1. Data Controller

The data controller responsible for your personal data is Cemerlang Law, operating from Kuala Lumpur, Malaysia. For data-related enquiries, contact us at [email protected] or call +60 3-2034 8617.

2. Personal Data We Collect

When you interact with our website or engage our legal services, we may collect the following categories of data:

• Contact details — full name, email address, phone number
• Enquiry content — information you share in our contact or consultation forms
• Business information — company name, sector, and compliance status (where relevant)
• Technical data — IP address, browser type, pages visited, session duration (via analytics cookies, if consented)
• Communication records — emails, call logs, and meeting notes in the course of client engagement

We do not collect sensitive personal data (as defined by PDPA) through this website without your explicit written consent.

3. Legal Basis for Processing

We process your personal data on one or more of the following grounds:

• Consent — where you have given clear permission (e.g., submitting our contact form)
• Contractual necessity — to provide services you have requested or engaged us for
• Legitimate interest — to respond to enquiries, improve our website, and protect our legal rights
• Legal obligation — where processing is necessary for compliance with Malaysian law

4. How We Use Your Data

• Respond to enquiries and schedule consultations
• Deliver PDPA compliance, policy drafting, and DPO services
• Send service-related communications and updates (not marketing without consent)
• Improve website functionality and user experience via analytics
• Meet statutory, regulatory, and professional obligations
• Defend or exercise legal claims when required

5. Data Sharing and Third Parties

We do not sell, rent, or trade personal data. We may share it with:

• Service providers — hosting, email, CRM, and analytics platforms operating under confidentiality obligations
• Professional advisers — in confidence, where required for service delivery
• Regulatory authorities — where required by Malaysian law or court order

Any third-party processor accessing your data does so strictly under our instructions and applicable data protection obligations.

6. Data Retention

We retain personal data only as long as necessary:

• Enquiry and form submissions — up to 24 months from last contact
• Client engagement records — 7 years (Malaysian legal professional standards)
• Analytics data — aggregated or anonymised within 14 months

After the applicable period, data is securely deleted or anonymised.

7. Data Security

We implement appropriate technical and organisational measures including:

• TLS/HTTPS encryption for all website traffic
• Access controls and role-based permissions for staff
• Regular security reviews of systems and procedures
• Incident response procedures for potential data breaches

In the event of a data breach affecting your rights, we will notify you and the relevant authority as required by applicable law.

8. Cookies

We use cookies to maintain essential functionality and, with your consent, to understand site usage. Details are available in our Cookie Policy. You can manage cookie preferences at any time on that page.

9. Your Rights Under the PDPA

As a data subject under Malaysia's PDPA 2010, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate or incomplete data be updated
• Withdrawal of consent — withdraw consent where processing is based on consent
• Cease processing — request we stop using your data for direct marketing

To exercise any of these rights, write to [email protected]. We will respond within 21 days. Note that exercising certain rights may affect our ability to deliver services.

10. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend reviewing their policies independently.

11. Children's Privacy

Our services are intended for businesses and individuals aged 18 and above. We do not knowingly collect data from minors. If you believe a minor has submitted data through our site, contact us promptly for removal.

12. International Transfers

Where data is transferred outside Malaysia (e.g., to cloud service providers), we ensure appropriate safeguards are in place consistent with PDPA requirements.

13. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via a prominent notice on our website. Continued use of our services after any update constitutes acceptance of the revised policy.

14. Contact

For privacy-related questions or to exercise your rights:

• Email: [email protected]
• Phone: +60 3-2034 8617
• Address: Kuala Lumpur, Malaysia

This page was last updated on 12 February 2026. The contents of this page do not constitute formal legal advice.