Mazars LLP Clients Privacy Statement
Where any conflict arises between the Website conditions and these conditions, and you are an existing client of our services, the conditions contained in this ‘Mazars LLP Clients’ section shall prevail.
1. Types of Personal Data Processed
1.1 The purpose of this Privacy Statement is to inform you and provide you with an understanding of how we handle, collect, use, disclose and process personal data about you that you give us, that we receive through third parties or that is in our possession as a result of our providing services to you or exploring with you our ability to provide you with services.
1.2 Mazars LLP (“Mazars”) (Singapore UEN No T07LL0916H) collects information about you when you use our website(s), forms, and/or other channels and throughout other interactions, communications and services you have with us.
1.3 We collect only personally identifiable information that is specifically and voluntarily provided for the purpose the personal information is collected. Mazars receives limited identifiable information, such as name, title, company address, email address, and telephone and fax numbers, and other personal data that may be incidental to the performance of a contract. By interacting with us, submitting information to us, signing up for and/or using any services offered by us, you agree and consent to Mazars, as well as their respective representatives and/or agents collecting, using, disclosing and sharing amongst themselves your personal data, and disclosing such personal data to the authorised service providers of Mazars and relevant third parties in the manner set forth in this Privacy Statement.
1.4 It is Mazars’ policy to limit the information collected to only the minimum information required to complete a visitor’s request. Our intention is not to seek any sensitive information through our website(s) unless legally required for recruiting purposes. Additionally, this includes any personal data that was previously collected through our website and has since been included in the data that we hold as part of the services that are provided to you.
1.5 This Privacy Statement which is established in Singapore, governs the collection, use and disclosure of personal data submitted to Mazars, and explains how we collect and handle personal data of individuals and comply with the requirements of the Personal Data Protection Act 2012 of Singapore and its regulation(s) (the “PDPA”).
1.6 If you are residing in Europe, including the UK, we will process personal data in accordance with the General Data Protection Regulation 2016/679 and similar European and UK data protection and data security laws (the “European and UK Data Protection Laws”).
2. Categories of Data Subjects
2.1 Personal data we process for our own purposes and on your behalf may include but is not limited to personal data provided to and collected by Mazars and data incidental to the performance of a contract as set out in Paragraph 1 above, specifically Paragraph 1.3 above.
2.2 Categories of data subjects will, for so far as we act as a data processor, be determined by you and as contemplated by our engagement terms with you. Normally, we will only require limited aspects of your staff data for our own purposes and will advise you should it become necessary for us to process any other categories for our own purposes.
2.3 Personal data we process for our own may include but may not be limited to third party and prospective clients data, our Client’s staff data, our Client’s contractor data supplier data and data of children.
2.4 Personal Data about these individuals may include but not be limited to demographic, financial, employment, social and data considered sensitive/ special category
3. Legal Basis for Data Processing
3.1 We will/may collect, use, disclose and/or process your personal data for one or more of the following purposes:
(a) Performance of a contract – where processing of your personal information is necessary in order to perform our obligations under a contract;
(b) Legal obligations – where we are required to process your personal information in order to comply with a legal obligation, such as record keeping for tax purposes or providing information to a public body or law enforcement agency;
(c) Legitimate interests – where it is in our legitimate interest in running a lawful business, as set out in Appendix 1 of this Privacy Statement, to process your information, in order to further that business; or
(d) Your consent – in some cases, we will ask for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so.
3.2 We may collect, use, disclose or process your personal data for other purposes that do not appear above. However, we will notify you of such other purposes at the time of collecting the data, unless processing of your personal data without your consent is permitted by the PDPA or by law. For European residents, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the European and UK Data Protection Laws.
3.3 We may also be collecting personal data about you from sources other than yourself, for one or more of the above purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above purposes. We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
For EU citizens, where we receive Special Category Personal Data as a result of our professional engagements with Clients, we process these on the basis that explicit consent has been given to our Clients to provide such data to us, or otherwise in accordance with the other legal bases set out through Article 9 GDPR.
Where we process Special Category Personal Data relating to an individual for our own purposes, we will seek consent to process such data or otherwise process the same in accordance with the other legal bases set out through Article 9 GDPR.
4 Protection of Personal Data
4.1 We do not share personal information with third parties except as necessary to carry out our business, your requests or as required by law or other legal processes as set out within Paragraph 6 (below). We will never sell your personal information to third parties.
4.2 Mazars has technological and operational security policies and procedures in place to protect your personally identifiable information from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the data have been trained to maintain the confidentiality of such information.
4.3 Despite Mazars’ best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information.
4.4 It is never our policy to knowingly collect or maintain information on minors, unless they are required for the purposes incidental to the performance of a contract.
5 Use of Sub-Processors
5.1 As part of our service delivery it is necessary for us to use sub-processors as set out below in this Paragraph 5.
5.2 Our infrastructural and technical support is largely provided by parties external to Mazars, including the sub-processors as mentioned in Paragraph 5.1 above. Some solutions we utilize are cloud based and our need to rely upon those systems varies depending upon the services we deliver to you.
5.3 All sub-processors are bound by Mazars on behalf of all Mazars subsidiaries to provide at least the same level of protection for your data as we do.
5.4 Most sub-processors do not engage directly with your data and simply provide secure storage solutions for the data we process. Unless we have otherwise expressly agreed conditions with them, sub-processors are prohibited from using your personal data for their own purposes.
6 Data Transfers
6.1 We may provide your personal information to other entities within the Mazars Group (a list of which may be accessed here, and will be updated from time to time) in order to provide you with information that could be of interest to you and conduct market or other research.
6.2 Personal information may also be disclosed to other entities within the Mazars Group and other third parties for the purposes listed in paragraph 3 above, or in order to respond to your requests or inquiries, or to otherwise meet the purpose for which you have submitted your information, or as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition, or where those parties handle information on our behalf, including but not limited to the following parties:
(a) External companies providing services to Mazars, including but not limited to information technology solutions, communication services and storage services;
(b) Agents, contractors or third-party service providers who provide operational services to us, such as courier services, telecommunications, information technology, payment, billing, processing, technical services, security or any other services incidental to the operations of our firm;
(c) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or assets sale) involving Mazars;
(d) our professional advisors such as auditors and lawyers;
(e) analytics and search engine providers that assist us in the improvement and optimization of our website(s);
(f) any other party to whom you authorize us to disclose your personal information to.
6.3 All of these disclosures may involve the transfer of personal information to countries or regions without data protection rules similar to those in effect in Singapore or for UK / EU citizens, your area of residence. Where personal information is transferred to such countries, your information will be protected by appropriate safeguards in accordance with legal requirements.
6.4 We may store your personal information in a jurisdiction outside the country where the purpose is provided or where you are based. By providing personal information on our website, you consent to this transfer and/or storage of personal information across borders. We ensure that a standard of protection is accorded to your personal information so transferred in accordance with applicable law.
6.5 Personal information may also be disclosed to law enforcement, regulatory, or other government agencies, or to other third parties, in each case to comply with legal or regulatory obligations or requests.
6.6 We will take reasonable steps to protect your personal information against unauthorised disclosure.
6.7 Mazars will not transfer the personal information you provide to any third parties for their own direct marketing use.
7 Duration of Processing
7.1 We will retain your personal information for as long as the information is reasonably required to fulfil the purposes for which we collected the information, including for the purposes of satisfying any legal, accounting, or reporting requirements, or until you request that we delete that information.
7.2 We will put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (a) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (b) retention is no longer necessary for any other legal or business purposes.
8 Your Data Subject Rights
8.1 If Mazars processes personal information about you, you have the following rights:
(a) Access – you have the right to access any personal data that we hold about you, subject to the requirements of the PDPA. European and UK residents will have a right to request access of personal data subject to the requirements of the European and UK Data Protection Laws.
(b) Correction – you have the right to request correction of the personal data that we hold about you, subject to the requirements of the PDPA.
(c) Object to Processing – you have the right to object to us processing your personal information if we are not entitled to use it any more.
(d) Deletion - when requested and practical, Mazars will delete identifying information from current operational systems.
EU CITIZENS
EU citizens may, in accordance with GDPR, additionally ask us to:
(e) Restrict – in limited circumstances you may ask us to restrict processing only be carried with only your consent, for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
(f) Transfer – where certain conditions specific within the GDPR are met, you may ask us to port your personal data to another provider in a machine readable format.
We do not carry out automated decision taking. In the event this changes, we will provide you with an opportunity to exercise your rights set forth under GDPR in this respect.
8.2 Before providing you with access to your personal data or addressing any other requests from you relating to your personal data, we may ask for proof of identity as well as specific information on the nature of the request, so as to be able to adequately deal with your request.
8.3 When personally identifiable information is retained, Mazars assumes responsibility for keeping an accurate record of the information once a visitor of our website(s) has submitted and verified the data. Mazars does not assume responsibility for verifying the ongoing accuracy of the content of personal information or where provided to by us by clients and we act on their instructions only in respect of those data (as a data processor). When practically possible, if Mazars is informed that any personal data is no longer accurate, we will make appropriate corrections based on the updated information provided by the data subject.
8.4 If you would like to request for a copy of your personal data being held by us (such right being subject to applicable exemptions), or to update and/or correct the personal data which you have previously provided to us, you can send your enquiry / request to our Data Protection Officer whose contact details are provided below.
8.5 We will make all reasonable and practical efforts to comply with your requests, so long as it is consistent with applicable laws and professional standards.
8.6 If you withdraw your consent to any processing of your personal data, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. Do note that your withdrawal of consent will not affect our ability to collect, use or disclose your personal data for a specific purpose without your consent, if the PDPA or a provision in applicable law permits us to.
8.7 We may charge a fee that corresponds to the time and effort required to administer your request. This does not apply to EU / UK citizens covered by the GDPR provisions.
8.8 If the request is deemed to be frivolous or vexatious, we are entitled to refuse your request.
9. Marketing Emails
9.1 Some of our marketing emails may contain web beacons, web bugs, cookies or other similar technologies which enable us to understand whether you open, read, or delete the message and any interaction you make with links contained therein.
9.2 When you click on a link in a marketing email you receive from us, we may also use cookies to log what pages you view in accordance with our cookies policy. Further information about managing cookies and our detailed cookies policy can be found on our website under “Cookies Information” https://www.mazars.sg/Cookies-information
9.3 Targeted emails from us may include additional data privacy information as required by applicable privacy laws.
9.4 You may at any time amend or update your personal information or request us to stop using your personal data for direct marketing purposes by contacting our Data Protection Officer whose contact details are provided below.
9.5 In all cases we will give you the opportunity to opt-out of our direct-marketing activities. Opt-out can be achieved by responding using the unsubscribe options contained within the information you have received or by contacting us
10. Changes to this Statement
10.1 Mazars reserves the right to modify or amend this Privacy Statement at any time. Any changes to this policy will be posted on and can be viewed at https://www.mazars.sg/Legal-and-privacy. We recommend you check here regularly to ensure you remain in agreement with our data processing activities Your continued interaction with us, use of our services or any of our websites after any changes to this Privacy Statement will be regarded as acceptance of our practices around privacy and personal data.
10.2 The effective date will be displayed at the end of this Statement.
11. Policy Enquiries and Enforcement
11.1 Where applicable, your consent that is given pursuant to this Privacy Statement is additional to and does not supersede any other consents that you had provided to Mazars with regard to processing of your personal data.
11.2 For the avoidance of doubt, in the event that the PDPA permits an organisation such as us to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply. This also applies for European and UK Data Protection laws for European residents.
11.3 For any enquiries on our Privacy Statement, please send your enquiry to our Data Protection Officer at dpo@mazars.com.sg or to the below address:
Mazars LLP Singapore
135 Cecil Street, #10-01 MYP Plaza, Singapore 069536
11.4 If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the issue for you, you may take the matter to the Personal Data Protection Commission. Further details can be found via their website. For EU citizens, the European Commission maintains a list of data protection supervisory authorities who can be contacted and are found here.
Last Update was on 6 July 2020
——
Appendix 1: Descriptions of “legitimate interests” under 3.1(c), including but not limited to:
(a) For identification and verification purposes in connection with any of the goods and/or services that may be supplied to you by us or that you may request from us;
(b) To carry out your instructions, respond to any enquiry or deal with any feedback given by (or purported to be given by) you or on your behalf, including contacting you via phone/voice call, text message and/or fax, email and/or postal mail regarding your instructions, enquiries and/or feedback;
(c) To conduct research, analysis and development activities (including but not limited to data analytics, surveys, focus groups and/or profiling) to improve our services and facilities for your benefit, or to improve any of our programmes or events;
(d) To carry out due diligence or other screening activities (including security and background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;
(e) To prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests or dealing with and/or investigating complaints;
(f) To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or elsewhere), with which we or our affiliates/associated companies are expected to comply;
(g) To comply with or as required by any request or direction of any governmental authority; or respond to requests for information from hospitals, embassies, public agencies, ministries, statutory boards or other similar authorities;
(h) For marketing purpose where we send you news, information, materials and/or updates about events, marketing campaigns, products and/or services that we and/or our business partners provide, or on our behalf. In this regard, we will be doing so by way of postal mail and/or electronic transmission to your email address(es);
(i) To facilitate and/or deal with payment for goods and/or services provided by us or our subsidiaries, and/or a third party on our behalf including verification of credit card details with third parties and additionally, using the personal data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);
(j) To produce statistics and research for internal and/or statutory reporting and/or record-keeping requirements and performing Mazars policy/process reviews;
(k) To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside Singapore;
(l) To help us improve our services to you; and/or
(m) To store, host, back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore.