Privacy Policy

1. Data Controller

The data controller responsible for personal data collected through this website and in connection with our services is:

Lexvault
16 Jalan P. Ramlee, 50250 Kuala Lumpur, Wilayah Persekutuan, Malaysia
Telephone: +60 3-2032 8457
Email: privacy@{{DOMAIN}}

2. Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

Information you provide directly

• Full name and preferred salutation
• Contact information, including telephone number and email address
• Company name, registration number, and business address where applicable
• Details of the legal matter or enquiry you submit to us
• Identity documentation where required to commence an engagement

Information collected automatically

• IP address and approximate geographic location derived from it
• Browser type, version, and operating system
• Pages visited, time spent on each page, and referral source
• Device identifiers and session identifiers
• Cookie data, where consent has been given (see Section 9)

3. Lawful Basis for Processing

We process personal data on the following bases as recognised under the PDPA 2010:

• Consent — where you have given clear consent for us to process your data for a specific purpose, such as marketing communications or analytics cookies.
• Contractual necessity — where processing is necessary to perform a contract with you or to take steps at your request prior to entering a contract.
• Legal obligation — where we are required to process data to comply with a legal or regulatory obligation applicable to us.
• Legitimate interests — where we have a legitimate interest in processing your data, provided this does not override your fundamental rights and interests.

4. Purpose of Collection

We collect and use personal data for the following purposes:

• To respond to enquiries submitted through our contact forms or by telephone
• To administer and deliver the legal services you have engaged us for
• To prepare engagement letters, invoices, and service-related correspondence
• To comply with applicable Malaysian laws, court orders, or regulatory requirements
• To maintain records of our professional engagements as required under the Legal Profession Act 1976
• To improve the functionality and content of this website
• To send service-related updates where you have requested them

We do not use your personal data for unsolicited marketing without your prior consent. You may withdraw consent at any time by contacting us at the address in Section 13.

5. Disclosure to Third Parties

We do not sell, rent, or trade your personal data to any third party. We may share your data in the following limited circumstances:

• Service providers — We engage certain trusted third-party providers to assist in operating our website and business (e.g., hosting, email delivery, analytics platforms). These parties are contractually bound to handle data only as instructed and in compliance with applicable law.
• Regulatory and government bodies — We may disclose data to MyIPO, the Malaysian Bar Council, the Inland Revenue Board, or other authorities where required by law or necessary to provide the services engaged.
• Professional advisors — In limited circumstances, data may be shared with other qualified professionals engaged to assist on a matter, subject to confidentiality obligations.
• Legal proceedings — We may disclose data if required to do so by a court order or other legal process.

6. Data Retention

We retain personal data for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The following general retention periods apply:

• Client engagement records and documents: seven (7) years from the conclusion of an engagement, in keeping with standard Malaysian legal practice and Limitation Act 1953 considerations
• Website enquiry data where no engagement followed: twelve (12) months from the date of enquiry
• Analytics and usage data: twenty-six (26) months
• Marketing consent records: retained until consent is withdrawn, then deleted within sixty (60) days

When personal data is no longer required, it is securely deleted or anonymised so it can no longer be attributed to an individual.

7. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• HTTPS encryption for all website communications
• Access controls limiting data access to authorised personnel only
• Regular review of internal data handling procedures
• Secure disposal of physical documents containing personal data

No method of electronic transmission or storage is entirely without risk. We take reasonable steps to safeguard your data but cannot warrant absolute security.

8. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the following rights in respect of your personal data:

• Right of access — You may request a copy of the personal data we hold about you.
• Right of correction — You may request that inaccurate or incomplete data be corrected.
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.
• Right to prevent processing for direct marketing — You may request that we cease using your data for any direct marketing purpose.

To exercise any of these rights, please contact us in writing at the address in Section 13. We will respond within twenty-one (21) business days. Certain requests may be subject to a fee as permitted under the PDPA.

9. Cookies and Tracking

This website uses cookies and similar tracking technologies. Detailed information about the specific cookies we use, their purpose, and your choices is set out in our Cookie Policy.

When you first visit this website, you will be presented with a cookie consent notice that allows you to choose which non-essential cookies to accept. You may change your preferences at any time by clearing your browser's cookies and revisiting the site.

10. Third-Party Links

This website may contain links to external websites operated by third parties, including MyIPO, the Malaysian Bar Council, and government portals. These sites have their own privacy policies and are not covered by this Policy. We encourage you to review their policies before submitting any personal data.

11. Children's Privacy

Our services are intended for adults and businesses. We do not knowingly collect personal data from individuals under the age of eighteen (18). If you believe a minor has submitted personal data to us, please contact us and we will take steps to remove it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. The version number and date at the top of this page will be updated accordingly. For material changes, we will make reasonable efforts to notify affected individuals.

Continued use of this website following the posting of changes constitutes your acknowledgment of the revised Policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights under the PDPA, or have a concern about how your personal data has been handled, please contact us:

Privacy Enquiries — Lexvault
16 Jalan P. Ramlee, 50250 Kuala Lumpur, Wilayah Persekutuan
Email: privacy@{{DOMAIN}}
Telephone: +60 3-2032 8457

We aim to resolve all privacy-related enquiries promptly and transparently. If you remain dissatisfied, you may contact the Department of Personal Data Protection Malaysia.