Trusted corporate legal advisor — data protection focused

General Privacy Principles

Lumora Path collects and processes personal data necessary to deliver corporate legal services and manage client relationships. We handle data responsibly, limit access to authorised staff and service providers, and adopt reasonable technical and organisational measures to protect information. Our policies support transparent choices for clients and visitors while enabling lawful professional services and regulatory compliance.

18-02-2026
Lumora Path, Business ID S3110050A, 261 Waterloo Street, Singapore, 180262
261 Waterloo Street, Singapore, 180262
[email protected]
01

Definitions

This section explains key terms used in the policy, so readers understand references to personal data, processing and related concepts within the context of our legal services.

Personal data means any information that relates to an identifiable individual, including names, contact information, corporate affiliation, identification numbers and other identifiers provided during client onboarding or transaction support. Processing refers to any operation performed on personal data, such as collection, recording, organization, structuring, storage, retrieval, use, disclosure, erasure or destruction, performed to provide legal services and manage client relationships. A user is any individual who interacts with Lumora Path, including clients, company representatives, potential hires, website visitors and third parties whose data is supplied to us in the course of delivering services. Service means the legal, compliance and advisory offerings provided by Lumora Path to enterprises, including contract drafting, corporate secretarial support, regulatory advice and dispute avoidance strategies. Cookies are small text files placed on a device by a website to store preferences, enable functionality and measure usage. We use cookies to deliver an improved online experience and to gather analytics to improve our services.
02

Data We Collect

We collect information directly from users, automatically through website interactions, and from third parties when necessary to provide services. The categories below describe typical data we process in those contexts.

Data Provided by Users

When you engage our services or contact us, you may provide personal and corporate information necessary for onboarding and legal work, including:

  • Contact details: name, business email address, corporate telephone number and business mailing address
  • Company information: corporate registration numbers, partner and director details, company structure and business activity descriptions
  • Identification and verification data: copies of identification documents and corporate authorisation records when required for compliance
  • Engagement specifics: contract drafts, transactional details, negotiating positions and legal instructions relevant to the engagement
  • Payment and billing information required to process invoices and manage accounts
  • Communications and support records such as emails, meeting notes and recorded advice provided during the relationship

Automatically Collected Data

When you visit lnorapath.biz or interact with our digital services, we collect certain technical and usage data to operate and improve our site.

  • Device and browser information including IP addresses, browser type and version, and operating system
  • Website usage and interaction data such as pages visited, duration, click paths and form submissions
  • Analytics data from cookies and similar technologies that help us understand site performance and user preferences
  • Performance and error logs to diagnose technical issues and enhance reliability
  • Geolocation data inferred from IP addresses to help with localisation of content and compliance checks
  • Security data related to suspicious activity detection including failed login attempts and system access logs

Data from Third Parties

We may obtain relevant personal data from third parties to complete client instructions or meet legal and regulatory obligations.

  • Professional advisers and counterparties who supply corporate or transactional data required for legal work
  • Payment processors and billing partners for invoicing and transaction reconciliation
  • Public registries and corporate databases for verification of company records and director information
03

Purposes of Processing

We process personal data for legitimate and necessary purposes connected to delivering professional legal services and maintaining the client relationship. Examples include:

  • Delivering contracted legal services such as contract drafting, corporate secretarial tasks and regulatory advice
  • Onboarding, client identity verification and Know-Your-Client checks required for compliance
  • Billing, accounting and debt recovery related to provided services
  • Communicating updates, legal notices and information about matters you have engaged us to handle
  • Improving our website, services and internal processes through analytics and feedback
  • Detecting, preventing and responding to fraud, security incidents or breaches
  • Defending or establishing legal rights in connection with disputes or regulatory matters
  • Recruitment and talent assessment for positions within Lumora Path where applicable

Legal Bases for Processing

We rely on appropriate legal bases to process personal data, consistent with applicable data protection principles and local regulation.

  • Performance of a contract: processing necessary to deliver agreed legal services and meet contractual obligations
  • Legal or regulatory obligation: processing required to comply with statutory duties, court orders or regulatory inquiries
  • Legitimate interests: processing that supports business operations, security, and defense of legal claims, balanced against individual rights
  • Consent: where required for marketing communications or optional features, with straightforward opt-out mechanisms

Data Subject Rights and GDPR Principles

Individuals who fall under the scope of the GDPR have specific rights. We aim to respect and facilitate these rights while ensuring lawful professional service delivery.

  • Right of access: individuals may request confirmation of whether we process their personal data and obtain a copy
  • Right to rectification: incorrect or incomplete personal data can be corrected upon request
  • Right to erasure: in certain situations, individuals may request deletion of their personal data where retention is no longer necessary
  • Right to restriction of processing: request to limit how data is used while a dispute or verification is ongoing
  • Right to data portability: where applicable, provision of personal data in a structured, commonly used and machine-readable form
  • Right to object: individuals may object to processing based on legitimate interests or for direct marketing, subject to statutory exceptions
04

Cookies and Similar Technologies

Cookies are used on lnorapath.biz to support site functionality and gather analytics. You can control cookie settings via your browser and certain preferences presented on the site.

Types of cookies we use include essential cookies (required for site operation), performance cookies (analytics) and functional cookies (preferences). We do not use cookies for profiling beyond standard analytics without explicit consent.

Essential: enable website core functions. Analytics: help us improve content and navigation. Functional: remember user choices and session data.

Most browsers allow you to block or delete cookies. You can manage your preferences through browser settings or the cookie controls presented on our site. Blocking certain cookies may affect site functionality.

Full cookie policy available at lnorapath.biz/cookie-policy

How We Share Data

We disclose personal data only as necessary to perform services, comply with laws, or to operate our business responsibly. Disclosure is limited and governed by agreements where appropriate.

  • Affiliated service providers and specialist legal partners engaged to support client matters
  • Payment and billing processors to complete business transactions
  • Regulators, courts, or government authorities when required by law or to respond to official requests
  • Professional advisors such as auditors and external counsel where their input is necessary for service delivery
  • Potential acquirers or business partners in the event of a sale, merger or corporate restructuring, with appropriate confidentiality safeguards
  • Analytics providers for aggregate reporting and website performance evaluation, under data processing agreements

International Data Transfers

Personal data may be transferred to jurisdictions outside Singapore to support client matters or to engage service providers. Transfers are assessed on a case-by-case basis and limited to what is necessary for the engagement.

Where transfers occur, Lumora Path implements safeguards such as standard contractual clauses, data processing agreements, or other appropriate measures to maintain an adequate level of protection consistent with applicable law.

Data Retention

We retain personal data only as long as needed for the purposes described, subject to contractual, legal and regulatory obligations.

Client account records and corporate documentation are retained for a period consistent with regulatory recordkeeping requirements and professional standards, typically multiple years after the end of an engagement.

Communications and matter-related correspondence are retained for as long as necessary to manage the matter and to meet any applicable legal obligations or defense needs.

Technical logs and access records are retained for operational, security and troubleshooting purposes for a defined period that balances utility and privacy.

When data is no longer required, we securely delete or anonymize personal data in accordance with our internal retention schedules and applicable law. Individuals may request deletion where appropriate under the law.

Security Measures

Lumora Path applies industry-standard technical and organizational measures to protect personal data, including access controls, encryption for data in transit and at rest where appropriate, secure backups, regular security assessments, and role-based access restrictions. We also maintain incident response procedures to address and remediate any security events promptly. For specific security inquiries, contact our data protection team.

  • Role-based access controls and least-privilege policies to ensure only authorized Lumora Path team members can view or process client records.
  • Data encryption in transit (TLS) and at rest using industry-standard algorithms to protect sensitive corporate legal information hosted or platform via lnorapath.biz.
  • Regular vulnerability scans, security patch management, and routine backups with isolated storage to reduce risk and maintain availability of client files.
05

Your Rights

As a client or visitor of Lumora Path, you have specific privacy rights regarding the personal and corporate data we process. Below are the primary rights available to you along with concise guidance on how to exercise them.

  • Right of access — request a copy of personal data we hold about you and receive a summary of how it is used.
  • Right to rectification — ask us to correct inaccurate or incomplete information related to your account or corporate records.
  • Right to restriction of processing — request temporary limitation of processing while a dispute over accuracy or lawfulness is resolved.
  • Right to object — object to specific processing activities based on legitimate interests where applicable.
  • Right to data portability — receive a structured, commonly used, machine-readable copy of certain personal data you provided to us.
  • Right to withdraw consent — when processing is based on consent, you may withdraw that consent at any time without affecting processing prior to withdrawal.
  • Right to erasure — request deletion of personal data in cases required by law, subject to legal retention obligations for corporate records.
  • Right to lodge a complaint — if you are not satisfied with our response, you may contact the relevant Singapore data protection authority.

How to make a privacy request

Submit a privacy rights request to Lumora Path by email or post. Provide your full name, Business ID or client reference, the nature of your request, and supporting identification. We will confirm receipt and advise next steps. For secure handling, use the contact details below or the secure form on lnorapath.biz.

[email protected]

We aim to acknowledge requests within 5 business days and to provide a substantive response within 30 calendar days. Complex requests may require additional time; if so, we will notify you with an expected completion date.

Marketing and communications

Lumora Path may send service updates, legal insights, and event invitations relevant to corporate legal needs. Communications are tailored to enterprise clients and can be adjusted based on your preferences. Marketing messages will clearly identify Lumora Path and provide options to manage contact frequency.

To stop marketing emails, use the unsubscribe link in any marketing message or update preferences via your account on lnorapath.biz. If you prefer assistance, contact our team and we will update your contact preferences promptly.

Children's data

Lumora Path does not target or offer legal services to minors. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected data of a minor, we will take steps to delete it unless retention is required for legal reasons.

Third-party links

Our website may include links to third-party services or resources. These sites have their own privacy practices and Lumora Path is not responsible for their content or policies. Review third-party privacy notices before sharing personal or corporate information.

Changes to this privacy policy

Lumora Path may update this privacy information to reflect changes in law, business operations, or services. Material changes will be posted at lnorapath.biz with an updated effective date. We encourage clients to review the policy periodically.