Gemilang Law ("we", "us", "our") is committed to handling personal data with care and in accordance with applicable Malaysian law. This Privacy Policy explains what information we collect, how it is used, and the choices available to individuals whose data we hold.
This policy applies to personal data collected through our website at https://gemilang.info, through our contact forms, and in the course of providing legal advisory services.
1. Data Controller
The data controller for personal data processed in connection with Gemilang Law's services is Gemilang Law, No. 15, Lorong P. Ramlee, 50250 Kuala Lumpur, Malaysia. For data-related enquiries, contact us at [email protected].
2. Personal Data We Collect
We collect personal data in the following circumstances:
- When you submit an enquiry through our contact form (name, email address, phone number, and details of your enquiry)
- When you engage us for legal advisory services (business name, contact details, and information necessary to carry out the engagement)
- When you visit our website (technical data such as IP address and browser type, collected through cookies — see our Cookie Policy)
We do not collect sensitive personal data (such as identification numbers, health data, or financial account details) through our website.
3. Legal Basis for Processing
We process personal data on the following legal grounds under the Personal Data Protection Act 2010 (PDPA):
- Consent — where you have submitted a contact form or subscribed to communications
- Contractual necessity — where processing is required to carry out legal services you have engaged us to provide
- Legitimate interest — for analytics, service improvement, and communications with existing clients
- Legal obligation — where we are required to retain records under Malaysian professional conduct rules or anti-money laundering legislation
4. How We Use Personal Data
- To respond to your enquiries and provide the advisory services you have requested
- To manage the legal engagement, including conflict of interest checks and client onboarding
- To communicate updates relevant to your matter
- To comply with our obligations under the Legal Profession Act 1976 and the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA)
- To analyse website usage through anonymised analytics data
We do not sell personal data to third parties, nor do we use it for automated decision-making or profiling.
5. Data Sharing
We share personal data only where necessary:
- With authorised personnel within Gemilang Law who require access for the purposes described above
- With third-party service providers who support our operations (e.g., email hosting, document management) under data processing agreements
- With regulatory or law enforcement bodies where required by law
- With courts, tribunals, or arbitral bodies where you have authorised us to represent you
6. Data Retention
We retain personal data for as long as necessary to fulfil the purpose for which it was collected, and in accordance with applicable professional conduct obligations. Matter files are typically retained for seven years following the conclusion of an engagement, in line with Malaysian legal professional standards. Website enquiry data is retained for twelve months if no engagement follows.
7. Data Protection Measures
- Access to personal data is restricted to authorised personnel on a need-to-know basis
- Data is stored on password-protected systems with appropriate access controls
- Physical documents are kept in secure, locked storage
- We conduct periodic reviews of our data security practices
8. Cookies
Our website uses cookies. For details on the types of cookies used, their purpose, and how to manage your preferences, please refer to our Cookie Policy.
9. Your Rights Under PDPA
Under the Personal Data Protection Act 2010, you have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Withdraw consent to processing (where consent is the legal basis)
- Object to processing for direct marketing purposes
- Request information about how your data is being used
To exercise any of these rights, contact us in writing at [email protected]. We will respond within 21 days. In the event of a concern that cannot be resolved directly, you may refer the matter to the Department of Personal Data Protection (JPDP) of Malaysia.
10. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies separately.
11. Children's Privacy
Our services are directed at businesses and adult individuals. We do not knowingly collect personal data from persons under the age of 18. If you believe a minor has submitted data through our website, please contact us promptly so we can remove it.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised policy will be posted on this page with an updated date. Continued use of our website following any update constitutes acceptance of the revised policy.
13. Contact
For all data protection enquiries, please contact us at:
- Email: [email protected]
- Post: Gemilang Law, No. 15, Lorong P. Ramlee, 50250 Kuala Lumpur, Malaysia
- Phone: +60 3-2034 8576