BH2I is an international firm. We are committed to being transparent about how we collect and use personal data and to meeting our data protection obligations.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
All references to BH2I and “the Firm” refer to one or more of the “BH2I Affiliated Entities” which are separate but connected business entities consulting or practising law from offices in Singapore and Thailand and other jurisdictions.
BH2I is a “data controller” for the purposes of data protection legislations and this means that we are responsible for deciding how we hold and use personal information about you. Whilst your data will be processed by the BH2I office with which you have engaged, your personal data may be shared with other BH2I Affiliated Entities.
References to ‘processing’ contained within this Privacy Notice can mean any operations performed on personal data, for example collection, storage, recording, alteration, retrieval, restriction or erasure.
THE PURPOSE OF THIS PRIVACY NOTICE
The purpose of this Privacy Notice is to explain how we may collect and process personal data about:
Our clients or contacts;
Individuals for the purposes of recruitment;
Visitors to BH2I offices; and
Please refer to our Cookies Policy for details of the information we collect when you visit our website.
DATA PROTECTION PRINCIPLES
We comply with current data protection laws which stipulate that personal data we hold about you must be:
(a) Used lawfully, fairly and in a transparent way;
(b) Collected only for valid purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes;
(c) Relevant to the purposes we have told you about and limited only to those purposes;
(d) Accurate and kept up to date;
(e) Kept only for as long as necessary for the purposes we have told you about; and
(f) Kept securely.
In this context, personal data (or personal information), means any information about an individual from which that person can be identified. It does not include data which has been anonymised.
HOW WE USE PERSONAL DATA
BH2I collects and processes a range of personal data in a number of ways, and may use this information for:
The provision of legal and other services to our clients;
Maintaining and developing our relationships with clients and third parties;
To improve our services;
Facilitating our internal business operations including accounting, billing, collections, and payments;
Fulfilling our legal, regulatory and professional obligations;
Monitoring and analysing our business including monitoring the use of our website;
Sending marketing bulletins, legal updates and other promotional materials to our clients and contacts;
Sending invitations for corporate hospitality and other events;
Placing and maintaining our insurances;
This is not intended to be an exhaustive list and we may use personal data provided to us for related and/or ancillary purposes.
HOW WE COLLECT PERSONAL DATA
Whilst you are free to decide whether to provide us with personal data, please note that we may not be able to provide you with services without it.
We may collect personal data about you in a number of different ways including, but not limited to the following:
In the course of our engagement for the provision of legal and consultancy services;
From business cards;
From attendance at seminars and/or events organised or hosted by us, or when you sign up to receive marketing bulletins or publications from BH2I;
When we contract with suppliers or service providers for the provision of services to us; and
Through third party agencies, or information available in the public domain.
THE TYPES OF INFORMATION WE COLLECT
LEGAL AND CONSULTANCY SERVICES
The types of personal data we collect in the course of and in connection with the provision of legal and consultancy services may include:
Your name, address and contact details, including personal and business email addresses and telephone numbers;
Identification documents (which may include information relating to your date and place of birth) and/or other governmental identification numbers for the purposes of complying with the Anti-Money Laundering Regulations and related regulatory or legislative requirements;
Details of your current and previous employment, directorships and shareholdings; and
Details of your bank account for the purposes of billing and collections.
In addition to the above, if you apply to work for BH2I we may collect the information set out below:
Details of your qualifications and skills;
Background checks (where applicable);
Previous employment history, references, and information about your remuneration;
Details of your bank account, national insurance number or other governmental identification numbers, tax code and your right to work;
Equal opportunities monitoring information;
Information about medical or health records; and
Other personal data we may require to comply with our legislative and/or regulatory requirements.
The Firm processes special categories of more sensitive personal data, such as information relating to ethnic origin and sexual orientation for the purposes of equal opportunities monitoring. Data that the Firm uses for these purposes is anonymised or is collected with the express consent of the applicant, which can be withdrawn at any time.
From time to time, we may have photographers present at our events, where this is the case, we will notify you in advance.
We may collect special categories of personal data in connection with registration for an event or seminar, for example we may ask for information for the purpose of identifying and being considerate of any disabilities or special dietary requirements that you may have. Any use of such information is based on your consent and if you choose not to provide such information please note that we will not be able to make any relevant adjustments.
VISITORS TO BH2I OFFICES
When attending our offices in certain jurisdictions, you may be asked to provide identification documents to satisfy security requirements. This information is not collected or processed by BH2I.
PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Our legal basis for the processing of personal data is our legitimate business interests, although we will also rely on contract, legal obligations and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a legal contract or an engagement for legal services with you, your organisation or an affiliated legal entity.
We will rely on legal obligations if we are legally required to hold information on you to fulfil our legal or regulatory obligations.
In addition to the above, we may use your personal data where you have provided your consent to such use or we are otherwise required to do so in compliance with our regulatory obligations.
CHANGE OF PURPOSE
We will use your personal data only for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
SHARING YOUR PERSONAL DATA
We may share your personal data with:
Other BH2I affiliated entities on a confidential basis for the provision of legal services and/or in compliance with our legislative and regulatory requirements;
Legal Counsel, correspondent law firms, other legal specialists, consultants or experts (including arbitrators/mediators and notaries);
Our Accountants or Auditors for auditing and accounting purposes;
Regulators, courts and law enforcement agencies as necessary;
Third party service providers; and in doing so, we will keep the systems and processes of third party service providers under review to monitor the confidentiality, integrity and security of your personal data is maintained when being handled by any such service provider; and
Other third parties where we have your express consent to do so.
THIRD PARTY PERSONAL DATA SHARED WITH US
Where we receive personal data relating to someone else from a third party (“discloser”), the onus is on the discloser to ensure that they have the relevant authority and/or consent to disclose that personal data to us and that the information that they have provided is accurate and up to date. On this basis, we may collect, use and disclose that personal data as described in this Privacy Notice.
TRANSFERRING DATA ABROAD
Whilst we try and operate to the highest standard across each of the jurisdictions in which we have a presence, there may be local requirements which require us to take an alternative approach, however, we will always take reasonable steps to ensure the confidentiality, integrity and security of your personal data.
The Firm takes the security of your data seriously. The Firm has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We will take reasonable steps to ensure that the information that we hold about you is kept confidential and secure.
Where the Firm engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
RETENTION OF YOUR PERSONAL DATA
We will only retain your personal data for as long as is reasonably necessary in the circumstances and in compliance with our legislative and regulatory requirements.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
YOUR RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION
As a data subject, you have a number of rights including the right to be informed of how your personal data is being processed. You can also:
Request access to your personal data (commonly known as a “data subject access request”).
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
Request the deletion of a certain category (or categories) of your data, if the Firm and/or the Firm’s group entities are no longer under a legal obligation to process such data. The Firm can refuse to delete your data if in its view it requires the information for defence of legal claims against it or its group entities.
UPDATING YOUR PERSONAL DATA
It is important that the personal data we hold on you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us. Should you wish to amend the personal data that we hold for you, please contact us at email@example.com.
We will not be responsible for any losses arising directly or indirectly from any inaccurate and/or incomplete information provided to us by you.
STATUS OF THIS PRIVACY NOTICE
We review this Privacy Notice regularly and reserve the right to revise it or any part of it from time to time to reflect changes in the law, information security and technology practices or in the way in which we process your personal data.
If you have any questions about this Privacy Notice, or want to submit a written complaint to us about how we handle your personal data, please contact us at firstname.lastname@example.org.