1.1 The purpose of this document (“Policy”) is to inform you as to how Bayfront Law LLC (“BFL” and references herein to “we”, “us” and “our” are to BFL unless the context requires otherwise) manages, collects, uses and discloses Personal Data (as defined below).
1.2 By using our website, engaging us to provide services to you or otherwise interact or deal with us, you expressly agree and consent that your Personal Data may be collected, used and/or disclosed by BFL, our service providers and agents in the manner set out in this Policy.
2. Personal Data
In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
3. Collection of Personal Data
3.1 The Personal Data that we may collect include your name, email address, phone number, date of birth, shipping address, and any other Personal Data necessary for us to provide you with our services.
3.2 We may collect your Personal Data when:
(a) you provide documents or information to us;
(b) you engage us to provide our services;
(d) you visit our office;
(e) you attend seminars or events organised by us; and
(f) you submit employment applications including your resume, certificates and transcripts.
Apart from collecting such Personal Data directly from you, we may also collect Personal Data in other ways (e.g using cookies in our website), from third parties (e.g. recruitment agencies or referrals) or from publicly available sources.
3.3 For the avoidance of doubt, in the event that any applicable law permits the collection of your Personal Data without your consent, such permission granted by the laws shall continue to apply.
3.4 Where you submit or provide any Personal Data relating to a third party, you represent and warrant that such third party have been notified of your disclosure of his/her Personal Data to us and the terms of this Policy and such third party has consented to our collection, use and disclosure of his/her Personal Data.
4. Use of Personal Data
4.1 We may collect, use, disclose, and/or process your Personal Data for one (1) or more of the following purposes:
(a) providing our services;
(b) managing our administrative and business requirements, including conducting our anti-money laundering/Know-Your-Customer procedures, file opening and processing payments;
(c) security and risk management, including ensuring a secure IT infrastructure;
(d) legal, regulatory and other compliance requirements (including providing assistance to law enforcement, judicial, regulatory or other government agencies and statutory bodies);
(e) for marketing and advertising, and in this regard, to send you by various modes of communication marketing and promotional information and materials relating to our services;
(f) making or defending any claim;
(g) processing any employment application, including performing background checks, verifying your qualifications, obtaining employment references, and other administrative and human resources related matters at BFL;
(h) other work and business related requirements; and
(i) any other purposes which we notify you of at the time of obtaining your consent.
(collectively, the “Purposes” and each, a “Purpose”)
4.2 We will not use Personal Data for Purposes which we are not permitted to or required under local law and regulations.
4.3 Notwithstanding the above, we may collect any Personal Data without your consent provided that it is in accordance with any applicable laws, including but not limited to the PDPA.
5. Disclosure of Personal Data
5.1 We may share and disclose Personal Data with:
(a) our partners, vendors, agents, contractors or third party service providers who provide services to us including but not limited to the processing of payments, and/or any merchants of goods;
(b) our agents, contractors or third party service providers who provide operational services to us such as courier services, telecommunications, IT, payment, printing, billing, payroll processing, technical services, training, market research, call centre, security or other such services;
(c) our insurers in connection with our professional indemnity insurance and other insurance policies; and
(d) any relevant government regulators, statutory boards or authorities or law enforcement agencies as required by any laws, rules, guidelines and regulations or schemes imposed by any government to bodies and authorities.
5.2 Personal Data is disclosed to the above persons only for the Purposes or to protect the individual’s interests.
5.3 In exceptional circumstances, we may also be required to disclose Personal Data, where there are grounds to believe that disclosure is necessary to prevent a threat to life or health, or for law enforcement purposes.
5.4 In some cases, we shall encrypt, anonymize, and aggregate the information before sharing it. Anonymizing means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments e.g. age groups.
5.5 We will also ensure that overseas organisations we work with observe strict confidentiality and data protection obligations.
6. Accuracy and Updating of Personal Data; Access to Personal Data and Respecting Individual’s Consent
If you wish to access the Personal Data that we have relating to you, inquire about the way in which Personal Data relating to you has been used or disclosed by us in the past year, update your Personal Data, or wish to withdraw your consent to our collection, use and/or disclosure of such Personal Data, you may contact our Data Protection Officer (whose contact is set out below) and we will seek to attend to your request as best as we reasonably can. Please note that:
(a) in order for us to provide any Personal Data we will need to verify your identity and may request further information about your request;
(b) we may refuse access to your Personal Data if it would affect the privacy rights of other persons or if it breaches any confidentiality that attaches to that information;
(c) we may also refuse your request where we are legally permitted to do so and give you such reasons;
(d) you should be aware that we may take a reasonable time to process your application for access as we may need to retrieve information from storage and review the information in order to determine what information may be provided; and
(e) we may have to charge you a reasonable administrative fee for retrieving Personal Data relating to you.
For the avoidance of doubt, if we refuse to grant you access to your Personal Data, we shall preserve a complete and accurate copy of the Personal Data for a period of 30 days after the date which we notify you of our refusal to do so.
7. Security of Personal Data
7.1 Safeguarding and respecting the confidentiality of Personal Data collected by BFL is important to us. We will use our best efforts to protect Personal Data.
8. Retention of personal information
8.1 We will only retain Personal Data for only as long as:
(a) the retention of the Personal Data continues to serve any Purpose; and
(b) there is a business or legal need.
8.2 In the event that retention of Personal Data is no longer necessary for any business or legal purposes or when the purpose for which the Personal Data was collected is no longer being served by the retention of the Personal Data, we will remove, destroy or anonymise the Personal Data.
9. Transfer of Personal Data Outside Singapore
9.1 In the event that your Personal Data may be transferred to, stored or processed outside of Singapore, we will only transfer your Personal Data overseas in accordance with the applicable personal data protection laws and will use reasonable efforts to ensure that overseas organisations we work with observe confidentiality and data protection obligations.
10. Breach of Personal Data
In the event of a data breach of your Personal Data (“Breach”), we will promptly conduct an assessment of whether the Breach is notifiable to the Personal Data Protection Commission (“PDPC”) in accordance with the Personal Data Protection Act (Act 26 of 2012) (“PDPA”). If the Breach is notifiable to the PDPC, we will also notify you of the occurrence of the Breach in accordance with the PDPA.
11. Disclosure of personal information policy and procedure of making a complaint
11.1 If you believe that we have breached this Policy, or any other applicable privacy or data protection laws or regulations which may apply to us, you should make a complaint to us in the first instance. You should address your complaint in writing to our Data Protection Officer (whose contact is set out below), and you should include as much detail as you can about the Personal Data affected, and the circumstances that you believe amount to a breach of this Policy or the applicable privacy or data protection law or regulation.
11.2 If you have any questions about our Policy or concerns about our commitment to your privacy, please feel free to email or write to the Data Protection Officer (whose contact is set out below).
12. How to contact us
Please feel free to contact our Data Protection Officer at firstname.lastname@example.org.
13. Changes to the Policy
We reserve the right to modify and update this Policy at any time to ensure it is consistent with industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our website.
14. Governing Law
This Policy shall be governed in all respects by the laws of Singapore.