Privacy Policy

Introduction

Firmitas Law is committed to protecting the privacy and confidentiality of personal information entrusted to us. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applicable legal professional standards.

We recognize that individuals who engage our legal services place significant trust in us regarding sensitive information. This policy reflects our commitment to handling that responsibility with care and transparency.

For questions about this Privacy Policy or our data practices, please contact us at [email protected].

Information We Collect

We collect and process the following categories of personal information:

Contact Information

Name, email address, telephone number, business address, and other contact details you provide when inquiring about or engaging our services.

Professional Information

Business name, position, industry sector, and other professional details relevant to the legal services we provide.

Legal Matter Information

Details about the legal services you require, documents related to your matter, communications regarding your case, and other information necessary to provide legal assistance.

Financial Information

Billing details, payment information, and financial records related to our services.

Website Usage Data

Information collected through cookies and similar technologies when you visit our website, including IP address, browser type, pages visited, and time spent on pages.

How We Use Your Information

We use personal information for the following purposes:

Legal Service Delivery

Providing the legal services you have engaged us to perform, including intellectual property protection, employment law advisory, and corporate governance framework development.

Client Communication

Responding to inquiries, providing updates on your matter, scheduling consultations, and maintaining professional correspondence.

Billing and Administration

Processing payments, maintaining financial records, and managing client accounts in accordance with legal practice requirements.

Legal Compliance

Meeting our obligations under Malaysian law, including record-keeping requirements for legal practitioners, anti-money laundering regulations, and professional conduct standards.

Website Improvement

Analyzing website usage to enhance user experience and ensure effective communication of our services.

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: When you provide explicit consent to process your personal information.
• Contract: When processing is necessary to fulfill our legal service agreement with you.
• Legal Obligation: When we must process information to comply with legal or regulatory requirements.
• Legitimate Interest: When processing serves legitimate business purposes while respecting your privacy rights.

Data Retention

We retain personal information for different periods depending on its purpose and legal requirements:

• Client Matter Files: Seven years from completion of the matter, in accordance with legal practice record-keeping requirements.
• Financial Records: Seven years from the transaction date, as required by tax and accounting regulations.
• Inquiry Information: Two years from last contact if no engagement occurs.
• Website Analytics: 26 months from collection.

After retention periods expire, we securely dispose of or anonymize personal information unless extended retention is required by law or for legitimate legal purposes such as ongoing litigation.

Information Sharing

We maintain strict confidentiality as required by legal professional standards. We may share personal information only in the following limited circumstances:

With Your Consent

When you explicitly authorize us to share information with third parties.

Service Providers

With trusted third-party service providers who assist in delivering our services, such as document storage providers, payment processors, or IT support, under strict confidentiality agreements.

Legal Requirements

When disclosure is required by law, court order, or regulatory authority, or when necessary to protect legal rights.

Professional Advisors

With other legal professionals, accountants, or consultants when necessary for providing legal services, subject to equivalent confidentiality obligations.

We do not sell, rent, or trade personal information to third parties for marketing purposes.

Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction:

• Encrypted data transmission for online communications
• Secure document storage systems with access controls
• Regular security assessments and updates
• Employee training on data protection and confidentiality
• Physical security measures for office premises and paper files

While we take reasonable steps to protect personal information, no method of transmission or storage is completely secure. We encourage you to use secure communication methods when sharing sensitive information.

Cookies and Website Technologies

Our website uses cookies and similar technologies to enhance user experience and analyze site usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

You can control cookie preferences through your browser settings. However, disabling certain cookies may affect website functionality.

Your Rights

Under Malaysian data protection law, you have the following rights regarding your personal information:

Access

The right to request access to the personal information we hold about you.

Correction

The right to request correction of inaccurate or incomplete personal information.

Withdrawal of Consent

The right to withdraw consent for processing where consent is the legal basis, subject to legal or contractual restrictions.

Complaint

The right to lodge a complaint with the Personal Data Protection Commissioner if you believe we have not handled your personal information appropriately.

To exercise these rights, please contact us at [email protected]. We will respond to your request within the timeframes required by law. Please note that certain legal or professional obligations may limit our ability to fulfill some requests.

International Data Transfers

Personal information is primarily stored and processed within Malaysia. In limited circumstances, we may transfer data to service providers located outside Malaysia. When such transfers occur, we ensure appropriate safeguards are in place to protect your information in accordance with Malaysian data protection standards.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. When we make significant changes, we will notify clients through appropriate channels such as email or website notice. The "Last Updated" date at the top of this policy indicates when the most recent changes were made.

We encourage you to review this policy periodically to stay informed about how we protect your personal information.

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: