Privacy Policy of Saffron & Co.

Saffron & Co. is committed to protecting the privacy and security of the personal data we collect and process. This Privacy Policy outlines how we collect, use, disclose, and manage your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant regulations. As a legal services, corporate advisory, and dispute resolution firm, we understand the sensitive nature of the information entrusted to us.

1. Information We Collect

We collect various types of personal data to provide our legal and advisory services effectively. This may include:

• Contact Information: Names, addresses, email addresses, phone numbers, and other communication details.
• Identification Information: Government-issued identification (e.g., passport, national ID), dates of birth, and other verification data required for client due diligence and anti-money laundering (AML) checks.
• Financial Information: Bank account details, payment information, and financial records necessary for billing and transaction processing.
• Professional Information: Job titles, company affiliations, professional history, and other details relevant to corporate advisory, employment law, or M&A services.
• Case-Specific Information: Details pertaining to legal matters, including factual circumstances, contractual agreements, intellectual property rights, family relationships, criminal allegations, real estate transactions, immigration status, maritime activities, and other information directly relevant to the legal services we provide. This may include sensitive personal data (e.g., health information, political opinions, religious beliefs) when strictly necessary for the legal representation.
• Technical Data: Information about your visits to our site, including IP addresses, browser types, operating systems, and usage patterns collected through cookies and similar technologies (as detailed in our Cookie Policy).

2. How We Collect Information

We collect personal data through various channels:

• Directly from You: When you engage our services, communicate with us via phone, email, or in person, complete forms, attend events, or interact with our online platform.
• From Third Parties: Such as public records, regulatory bodies, financial institutions, opposing counsel, expert witnesses, and other entities involved in legal proceedings or corporate transactions, where permitted by law.
• Through Our Online Platform: Automatically via cookies and analytics tools as you navigate our site.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Performance of a Contract: To fulfill our contractual obligations to you as a client and provide the requested legal services (Corporate Law, M&A, Intellectual Property, Litigation, Regulatory Compliance, Employment Law, Estate Planning, Family Law, Criminal Defense, Real Estate Law, Immigration Law, Maritime Law, Fintech Legal Advisory).
• Legal Obligation: To comply with legal and regulatory obligations, such as AML checks, tax requirements, and other statutory duties.
• Legitimate Interests: For our legitimate business interests, including maintaining our operations, improving our services, managing our client relationships, direct marketing (where permitted), and safeguarding our legal rights, provided these interests do not override your fundamental rights and freedoms.
• Consent: Where we have obtained your specific, informed, and unambiguous consent for particular processing activities, especially for processing sensitive personal data not covered by other legal bases. You have the right to withdraw your consent at any time.

4. How We Use Your Information

Your personal data is used to:

• Provide and manage our legal services and corporate advisory, including legal advice, representation, document preparation, and transaction facilitation.
• Communicate with you regarding your matters, updates, and relevant information.
• Administer our client relationships, including invoicing, payment processing, and record-keeping.
• Conduct client due diligence, conflict checks, and comply with regulatory requirements.
• Analyze and improve our services, website, and client experience.
• Send you legal updates, newsletters, and marketing communications that may be of interest to you, based on your preferences.
• Prevent fraud, detect security incidents, and protect our rights and property.

5. Disclosure of Your Information

We may share your personal data with:

• Our Employees and Partners: Members of Saffron & Co. who require access to the information to provide services.
• Service Providers: Third-party vendors and service providers who assist us in our operations, such as IT support, document management, accounting, and professional indemnity insurers. These parties are contractually obligated to protect your data and only use it for the purposes specified by us.
• Opposing Parties and Courts: In the context of litigation, arbitration, or other legal proceedings, as required for effective legal representation.
• Regulatory and Governmental Authorities: When legally required or to comply with applicable laws, regulations, and self-regulatory obligations.
• Professional Advisors: Such as auditors and other professional advisors.
• With Your Consent: To any other third party with your explicit consent.

We do not sell your personal data to third parties.

6. International Data Transfers

As a firm based in Singapore, your data will primarily be processed within Singapore. However, in limited circumstances relating to international legal matters or the use of global service providers, your personal data may be transferred to and processed in countries outside of your country of residence, including those outside the European Economic Area (EEA). We will ensure that such transfers comply with applicable data protection laws, typically by relying on standard contractual clauses, your explicit consent, or other lawful transfer mechanisms.

7. Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, access controls, secure networks, and regular security assessments. Our staff are trained on data protection and confidentiality obligations.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the performance of our contractual obligations, compliance with legal and regulatory requirements (e.g., maintaining client records for a statutory period), and for the establishment, exercise, or defense of legal claims. Specific retention periods vary depending on the type of data and the nature of the services provided.

9. Your Rights

Depending on your jurisdiction and the legal basis for processing, you may have the following rights regarding your personal data:

• Right to Access: To request a copy of the personal data we hold about you.
• Right to Rectification: To request that we correct any inaccurate or incomplete personal data.
• Right to Erasure ( "Right to be Forgotten"): To request the deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: To request that we limit the way we use your personal data.
• Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: To object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, to withdraw your consent at any time.
• Right to Lodge a Complaint: To lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us using the details provided below. We may need to verify your identity before processing your request.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will post any updates on this page and revise the "Last Updated" date. We encourage you to review this policy regularly.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact us at: