Privacy & Data Protection Policy (PDPA)
Effective date: 15 September 2025
Website: ll-hq.com (“Site”)
Organisation: “LL” (“we”, “us”, “our”)
1) Scope
This Policy explains how we collect, use, disclose, protect and retain personal data when you use the Site or engage us. It reflects Singapore’s Personal Data Protection Act 2012 (PDPA) obligations and related guidelines. We make information about our data-protection policies and our Data Protection Officer’s (DPO) business contact publicly available.
2) What we collect
Enquiry data: Information you submit via our forms (e.g., name, email, country/region, role, and your message).
Communications: Records of calls or messages during intake and engagement.
Technical data: IP address, device/browser details, pages viewed, cookie preferences (see 10).
Engagement artifacts (if you become a client): Limited personal data in documents we coordinate (e.g., KYC packs) with regulated partners.
We collect only what is reasonable for the stated purposes and notify you of those purposes.
3) Why we use your data (purposes)
To respond to and manage enquiries and scheduling.
To operate the Site, ensure security, and improve content.
To prepare, perform, and administer engagements you request.
To comply with laws, regulations, audits, or requests from competent authorities.
We obtain consent where required, and you may withdraw consent with reasonable notice (see 9). We do not sell personal data.
4) Disclosures (who we share with)
Service providers (processors): Hosting, security, email and workflow tools, analytics (if enabled). They act on our instructions and under confidentiality.
Regulated partners (on your instruction): Banks, trustees, law/tax firms, and administrators required for your engagement.
Regulatory/legal: Where disclosure is required by law or to establish/exercise legal claims.
5) Retention
We keep personal data only as long as needed for our purposes or legal/business requirements, then delete or anonymise it.
6) Protection
We use administrative, technical and organisational measures appropriate to the risk (access controls, least-privilege, encryption in transit, secure configurations).
7) Cross-border transfers
We may process personal data in Singapore, Malaysia, and other locations where our service providers operate. When data is transferred outside Singapore, we ensure a comparable standard of protection in line with the PDPA’s Transfer Limitation Obligation (e.g., contractual safeguards).
8) Access & correction
You may request access to or correction of your personal data that we hold. Submit requests via our Data Protection Contact form (see 11).
9) Withdrawing consent
You may withdraw consent for non-essential processing via the same form. We will inform you of likely consequences and, after withdrawal, cease the relevant collection/use/disclosure.
10) Cookies & similar technologies
Essential cookies run the Site (security, load balancing, your cookie preference).
Non-essential/analytics cookies (if enabled) help us understand Site performance and are off until you consent via our banner. You can Decline all or Manage cookies at any time.
PDPA note: consent is required where cookies collect personal data; we restrict non-essential cookies unless you opt in.
11) How to contact us about personal data (no email displayed)
Use our Data Protection Contact page below.
12) Data breach notification
If a notifiable data breach occurs, we will assess and notify the PDPC as soon as practicable and no later than 72 hours after assessment, and notify affected individuals as required.
13) Children
Our Site and services are not directed to children. If you believe a child’s data was provided to us, use the contact route in 11.
14) Updates to this Policy
We may update this Policy periodically. Material changes will be reflected by updating the “Effective date” above.