Privacy Policy | Gambir Legal

1. Introduction

Gambir Legal ("we", "us", "our") operates from 10 Collyer Quay, #40-07, Ocean Financial Centre, Singapore 049315. We are the data controller for personal data collected through this website and in the course of providing legal services to clients.

This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA) and, where applicable, other data protection laws including the EU General Data Protection Regulation (GDPR) for individuals in the European Economic Area.

If you have questions about this policy or how we handle your information, please contact us at [email protected].

2. Personal Data We Collect

We collect personal data in the following ways:

2.1 Data You Provide Directly

Contact form submissions — name, email address, phone number (optional), and the content of your message.
Client engagement — information provided in the course of instructing us on legal matters, including business information, transaction details, and relevant correspondence.
Communications — emails, telephone calls, and other communications you initiate with us.

2.2 Data Collected Automatically

Usage data — pages visited, time on site, browser type, device type, and referring URL, collected via analytics tools.
Cookie data — as described in our Cookie Policy.

2.3 Legal Basis for Processing

Consent Collected via contact forms and cookie preferences. You may withdraw consent at any time.

Contract Performance Data necessary to provide the legal services you have instructed us to perform.

Legitimate Interests Improving our services, responding to enquiries, and maintaining business records.

Legal Obligation Compliance with applicable laws, including anti-money laundering and professional regulatory requirements.

3. How We Use Your Data

Responding to enquiries submitted via the contact form.
Providing, managing, and delivering the legal services you have instructed.
Maintaining our client files and matter management records.
Compliance with legal and professional obligations, including Know Your Client (KYC) requirements.
Improving our website and understanding how visitors interact with it.
Sending service-related communications, including invoices and follow-up correspondence.

We do not use personal data for automated decision-making or profiling in a manner that produces significant legal or similarly significant effects.

4. Data Sharing and Disclosure

We do not sell personal data. We share personal data only in the following circumstances:

Service providers — third parties who assist with IT systems, website hosting, or analytics, bound by appropriate data processing agreements.
Professional advisers — counsel, correspondents, or expert witnesses engaged in connection with your matter, with your knowledge.
Regulatory or legal authorities — where required by law, court order, or applicable professional obligations.
Business transfers — in the context of a merger, acquisition, or transfer of our practice, subject to appropriate confidentiality protections.

Where data is transferred outside Singapore, we take steps to ensure it is protected at a standard comparable to the PDPA, including through contractual safeguards.

5. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law or professional obligations:

Client matter filesRetained for a minimum of seven (7) years following conclusion of the matter, in accordance with Singapore Law Society guidelines.

Enquiry/contact form dataRetained for up to two (2) years if no engagement follows, then deleted or anonymised.

Website analytics dataAggregated and anonymised; individual-level data retained per the analytics provider's standard retention settings (typically 14–26 months).

6. Data Security

We maintain reasonable security arrangements to protect personal data from unauthorised access, disclosure, alteration, or loss. These include:

Encryption — data in transit is protected by TLS/SSL encryption. Sensitive files are stored in encrypted environments.

Access controls — access to personal data is restricted to personnel who require it for their work, under appropriate confidentiality obligations.

Monitoring — we periodically review our information security practices and update them as appropriate.

Breach notification — in the event of a data breach likely to cause significant harm, we will notify affected individuals and the PDPC in accordance with the PDPA's mandatory breach notification requirements.

7. Cookies

Our website uses cookies and similar technologies. For a full description of the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

8. Your Rights

Under the PDPA and, where applicable, the GDPR, you have the following rights in relation to your personal data:

Right of Access

Request a copy of the personal data we hold about you and information about how it is used.

Right of Correction

Request correction of inaccurate or incomplete personal data we hold.

Right to Erasure

Request deletion of personal data where it is no longer necessary for the purpose collected, subject to legal retention obligations.

Right to Portability

Receive your personal data in a structured, machine-readable format (where technically feasible).

Right to Object

Object to processing based on legitimate interests or direct marketing.

Withdraw Consent

Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at [email protected]. We aim to respond within 30 days. If you are dissatisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.

9. Third-Party Links

Our website may contain links to external websites, including regulatory bodies, arbitration institutions, or other legal resources. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before submitting any personal information.

10. Children's Privacy

Our legal services are intended for businesses and individuals who are at least 18 years of age. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently done so, please contact us and we will take steps to remove that data.

11. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational circumstances. When we do, we will update the "Last Updated" date at the top of this page. Where changes are material, we will take reasonable steps to notify affected individuals.

Continued use of our website after any update constitutes acceptance of the revised policy.

12. Contact Information

For any data protection queries, access requests, or concerns, please contact us:

Gambir Legal

10 Collyer Quay, #40-07, Ocean Financial Centre, Singapore 049315

[email protected]

+65 6839 4271