Privacy Policy
How Batik Legal collects, uses, and protects personal data in line with Singapore's Personal Data Protection Act.
1. Introduction
Batik Legal ("we", "us", "our") is a Singapore-based legal practice specialising in data privacy and compliance advisory. We are committed to handling personal data responsibly and transparently, in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore.
This Privacy Policy describes how we collect, use, disclose, and protect the personal data of individuals who interact with our website at batiklegalol or engage our services.
By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you have questions about how your personal data is handled, please contact us at privacy@batiklegalol.
2. Personal Data We Collect
We collect personal data through various interactions, including when you contact us, engage our services, or visit our website.
Legal basis for collection: consent (website forms), contractual necessity (service delivery), and legitimate interest (website analytics and security).
3. How We Use Your Personal Data
We use personal data only for purposes that are reasonable given the context of collection:
-
Service Delivery
Processing enquiries, conducting compliance assessments, providing advisory services, and fulfilling contractual obligations.
-
Communication
Responding to your queries, providing engagement updates, and sharing relevant compliance developments where you have consented to receive such communications.
-
Website Improvement
Understanding how visitors use our site in order to improve the structure, content, and accessibility of the information we provide.
-
Legal and Regulatory Compliance
Meeting obligations under applicable Singapore laws and responding to lawful requests from regulatory authorities.
We do not use personal data for automated profiling or decision-making processes that produce legal or similarly significant effects.
4. Sharing and Disclosure
We do not sell or rent personal data to third parties. We may share data in the following limited circumstances:
Service Providers
We engage reputable third-party providers for services such as website hosting, email delivery, and analytics. These providers act on our instructions and are contractually required to protect personal data.
Professional Advisors
In the course of legal engagements, we may involve co-counsel, barristers, or other professional advisors, subject to appropriate confidentiality obligations.
Regulatory Authorities
We will disclose personal data to the Personal Data Protection Commission (PDPC), Singapore courts, or other authorities when required to do so by law.
Cross-Border Transfers
Where personal data is transferred outside Singapore, we ensure that adequate protection is in place in accordance with the PDPA's transfer limitation obligations, including by using contractual protections or transferring to countries on the PDPC's approved list.
5. Security Measures
We implement reasonable and appropriate security measures proportionate to the sensitivity of the data we hold:
Encryption in Transit
All data transmitted via our website is encrypted using TLS/SSL protocols.
Secure Hosting
Website and data are hosted on servers with controlled access and regular security monitoring.
Access Controls
Access to personal data is restricted to staff and advisors with a legitimate need to handle it.
Breach Procedures
We maintain documented procedures for detecting, assessing, and responding to data incidents.
While we take data security seriously, no transmission or storage system is completely without risk. We encourage you to contact us promptly if you suspect any compromise of your data.
7. Your Rights Under the PDPA
Under Singapore's Personal Data Protection Act, individuals have the following rights with respect to their personal data:
You may request access to the personal data we hold about you and information about how it has been used or disclosed in the past year.
You may request correction of any inaccurate or incomplete personal data we hold about you.
You may withdraw consent for the collection, use, or disclosure of your personal data at any time, subject to legal or contractual restrictions.
Where technically feasible, you may request that we transmit your personal data to another organisation in a machine-readable format (data portability under the PDPA).
To exercise any of these rights, please contact us at privacy@batiklegalol. We will respond within 30 days of receiving your request. You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected or as required by applicable law.
| Data Category | Retention Period |
|---|---|
| Enquiry and contact records | 3 years from last interaction |
| Client engagement files | 7 years after engagement closes |
| Website analytics data | 26 months (aggregated) |
| Cookie consent records | 12 months from consent |
When personal data is no longer required, we will delete or anonymise it in a secure manner.
9. Third-Party Links
Our website may contain links to external websites operated by third parties, including government portals and professional bodies. These websites have their own privacy practices, which we do not control. We encourage you to review the privacy policies of any third-party sites you visit. Batik Legal is not responsible for the privacy practices of external sites.
10. Children's Privacy
Our services are intended for organisations and individuals aged 18 years or above. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly. Please contact us if you believe a minor has provided us with their personal data.
11. Policy Updates
We review this Privacy Policy periodically to reflect changes in our practices, applicable law, or regulatory guidance. When we make material changes, we will update the "Last Updated" date at the top of this page. For significant changes, we may notify existing clients by email.
Continued use of our website or services after changes take effect constitutes acceptance of the updated policy.
12. Contact Information
For questions, data access requests, or concerns regarding this Privacy Policy, please contact our designated Data Protection Officer:
Batik Legal
38 Beach Road, #29-11
South Beach Tower
Singapore 189767