Privacy Policy

1. Introduction

Melur Chambers ("we", "us", "our") is a law firm practising in Malaysia, registered under the Legal Profession Act 1976 and based at Unit 11-3, Glomac Damansara, Jalan Damansara, 60000 Kuala Lumpur. We are a data user under the Personal Data Protection Act 2010 (Malaysia) to the extent we process personal data in the course of our legal and advisory services.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, how long we keep it, and what rights you have in relation to it. We have written this in plain language because that is how we write legal documents for our clients, and it would be inconsistent to do otherwise for ourselves.

Questions about this Policy may be directed to: [email protected]

2. Data We Collect and Why

2.1 Enquiry and Contact Information

When you contact us through our website enquiry form, by email, or by telephone, we collect your name, email address, phone number (if provided), and the content of your message. This information is used to respond to your enquiry and to assess whether we are able to assist with your matter. It is not used for marketing, and you will not be added to any mailing list as a result of making an enquiry.

2.2 Client Personal Data

If you engage us as a client, we collect personal data necessary to carry out your legal matter — including identifying information, contact details, and information relevant to the subject matter of the engagement. Our legal basis for processing client personal data is the performance of a contract for legal services and, where applicable, compliance with our professional obligations. More detailed information is provided in our engagement letter.

2.3 Website Analytics

We use limited analytics on our website to understand how it is used — page views, general geographic location, and device type. This is conducted through essential analytics cookies only. We do not use advertising or tracking cookies, and we do not build user profiles or share browsing data with third parties for commercial purposes. You can manage cookie preferences through our Cookie Policy page.

3. Legal Basis for Processing

• Contract: Processing necessary to respond to an enquiry or to perform our services under a retainer or engagement agreement.
• Legitimate interest: Processing necessary for the management of our business, including record-keeping and conflict-checking.
• Legal obligation: Processing required by law, including professional obligations under the Legal Profession Act 1976 and anti-money laundering legislation.
• Consent: Where we rely on consent (for example, to send any communications beyond responding to your enquiry), we will seek it explicitly.

4. Data Retention

Enquiry records that do not result in an engagement are retained for six months and then deleted. Client matter files are retained for seven years following the close of the matter, in accordance with Malaysian Bar Council guidelines and applicable limitation periods. Where retention beyond seven years is required by law or professional obligation, we retain data only to the extent necessary.

5. Data Sharing

We do not sell, rent, or share personal data for commercial purposes. Personal data may be shared with:

• External counsel, counsel in related jurisdictions, or other professionals where necessary to conduct a matter and where you have been informed;
• Courts, tribunals, regulators, or government authorities where required by law;
• Our IT service providers who support our practice management and email systems, where data processing agreements are in place.

6. Data Security

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include password-protected systems, access controls limited to personnel with a need to access the data, and encrypted email where practicable for sensitive communications. In the event of a data breach affecting personal data we hold, we will assess our notification obligations under the Personal Data Protection Act 2010 (as amended by the 2024 Amendment Act) and notify affected individuals and the Department of Personal Data Protection where required.

7. Cookies

Our website uses cookies. For a full explanation of the types of cookies we use and how to manage them, please see our Cookie Policy. In keeping with the subject of our practice, we limit our use of cookies to what is necessary for website operation and basic analytics. We do not use advertising cookies.

8. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:

• Right of access: You may request a copy of the personal data we hold about you.
• Right of correction: You may request correction of inaccurate or incomplete personal data.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
• Right to prevent processing causing damage or distress: You may, in specified circumstances, require us to cease or not begin processing your personal data.

To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days. A fee may be charged for access requests where permitted by law.

9. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies before providing any personal data.

10. Children

Our services are not directed at persons under 18. We do not knowingly collect personal data from minors. If you believe we hold personal data about a person under 18, please contact us so we can take appropriate steps.

11. Supervisory Authority

The supervisory authority for personal data protection in Malaysia is the Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi — JPDP), Ministry of Digital. If you believe we have handled your personal data in a manner inconsistent with this Policy or the PDPA, you may contact JPDP directly.

12. Changes to This Policy

We may update this Policy from time to time. Where changes are material, we will post the updated Policy on this page with a revised "Last Updated" date. Continued use of our website or services after changes are posted constitutes acceptance of the revised Policy.

13. Contact

Data controller: Melur Chambers
Unit 11-3, Glomac Damansara, Jalan Damansara, 60000 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3 7729 4853