This Personal Data Protection Policy for Contract Parties (“Policy”) explains how PDLegal LLC Advocates and Solicitors and our affiliates (collectively “PDLegal”, “we”, “us” or “our”) collect, use, disclose, transfer, and otherwise process (“process” or “processing”) your Personal Data in the course of our business, in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
We advise you to read this Policy in its entirety.
1. When does this Policy apply to you?
This Policy applies to you if you are (a) an individual who is our outsource service provider, supplier, vendor, business partner, contractor, or subcontractor (collectively called a “Individual Contract Party(ies)”); or (b) an individual who is associated with our corporate outsource service provider, supplier, vendor, business partner, contractor, or subcontractor (“Corporate Contract Party(ies)”), e.g. authorized person(s)/director(s), authorized representative(s), and/or contact person(s) (collectively called “Associated Person(s)”. Throughout this Policy, Individual Contract Party(ies) and/or Corporate Contract Party(ies) may be referred to individually or collectively as the “Contract Party(ies)”.
2. What types of Personal Data does PDLegal collect and process from you?
(a) General Personal Data: PDLegal collects various types of your Personal Data that can be used to identify you, either directly or indirectly (“Personal Data”), including the following:
a. Personal Data may include your name, surname, national identification number, passport number, tax identification number, company, title, job description, and contact details, such as your email address, telephone number, business address, and bank account number and details as well as images and motions captured by video cameras that are installed at our premises.
b. Any other categories of Personal Data that may be provided or included within any emails and other communications between you and PDLegal.
c. Personal Data that we learn or obtain about you from our dealings with you.
d. Personal Data that we obtain from any government-issued documents that you provide to us, including your passport, house registration, tax-related documents, and national identification card.
e. Personal Data that we learn about you from economic or trade sanctions lists.
(b) PDLegal does not aim or have any intention to collect Personal Data that is not necessary for, or not relevant to, our business operations, or our purposes relating to the processing of Personal Data, and especially Personal Data which are considered as sensitive personal data pursuant to Section 26 of the PDPA (“Sensitive Personal Data”).
If you are required to provide us with a copy of your national identification card, PDLegal encourages you to blind, or cross out, the Sensitive Personal Data on your identification card (i.e. religion and/or blood type related data), before delivering such document to us. If the copy of your national identification card that has been delivered to PDLegal still contains such data, PDLegal will blind or cross it out from the documents ourselves. The blinding or crossing-out of such data on the copy of your national identification card will be conducted merely for the purpose of refraining from the collection of any unnecessary or irrelevant Personal Data, and without any criminal intent.
(c) Where a Corporate Contract Party provides PDLegal with the Personal Data of its Associated Person, the Corporate Contract Party warrants that it has duly informed such Associated Person about the information in relation to the processing of the Personal Data as specified in this Policy and obtained proper and informed consent from such Associated Person (if required), or that the collection and disclosure of the Personal Data of such Associated Person can rely on any other legal basis which enables PDLegal to process such Personal Data for the purposes specified in this Policy.
3. Why does PDLegal collect and process your Personal Data?
PDLegal collects your Personal Data for different purposes, relying on various lawful bases, as set out below:
(a) Contractual Necessity (Only applicable to Individual Contract Parties):
a. PDLegal collects and processes your Personal Data in order to enter into and take any necessary steps to enter into a contract with you as per your request.
b. PDLegal collects and processes your Personal Data for the purposes of performing PDLegal’s obligations and duties under such contract which include, without limitation, to make necessary payments for your products and/or services.
c. Where the processing of Personal Data relies on contractual necessity as a legal basis, failure to provide required or necessary Personal Data may result in PDLegal being unable to perform its obligations under the contract with you, or to proceed with any of your requests in relation to the contract, either in part or in whole. In other words, PDLegal may not be able to obtain your products or services, or may not be able to arrange for payments for your products or services.
(b) Legal Obligation:
a. PDLegal processes the Personal Data of Individual Contract Parties and Associated Persons in order to comply with applicable law or regulation, and to comply with orders of the court, competent authorities, and/or government agencies. In particular, for Individual Contract Parties, PDLegal may need to process your Personal Data for accounting and tax filing purposes.
b. Where the processing of Personal Data relies on legal obligation as a legal basis, failure to provide required or necessary Personal Data may result in PDLegal being unable to perform its obligations or duties under applicable laws or regulations, either in part or in whole, or it may cause PDLegal and/or you to be in violation of applicable law or regulation, or an order of a court, competent authority, and/or government agency.
(c) Legitimate Interest:
a. In the event that the contract will be or is entered into by and between a Corporate Contract Party and PDLegal, PDLegal processes Personal Data of Associated Persons in order to make necessary determination and undertake necessary steps to enter into the contract as well as to perform PDLegal’s obligations under the contract.
b. PDLegal processes Personal Data of Individual Contract Parties and Associated Persons in order to manage and administer our business, and to manage our relationships with our Contract Parties.
c. PDLegal processes Personal Data of Individual Contract Parties and Associated Persons to undertake risk management activities in connection with the operation of the business of PDLegal and the relevant contracts with the Contract Parties.
d. PDLegal processes Personal Data of Individual Contract Parties and Associated Persons to detect, prevent, investigate, and prosecute fraud and/or the criminal activity.
e. PDLegal collects Personal Data of Individual Contract Parties and Associated Persons while visiting PDLegal’s premises, including your images and motions captured by video cameras that are installed at our premises in order to protect property, personnel, rights, and interests of PDLegal.
f. PDLegal processes Personal Data of Individual Contract Parties and Associated Persons in order to grant access to our premises and systems.
g. PDLegal processes Personal Data of Individual Contract Parties and Associated Persons to manage our information technology and to ensure the security of our systems.
h. PDLegal collects Personal Data of Individual Contract Parties and Associated Persons in order to conduct compliance activities, such as assessing and managing risk in accordance with our internal policies such as in relation to fraud, anti-money laundering, anti-bribery, etc. If you are unwilling to provide your Personal Data in these circumstances, then we may be unable to receive (or continue receiving) the relevant products or services from the Contract Party or other persons/entities with which you are associated.
(d) Legal Claims: PDLegal processes Personal Data of Individual Contract Parties and Associated Persons when it is necessary for the establishment, compliance, exercising, or defense of legal claims by PDLegal.
4. Where does PDLegal collect your Personal Data?
(a) Individual Contract Parties
a. Directly from you: We normally collect your Personal Data directly from you before, during, and after the contract term between you and PDLegal.
b. Third Parties: We may collect your Personal Data from online public sources, court orders, court judgments, orders of the competent authorities, and any other governmental agencies.
(b) Associated Persons
a. Directly from you: We normally collect your Personal Data directly from you before, during, and after the contract term between the Corporate Contract Party with whom you are associated and PDLegal.
b. Third Parties: We may also collect your Personal Data from online public sources, your colleagues or employers, court orders, court judgments, orders of the competent authorities, and any other governmental agencies.
5. To whom does PDLegal disclose your Personal Data?
(a) PDLegal discloses Personal Data of the Individual Contract Party and the Associated Person to our affiliates, both within and outside Singapore, for purposes relating to the acquisition of products and/or services from the Contract Party.
(b) PDLegal may disclose Personal Data of the Individual Contract Party and the Associated Person if PDLegal is compelled or required to do so under applicable law or in response to an order of a court, competent authority, or, government agency, both in Singapore and overseas, including, without limitation, the Revenue Department.
(c) PDLegal discloses Personal Data of the Contract Party and the Associated Person to any person or entity who provides services to PDLegal such as information technology service providers, auditors, accounting firms, etc.
6. Where does PDLegal transfer your Personal Data?
(a) We regularly transfer your Personal Data to our affiliates, and in certain circumstances, to third parties (e.g. service providers), which are located outside Singapore, and which may have different data protection standards to those prescribed by the data protection authority in Singapore. Notwithstanding that, we ensure that we will protect your Personal Data by implementing adequate personal data protection standards for the transfer of your Personal Data outside Singapore. We will also ensure that any entity to whom your Personal Data will be disclosed will implement adequate personal data protection standards, and where your Personal Data will be transferred within our affiliates, we will use the relevant data transfer mechanisms (e.g., binding corporate rules or other mechanisms as the applicable data protection laws may require or otherwise permit). In addition, your Personal Data is primarily transferred to our affiliates located in Thailand and China.
(b) In all cases, we will transfer your Personal Data only where it is permitted and in compliance with the PDPA.
7. For how long does PDLegal retain your Personal Data?
We retain your Personal Data for as long as is required in order to fulfil our contractual obligations, or for the performance of our services to our Contract Party, and for 10 years after the cessation of the contractual relationship between us and the Contract Party, or the last performance of our services or communication, whichever is later, unless otherwise agreed with you in writing, or required or permitted by applicable law.
Where we process your Personal Data in connection with a legal obligation, your Personal Data will be retained for the duration of the prescribed legal retention period, as stipulated under the applicable law.
8. What are your rights in relation to your Personal Data?
You are entitled to:
(a) Request to have access to and obtain a copy of your Personal Data, and to request the disclosure of the source of the Personal Data, in the event that your Personal Data was collected without your consent;
(b) Receive your Personal Data in a commonly used and machine-readable format (if any), and to have your Personal Data in said format transmitted to another Data Controller;
(c) Request that your Personal Data be deleted, destroyed, or de-identified;
(d) Object to the collection, use, and disclosure of your Personal Data;
(e) Request that the processing of your Personal Data be suspended;
(f) Request that your Personal Data be corrected, updated, or completed;
(g) Withdraw your consent at any time, provided that there is no other legal ground for PDLegal to continue with the processing of your Personal Data; and
(h) Lodge complaints to the Office of Personal Data Protection Commission and any other competent authorities
Your request may be refused, and the exercise of your rights is subject to the conditions and limitations prescribed by law.
9. Changes to this Policy
PDLegal may amend, change, or update this Policy from time to time, whereby PDLegal will notify you about such changes via your selected communication channel or any other communication channels as PDLegal deems appropriate. In the event that the amendment, change, or update will affect the purposes for which your Personal Data has originally been collected, PDLegal will notify you about such changes and obtain your consent (if applicable), prior to such changes becoming effective.
10. How can you contact us?
If you have any inquiries in relation to your Personal Data, or you would like to exercise any of your rights, you may contact us at:
PDLegal LLC Advocates and Solicitors
The Adelphi, 1 Coleman St, #08-02A, Singapore 179803
+65 6220 0325
[email protected]
This Policy is effective from June 1, 2022, onward.
PDLegal Asia (Thailand) Co., Ltd.
6th Floor, 6 O-NES Tower, Sukhumvit Soi 6, Khlong Toey, Bangkok 10110
+66 2 254 6415
[email protected]