Privacy Policy

1. Data Controller

Paragonia is a registered legal practice in Malaysia operating under the Legal Profession Act 1976. For the purposes of the PDPA 2010, Paragonia acts as the data user in respect of personal data processed in connection with our legal services and this website.

Our registered address is 28 Jalan Tun Perak, 50050 Kuala Lumpur, Wilayah Persekutuan. You may contact us at [email protected] or by telephone at +60 3-2078 5931.

2. Personal Data We Collect

We collect personal data only where it is necessary for the provision of our legal services, the fulfilment of legal obligations, or the operation of this website. The categories of data we may collect include:

• Full name, identity card number, and contact details (telephone number, email address, postal address)
• Information relevant to the legal matter you have instructed us on — such as property details, asset information, or details of a commercial dispute
• Financial information where relevant to fee arrangements or stamp duty calculations
• Communications you send to us by email, telephone, or through our website contact form
• Technical data from website visits: IP address, browser type, pages visited, and session duration (collected via analytics tools subject to your cookie preferences)

3. How We Use Your Personal Data

3.1 Provision of Legal Services

Where you instruct us on a legal matter, we process your personal data to carry out the services requested, to communicate with you about the matter, to comply with our professional obligations under Malaysian Bar rules, and to maintain proper records of the engagement.

3.2 Enquiries and Contact

When you contact us through our website or by telephone, we use the information provided to respond to your enquiry and to assess whether your matter falls within our areas of practice.

3.3 Legal and Regulatory Compliance

We are subject to obligations under Malaysian law, including anti-money laundering requirements, court procedures, and professional conduct rules that may require us to process or disclose personal data.

3.4 Website Analytics

Subject to your cookie consent, we may use third-party analytics tools to understand how visitors use our website. This data is used in aggregate form to improve the site's content and usability.

4. Legal Basis for Processing

Under the PDPA 2010, we process personal data on the following grounds:

• Contractual necessity — where processing is required to perform a legal service you have engaged us for
• Legal obligation — where Malaysian law or professional regulation requires us to process or retain data
• Consent — where you have given us consent for specific purposes, including the use of non-essential cookies
• Legitimate interests — where we have a legitimate interest in processing data and that interest is not overridden by your rights (for example, maintaining our practice records or responding to enquiries)

5. Disclosure of Personal Data

We do not sell or rent your personal data to third parties. We may share personal data in the following circumstances:

• With courts, land registries, stamp offices, and other government bodies as required by the legal matter
• With counterparties' solicitors where this is a necessary part of conducting a legal transaction
• With third-party service providers who assist us in operating our website or providing services (such as analytics platforms), subject to appropriate data processing terms
• Where required by law, regulation, or court order
• With your explicit consent for other purposes

6. Data Retention

We retain personal data for as long as is necessary for the purposes for which it was collected. For client files, we maintain records for a minimum of seven years following the conclusion of the matter in accordance with Malaysian professional conduct requirements. Technical data collected via analytics tools is typically retained for a shorter period as configured in the relevant platform.

After the applicable retention period, personal data is securely deleted or anonymised.

7. Security

We take reasonable technical and organisational precautions to protect personal data from unauthorised access, use, disclosure, or loss. These include access controls, encrypted communications for sensitive correspondence, and staff awareness of data protection obligations. No method of electronic transmission is completely secure; however, we take appropriate steps proportionate to the risk.

8. Your Rights Under the PDPA 2010

The Personal Data Protection Act 2010 provides you with the following rights in relation to your personal data that we hold:

• Right of access — you may request a copy of the personal data we hold about you
• Right of correction — you may request that we correct inaccurate or incomplete personal data
• Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time
• Right to limit processing — you may request that we restrict processing of your personal data in certain circumstances

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframe required under applicable law. We may need to verify your identity before fulfilling a request.

9. Third-Party Websites

This website may contain links to other websites operated by third parties. This privacy policy applies only to the Paragonia website. We are not responsible for the privacy practices of linked sites and encourage you to read their respective policies.

10. Cookies

Our website uses cookies to support basic functionality and, where you have consented, to collect analytics data. Please refer to our Cookie Policy for a full description of the cookies we use and how to manage your preferences.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be reflected in the "Last updated" date shown at the top of this page. We encourage you to review this policy periodically.

12. Contact

If you have questions about this policy or about how we handle your personal data, please contact us:

• By email: [email protected]
• By telephone: +60 3-2078 5931 (Mon–Fri 9:00AM–5:30PM, Sat 9:00AM–1:00PM)
• By post: 28 Jalan Tun Perak, 50050 Kuala Lumpur, Wilayah Persekutuan

If you are not satisfied with our response, you may contact the Department of Personal Data Protection (JPDP) Malaysia for further guidance.