letter of engagement. | · Contractual basis: when you are an individual Client, the processing of your personal data is necessary for the preparation, proposal and negotiation of our fee quotation prior to executing any agreement or letter of engagement to which you are a party. · Legitimate interests basis: when you are a Person related to the Client, the processing of your personal data is necessary for our legitimate interest to prepare, propose and negotiate our fee quotations, as well as to execute any agreement or letter of engagement with the company or organization you work for. |
(d) | For the purpose of file opening for any new matter which is for our efficient management and administration. | · Legitimate interests basis: the processing of your |
(e) | For the purpose of providing legal services to the Client. | · Contractual basis: when you are an individual Client, the processing of your personal data is necessary for the provision of our legal services or fulfilment of any obligations set out in any agreement or letter of engagement between us or any instructions from you. · Legitimate interests basis: when you are a Person related to the Client, the processing of your personal data is necessary for our legitimate interest in providing our legal services or fulfilling any obligations set out in any agreement or letter of engagement between the company or organization you work for and us or any instructions from the company or organization you work for. |
(f) | For the purpose of preparing and issuing invoices and receipts. | · Contractual basis: when you are an individual Client, the processing of your personal data is necessary for the preparation and issuing of invoices or receipts to you in accordance with the agreement or letter of engagement between us. · Legitimate interests basis: when you are a Person related to the Client, the processing of your personal data is necessary for our legitimate interest in preparing and issuing invoices or receipts to the company or organization you work for. · Legal Obligation basis: the processing of your personal data is necessary for our compliance with the applicable laws. For instance, we have a duty to issue tax invoices to our clients to comply with the tax law. |
(g) | For the purpose of sending business communications, and building and maintaining business relationships with our Clients. | · Legitimate interests basis: where we have previously provided services to you or where you have contacted us or attended any business events or seminars conducted by us or on our behalf, we may send you business communications, such as newsletters, publications, guidelines or industry updates, on the basis that it is in our legitimate interest to do so, provided that you may ‘opt out’ from receiving those business communications from us. · Consent basis: in all other cases, we may undertake direct marketing activities only when you have provided consent to do so. |
(h) | For the purpose of improving the quality of our services. | · Legitimate interests basis: the processing of your |
No. | Purposes | Legal Bases |
(i) | For the purpose of creating a database, internal audit, and analysis of information that is necessary for our business operations. | · Legitimate interests basis: the processing of your |
(j) | For the purpose of safeguarding the health and safety in the workplace. | · Legal obligation basis to achieve the purposes |
(k) | For the purpose of compliance with the laws relating to our business operations as well as legitimate orders of the courts, government agencies, and relevant officers. | · Legal obligation basis: in certain cases, we are |
(l) | For the purpose of establishment, compliance, exercise or defense of legal claims. | · Legal obligation and/or Legitimate interests |
5.2 We will notify you of any other purposes that cause us to process your personal data other than the Purposes set forth above or when we change the original Purposes.
5.3 The personal data which we process for the purposes of compliance with legal or contractual obligations, or for entering into any contract with you, is necessary to achieve such purposes. If you fail to provide us with certain personal data when requested, we may not be able to perform the contract which we have entered into with you, or we may be prevented from complying with our legal obligations (as the case may be). In such case, we may decline to enter into any contract with you or cancel any services related to you, whether in whole or in part.
6. Disclosure of Personal Data
6.1 We may disclose your personal data to achieve the Purposes or to comply with our legal obligations to the following recipients or categories of recipients:
- Our offices and affiliates across the Rajah & Tann Asia network, including Singapore, Cambodia, China, Indonesia, Laos, Malaysia, Myanmar, Philippines and Vietnam, as well as to their management, partners, associates, legal secretaries, accounting managers, staff members and/or other relevant personnel, on a need-to-know or confidential basis, as the case may be.
- Our business partners, service providers, and data processors, such as cloud services, IT services, website service providers, payment services, mailing services, delivery services, printing services, and document storage services.
- External auditors or any other similar professional advisors.
- Courts or relevant government agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to their lawful powers or which are relevant to the legal process or which were granted permission pursuant to the applicable laws, such as the Revenue Department, the Office of the Personal Data Protection Commission and the Office of the Attorney General.
- Any third parties who you have provided consent to disclose your personal data to (e.g. the disclosure of photos of our business events through our media platforms to the general public).
6.2 Where we disclose your personal data to any third parties, we will put in place appropriate safeguards to protect the personal data that has been disclosed and to comply with the standards and duties relating to the personal data protection prescribed by the Laws on Personal Data Protection. In the event that we send or transfer your personal data outside Thailand, we will ensure that the recipient country, the international organization or such overseas recipient has sufficient standards for the protection of personal data or such transfer of your personal data outside Thailand has been carried out in accordance with the Laws on Personal Data Protection. In certain cases, we may request your consent for the transfer of your personal data outside Thailand, subject to the requirements under the Laws on Personal Data Protection.
7. Retention Period
Any of your personal data provided to us is retained for as long as the Purposes for which the personal data was collected continue. The retention period will vary depending on the Purposes for which such personal data was collected and processed.
In addition, we will retain your personal data for the period prescribed under the applicable laws (if any) by considering the applicable statute of limitations for any legal proceedings that may occur from or in relation to the documents or personal data collected by us, and having regard to our business practices and relevant industry standards in relation to each type of personal data.
8. Your Rights in relation to Personal Data
You have the following rights in relation to your personal data, subject to certain conditions and restrictions under the Laws on Personal Data Protection. If you intend to make a request to exercise your rights, please contact us by using the contact details provided in Clause 10 (How to Contact Us) of this Privacy Notice.
8.1 Right of Access
You have the right to access your personal data and may request us to provide you with a copy of such personal data.
8.2 Right to Data Portability
You have the right to obtain your personal data and may request us to transmit your personal data directly to another data controller or to you, except where it is technically unfeasible.
8.3 Right to Object
You have the right to object to the processing of your personal data in certain circumstances prescribed under the Laws on Personal Data Protection.
8.4 Right to Erasure
You may request us to delete, destroy or anonymize your personal data in certain circumstances prescribed under the Laws on Personal Data Protection.
8.5 Right to Restriction
You have the right to restrict the processing of your personal data in certain circumstances prescribed under the Laws on Personal Data Protection.
8.6 Right to Rectification
You have the right to request us to rectify your personal data if the personal data is inaccurate, not up-to-date or incomplete, or may be misleading.
8.7 Right to Withdraw Consent
If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw such consent which has been provided to us at any time.
8.8 Right to Lodge a Complaint
If you have any concerns or questions about any aspect of our practices in relation to your personal data, please contact us by using the contact details provided in Clause 10 (How to Contact Us) of this Privacy Notice. Where there is a reason to believe that we are in breach of the Laws on Personal Data Protection, you have the right to lodge a complaint to the expert committee appointed by the Personal Data Protection Commission in accordance with the rules and methods prescribed under the Laws on Personal Data Protection.
Please note that we reserve the right to consider your request and proceed in accordance with the conditions and requirements under the Laws on Personal Data Protection.
9. Changes to This Privacy Notice
We may make changes to this Privacy Notice from time to time to reflect any changes to the personal data processing and to comply with any changes to the Laws on Personal Data Protection or any applicable laws. In such case, we will publish our revised Privacy Notice to inform you of the changes.
10. How to Contact Us
If you have any inquiries or concerns or would like to exercise your rights set out in this Privacy Notice, please contact us by using the contact details provided below:
Rajah & Tann (Thailand) Limited
E-mail: Bangkok@rajahtann.com
Address: 973 President Tower 12th Floor Units 12A – 12F Ploenchit Road Lumpini Pathumwan Bangkok 10330 Thailand
Telephone: +66 2656 1991
This Privacy Notice shall be effective from 27 August 2024.
VENDOR PRIVACY NOTICE
1. Introduction
Rajah & Tann (Thailand) Limited (“we”, “our” or “us”) has prepared this privacy notice (“Privacy Notice”) to describe how we handle personal data of our vendors, potential vendors and any persons related to our vendors in accordance with the Personal Data Protection Act B.E. 2562 (2019), including subordinate laws issued thereunder and any amendment which may be made thereto (“Laws on Personal Data Protection”).
2. Data Subjects From Whom We Collect Personal Data
Under this Privacy Notice, data subjects from whom we collect and process personal data are as follows:
2.1 “Vendor”, which means any individual or natural person who is our vendor (or prospective vendor), including where such person provided quotations for offering products and/or services to us, or any other persons having similar characteristics, such as payroll service providers, internet service providers, service providers for office equipment, couriers, auditors, consultants, suppliers and other contractors, etc.
2.2 “Persons related to the Vendor”, which means any individual or natural person who is the contact person, representative or personnel of the corporate vendor or any other persons having similar characteristics, such as directors, executives, employees, attorneys-in fact or other authorized persons of such corporate vendor, as well as persons whose personal data appears in relevant documents and processes, such as witnesses, cheque payers, messengers, consignees, etc.
In this Privacy Notice, unless the context otherwise requires, any reference to the “Vendor” shall be construed so as to include the “Persons related to the Vendor” and the terms “you” “your” or “yours” shall have a corresponding meaning.
3. How We Collect Your Personal Data
3.1 Typically, we collect your personal data in the following ways:
(a) Directly from you
We may directly collect your personal data from you, for instance:
- When you contact us, whether in written or oral communications, and whether by face-to-face interaction or using any other channels such as telephone, fax, e-mail, mail, website, or any other media platforms;
- When you offer to sell products or provide services to us, engage or enter into a contract with us; or
- When you deliver documents containing personal data to us.
(b) From other sources or third parties
We may collect your personal data from other sources or third parties, such as:
- In case of corporate vendors, we may collect your personal data from contact persons, representatives, personnel, attorneys-in fact or other authorized persons of such corporate vendors, who you work for and are affiliated with;
- Our business partners or service providers, such as mailing services, and payment services, etc.;
- Our offices and affiliates across Rajah & Tann Asia network, including Singapore, Cambodia, China, Indonesia, Laos, Malaysia, Myanmar, Philippines and Vietnam; or
- Government agencies and courts.
In some cases, we may collect your personal data from public sources which provide information relating to your business, irrespective of whether you have disclosed the personal data by yourself or have provided consent to those sources to disclose such personal data.
3.2 Where we have previously collected your personal data before the Laws on Personal Data Protection have become effective, we will continue collecting and using your personal data only for the original purposes of such collection. Nevertheless, if you do not intend for us to continue collecting and using your personal data and if we have relied on your consent as a basis for processing your personal data, you may contact us by using the contact details provided in Clause 10 (How to Contact Us) of this Privacy Notice to request for the withdrawal of your consent. We reserve the right to consider your request for the withdrawal of consent and proceed in accordance with the Laws on Personal Data Protection.
4. Personal Data We Collect
We may collect and process the following categories of your personal data:
4.1 Identity Information, such as first name, last name, birthdate, place of birth, age, gender, nationality, identification number, passport number, photograph, and signature, etc.
4.2 Contact information, such as telephone number, fax number, e-mail, home address, work address, delivery address, billing address and user IDs for communication applications (e.g., Line, WhatsApp) or other social media platforms (e.g., LinkedIn), etc.
4.3 Business information, such as name of company you work for, your company’s affiliated agency or organization, your job title, position, division, and department, etc.
4.4 Financial information, such as bank account details, personal data contained in invoices, tax invoices, receipts, and other financial details, etc.
4.5 Information contained in documents, contracts or agreements, such as personal data contained in the original and/or copy of documents provided to us, including the national identification card, passport, visa document, work permit, house registration book, power of attorney, company’s affidavit, memorandum of association, articles of association, list of shareholders, VAT registration certificate, quotations, service agreements or any other documents or agreements having similar characteristics, etc.
4.6 Sensitive Personal Data, such as health data (i.e., results of ATK/PCR tests for COVID-19), etc.
4.7 Technical information, such as log file and IP Address, etc.
4.8 Other information, such as license plate number, type of vehicles, records of mail/courier delivery and receipts, and records of e-meetings and telephone conversations, etc.
5. Purposes and Legal Bases for the Processing of Personal Data
5.1 We process your personal data for the following purposes (collectively, the “Purposes”) and under the following legal bases:
No. | Purposes | Legal Bases |
(a) | For the purpose of identifying and verifying your identity prior to engaging in services or entering into any agreement with you. | · Legitimate interests basis: the processing of your |
(b) | For the purpose of procurement and | · Contractual basis: the processing of your personal data is necessary for the procurement and selection processes prior to entering into a service agreement, to which you are a party. · Legitimate interests basis: in case of corporate vendors, the processing of personal data of Persons related to the Vendors is necessary for our legitimate interest in conducting our procurement and selection processes. |
(c) | For the purpose of reviewing, negotiating and executing the service agreement or other agreements. | · Contractual basis: when you are an individual Vendor, the processing of your personal data is necessary for reviewing, negotiating and executing the service agreement or other similar agreements to which you are a party. · Legitimate interests basis: when you are a Person related to the Vendor, the processing of your personal data is necessary for our legitimate interest in reviewing, negotiating and executing the service agreement or other agreements with the company or organization you work for. |
(d) | For the purpose of managing and/or receiving the services specified under the service agreement or other agreements, including contacting and | · Contractual basis: when you are an individual Vendor, the processing of your personal data is necessary for managing and/or receiving the services specified under the service agreement or other agreements entered into between you and us, including contacting and coordinating with you with respect to the products and/or services provided. · Legitimate interests basis: when you are a Person related to the Vendor, the processing of your personal data is necessary for our legitimate interest in managing and/or receiving the services specified under the service agreement or other agreements entered into between the company or organization you work for and us. |
(e) | For the purpose of administering and making payments pursuant to the service agreement or other agreements. | · Contractual basis: when you are an individual Vendor, the processing of your personal data is necessary for administering and making payments pursuant to the service agreement or other agreements entered into between you and us, including performing other accounting procedures. · Legitimate interests basis: when you are a Person related to the Vendor, the processing of your personal data is necessary for our legitimate interest in administering and making payments pursuant to the service agreement or other agreements between the company or organization you work for and us, including performing other accounting procedures. |
(f) | For the purpose of creating a database, internal audit, and analysis of information that is necessary for our business operations. | · Legitimate interests basis: the processing of your |
(g) | For the purpose of safeguarding the health and safety in the workplace. | · Legal obligation basis to achieve the purposes |
(h) | For the purpose of compliance with the laws relating to our business operations as well as legitimate orders of the courts, government | · Legal obligation basis: in certain cases, we are |
(i) | For the purpose of establishment, compliance, exercise or defense of legal claims. | · Legal obligation and/or Legitimate interests |
5.2 We will notify you of any other purposes that cause us to process your personal data other than the Purposes set forth above or when we change the original Purposes.
5.3 The personal data which we process for the purposes of compliance with legal or contractual obligations, or for entering into any contract with you, is necessary to achieve such purposes. If you fail to provide us with certain personal data when requested, we may not be able to perform the contract which we have entered into with you, or we may be prevented from complying with our legal obligations (as the case may be). In such case, we may decline to enter into any contract with you or cancel any services related to you, whether in whole or in part.
6. Disclosure of Personal Data
6.1 We may disclose your personal data to achieve the Purposes or to comply with our legal obligations to the following recipients or categories of recipients:
- Our offices and affiliates across the Rajah & Tann Asia network, including Singapore, Cambodia, China, Indonesia, Laos, Malaysia, Myanmar, Philippines and Vietnam, as well as to their management, partners, associates, legal secretaries, accounting managers, staff members and/or other relevant personnel, on a need-to-know or confidential basis, as the case may be.
- Our business partners, service providers, and data processors, such as cloud services, IT services, website service providers, payment services, mailing services, delivery services, printing services, and document storage services.
- External auditors or any other similar professional advisors.
- Courts or relevant government agencies which have supervisory duties under the law or which have requested the disclosure pursuant to their lawful powers or which are relevant to the legal process or which were granted permission pursuant to the applicable laws, such as the Revenue Department, the Office of the Personal Data Protection Commission and the Office of the Attorney General.
- Any third parties who you have provided consent to disclose your personal data to.
6.2 Where we disclose your personal data to any third parties, we will put in place appropriate safeguards to protect the personal data that has been disclosed and to comply with the standards and duties relating to the personal data protection prescribed by the Laws on Personal Data Protection. In the event that we send or transfer your personal data outside Thailand, we will ensure that the recipient country, the international organization or such overseas recipient has sufficient standards for the protection of personal data or such transfer of your personal data outside Thailand has been carried out in accordance with the Laws on Personal Data Protection. In certain cases, we may request your consent for the transfer of your personal data outside Thailand, subject to the requirements under the Laws on Personal Data Protection.
7. Retention Period
Any of your personal data provided to us is retained for as long as the Purposes for which the personal data was collected continue. The retention period will vary depending on the Purposes for which such personal data was collected and processed.
In addition, we will retain your personal data for the period prescribed under the applicable laws (if any) by considering the applicable statute of limitations for any legal proceedings that may occur from or in relation to the documents or personal data collected by us, and having regard to our business practices and relevant industry standards in relation to each type of personal data.
8. Your Rights in relation to Personal Data
You have the following rights in relation to your personal data, subject to certain conditions and restrictions under the Laws on Personal Data Protection. If you intend to make a request to exercise your rights, please contact us by using the contact details provided in Clause 10 (How to Contact Us) of this Privacy Notice.
8.1 Right of Access
You have the right to access your personal data and may request us to provide you with a copy of such personal data.
8.2 Right to Data Portability
You have the right to obtain your personal data and may request us to transmit your personal data directly to another data controller or to you, except where it is technically unfeasible.
8.3 Right to Object
You have the right to object to the processing of your personal data in certain circumstances prescribed under the Laws on Personal Data Protection.
8.4 Right to Erasure
You may request us to delete, destroy or anonymize your personal data in certain circumstances prescribed under the Laws on Personal Data Protection.
8.5 Right to Restriction
You have the right to restrict the processing of your personal data in certain circumstances prescribed under the Laws on Personal Data Protection.
8.6 Right to Rectification
You have the right to request us to rectify your personal data if the personal data is inaccurate, not up-to-date or incomplete, or may be misleading.
8.7 Right to Withdraw Consent
If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw such consent which has been provided to us at any time.
8.8 Right to Lodge a Complaint
If you have any concerns or questions about any aspect of our practices in relation to your personal data, please contact us by using the contact details provided in Clause 10 (How to Contact Us) of this Privacy Notice. Where there is a reason to believe that we are in breach of the Laws on Personal Data Protection, you have the right to lodge a complaint to the expert committee appointed by the Personal Data Protection Commission in accordance with the rules and methods prescribed under the Laws on Personal Data Protection.
Please note that we reserve the right to consider your request and proceed in accordance with the conditions and requirements under the Laws on Personal Data Protection.
9. Changes to This Privacy Notice
We may make changes to this Privacy Notice from time to time to reflect any changes to the personal data processing and to comply with any changes to the Laws on Personal Data Protection or any applicable laws. In such case, we will publish our revised Privacy Notice to inform you of the changes.
10. How to Contact Us
If you have any inquiries or concerns or would like to exercise your rights set out in this Privacy Notice, please contact us by using the contact details provided below:
Rajah & Tann (Thailand) Limited
E-mail: Bangkok@rajahtann.com
Address: 973 President Tower 12th Floor Units 12A – 12F Ploenchit Road Lumpini Pathumwan Bangkok 10330 Thailand
Telephone: +66 2656 1991
This Privacy Notice shall be effective from 27 August 2024.
1. ABOUT RAJAH & TANN’S DATA PROTECTION POLICY
1.1. We at Rajah & Tann Singapore LLP take our responsibilities under Singapore’s Personal Data Protection Act 2012, any regulations enacted thereunder, and any guidelines that may be issued from time to time by the Personal Data Protection Commission (collectively, the “PDPA”) seriously. We also recognise the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
1.2. This Data Protection Policy is designed to assist you in understanding how we collect, use, disclose and/or process the personal data you have provided to us, as well as to assist you in making an informed decision before providing us with any of your personal data.
1.3. If you, at any time, wish to:
- send us any queries on this policy or on how we may manage, protect and/or process your personal data;
- withdraw your consent for us to collect, use and/or disclose your personal data; or
- exercise your statutory rights under the PDPA in relation to access or correction of your personal data in our control or possession,
Please do not hesitate to contact our Data Protection Officer (the “DPO”) at:
(a) E-mail: dpo@rajahtann.com
Attention it to the ‘Data Protection Officer’.
(b) Office address: 9 Straits View, #06-07, Marina One West Tower Singapore 018937
Attention it to the ‘Data Protection Officer’.
Please indicate in the subject header what is the nature of your query (e.g. If it is relating to an access request, you may insert the words “PDPA Access Request” in the subject header).
2. INTRODUCTION TO THE PDPA
2.1. “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, medical records, photographs and video images.
2.2. We will collect your personal data in accordance with the PDPA. We will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.
3. PURPOSES FOR COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
3.1. The personal data which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances for which we may/will need to process your personal data, including:
(a) the provision of legal services to you;
(b) complying with or as required by any request or direction of any governmental authority; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to the Ministry of Defence, Ministry of Education, Immigration and Checkpoints Authority and Ministry of Health). For the avoidance of doubt, this means that we may/will disclosure your personal data to the aforementioned parties upon their request or direction;
(c) conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities in order to enhance your relationship with us or for your benefit, or to improve any of our services for your benefit;
(d) storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
(e) responding to complaints, queries and/or requests;
(f) sending you information about any administrative changes, updates and/or amendments to our policies, terms and conditions;
(g) organising seminars, events or other marketing / promotional activities; and/or
(h) any other purposes which we notify you of at the time of obtaining your consent. (collectively, the “Purposes”)
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
3.2. In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes.
4. SPECIFC ISSUES FOR THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
4.1. We respect the confidentiality of the personal data you have provided to us.
4.2. In that regard, we will not disclose your personal data to third parties without first obtaining your consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations. For more information on the exceptions, you are encouraged to peruse the First and Second Schedules of the PDPA which are publicly available at https://sso.agc.gov.sg/Act/PDPA2012.
4.3. Where we disclose your personal data to third parties with your consent, we will employ our best efforts to require such third parties to protect your personal data.
5. REQUEST TO WITHDRAW CONSENT
5.1. You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control at any time by submitting your request to the contact details listed above at Paragraph 1.3.
5.2. We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your personal data in the manner stated in your request.
6. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
6.1. We will take reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation.
However, this means that you must also update us of any changes in your personal data that you had initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating us of any changes in your personal data that you had initially provided us with.
6.2. We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorised use of your personal data by third parties which are wholly attributable to factors beyond our control.
6.3. We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
6.4. Where your personal data is to be transferred out of Singapore, we will comply with the PDPA in doing so. In this regard, this includes us obtaining your consent unless an exception under the PDPA or law applies, and taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the Act. This may include us entering into an appropriate contract with the foreign recipient organisation dealing with the personal data transfer or permitting the personal data transfer without such a contract if the PDPA or law permits us to.
7. COMPLAINT PROCESS
7.1. If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.
7.2. Please contact us through one of the methods as outlined above in paragraph 1.3 with your complaint or grievance. For your ease of reference, we set out the same information here:
(a) E-mail: dpo@rajahtann.com
Attention it to the ‘Data Protection Officer’.
(b) Office address: 9 Straits View, #06-07, Marina One West Tower Singapore 018937
Attention it to the ‘Data Protection Officer’.
7.3. Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.
7.4. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
8. UPDATES ON DATA PROTECTION POLICY
8.1. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
8.2. We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. Any amended Data Protection Policy will be posted on our website and can be viewed at www.rajahtannasia.com.
8.3. You are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
[Last Updated on: 23 Nov 2022]
