Legal & Compliance
Privacy Policy
Last Updated: 12 March 2026 | Effective Date: 12 March 2026
This Privacy Policy applies to personal data collected and processed by Perdana Legal (hereinafter "we", "us", or "the Firm") in connection with our legal advisory services. We are committed to handling your personal data responsibly in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).
1. Data Controller
Perdana Legal acts as the data controller for personal data collected through this website and in connection with our legal services. Our registered place of business is:
Perdana Legal
Level 22, Tower 2, Petronas Twin Towers
KLCC, 50088 Kuala Lampur, Malaysia
Tel: +60 3-2382 6714
Email: [email protected]
2. Personal Data We Collect
Depending on how you interact with us, we may collect the following categories of personal data:
Identity & Contact Information
- Full name and designation
- Email address
- Telephone or mobile number
- Business address or registered office address
Transaction-Related Information
- Nature and structure of proposed transactions
- Company registration details of counterparties
- Details of commercial arrangements under discussion
- Documentation shared for review purposes
Technical & Usage Data
- IP address and browser type
- Pages visited and time spent on site
- Referral source and device type
- Cookie identifiers (see Section 9)
3. How We Collect Personal Data
We collect personal data through the following means:
- Enquiry and contact forms submitted on this website
- Email or telephone communications initiated by you
- Client engagement and onboarding documentation
- Cookies and analytics tools operating on this website
- Publicly available sources such as the Companies Commission of Malaysia (SSM) registry
4. Legal Basis for Processing
Under the PDPA 2010, we process your personal data on the following grounds:
- Consent — where you have provided express consent, such as by submitting an enquiry form
- Contractual necessity — where processing is necessary to perform services under our engagement letter
- Legitimate interests — for internal administration, conflict checking, and communication about related services
- Legal obligation — where we are required to process data to comply with applicable laws or court orders
5. How We Use Your Data
Personal data collected is used for the following purposes:
- Responding to enquiries and assessing suitability for engagement
- Delivering legal advisory services agreed under our engagement
- Preparing and maintaining engagement documentation
- Conducting conflict-of-interest checks as required by professional standards
- Sending service-related communications and updates relevant to your matter
- Improving our website and understanding how it is used
- Complying with regulatory and statutory obligations
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Sharing & Disclosure
We do not sell, rent, or trade your personal data. Data may be shared in the following limited circumstances:
- Service providers — third-party vendors assisting with IT infrastructure, document management, or professional indemnity insurers, bound by confidentiality obligations
- Regulatory bodies — the Malaysian Bar Council, SSM, Securities Commission, or courts, where legally required
- Co-counsel — other legal practitioners engaged jointly on your matter, subject to professional confidentiality
- Analytics providers — Google Analytics, operating under their own data protection terms, processing anonymised usage data
Any international transfer of personal data is conducted in compliance with PDPA requirements regarding cross-border transfers.
7. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this policy, subject to the following guidelines:
- Enquiry data (no engagement) — 12 months from date of enquiry
- Client matter files — 7 years from file closure, consistent with legal professional obligations
- Financial and billing records — 7 years as required under the Companies Act 2016
- Website analytics data — up to 26 months, subject to Google Analytics retention settings
Data that is no longer needed is securely deleted or anonymised.
8. Security Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:
- Encrypted transmission via TLS/SSL for all website communications
- Access controls limiting data to authorised personnel on a need-to-know basis
- Secure document management systems with audit logging
- Regular review of data handling procedures
In the event of a personal data breach that is likely to result in harm, we will notify affected individuals and the relevant authority in accordance with applicable requirements.
9. Cookies
This website uses cookies to support basic functionality and analyse site usage. Cookie categories used include:
- Essential cookies — necessary for the site to function correctly
- Analytics cookies — help us understand how visitors interact with the site (Google Analytics)
- Marketing cookies — used for advertising measurement via Google Ads and social media pixels
You may manage or withdraw cookie consent at any time through our Cookie Policy page.
10. Your Rights Under PDPA 2010
As a data subject under Malaysian law, you have the following rights:
You may request confirmation of whether we hold personal data about you and obtain a copy of that data.
You may request correction of inaccurate or incomplete personal data held by us.
Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect processing carried out prior to withdrawal.
You may request that we cease or restrict the use of your personal data for certain purposes, subject to our professional obligations.
You have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your data has been handled incorrectly.
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days of receiving a verified request.
11. Children's Privacy
Our services are directed at businesses and professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will take prompt steps to delete it.
12. Third-Party Links
This website may contain links to external websites operated by third parties. We are not responsible for the content or data practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The revised policy will be published on this page with an updated effective date. Continued use of our website or services following any update constitutes acknowledgment of the revised policy.
14. Contact for Privacy Matters
For questions about this policy, to exercise your data rights, or to report a concern: