Privacy Policy

1. Introduction and Scope

Mutiara Legal (the "Firm", "we", "us") is a law firm practising in Malaysia and is registered as an Advocate and Solicitor in the High Court of Malaya. This Privacy Policy applies to personal data collected through our website at mutiaral.info, our contact forms, and in the course of providing legal services to clients.

By using our website or engaging our services, you acknowledge that your personal data may be processed in accordance with this policy. If you have any questions, you may contact us at [email protected].

2. Data We Collect

We may collect the following categories of personal data:

• Identification data: Full name, designation, and company or organisation name
• Contact data: Email address, telephone number, and business address
• Communication data: The content of enquiries or messages submitted via our contact form
• Website usage data: IP address, browser type, pages visited, and duration of visit (collected via analytics tools)
• Engagement data: Information relevant to legal matters, where you are or become a client of the Firm

We do not request or collect sensitive personal data (such as financial account details, national identification numbers, or health information) through our website.

3. How We Collect Personal Data

Personal data is collected through the following means:

• The contact or enquiry form on our website
• Direct communication by email or telephone
• In-person meetings and client engagement processes
• Automatically through cookies and website analytics (see Section 9 below)

4. Legal Basis and Purpose of Processing

We process personal data on the following legal bases under the PDPA 2010:

• Consent: Where you have provided explicit consent for a specific purpose, such as submitting a contact enquiry
• Contractual necessity: Where processing is necessary to perform or prepare for a legal services engagement with you
• Legitimate interests: For internal purposes such as improving our services, managing client relationships, and maintaining the security of our website
• Legal obligation: Where we are required to process data to comply with Malaysian law, including anti-money laundering obligations

Personal data collected via our website contact form is used for the purpose of responding to enquiries and, where appropriate, progressing towards a client engagement. We do not use your contact details for unsolicited marketing unless you have separately agreed to receive such communications.

5. Data Retention

We retain personal data for the following periods:

• Website enquiries: Up to 12 months from the date of initial contact, unless the enquiry leads to a client engagement
• Client engagement records: For a minimum of 7 years following the conclusion of the engagement, in accordance with the Legal Profession Act 1976 and Malaysian Bar Council requirements
• Analytics data: As determined by the applicable third-party analytics service, typically 14 to 26 months

After the applicable retention period, personal data is deleted or anonymised in a manner that prevents re-identification.

6. Data Sharing and Third Parties

We do not sell personal data to third parties. We may share data in the following circumstances:

• Service providers: Third-party vendors who assist with website hosting, analytics, and email delivery, subject to data processing agreements
• Professional obligations: Where disclosure is required by law, court order, or regulatory authority
• Transaction counterparties: In the context of a client legal matter, where disclosure to another party or their legal representative is necessary to conduct the engagement
• Anti-money laundering requirements: Where reporting is required under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA)

Any third party receiving personal data from the Firm is expected to maintain appropriate data protection standards consistent with Malaysian law.

7. Data Protection Measures

We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss, or disclosure. These include:

• Encryption of data in transit using TLS/HTTPS protocols
• Access controls limiting data access to authorised personnel only
• Internal data handling protocols aligned with professional conduct requirements
• Regular review of data practices and vendor arrangements

In the event of a data breach that poses a significant risk to individuals, we will take steps to address the breach and notify affected parties as required by applicable law.

8. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights in relation to your personal data:

• Right of access: To request a copy of personal data held about you
• Right of correction: To request that inaccurate or incomplete data be corrected
• Right to withdraw consent: To withdraw consent for processing based on consent, without affecting prior processing
• Right to limit processing: To request that we limit the use of your data in certain circumstances

To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days of receiving a valid request. We may ask you to verify your identity before processing a request.

If you have concerns about how your personal data has been handled, you may refer the matter to the Department of Personal Data Protection Malaysia (PDPD) at www.pdp.gov.my.

9. Cookies

Our website uses cookies to support basic functionality and, where you have consented, to collect analytics data. For a full explanation of the cookies we use and your options for managing them, please refer to our Cookie Policy.

10. Third-Party Links

Our website may contain links to external websites, including regulatory bodies and industry organisations. We are not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any third-party websites you visit.

11. Children

Our website and services are directed at adults aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that data has been collected from a minor without appropriate consent, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website following any changes constitutes acceptance of the updated policy.

13. Contact Information

For questions, requests, or concerns relating to personal data, please contact:

• Data Controller: Mutiara Legal
• Address: Level 15, Menara AmBank, Jalan Yap Kwan Seng, 50450 Kuala Lumpur, Malaysia
• Email: [email protected]
• Telephone: +60 3-2178 5962