2.
|
|
Why we collect, use and disclose your personal data
|
| 2.1 |
|
Bases for Collecting, Using and Disclosing Personal Data |
| 2.1.1. |
|
We may collect, use and disclose personal data about you where permitted or required by written law or an order of court including (but not limited to) the following situations as further described in the PDPA:
| (a) |
|
with your consent or deemed consent; |
| (b) |
|
in the vital interests of an individual; |
| (c) |
|
in the public interest or in relation to certain matters affecting the public; |
| (d) |
|
in the legitimate interests of an organisation (including but not limited to any affiliated entity); |
| (e) |
|
in relation to certain business asset transactions; and |
| (f) |
|
for research or business improvement purposes. |
|
| 2.2. |
|
Purposes for Collecting, Using and Disclosing Personal Data |
| 2.2.1. |
|
We may collect and use your personal data for the following purposes (as may be applicable):
| (a) |
|
to provide legal, corporate secretarial or other services to you, your organisation or another person or organisation; |
| (b) |
|
to manage and administer our relationship with you and/or your company (which includes, without limitation, mandatory client due diligence checks and the processing of payments); |
| (c) |
|
to organise seminars, webinars or other events; |
| (d) |
|
to send you legal updates, newsletters, announcements, and any similar messages to keep you informed of legal developments; |
| (e) |
|
to respond to your queries, requests and complaints; |
| (f) |
|
to ensure the smooth functioning of our website; |
| (g) |
|
to process your application for employment, a training contract or an internship; |
| (h) |
|
to conduct research and analysis to improve the services we provide; |
| (i) |
|
any other purpose which we notify you and obtain your consent or deemed consent for prior to processing your personal data for that purpose; |
| (j) |
|
any other purpose as required or permitted by law; and |
| (k) |
|
any other purpose which is ancillary or reasonably related to and/or required for any of the above purposes. |
|
| 2.2.2. |
|
Subject to paragraph 2.3.1, we may disclose your personal data where reasonably required for any of the purposes specified in paragraph 2.2.1 (as may be applicable) to:
| (a) |
|
our directors and employees; |
| (b) |
|
our respective affiliated entities; |
| (c) |
|
our business partners, third-party service providers, data intermediaries and agents; |
| (d) |
|
professional advisors, consultants and auditors engaged by you or by us on your behalf, with whom we are dealing on your behalf; |
| (e) |
|
governmental authorities; |
| (f) |
|
the counsel for an opposing party; and |
| (g) |
|
any other third parties we may notify you from time to time. |
|
| 2.3. |
|
Legal Privilege, Aggregated Data and Unsolicited Data |
| 2.3.1. |
|
Nothing in this Privacy Policy affects any information or document that is subject to legal privilege. We shall not disclose any information or document that is subject to legal privilege except in accordance with the law or an order of court. |
| 2.3.2. |
|
We may produce data in aggregated and/or de-identified form from the personal data we hold. Where such data has been sufficiently anonymised and no longer constitutes personal data, we may use such data for statistical, analytical or other purposes or disclose such data to other parties at our discretion. |
| 2.3.3. |
|
Where personal data is sent to us in circumstances where we did not request for or expect the submission of the data (including situations where personal data sent to us includes specific items of data which we did not request for), we reserve the right to process the data in such manner and for such purposes as we reasonably consider appropriate in the circumstances, taking into account the purpose for which they were sent to us (if apparent to us). |
3.
|
|
Consent and Withdrawal of Consent
|
| 3.1. |
|
Subject to any specific data protection notice we may give to you and the terms and conditions of any contract which may be agreed between us, if you provide any personal data to us, whether directly or indirectly through another party, you agree and consent to our collection, use and disclosure of such data in accordance with this Privacy Policy. |
| 3.2. |
|
You may withdraw any consent given or deemed to have been given in relation to the collection, use and disclosure of your personal data by giving us not less than fifteen (15) days prior written notice by post or via email to our address or email address as stated in this Privacy Policy. Your notice withdrawing consent must clearly state the following:
| (a) |
|
your full name; |
| (b) |
|
your address, telephone number or email address (so that we may contact you concerning your notice or if we require additional information to process your notice); |
| (c) |
|
the personal data affected by your notice; and |
| (d) |
|
the purposes or activities you are withdrawing consent for. |
|
| 3.3 |
|
In the event you withdraw consent or deemed consent for the collection, use or disclosure of your personal data, we shall (subject to paragraph 3.4) cease to collect, use and/or disclose your personal data (within the scope of your withdrawal of consent), in which case we may be unable to provide any services which you had engaged us to provide. |
| 3.4 |
|
Withdrawal of consent or deemed consent does not affect:
| (a) |
|
our collection, use and disclosure of your personal data without your consent as permitted or required by law; |
| (b) |
|
any liability, debt or obligation accrued by you prior to the date of such withdrawal; or |
| (c) |
|
the terms and conditions of any contract agreed between us (save as it may relate to our collection, use or disclosure of your personal data with your consent). |
|
4.
|
|
Access to and Correction of Personal Data
|
| 4.1 |
|
You may make a request for access to, or correction of, your personal data which is in our possession or under our control in accordance with (and subject to) the PDPA and the relevant regulations made thereunder. |
| 4.2 |
|
A request under paragraph 4.1 shall be made in writing and sent via post or email to our address as stated in this Privacy Policy (above). Your request must state the following:
| (a) |
|
your full name; |
| (b) |
|
your address, telephone number or email address (so that we may contact you concerning your request or if we require additional information to process your notice); |
| (c) |
|
that you are making the request under the PDPA; |
| (d) |
|
whether you are requesting for access to your personal data or for a correction to be made to an error or omission in your personal data; and |
| (e) |
|
the specific personal data or correction you are requesting. |
|
| 4.3 |
|
Depending on the nature of your request and subject to any contract or other terms and conditions agreed between us, we may impose a reasonable fee to provide access to the personal data you requested. In such an event, we shall inform you of the fee payable for your confirmation and acceptance prior to further processing your request. |
5.
|
|
Processing and Care of Personal Data
|
| 5.1 |
|
Accuracy of Personal Data |
| 5.1.1 |
|
We shall take reasonable steps to ensure personal data collected by us or on our behalf is accurate and complete if:
| (a) |
|
it is likely to be used to make a decision that affects you; or |
| (b) |
|
it is likely to be disclosed to another organisation. |
|
| 5.1.2 |
|
Where you provide your personal data directly to us, we shall be entitled to assume that it is accurate and complete. |
| 5.2 |
|
Protection of Personal Data and Data Breach Notification |
| 5.2.1 |
|
We shall protect personal data in our possession or under our control by making reasonable security arrangements to prevent loss, unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. |
| 5.2.2 |
|
We shall notify you (in accordance with and subject to the PDPA) in the event of a data breach affecting your personal data which may cause significant harm. |
| 5.3 |
|
Retention of Personal Data |
| 5.3.1 |
|
We may retain your personal data as long as reasonably required for any of the purposes specified in this Privacy Policy and for any other legal or business purpose permitted by law. |
| 5.3.2 |
|
We shall cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, when it is reasonable to assume that retention is no longer necessary for the purpose for which the data was collected or used or for any other legal or business purpose. |
| 5.4 |
|
Transfer of Personal Data Outside Singapore |
| 5.4.1 |
|
If we transfer personal data to a country or territory outside Singapore, we shall ensure that it is protected to a standard of protection that is comparable to the protection under the PDPA in the manner prescribed in the relevant regulations under the PDPA. |
6.
|
|
Our website
|
| 6.1 |
|
Cookies |
| 6.1.1 |
|
Cookies are pieces of information that a website transfers to the memory or hard drive of a visitor’s computer or other electronic device which is used to visit the website. A cookie may be temporary or it may persist for some time. Our website (at www.drewnapier.com) uses cookies to facilitate the technical operation of our website and to provide visitors with a personalised experience when they visit our website. |
| 6.1.2 |
|
We do not collect personal data using cookies. |
| 6.1.3 |
|
Most web browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. In addition, you can delete our cookies from your browser program at any time. However, if you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. |
| 6.2 |
|
Links to other websites |
| 6.2.1 |
|
Our website may contain links to third-party websites operated by other organisations which may or may not be based in Singapore. This Privacy Policy does not apply to such third-party websites and any personal data processed through those websites. |
| 6.3 |
|
IP addresses and information recorded by our web server |
| 6.3.1 |
|
An IP address is an assigned number, similar to a telephone number, which allows your computer (or other electronic device) to connect to and communicate with websites over the Internet. It enables us to identify which organisations have visited this website. When you visit our website, our server may record your IP address together with the date, time and duration of your visit. This information does not enable us to identify you individually. We use this information to compile statistical data on the use of our website to track how users navigate through our site. We do this so we can evaluate and improve our site. |
7.
|
|
Enforceability
|
| 7.1 |
|
Without prejudice to an individual’s rights under the PDPA, nothing in this Privacy Policy shall create or confer any legally enforceable right whether by way of contract, tort, equity or otherwise under the law. |