Privacy Policy

1. Data We Collect

When you engage with Delima Firm — through our website contact form, email correspondence, or during the provision of legal services — we may collect the following categories of personal data:

• Full name and preferred name
• Contact details: email address, telephone number
• Company name, position, and registration number (for corporate clients)
• Transaction details relevant to the instruction
• IP address and browser data collected automatically through website analytics
• Correspondence records, including emails and meeting notes

We collect this data through direct submission via our website contact form, email enquiries, and in the course of providing legal advisory services once a formal engagement is established.

Legal basis for processing: Consent (website enquiries), contractual necessity (client instructions), legitimate interests (firm administration and service improvement), and legal obligations applicable to legal practice in Malaysia.

2. How We Use Your Data

Personal data collected is used for the following purposes:

• Responding to enquiries submitted through our website
• Conducting conflict-of-interest checks prior to engagement
• Providing legal advisory and transaction support services
• Preparing and delivering legal documents and correspondence
• Maintaining accurate client records as required by professional obligations
• Sending relevant legal updates or firm news (only with your consent)
• Improving our website experience through aggregated analytics
• Meeting regulatory, anti-money laundering, and Know Your Client (KYC) obligations

We do not use your data for automated decision-making or profiling.

3. Data Sharing and Third Parties

We do not sell your personal data. We may share data with carefully selected third parties in these circumstances:

• Professional advisers: Co-counsel, auditors, or specialist consultants engaged on the same matter, subject to confidentiality undertakings
• Regulatory authorities: Statutory bodies such as the Securities Commission Malaysia, Companies Commission of Malaysia (SSM), or Bank Negara Malaysia when legally required
• Analytics providers: Google Analytics (aggregated, anonymised traffic data only)
• IT and cloud service providers: Secure document management and communication platforms bound by data processing agreements

All third parties with whom personal data is shared are required to handle such data in accordance with applicable law and our instructions.

4. How We Protect Your Data

Delima Firm implements appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or loss:

• SSL/TLS encryption for all website data transmission
• Access controls limiting data access to authorised personnel only
• Secure document storage with role-based permissions
• Regular internal security reviews
• Confidentiality obligations for all staff and associates

In the event of a personal data breach, we will notify affected individuals and the relevant authority as required under the PDPA 2010 within a reasonable period.

5. Cookies and Tracking

Our website uses cookies to improve functionality and understand how visitors use our site. Cookies used include:

• Essential cookies: Required for the website to function correctly — cannot be disabled
• Analytics cookies: Google Analytics data to understand page visits and user journeys (optional)
• Preference cookies: Store your cookie consent choices (optional)
• Marketing cookies: May be used to present relevant content (optional)

You can manage your cookie preferences at any time via our Cookie Policy page.

6. Data Retention

We retain personal data only for as long as necessary:

• Website enquiries (no engagement): Up to 12 months from last contact
• Active client files: Duration of engagement plus 7 years, in line with legal professional obligations and the Limitation Act 1953
• Financial and billing records: 7 years as required by the Income Tax Act 1967
• Analytics data: 26 months (Google Analytics default, anonymised)

After the applicable retention period, personal data is securely deleted or anonymised.

7. Your Rights

Under the PDPA 2010 (Malaysia) and applicable data protection principles, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to correction: Request correction of inaccurate or incomplete data
• Right to withdraw consent: Withdraw consent for processing where consent is the legal basis
• Right to limit processing: Request that we restrict use of your data in certain circumstances
• Right to raise a complaint: Lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia

To exercise any of these rights, contact our data team at [email protected]. We will respond within 21 days.

8. Children's Privacy

Our legal services and website are intended solely for individuals aged 18 years and above. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected information about a person under 18, please contact us promptly and we will take steps to remove such data.

9. Third-Party Links

Our website may contain links to external websites or publications for informational purposes. Delima Firm is not responsible for the privacy practices of those third-party sites. We encourage you to review the privacy policies of any external sites you visit.

10. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in law, firm practice, or service offerings. When material changes are made, we will update the "Last Updated" date at the top of this page. Continued use of our website after any update constitutes acceptance of the revised policy.

11. Contact for Data Inquiries

For any questions, requests, or concerns regarding your personal data, please contact: