Privacy Policy | Rambutan Legal

1. Data We Collect

We collect personal data only when it is necessary for the provision of our tax advisory services or for communicating with you in response to an enquiry. The categories of data we may collect include:

Identification data: Full name, NRIC or passport number (where required for advisory purposes), and date of birth.
Contact data: Email address, telephone number, and mailing address.
Financial and tax data: Income details, corporate structures, GST registration status, and other tax-related information provided by you for advisory purposes.
Website usage data: IP address, browser type, pages visited, and time spent on our website — collected via analytics tools.
Communication records: Emails, enquiry form submissions, and other correspondence with our team.

We do not collect sensitive personal data (such as race, religion, or health information) unless it is directly relevant to a specific advisory matter and you have provided express consent.

2. How We Use Your Data

Your personal data is used for the following purposes:

Providing tax advisory and compliance services as requested by you.
Responding to enquiries and scheduling advisory sessions.
Issuing invoices, receipts, and engagement letters.
Complying with legal obligations under Singapore law, including anti-money laundering and tax legislation.
Improving the quality and relevance of our website and services through anonymised analytics data.
Sending relevant updates about tax developments or our services — only where you have opted in to receive such communications.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

3. Legal Basis for Processing

Under Singapore's PDPA, we collect and use personal data on the following grounds:

Consent

When you submit an enquiry form or engage us for advisory services, you provide informed consent for us to contact you and use the information you supply for that purpose.

Contractual Necessity

Where we have entered into a client engagement, processing your data is necessary to fulfil the terms of that engagement.

Legal Obligation

Certain data must be retained to comply with Singapore's regulatory requirements, including the Income Tax Act and related legislation.

Legitimate Interests

We may process data to maintain and improve our services, handle correspondence, and protect the security of our systems, where this does not override your interests or rights.

4. Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

Service providers: Third-party tools used to operate our website (such as analytics platforms), bound by data processing agreements.
Regulatory bodies: Where disclosure is required by law, court order, or competent regulatory authority in Singapore.
Professional advisors: With your consent, in cases where our advisory work requires collaboration with other professionals (e.g. legal counsel).

All third parties are required to handle your data securely and in accordance with applicable data protection laws.

5. Security Measures

We apply reasonable and appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. These include:

Encryption of data in transit using TLS/HTTPS protocols.
Access controls limiting data access to authorised personnel only.
Secure document storage and disposal procedures for client files.
Regular review of our data handling practices.

In the event of a data breach that is likely to result in significant harm, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA's mandatory breach notification requirements.

6. Cookies

Our website uses cookies to support its basic functions and to understand how visitors engage with our content. Cookies are small text files stored in your browser. We use:

Essential cookies: Required for the website to function properly. These cannot be disabled.
Analytics cookies: Help us understand how visitors use the site (e.g. Google Analytics). Used only with your consent.
Preference cookies: Remember your settings and preferences between visits.

You can manage your cookie preferences at any time via our Cookie Policy page, which includes controls to accept, reject, or customise your choices.

7. Retention Periods

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law:

Data Category	Retention Period
Client engagement records and advisory reports	7 years
Accounting and invoicing records	5 years
General enquiry correspondence	2 years
Website analytics data	26 months
Cookie consent records	12 months

After the applicable retention period, data is securely deleted or anonymised.

8. Your Rights

Under the PDPA, you have the right to:

Access

Request a copy of the personal data we hold about you.

Correction

Ask us to correct inaccurate or incomplete personal data.

Withdrawal of Consent

Withdraw consent for data processing at any time, subject to legal and contractual restrictions.

Data Portability

Request a copy of your data in a structured, commonly used format (where technically feasible).

Lodge a Complaint

Contact the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg if you believe your data rights have not been respected.

To exercise any of these rights, please write to us at [email protected]. We aim to respond within 30 days.

9. Third-Party Links

Our website may contain links to external websites, such as the Inland Revenue Authority of Singapore (IRAS) or other professional resources. We are not responsible for the privacy practices of those sites and encourage you to review their respective policies before providing any personal data.

10. Children's Privacy

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe we have inadvertently received data from a person under 18, please contact us so we can delete it promptly.

11. International Data Transfers

Your personal data is primarily processed and stored within Singapore. If any service provider requires data to be transferred outside Singapore, we ensure that adequate data protection standards equivalent to those under the PDPA are in place, in accordance with the PDPA's transfer limitation obligation.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The revised policy will be published on this page with an updated effective date. We encourage you to review this policy periodically.

Continued use of our website or services following a policy update constitutes acknowledgement of the revised terms.

13. Contact Us

For any questions, requests, or concerns relating to your personal data or this policy, please reach out to us:

Rambutan Legal — Data Protection

[email protected]

1 George Street, #10-04, One George Street, Singapore 049145

+65 6382 7419