Legal Information
Privacy Policy
Pactum ("we", "us", "our") is committed to protecting the personal data of those who interact with our services and website. This policy sets out how we collect, use, store, and protect personal information in accordance with the Personal Data Protection Act 2010 (Malaysia) ("PDPA").
1. Data Controller
The data controller for personal information collected through this website and in the course of providing legal services is Pactum, located at 19, Jalan Sultan Ismail, Wisma MCA, 50250 Kuala Lumpur, Malaysia. For data-related enquiries, contact: [email protected]
2. Data We Collect
Information you provide directly
- Name and contact details (email address, phone number)
- Details of your legal matter provided during an initial enquiry or engagement
- Correspondence exchanged during any engagement
- Payment information where fees are processed
Information collected automatically
- IP address and browser information when you visit this website
- Pages viewed and time spent on site (via analytics cookies, if consent is given)
- Device type and operating system
3. How We Use Your Data
We use personal data for the following purposes:
- Responding to enquiries and arranging consultations
- Providing legal services in accordance with an engagement letter
- Maintaining records required by the Legal Profession Act 1976 and Bar Council rules
- Improving website functionality and user experience (where analytics consent is given)
- Communicating updates relevant to your matter
We do not use personal data for marketing purposes without explicit consent, and we do not sell personal data to third parties under any circumstances.
4. Legal Basis for Processing
- Contract performance: Processing necessary to carry out an engagement or respond to a pre-contractual enquiry
- Legal obligation: Processing required to comply with professional conduct rules and applicable law
- Consent: Analytics and non-essential cookies, where you have provided consent via our cookie banner
- Legitimate interest: Maintaining client records and improving our services
5. Data Retention
Enquiry data where no engagement follows is retained for 12 months and then deleted. Client files are retained for 7 years following the conclusion of the engagement, in accordance with Bar Council guidance. Analytics data is retained for up to 26 months.
6. Data Sharing
We may share personal data with:
- Medical specialists, rehabilitation consultants, and other experts instructed in connection with your matter (with your knowledge)
- Senior counsel briefed on your matter (with your consent)
- Courts, tribunals, and regulatory bodies where required
- IT and hosting providers who process data on our behalf under data processing agreements
All third parties are required to handle personal data in accordance with applicable law. We do not transfer personal data outside Malaysia without appropriate safeguards.
7. Cookies
We use essential cookies to operate the website and, with your consent, analytics cookies to understand how the site is used. For full details, see our Cookie Policy.
8. Your Rights Under the PDPA
Under the Personal Data Protection Act 2010, you have the right to:
- Access personal data we hold about you
- Correct inaccurate or incomplete data
- Withdraw consent for processing based on consent (this will not affect processing carried out prior to withdrawal)
- Request that we cease using your data for direct marketing purposes
- Lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) if you believe your rights have been infringed
To exercise any of these rights, write to us at [email protected]. We will respond within 21 days.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. Client file access is restricted to those working on the relevant matter. Our website uses HTTPS throughout.
10. Third-Party Links
This website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend reviewing their policies separately.
11. Children
Our services are directed at adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently received data from a minor, please contact us at [email protected].
12. Changes to This Policy
We may update this policy from time to time. Changes will be reflected in the "Last Updated" date above. Continued use of our website following any change constitutes acceptance of the revised policy.
13. Contact
For any privacy-related enquiry, please contact:
- Email: [email protected]
- Post: Pactum, 19, Jalan Sultan Ismail, Wisma MCA, 50250 Kuala Lumpur, Malaysia