• our clients or our potential clients
• an employee of a client or of a potential client
• a party to a transaction with a client, an employee of a party to a transaction with a client or any other individual whose personal data we collect during the course of a transaction for a client
• our employees, including interns and trainees, and job applicants
• online users of our website
‘client’ means any individual to which we provide our services and ‘potential client’ means any individual with whom we discuss, verbally or in writing, the possibility of providing our services.
‘employee’ means any person employed on any basis by us, by you or by another organisation (as the case requires) and includes an unpaid employment relationship (such as an internship).
‘online user’ means anyone who accesses our website, including to read our blogs or to send us an enquiry.
‘services’ means the legal services in relation to the laws of Singapore and other related services that we provide to our clients, whether in Singapore or elsewhere.
‘our website’ means our website at www.lynboxall.com.
2. Purposes for us collecting, using or disclosing personal data
We collect personal data from clients, potential clients and other individuals involved in any transaction for a client and use and/or disclose that personal data so that we are able to provide our services effectively and efficiently.
If you browse our website, we do not currently capture any data that allows us to identify you, except where you send us an online enquiry or subscribe to our blog. We will not use that personal data for any purpose other than responding to your enquiry or adding you to our mailing list, respectively. We will not disclose that personal data to any third party for any purpose.
We collect personal data from employees. We use and disclose it for the purpose of managing their employment relationship with us. We also disclose it as reasonably necessary for the purpose of proposals we provide to potential clients and during the course of transactions with clients.
We collect personal data from job applicants, whether that personal data is solicited or unsolicited, and use it only for the purpose of deciding whether or not to hire them.
3. Our collection, use and disclosure of personal data
Where possible, we collect personal data directly from you. We do this in various ways, including telephone and in-person meetings and interviews.
If at any time you would prefer not to provide some personal data that we request, please let us know. We will explain our purpose for collecting that personal data. If you still do not wish to provide it we will discuss with you whether or not we can proceed without it. We may not be able to do so.
We collect, use, or disclose personal data about you only if:
• you give, or are deemed to have given, your consent to us collecting, using or disclosing that personal data or
• collection, use or disclosure by us of that personal data without your consent is required or authorised by law
Where we ask you to consent to us collecting, using or disclosing personal data about you we will first inform you of our purposes for doing so. We will not use or disclose personal data about you for any other purposes without first informing you of the additional purposes and getting your consent to us using or disclosing it for the additional purposes.
In some circumstances you are deemed to have consented to us the collecting, using or disclosing personal data about you for a purpose. For example, if you voluntarily provide us with personal data during the course of a transaction or if you send us a job application you are deemed to have consented to us collecting, using or disclosing the personal data that you have provided to us.
We may collect personal data about you from another individual or organisation if you have given that other individual or organisation consent that allows it to disclose personal data to us. In that case, we will use or disclose personal data only for the purposes for which the other individual or organisation disclosed it to us.
We are permitted by law to collect, use or disclose personal data about you without your consent. This includes the following circumstances:
• if collecting, using or disclosing it is necessary for the provision of legal services by us to another person
• when its collection, use or disclosure is necessary for any investigation or proceedings, if it is reasonable to expect that seeking your consent would compromise the availability or the accuracy of the personal data
• if we collect, use or disclose it to recover a debt owed to us by you
If you would like more information about the circumstances under which we may collect, use or disclose personal data without your consent, please let our Data Protection Officer know.
4. Withdrawing your consent to us collecting, using or disclosing personal data about you
On giving us reasonable notice, you may at any time withdraw any consent you have given, or are deemed to have given, to us collecting, using or disclosing personal data about you for any purpose. Any notice of withdrawal of consent should be given in writing (which includes email) sent to our Data Protection Officer.
The consequences of you withdrawing consent may be onerous for you. Therefore, we may require you to provide proof of your identity. In any event, we will inform you in writing (which may be by email) of the likely consequences of withdrawing your consent to us collecting, using or disclosing your personal data for the specific purpose.
If you still wish to withdraw your consent we will act on your request and cease collecting using or disclosing the personal data, unless doing so without your consent is required or authorized by law.
In addition, we will cease to retain our documents containing that personal data, or remove the means by which it can be associated with you, as soon as it is reasonable for us to assume that retention is no longer necessary for our legal or business purposes.
5. Access to and correction of personal data
On request by you, we will as soon as reasonably possible provide you with:
• personal data about you that is in our possession or under our control and
• information about the ways in which we have, or may have, used or disclosed that personal data within a year before the date of your request
You should make your request in writing (which includes email) sent to our Data Protection Officer. We may require you to provide proof of your identity.
There are some circumstances where we are not required to provide you with information, where we are not allowed to provide you with information and where we may be able to provide you with limited information. You may obtain information about all of these circumstances from our Data Protection Officer.
We may charge you a fee for providing you with access to your personal data or information about how we may have used or disclosed it. The fee will reflect only our incremental costs associated with responding to your request. You may obtain information about the fee from our Data Protection Officer.
6. Correction of errors in, or omissions from, personal data about you
You may request us to correct an error or omission in the personal data about you that is in our possession or under our control. Any request by you for us to correct an error or omission in personal data about you should be made in writing (which includes email) sent to our Data Protection Officer.
There are some circumstances where we do not make a correction and other circumstances where we are not required to act on such a request. You may obtain information about these circumstances from our Data Protection Officer.
Unless we are satisfied on reasonable grounds that a correction should not be made, we will correct the personal data as soon as practicable. We will also send the corrected personal data to every other organisation to which we have disclosed the personal data within a year before the date we made the correction (unless that organisation does not need the corrected personal data for any legal or business purpose). Alternatively, with your consent, we will send the corrected personal data only to specific organisations, as agreed with you.
Another organisation that has disclosed your personal data to us might notify us that it has corrected personal data about you. If this happens, unless we are satisfied on reasonable grounds that we should not make the correction, we will correct your personal data that is in our possession or under our control.
7. Accuracy of personal data
We make reasonable efforts to ensure that personal data that we collect about you is accurate and complete if we are likely to use that personal data to make a decision that affects you or we are likely to disclose that personal data to another organisation.
8. Protection of personal data
We take reasonable steps to ensure the security of personal data about you that is in our possession or under our control and to protect it against risks such as loss or unauthorised access, destruction, use, modification or disclosure.
9. Retention of personal data
We cease to retain documents containing personal data about you as soon as it is reasonable to assume that the purpose for which we collected that personal data is no longer being served by retention of the personal data and retention is no longer necessary for legal or business purposes.
10. Complaints procedure
We strive for excellence in providing services to our clients and in all our interactions with the community generally. This includes our compliance with the data protection law.
Please direct any queries or complaints you have about the way in which we collect, use or disclose personal data about you to our Data Protection Officer. Generally, we are unable to deal with anonymous complaints because we are unable to investigate them. If you raise a complaint anonymously we will nevertheless note the matter raised and, if possible, try and investigate and resolve it appropriately.
Immediately upon receiving a complaint our Data Protection Officer must investigate it and within five business days:
• inform you of the outcome of the complaint and the reasons for that outcome or
• write to you (which may be by email) to tell you that the Data Protection Officer needs more time to investigate the complaint and stating when the Data Protection Officer expects to have resolved the complaint for you
The Data Protection Officer must in any event complete the investigation of your complaint within 20 business days.
If a complaint is settled to your complete satisfaction, our Data Protection Officer is not required to advise you in writing of the outcome of the complaint, unless you request a written response (which may be by email). If a complaint is not settled to your complete satisfaction, our Data Protection Officer will advise you of the outcome of the complaint and the reason(s) for that outcome in writing (which may be by email). If you are not satisfied with the outcome, you may take your complaint to the Personal Data Protection Commission.
11. Data Protection Officer
We have appointed a Data Protection Officer, who is contactable as follows:
• send an email to firstname.lastname@example.org
• call +65 6829 7031
• write to us at 50 Raffles Place, #37-00 Singapore Land Tower, Singapore 048623
12. Changes to this data protection policy