Privacy Policy
Last Updated: 28 March 2025 · Effective: 28 March 2025
Pallworth is committed to handling personal data responsibly and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). This policy explains how we collect, use, and protect information relating to individuals who contact us or use our services.
1. About Pallworth and This Policy
Pallworth is a legal services practice based at 31 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. For data protection purposes, Pallworth is the data user in respect of personal data collected through this website or in the course of providing legal services.
This policy applies to personal data we collect from website visitors, prospective clients, existing clients, and other individuals who interact with Pallworth. It does not extend to third-party websites linked from our site.
2. Personal Data We Collect
We collect the following categories of personal data:
- Contact and identity data: Name, email address, telephone number, and postal address where provided through enquiry forms or direct communication.
- Engagement data: Information shared with us in connection with a legal matter, including documents, correspondence, and business information relevant to the advice sought.
- Website usage data: Technical information such as IP address, browser type, pages visited, and referral source, collected through analytics cookies where consent is given.
- Communication records: Records of emails, messages, and other communications with Pallworth.
3. How We Collect Personal Data
Personal data is collected when you:
- Complete and submit an enquiry form on our website
- Contact us directly by telephone, email, or in person
- Provide documents or information in connection with a legal engagement
- Browse our website (technical data collected via cookies where consented)
4. How We Use Personal Data
We use personal data for the following purposes, with the corresponding legal basis under the PDPA:
| Purpose | Legal Basis |
|---|---|
| Responding to enquiries and providing legal advice | Contract performance / consent |
| Conducting conflict of interest checks | Legal obligation |
| Managing client files and records | Contract performance / legal obligation |
| Complying with AML/CFT obligations | Legal obligation |
| Sending service-related communications | Legitimate interest |
| Improving our website (analytics, with consent) | Consent |
5. Data Sharing
We do not sell personal data. We may share data with:
- External counsel, barristers, or experts engaged in connection with your matter, with your knowledge
- Courts, tribunals, or regulatory authorities where required by law or legal proceedings
- IT and software service providers operating our systems, subject to data processing agreements
- Analytics providers (if you consent to analytics cookies) — no personal identity data is shared
6. Data Retention
We retain personal data for as long as necessary for the purposes for which it was collected:
- Client matter files: Seven years from conclusion of the matter, as required by professional practice standards
- Website enquiry data: Twelve months where no engagement follows
- Analytics data: Up to 26 months in aggregated form
7. Cookies
We use cookies to operate the website and, where you consent, to collect usage analytics. Essential cookies are required for the website to function and cannot be declined. Optional cookies (analytics) are only placed with your consent. For full details, please see our Cookie Policy.
8. Your Rights
Under the Personal Data Protection Act 2010, you have the following rights:
- Right of access: To request confirmation of whether we hold personal data about you and obtain a copy.
- Right to correction: To request correction of inaccurate or incomplete personal data.
- Right to withdraw consent: Where processing is based on consent, to withdraw that consent at any time (without affecting prior processing).
- Right to limit processing: To request that we stop processing your data for certain purposes where permitted under the PDPA.
- Right to complain: To lodge a complaint with the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi — JPDP) if you consider that processing of your personal data violates the PDPA.
To exercise your rights, contact us at privacy@pallworth. We will respond within 21 days. A nominal administrative fee may apply to access requests as permitted under the PDPA.
9. Data Security
We maintain technical and organisational measures appropriate to the sensitivity of the data held, including:
- Access controls limiting data access to authorised personnel
- Secure transmission via HTTPS for all web-based data collection
- Regular review of IT security practices
- Data breach notification procedures compliant with PDPA obligations
10. Persons Under 18
Our services are directed at organisations and adults. We do not knowingly collect personal data from persons under 18 years of age. If you believe we have inadvertently collected such data, please contact us so we can arrange deletion.
11. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies directly.
12. Changes to This Policy
We may update this policy from time to time. Where changes are material, we will indicate the updated date at the top of this page. Continued use of our website or services following an update constitutes acceptance of the revised policy.
13. Contact Us
For any questions about this policy or to exercise your data rights:
Pallworth
31 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia
Email: privacy@pallworth
Phone: +60 3-4028 7163