Privacy Policy

  • Home
  • Privacy Policy

Shook Lin & Bok LLP is committed to protecting your privacy.  

We handle your personal data responsibly and in compliance with the Personal Data Protection Act 2012 (“PDPA”) and other applicable laws.

By providing your personal data to us, you consent to its processing as set out in this Policy. We may also provide further notices, policies or terms or conditions (including, where applicable, our General Terms and Conditions) in the course of our relationship with you.

This Policy may be updated by us from time to time and any revisions made to this Policy will be duly published on our website.

  1. What personal data we collect about you

In the course of providing our professional services and operating our business, we may collect a variety of personal data about you, including but not limited to:

  • Your name, date of birth, contact details and job title;
  • Website usage and other technical data, including the Internet Protocol address of the device which you use to browse our website;
  • Personal data that our clients or their representatives share with us in connection with our provision of professional services;
  • Identification and background verification data to comply with client due diligence and anti-money laundering laws; and
  • Data collected for recruitment purposes, such as your curriculum vitae, academic qualifications, employment history and professional memberships.

  1. How we collect personal data

We may collect personal data in a variety of different ways, including but not limited to:

  • Where you provide it to us directly;
  • From our clients, when we handle personal data for the purpose of providing our professional services;
  • From third parties, for example, a third party who has been authorised by you to disclose your personal data to us;
  • Where you visit our website; and
  • Where collection and use of personal data without consent is permitted or required by the PDPA or other laws.

If you provide us with personal data that relates to other individuals, we will assume that you have permission from those other individuals to provide their personal data to us on their behalf, and you further represent and warrant to us that those other individuals have similarly consented to our collection, retention, usage and disclosure of their personal data.

  1. How we use your personal data

Depending on the nature of your relationship with us, we may collect and use your personal data for the following purposes:

  • Verifying your identity, checking for conflicts of interest and making other internal evaluations to ascertain whether we are able to assist you and offer you our professional services;
  • Responding to any queries that you address or pose to us;
  • Providing to you the professional services for which we are engaged;
  • Managing your relationship with us;
  • Discharging other duties and responsibilities that we have under the law (including but not limited to initial due diligence checks and evaluations at the initial client onboarding stage, as well as subsequent internal evaluations on a periodic and ongoing basis);
  • Processing your application for employment, a training contract or an internship;
  • Marketing our professional services that we think may be of interest to you;
  • Organising seminars, webinars or other events;
  • Monitoring traffic and tracking usage on our website;
  • Maintaining and improving our website;
  • Evaluating the kind of information that is of interest to visitors to our website;
  • Any other purpose required or permitted by the PDPA and other applicable legislation; and
  • Any other purposes incidental to the aforesaid.

  1. Who we disclose your personal data to

We may disclose or share your personal data where reasonably required for any of the purposes specified above to:

  • Professional advisors, experts, consultants, technology service providers and auditors engaged by you, or engaged by us on your behalf and with your consent;
  • Counterparties or other parties involved in a matter and their counsel or representatives, as well as mediators, arbitrators and other legal specialists;
  • Courts, governmental authorities and regulatory bodies;
  • Third party service providers, data intermediaries and agents, including third party providers (“AI Providers”) of artificial intelligence tools and products (“AI Tools”); and
  • Any other third parties we may notify you of from time to time.

Any such transfers will be made in compliance with our obligations under the PDPA.

  1. Which countries we transfer your personal data to

Where we transfer personal data to a country or territory outside Singapore, we will comply with the necessary legal requirements to ensure that such transferred personal data receives a comparable level of protection as they would under Singapore law.

Where AI Providers are engaged for the purposes set out above, your information and documents (which may include personal data) may be transmitted to systems outside Singapore. Please refer to the relevant AI Provider’s website for more details:

AI Provider and AI Tool

Website

Harvey AI Corporation (Harvey)

https://trust.harvey.ai/

  1. How we protect your personal data

We are committed to safeguarding your personal data. We have implemented appropriate technical, physical and administrative security measures consistent with industry standards, to preserve the confidentiality of all personal data and to prevent unauthorised access, usage, disclosure or disposal.

However, to the fullest extent permitted by law, we disclaim responsibility for any unauthorised use of your personal data arising from circumstances that are beyond our reasonable control.

  1. How long we retain your personal data

We will take all reasonable measures to ensure that documents containing personal data are properly destroyed or rendered anonymous, once it is reasonable for us to assume that the original purpose for which the personal data collected is no longer served by its retention and that retention is no longer necessary for any legal or business purpose.

  1. How we ensure that your personal data is accurate and complete

We shall take reasonable steps to ensure that personal data collected by us or on our behalf is accurate and complete if it is likely to be used by us to make a decision that affects you, or is likely to be disclosed by us to another organisation.

Where you provide your personal data directly to us, we will assume that it is accurate and complete. You may contact us if you wish to inform us of any relevant changes to your personal data.

  1. Your right to withdraw consent

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above.

In general, we shall seek to process your request within 10 business days of receiving it.

Depending on the nature and scope of your request, we may not be in a position to continue providing our services to you and we shall, in such circumstances, notify you before completing the processing of your request.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

  1. Your right of access to your personal data

Except in certain situations specified by law, you are generally entitled to access your personal data in our possession or control, and to request information on the ways such personal data has been used or disclosed by us over the past one year, from the date of your request.

If we are unable to respond to your request for access within 30 days, we will inform you within the 30 day period of when we will respond.

Please note that in order for us to recover the incremental costs associated with administering a request from you to access your personal data, the law entitles us to charge a fee. Generally, the fee will correspond to the time and effort required to administer your access request, and we will inform you in advance of the amount payable. We are entitled to refuse you access, if you do not agree to pay the fee.

  1. Your right to correct personal data

Generally, you are also entitled to request us to correct any error or omission in your personal data in our possession or control. If we are satisfied that a correction ought to be made to your personal data, we will make the correction as soon as practicable. If necessary and subject to your request, we will also send the corrected personal data to any organisation to which we had disclosed the personal data within the past one year.

  1. How you can contact us

If you have any questions concerning this Policy or if you wish to make any request (for example, to withdraw consent or for access to or correction of your personal data) please get in touch with us by emailing our Data Protection Officer at privacy@shooklin.com.

 

This Policy was last updated on 16 June 2026.