Privacy Policy

1. Introduction

Tembusu Law ("we", "us", "our") is committed to protecting the personal data of all individuals who interact with our practice. This Privacy Policy describes how we collect, use, disclose, and protect personal information in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore. This policy applies to personal data collected through our website, contact forms, email communications, and in the course of providing legal services.

If you have questions about this policy, please contact us at [email protected].

2. Data We Collect

We may collect the following categories of personal data:

• Identity data: name, job title, company name
• Contact data: email address, telephone number, postal address
• Enquiry data: details of the legal matter you describe in contact forms or correspondence
• Technical data: IP address, browser type, pages visited (collected via analytics cookies, with consent)
• Communication records: records of correspondence between you and Tembusu Law

We do not collect special categories of sensitive personal data (such as health data or financial data) through our website. Data shared during the course of a legal engagement is handled under solicitor-client privilege and our professional confidentiality obligations.

3. Legal Basis for Processing

We process personal data on the following bases:

• Consent: Where you have given consent, for example by submitting our contact form or accepting analytics cookies.
• Contractual necessity: To perform legal services pursuant to an engagement letter or agreement.
• Legal obligation: To comply with applicable laws and professional conduct requirements.
• Legitimate interest: To operate and improve our website and communicate with prospective clients, balanced against your privacy interests.

4. How We Use Your Data

Personal data collected is used for the following purposes:

• Responding to enquiries and providing requested information about our services
• Performing legal services pursuant to an engagement
• Managing our relationship with you as a client or prospective client
• Complying with professional obligations and legal requirements
• Improving our website based on anonymised analytics data (with consent)
• Sending relevant updates or information where you have opted in to receive these

We do not use your personal data for automated decision-making or profiling.

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:

• Service providers: Third-party vendors who assist with website hosting, analytics, and communications (bound by data processing agreements)
• Professional obligations: Where disclosure is required by law, court order, or regulatory authority
• Legal proceedings: Where disclosure is necessary for the conduct of legal proceedings on your behalf

6. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

• Enquiry data from non-clients: up to 12 months from last contact
• Client engagement data: 7 years from the conclusion of the engagement, in accordance with professional obligations
• Analytics data: as per cookie durations stated in our Cookie Policy

7. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:

• Secure, encrypted storage of electronic records
• Access controls limiting data access to authorised personnel
• Regular review of our security practices
• Use of TLS encryption for data in transit

In the event of a data breach that is likely to affect your rights and interests, we will notify you and the Personal Data Protection Commission (PDPC) in accordance with the PDPA Notification of Data Breaches Regulations.

8. Cookies

Our website uses cookies to support basic functionality and, with your consent, to collect analytics data. For full details of the cookies we use, their purpose, and how to manage your preferences, please refer to our Cookie Policy.

9. Your Rights Under the PDPA

Under the Personal Data Protection Act 2012 (Singapore), you have the following rights:

• Right of access: To request a copy of the personal data we hold about you
• Right of correction: To request correction of inaccurate or incomplete data
• Right of withdrawal: To withdraw consent to the processing of your data at any time (without affecting processing carried out prior to withdrawal)
• Right to data portability: In certain circumstances, to receive your data in a portable format
• Right to lodge a complaint: With the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

10. Third-Party Links

Our website may contain links to external sites operated by third parties. We are not responsible for the privacy practices or content of those sites and encourage you to review their privacy policies independently.

11. Children's Privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from persons under 18 years of age. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will update the "Last Updated" date at the top of this page. We encourage you to review this page periodically. Continued use of our website following any update constitutes acceptance of the revised policy.

13. Contact and Data Controller

The data controller for personal data processed under this policy is:

Tembusu Law
16 Collyer Quay, #22-08
Singapore 049318
Email: [email protected]
Phone: +65 6492 3578