LEGAL DOCUMENT
Privacy Policy
Meranti Legal · Last Updated: 10 March 2026 · Effective: 10 March 2026
1. Introduction
Meranti Legal ("we", "us", "our") is committed to handling personal data responsibly and in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with the services we provide and the operation of this website.
By engaging our services or using this website, you acknowledge that you have read and understood this policy. If you have questions about how your data is handled, please contact us using the details in Section 10.
2. Personal Data We Collect
We collect personal data only when it is reasonably necessary for our business purposes. The categories of data we may collect include:
Data provided directly by you:
- Full name and contact details (email address, telephone number)
- Business information (company name, intended activities, directorship details)
- Correspondence submitted through our contact form or by email
- Identity documents required for corporate formation or compliance work (collected only when an engagement is formalised)
Data collected automatically:
- Browser type and operating system (via analytics tools)
- Pages visited and time spent on this website
- IP address and approximate geographic location
- Referral source (how you reached this website)
We do not collect sensitive personal data (such as NRIC numbers, financial account details, or health information) through this website. Any sensitive documentation required during a formal engagement is collected through a separate, secure process.
3. Legal Basis for Processing
We process personal data on the following grounds under the PDPA:
- Consent: Where you have provided consent, such as submitting the contact form or accepting cookies on this website.
- Contractual necessity: Where processing is required to perform services you have engaged us for, or to take pre-contractual steps at your request.
- Legitimate interests: Where we have a legitimate business interest in processing data, such as improving our services, maintaining records, or responding to enquiries — provided these interests do not override your rights.
- Legal obligation: Where processing is required by applicable law, including anti-money laundering and know-your-client requirements that apply to corporate service providers in Singapore.
4. How We Use Personal Data
Personal data collected is used for the following purposes:
- Responding to enquiries submitted through the contact form or by telephone or email
- Providing corporate formation, structure advisory, and compliance review services
- Preparing engagement letters, constitutional documents, and ACRA submissions
- Communicating service updates, filing reminders, and related information relevant to your engagement
- Improving the usability and content of this website through aggregated analytics data
- Complying with regulatory obligations applicable to corporate service providers under Singapore law
We do not sell, rent, or trade personal data to third parties for marketing purposes.
5. Disclosure of Personal Data
We may share personal data with the following categories of recipients, where necessary:
- ACRA (Accounting and Corporate Regulatory Authority): Required for company name reservations, incorporation filings, and annual return submissions on behalf of clients.
- Analytics service providers: Aggregated, anonymised data may be processed by analytics tools (such as Google Analytics) to help us understand website usage. These providers operate under their own data protection commitments.
- Professional advisers: Legal counsel or consultants engaged by Meranti Legal where their involvement is relevant to your matter, subject to confidentiality obligations.
- Law enforcement or regulatory authorities: Where required by law or in response to lawful requests, including Singapore's anti-money laundering and counter-terrorism financing regulations.
In all cases, we share only the minimum data necessary for the stated purpose.
6. Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Enquiry data (contact form submissions not leading to an engagement): up to 12 months
- Client engagement records: 7 years from the conclusion of the engagement, in accordance with applicable record-keeping requirements
- Website analytics data: as configured by the analytics provider, typically up to 26 months
When data is no longer required, it is deleted or anonymised in a manner that prevents reconstruction of personal information.
7. Data Protection Measures
We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:
- Secure HTTPS connections for all data transmitted through this website
- Access controls limiting data access to authorised team members
- Regular review of data handling procedures and third-party service configurations
- Secure document storage for client files, with restricted physical and digital access
In the event of a data breach that poses a risk to affected individuals, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the mandatory breach notification requirements under the PDPA.
8. Cookies
This website uses cookies to support basic functionality and analytics. For a detailed explanation of the cookies used, the purposes they serve, and how to manage your preferences, please read our Cookie Policy.
9. Your Rights
Under the PDPA and associated data protection principles, you have the following rights in relation to personal data we hold about you:
- Right of access: You may request confirmation of whether we hold personal data about you, and a copy of that data.
- Right of correction: You may request correction of any inaccurate or incomplete personal data we hold.
- Right of withdrawal of consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the legality of processing carried out before withdrawal.
- Right to lodge a complaint: You may lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg if you consider that your data protection rights have not been respected.
To exercise any of these rights, please contact us using the details in Section 10 below. We will respond to requests within 30 calendar days.
10. Third-Party Links
This website may contain links to external websites, including ACRA's BizFile+ portal and Singapore government resources. Meranti Legal is not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any third-party websites you visit.
11. Children's Privacy
Our services are directed at individuals aged 18 and above. We do not knowingly collect personal data from individuals under 18. If we become aware that personal data from a person under 18 has been submitted to us, we will take steps to delete that data promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Where changes are material, we will update the "Last Updated" date shown at the top of this page. We encourage you to review this policy periodically.
13. Contact Information
For privacy-related questions, access or correction requests, or to raise a concern about how we handle your data, please contact us:
- Email: privacy@merantilegaloe
- Telephone: +65 6734 8291
- Post: Meranti Legal, 61 Robinson Road, #14-02, Singapore 068893
This policy applies to Meranti Legal and its operations within Singapore. It is governed by Singapore law and the Personal Data Protection Act 2012 (No. 26 of 2012).