Privacy Policy and Cookies Notice.

  

Amendments and drafting notes are highlighted throughout. Yellow shading indicates amended or new text. Amber callout boxes contain drafting notes explaining changes.

At a Glance
This summary is a plain-language overview only. Please read the full policy below.
  • We collect personal data from customers, consultants, suppliers and website visitors.
  • We use it to deliver services, manage our business and (where you have not objected) for marketing.
  • We share it within the KorumLegal Group and with trusted service providers, never for their own use.
  • We transfer data to the UK, Singapore, Hong Kong and the US under appropriate safeguards.
  • We keep it only as long as necessary — generally for the duration of your relationship with us plus up to seven years.
  • You have rights to access, correct, erase or restrict your data. Contact hq@korumlegal.com.

The KorumLegal Group of companies (KorumLegal Group) is committed to protecting and respecting your privacy. This policy explains what personal data we collect, how we use it and your rights in relation to it.

This policy applies to personal data collected via our website www.korumlegal.com (Site), as well as data processed in the course of operating our business and providing our services. It covers potential and existing customers, consultants, suppliers and others who engage with the KorumLegal Group.

    

1. The KorumLegal Group

The KorumLegal Group is made up of different legal entities, details of which can be found on our website. This privacy policy is issued on behalf of the KorumLegal Group. References to KorumLegal, we, us or our refer to the relevant KorumLegal Group entity that is the controller of your personal data. Korum Consulting Limited (Hong Kong) is the controller responsible for the Site.

Contact

For any questions about this policy, or to exercise your rights, please contact us at: hq@korumlegal.com.

Changes

We keep this policy under regular review. The current version is published on this page. It is important that the personal data we hold about you is accurate; please notify us of any changes.

        

2. The Personal Data We Collect and How We Use It

Personal data means any information about an individual from which that person can be identified. Anonymous data falls outside this definition.

The table below provides an overview of our processing activities. More detail for each category follows.

Category Purpose Legal basis Retention Recipients
Customers Respond to enquiries; deliver services; KYC checks; marketing & events Contract; Legitimate interests; Legal obligation Duration of relationship + 7 years Group entities; IT providers; Regulators
Consultants Evaluate suitability; assignment matching; background checks; newsletters Contract; Legitimate interests; Consent (special category) Duration of engagement + 7 years Group entities; Customers; Reference checkers
Suppliers / Partners Contract performance; KYC; business development Contract; Legitimate interests; Legal obligation Duration of contract + 7 years Group entities; Professional advisors; Regulators
Website Users Site analytics; session management; security Legitimate interests; Consent (analytics cookies) Per cookie expiry (up to 2 years) HubSpot; Google Analytics; Cloudflare

Customers

Data we may collect: name, contact details (including email address and job title), work history, business relationships and networks, written records of discussions, and information submitted via the Site.

How we collect it: directly from you (by email, post, telephone, virtual or physical meetings, or via the Site) and from third-party sources including our professional networks, LinkedIn and other social media, publicly available information and market research.

Why we collect it: to respond to enquiries, carry out onboarding and KYC processes, deliver our products and services, and communicate with you. We also process data for business development and marketing, including inviting you to events and sending newsletters. You may unsubscribe at any time via the link in any email.

Consultants

Data we may collect: name, contact and residential details, CV content, business relationships and networks, and written records of discussions.

How we collect it: directly from you or via our networks, LinkedIn, publicly available information and (with your consent) reference providers.

Why we collect it: to evaluate your suitability for the KorumLegal consultant community (including background and reference checks), to match and notify you of assignments, to introduce you to customers, and for business development purposes. You may unsubscribe from marketing communications at any time.

Suppliers and Industry / Partner Contacts

Data we may collect: name and contact details of individuals within your organisation, records of our interactions and, for suppliers, identity and background information.

How we collect it: from you directly, via our networks, event delegate lists, publicly available sources and market research.

Why we collect it: to communicate in connection with our business activities, for marketing and events, and (for suppliers) to receive and pay for services and complete KYC and engagement processes.

Website Users — Cookies and Similar Technologies

When you visit our Site, data is collected via cookies and similar technologies. These do not generally store personally identifiable information. Please see our separate Cookie Notice for full details.

Special Categories of Personal Data

We do not collect special categories of personal data (e.g. health, criminal record) unless: (a) we have your explicit written consent; (b) we are required to by law; or (c) it is necessary for background or criminal record checks as part of our engagement processes.

Automated Decision-Making

We do not currently make solely automated decisions that produce legal or similarly significant effects about you. If we introduce automated profiling or AI-assisted decision-making in future, we will update this policy and take such steps as are required by applicable law, including providing meaningful information about the logic involved and your right to request human review.

          

3. Legal Basis for Processing

Our processing of personal data relies on one or more of the following legal bases:

Consent: where you have given us clear consent, for example to receive marketing communications or for us to process special category data.

Contract: where processing is necessary to perform a contract with you or to take pre-contractual steps at your request.

Legal obligation: where we must process data to comply with a legal or regulatory requirement.

Legitimate interests: where processing is necessary for our legitimate business interests — including responding to requests, providing and improving our services, business development, managing our operations, maintaining business relationships, conducting research and market analysis, and monitoring Site usage — provided those interests are not overridden by your rights and freedoms.

We will only use personal data for the purpose for which it was collected, or a compatible purpose. Where we need to process it for an unrelated purpose, we will notify you and confirm the applicable legal basis.

            

4. Disclosure of Your Personal Data

We may share your personal data with the following categories of third party:

  • Other KorumLegal Group entities, for operational, HR, finance, IT and sales and marketing purposes.
  • Customers and consultants, for the performance of contracts and service quality purposes.
  • IT service providers (acting as data processors), including providers of email and office tools, website hosting, CRM, accounting, billing and document management systems.
  • Professional advisors, including lawyers, bankers, accountants and auditors.
  • Regulators, law enforcement authorities and courts, as required.
  • Third parties providing onboarding and engagement services, including reference and criminal record checking agencies.
  • Analytics and search engine providers, to help us maintain and improve the Site.
  • Prospective buyers or merger partners, in the event we sell or restructure all or part of our business, subject to equivalent data protection obligations.

We require all third parties to maintain the security of your personal data, to treat it in accordance with the law, and to process it only for the specified purposes set out in our agreements with them.

International Transfers

We operate globally and may transfer personal data to countries outside the country in which it was originally collected, including the United Kingdom, Singapore and Hong Kong. Some of our data processors use cloud-based infrastructure with data centres in the US and elsewhere.

Where we transfer data internationally, we do so in compliance with applicable data protection law, using one or more of the following safeguards:

  • For transfers to the United States: reliance on the EU-US Data Privacy Framework (where the recipient is certified) or Standard Contractual Clauses (SCCs) approved by the European Commission (updated 2021 versions) and/or the UK International Data Transfer Agreement or Addendum, as applicable.
  • Standard Contractual Clauses or other approved transfer mechanisms for transfers to other third countries.
              

5. Data Security

We maintain appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, use, alteration or disclosure. Access to personal data is limited to those with a legitimate business need, and all such persons are subject to a duty of confidentiality.

Please note that the transmission of data via the internet is not entirely secure. Whilst we take all reasonable steps to protect personal data transmitted to our Site, we cannot guarantee its security in transit.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by law, and will inform affected individuals without undue delay where required.

            

6. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, including any applicable legal, regulatory, tax or accounting requirements. When determining the appropriate retention period, we consider the volume, nature and sensitivity of the data, the risk of harm from unauthorised use or disclosure, and the purposes for which we hold it.

As a general guide:

Customer and consultant engagement records: Duration of the relationship + 7 years (to cover potential contractual and limitation period claims)

Financial and invoicing records: 7 years from the end of the relevant financial year (statutory accounting / tax requirements)

Unsuccessful consultant applications: Up to 12 months from the date of our decision (to defend any potential claims)

Marketing consent records: Duration of the consent + 3 years

Website analytics data: Up to 26 months (per Google Analytics default settings)

Cookie consent records: Up to 13 months (per cookie expiry)

              

7. Your Rights

Subject to applicable law, you may have the right to:

Access: request a copy of the personal data we hold about you.

Rectification: ask us to correct inaccurate or incomplete personal data.

Erasure: request deletion of your personal data where there is no lawful reason for us to continue processing it.

Objection: object to processing based on our legitimate interests, including for direct marketing purposes.

Restriction: ask us to suspend processing of your personal data in certain circumstances.

Portability: receive your personal data in a structured, commonly used format, or ask us to transmit it to another controller.

Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hq@korumlegal.com. We aim to respond within the timeframe required by applicable law (typically one calendar month). We will not charge a fee unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline the request.

Please note that our Site may contain links to third-party websites, plug-ins and applications. We are not responsible for those third parties' privacy practices; please review their own policies.

                  

8. Complaints

If you have concerns about how we process your personal data, please contact us in the first instance at hq@korumlegal.com. You also have the right to lodge a complaint with a supervisory authority:

UK data subjects: the Information Commissioner's Office (ICO) at ico.org.uk

EU data subjects: the supervisory authority in your EU member state of habitual residence or place of work

Hong Kong / Singapore: the Office of the Privacy Commissioner for Personal Data (Hong Kong) or the Personal Data Protection Commission (Singapore)

COOKIES NOTICE

Our website www.korumlegal.com uses cookies to distinguish you from other users. This helps us provide a better experience and allows us to improve our Site.

A cookie is a small file of letters and/or numbers placed on your browser or device. We use the following types of cookies:

Strictly Necessary Cookies

These are essential for the operation of our Site and cannot be switched off.

Cookie Purpose Expiry
__hs_opt_out Remembers that the visitor does not wish to be asked to accept cookies again. 13 months
__cfruid Set by Cloudflare for rate-limiting purposes. Session

 

Analytical / Performance Cookies

These help us understand how visitors use our Site. We only set these cookies with your consent.

Cookie Purpose Expiry
__hstc Main HubSpot tracking cookie. Stores domain, visitor ID, and session timestamps. 13 months
__hubspotutk Tracks visitor identity for deduplication on form submission. 13 months
__hssc Tracks session number and page views within a session. 30 minutes
__hssrc Detects browser restarts to determine new sessions. Session
_ga Google Analytics — distinguishes users via a randomly assigned identifier. 2 years
_gid Google Analytics — stores and updates a value for each page visited. 24 hours

 

Managing Cookies

You can block or delete cookies by adjusting your browser settings. However, doing so may affect your experience of the Site. Please refer to your browser's help documentation for instructions.

For Google Analytics, you can opt out via google.com/settings/ads or by installing the Google Analytics Opt-out Browser Add-on.

Third-party links on our Site may set their own cookies. We do not control these; please consult the relevant third-party privacy and cookies policies.