Personal Data Protection Policy
1. Tan Rajah & Cheah (“TRC”) recognises the importance of safeguarding your personal data, and therefore undertakes to fully implement and comply with the provisions of the Personal Data Protection Act 2012 (the”Act”). TRC’s Personal Data Protection Policy set out here explains the procedures and systems we have put in place to comply with the Act (the “Policy”). For the purpose of the policy, ‘client’ includes any prospective clients.
2. Your engagement or continued engagement of TRC’s services upon having been notified of this Policy shall be deemed as consent to the provisions of this Policy.
3. The Act imposes restrictions on TRC’s actions in processing personal data “Processing” includes any recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, erasure or destruction of personal data carried out by TRC. Other definitions included in the Act may be found online at http://www.pdpc.gov.sg.
Data Protection Officer
4. TRC has appointed a Data Protection Officer (the “DPO”) to deal with day-to-day data protection matters and complaints, and to encourage good data handling practices within the firm. If you have questions or concerns, please contact the DPO at the following:
DPO: Ms Arti Daryanani
Email address of DPO: email@example.com
Telephone no: +65 6539 1690
What is Personal Data?
5. Personal data is data about an individual which can be used, on its own or with other information to which TRC has or is likely to have access, to identify the individual. Personal data does not include an individual’s business contact information, business title, or information about an individual which is publicly available. For the purposes of the provision of TRC’s services, personal data collected by TRC would generally include without limitation a client’s and/or client representative’s name, address, telephone number, personal email address, identification numbers or details, photographs or video, financial and tax information and bank account numbers.
What kind of personal data will be collected?
6. The personal data that TRC may collect about you includes, but is not limited to:
Personal information, such as your name, data of birth, gender, CPF number, NRIC/passport/identification numbers, marital status;
Personal contact details, phone numbers, addresses, email addresses, and fax numbers;
Billing and banking information; and
An individual’s criminal record history and any proceedings or sentences imposed for any offence committed or alleged to be committed by the individual.
Why does TRC collect personal data?
7. TRC receives or collects your personal data for reasonable purposes in carrying out its role as a legal services provider. These purposes include:
the provision of legal services, advice and representation;
communication with clients and other parties;
compliance with all legal, regulatory, and tax requirements;
disclosure to third parties for the reasons outlined at paragraph 9 below.
8. TRC undertakes not to use your personal data for any purpose other than for which it was collected or in accordance with the Act. Should we require any personal data in our possession to be used for a purpose other than those for which consent was originally given, fresh consent will be sought in order to use the data for that new purpose.
Disclosure of personal data to third parties
9. In the course of processing personal data for the above purposes, TRC may disclose individuals’ personal data to third parties within or outside Singapore. This includes:
Governmental organisations or authorities to whom TRC is required by law to disclose the data, e.g. for tax purposes;
Third parties who provide TRC with data processing, administration, health, insurance or legal services, or other professional or management services; and
Anyone to whom TRC are otherwise required to disclose it to, including but not limited to individuals seeking access to their own personal data.
10. Such disclosure to third parties outside Singapore shall only be to organisations who are required or agree to process the data with a comparable level of data protection as that required under Singapore law.
Access and Correction
11. Subject to statutory exceptions, you may make written requests to the DPO to access or correct some or all of your personal data in TRC’s possession or under its control. You may also make a written request to the DPO for information on the ways in which your personal data has been used or disclosed by TRC within 12 months prior to your request. If you have any questions, comments or concerns, or wish to access or correct your personal data, please contact our DPO as provided at paragraph 4 above.
12. TRC endeavours to take all reasonable steps to ensure that personal data in its possession is accurate, up-to-date, and complete. If any personal data you have provided to TRC becomes inaccurate, please contact our Data Protection Officer as set out at paragraph 4 above to update your data.
13. TRC may charge a reasonable fee in order to process any requests for access to information. Please note that certain types of information are exempt from the general right of access, and may not be disclosed.
14. TRC will retain personal data for as long as it is necessary to serve the purpose for which it has been collected, and/or to comply with legal requirements.
15. TRC endeavours to maintain all personal data in its possession securely. To this effect, TRC has put in place systems to ensure the protection and security of data in its possession.
16. If you feel that your data has been erroneously or improperly handled by TRC , you may lodge a complaint with the Data Protection Officer (“DPO”), whose contact details are provided at paragraph 4 above.
17. The results of the DPO’s investigation will be communicated to you. If the complaint has been upheld, you will be informed of the next steps to be taken to resolve the situation.
Withdrawal of Consent
18. You may withdraw your consent for the processing of your data by TRC. However, in some cases, consent to the processing of data may not be withdrawn, such as where it is necessary for the administration of TRC’s relationship with its clients.
Updating the Policy
19. This Policy may be updated from time to time to take account of changes in technology, TRC practice or policy, and/or to ensure compliance with any legislative changes. This Policy may be viewed at any time on our website (http://www.trc.com.sg)