RPCPL (Singapore) Client Privacy Notice

RPC Premier Law Pte Ltd (Singapore UEN No 201605186H) herein referred to as “RPCPL”/“we”/“us”/ “our” is an organisation which is, or which may engage a data intermediary to be, responsible for processing the personal data you provide to us.

RPCPL is committed to managing personal data securely and effectively.  We will only keep the personal data required to undertake our business processes and will only share or transfer the data you provide to us for the purposes outlined below.  We will always provide you with the ability to opt-out of electronic direct marketing and provide options to select which news and information your receive.

Our Data Protection policy and procedures have been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation, the Personal Data Protection Act 2012 and other applicable national law.

What information do we collect and from whom?

We collect and process personal data about you when you interact with us, including when you seek legal advice from us, use our website, sign up to our newsletters or attend seminars and events, and when you purchase services from us or agree to provide services to us.  We may also collect personal data about you in the course of advising and representing our clients. The personal data we process may include:

• your name;
• your home or work address, email address and/or phone number;
• your job title;
• your payment details, including billing addresses;
• information about you that is relevant to our instructions and/or matters, which could include information about your conduct, your beliefs, your medical information etc;
• your IP address and information related to the browser or device you use to access our website and other analytics data;
• your username and password when accessing restricted website content;
• any other information you may provide, whether directly or via your legal representatives, about an individual who can be identified from that data.

We will store data we receive from you, your legal counsel or other advisors, data that is publicly available and data from third parties such as CDD agencies. 

How do we use this information and what is the legal basis for this use?

We process the personal data listed in the above section for the following purposes:

• as required to establish and fulfil a contract with you, for example, if you enter into an agreement to provide or receive services, or if you seek to be employed or engaged by us.This may include verifying your identity, undertaking conflict or due diligence checks, billing and payments, communicating with you and arranging the delivery or other provision of products or services.We require this information in order to enter into a contract with you and are unable to do so without it;
• to comply with applicable law and regulation;
• in accordance with our legitimate interests in managing and protecting RPCPL’s business interests and legal rights including but not limited to use in connection with legal claims, compliance, regulatory, conflict and due diligence checks and investigative purposes (including disclosure of such information in connection with legal process or litigation);
• for the provision of legal advice to our clients and for the establishment, exercise or defence of legal rights or claims, which may include alternative dispute resolution processes on behalf of our clients in accordance with the legitimate interests of our clients and RPCPL;
• to manage our relationship with you, in accordance with our legitimate interests;
• to manage risk for RPCPL;
• to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our services;
• we may use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
• to monitor use of our websites and online services and to use your information to help us check, improve, promote and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests;
• we may also use third parties to assist us in carrying out customer due diligence checks in accordance with our requirements under the Money Laundering Regulations.These third party companies provide us with online due diligence tools to assist us in completing the appropriate checks required, with the purpose of establishing who our client is;
• in circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests;
• we may use your information to invite you to take part in market research or surveys, where you have consented to us doing so;
• transmission to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
• any other incidental business purposes related to or in connection with the above.

We may also send you direct marketing in relation to our relevant products and services or other products and services provided by us.  We will always provide the ability to opt-out of electronic direct marketing and to select your preferences for receiving news and information.  You will be able to continue to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.

With whom and where will we share your personal data?

RPCPL may share your personal data with other RPC Businesses^[1] for the purposes of proper and effective management of their businesses.  Such purposes include conflict checking and compliance with applicable legal and regulatory requirements.  Further information about the RPC Businesses may be found on our website (www.rpc.co.uk)in the section headed “Legal and regulatory notices”.

We may also share the personal data you provide with the below third parties where this is necessary for legal or regulatory reasons, or in order to facilitate us to provide our services to you or our clients and undertake our business processes. These third parties may include:

• our auditors and external legal and financial advisors;
• barristers, solicitors, other legal representatives and experts engaged in a matter in which we are acting, which may include foreign law firms;
• our suppliers, business partners and sub-contractors (including IT service suppliers and cloud platform service providers);
• government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws;
• entities providing feedback and legal ranking services.

Personal data may also be shared with third party service providers who will process it on behalf of the RPC Businesses for the purposes above. These may include cloud platform service providers.

We may share your personal data in accordance with this privacy notice with third parties located in a place other than the RPC Business you customarily deal with.

In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.

How long will you keep my personal data?

We may retain your personal data for as long as it is necessary to fulfill the purpose for which it was collected, or as required or permitted by applicable laws.  We will cease to retain your personal data as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected and is no longer necessary for legal or business purposes.  We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.  We will retain client files for the period defined in the table below, unless we agree with you to retain these for a longer period.

We may retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any disposal to take place.

Where is my data stored?

We will protect personal data in our possession or under our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

The personal data that we collect from you may be stored on a mix of RPCPL and various cloud provider platforms and may be transferred to, and stored outside the European Economic Area (EEA).  It may also be processed by staff operating outside of the EEA, who work for us, one of the RPC Businesses or for one of our suppliers.  Where we do so, the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards will be in place.  

Where such transfers occur, we ensure the confidentiality and protection of all data is preserved through compliance with legal requirements and the current Data Protection legislation.  This is managed by all RPC Businesses, including those outside of the EEA by entering into Data Transfer Agreements with each other, which all contain the model clause agreements approved by the relevant regulatory authority.  Data encryption, integrity and confidentiality are enforced by following best practice.  RPC also ensures that cryptographic controls are implemented following industry best practice, through the use of VPN tunnels, TLS and by conducting regular testing.

You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure.  While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

What are my rights in relation to my personal data?

You have the right to ask us not to process the personal data you provide for direct marketing purposes.  You can exercise your right to prevent such processing by ticking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you or by contacting us.

Where you have consented to us using your personal data, you can withdraw that consent at any time in writing.  Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our products or services to you.  Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.

You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you.  Please note that a reasonable fee may be charged for an access request.

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved.  In some circumstances you can ask us to erase your personal data if you withdraw your consent, it is no longer necessary for us to use your personal data, you object to the use of your personal data and we don’t have a good reason to continue to use it, or we haven’t handled your personal data in accordance with our obligations.

You may contact our Data Protection Point of Contact at RPCPL if you have any enquiries or feedback on our personal data protection policies and procedures.

Where can I find more information about how RPC businesses handle my data?

If you have any queries please contact us on data-enquiries@rpc.co.uk or by writing to RPC Premier Law, 12 Marina Boulevard, #38-04 Marina Bay Financial Centre Tower 3, Singapore 018982

If you are not happy with our response, you can contact the Information Commissioner’s Office (https://ico.org.uk/) or the Personal Data Protection Commission (https://www.pdpc.gov.sg/).

This privacy notice may be amended from time to time.  You may access and obtain a copy of this privacy notice at any time from here so that you are always informed of the way we collect, use, store and handle personal data.