Privacy Policy – DSEA LEGAL

15 May 2026

PRIVACY POLICY

1. Introduction

Thank you for visiting our website (“Website”) and for your interest in DSEA LEGAL (the “Firm”, “we”, “us”, or “our”).

We are committed to safeguarding the privacy and integrity of personal data and recognize the importance of maintaining the trust and confidence of our clients, contacts, and visitors. We approach the collection and processing of personal data with the utmost care, transparency, and respect for applicable legal and regulatory standards.

This Privacy Policy explains how we collect, use, and protect personal data in the course of our activities, including through this Website.

Given its international presence, the Firm adopts a high standard of data protection and generally aligns its practices with the principles of the EU General Data Protection Regulation (GDPR), while taking into account the specific requirements of applicable laws in jurisdictions such as Singapore and Vietnam.

This Policy applies to all users globally, including clients and prospective clients from Europe, China, and other jurisdictions.

2. Data Controller

The primary data controller is:

DSEA LEGAL
Ana Raga Pascual
Email: raga@dsealegal.com
600 North Bridge Road #13-06 Parkview Square, Singapore
LD: +6562262968

The Vietnam office of the Firm acts as an affiliated entity and may process personal data on behalf of the Firm in its capacity as data controller.

3. Principles of Processing

We process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes, unless permitted under applicable data protection law.

We ensure that personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed, and that it is accurate and, where necessary, kept up to date.

Personal data is retained in a form which permits identification of data subjects only for as long as is necessary for the purposes for which it is processed, subject to applicable legal, regulatory, or professional retention obligations.

We implement appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

4. Personal Data We Collect

We may collect and process Personal Data provided directly by data subjects, including identification and contact details, professional information, correspondence and communications, and any other information voluntarily submitted in the context of enquiries or the provision of legal services.

We may also collect data automatically, including IP address and approximate geolocation, browser type, operating system, device identifiers, pages visited, referring URLs, time spent on pages, clickstream data, and cookies and similar technologies.

We may additionally receive data from third parties, including professional advisers, business partners, collaborators, counterparties, clients, public authorities, and other relevant organizations involved in the provision of services or in the context of legal, compliance, or administrative proceedings.

5. Legal Basis for Processing

5.1 Singapore (PDPA)

Under Singapore’s PDPA, we rely on your deemed or express consent, and on legitimate interests, to collect and use your personal data for the purposes described in Section 6.

5.2 European Union and United Kingdom (GDPR/UK GDPR)

For individuals in the EEA and UK, we process Personal Data on the following legal bases under Article 6 GDPR: consent (Art. 6(1)(a)); contract performance (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)); and legitimate interests (Art. 6(1)(f)).

Where we process special categories of Personal Data (Art. 9 GDPR), we rely on explicit consent or applicable exemptions under member state law.

5.3 China (PIPL)

For individuals in mainland China, we process Personal Data on the bases set out under Article 13 of the PIPL, including consent, contract necessity, statutory duties, and legitimate interests. We obtain separate and specific consent before processing sensitive personal data, transferring data outside China, or making automated decisions that significantly affect your rights.

5.4 Vietnam

Under Decree 13/2023/ND-CP, we process Personal Data on the basis of your consent, or as permitted by law for the performance of contracts or compliance with legal obligations. Processing sensitive Personal Data requires your explicit written consent.

6. Use/Purpose of Personal Data

We collect and use personal data for the following purposes: responding to legal inquiries and providing legal services; conducting client onboarding including KYC and AML checks; managing our relationship with you; sending legal updates and newsletters where consented; operating and improving our Website; ensuring security and preventing fraud; complying with legal and regulatory obligations; and conducting internal analytics and business development.

7. International Data Transfers

7.1 Transfers from Singapore

Transfers of personal data from Singapore to overseas recipients are made in accordance with the PDPA’s data transfer obligations, including ensuring comparable protection under binding legal instruments or relying on applicable exceptions.

7.2 Transfers from the EEA/UK

Where we transfer personal data from the EEA or UK to third countries, we rely on European Commission or UK adequacy decisions where applicable, Standard Contractual Clauses (SCCs), or other approved transfer mechanisms under Chapter V of the GDPR.

7.3 Transfers from Vietnam

Cross-border transfers of personal data from Vietnam are subject to the requirements of Decree 13/2023/ND-CP. We store all personal data of Vietnamese data subjects within Vietnam unless a lawful transfer mechanism applies.

7.4 Transfers from China

Outbound transfers of personal information from mainland China are conducted only after fulfilling the conditions set out in Chapter III, Section 3 of the PIPL, which may include passing a security assessment, obtaining certification, entering into standard contracts, or obtaining your explicit consent.

8. Data Sharing

We do not sell personal data. We may share your information with affiliates and offices within the Firm; third-party vendors under data processing agreements; where required by law or court order; with auditors, insurers, and co-counsel subject to confidentiality obligations; and in connection with a merger, acquisition, or restructuring.

9. Data Retention

We retain personal data only for as long as necessary: client matter files for a minimum of 7 years; marketing contact data until consent is withdrawn; website analytics data for up to 26 months; and KYC/AML records for a minimum of 5 years.

10. Your Rights

10.1 Rights under GDPR (EEA/UK)

Right of access, rectification, erasure, restriction, data portability, and right to object. You may also withdraw consent at any time and lodge a complaint with a supervisory authority.

10.2 Rights under Singapore PDPA

Right of access, right to correction, and right to withdraw consent subject to legal or contractual restrictions.

10.3 Rights under China PIPL

Right to know and decide, restrict or refuse processing, access and copy, portability, correction, deletion, and explanation of automated decision-making.

10.4 Rights under Vietnam Decree 13/2023/ND-CP

Right to be informed, right of access, correction and deletion, right to object or restrict processing, right to withdraw consent, and right to lodge a complaint with the Ministry of Public Security.

To exercise any of your rights, please contact: raga@dsealegal.com. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing your request.

11. Cookies and Tracking Technologies

Our Site uses strictly necessary cookies, analytics cookies (e.g. Google Analytics, with consent where required), functional cookies, and marketing cookies (only where consent is obtained). You can modify your cookie preferences at any time using the cookie management banner on this site.

14. Data Security

We implement technical and organizational measures including encryption in transit (TLS) and at rest, access controls, regular security assessments, staff training, and incident response procedures. In the event of a personal data breach, we will notify relevant supervisory authorities and affected individuals in accordance with applicable timelines.

15. Contact

DSEA LEGAL
Ana Raga
Email: raga@dsealegal.com
600 North Bridge Road #13-06 Parkview Square
LD: +6562262969

16. Updates to this Policy

We may update this Privacy Policy from time to time. Updates will be published on this page with a revised effective date.

17. Governing Law

This Privacy Policy is primarily governed by the laws of Singapore. However, to the extent that applicable mandatory data protection laws of other jurisdictions (including the EU GDPR, UK GDPR, China PIPL, and Vietnam Decree 13/2023) apply to your personal data, those laws will take precedence with respect to your rights and our obligations under those regimes.