Privacy Policy

1. Introduction

Basalt Legal ("we", "us", "our") is committed to protecting the privacy and personal data of individuals who engage with our services and visit our website. This Privacy Policy explains how we collect, use, store, and safeguard your personal information in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This policy applies to all personal data collected through our website, contact forms, email correspondence, telephone communications, and in-person consultations. If you have questions about this policy, please contact us at [email protected].

2. Data We Collect

We may collect the following categories of personal data when you interact with us: your name, email address, telephone number, and any details you provide in the message field of our contact form. When you engage our services, we may also collect your identification documents, addresses, and information relevant to your legal matter.

We also collect certain non-personal data through cookies and analytics tools, including your browser type, pages visited, and approximate geographic location. Please refer to our Cookie Policy for more details on this.

3. How We Collect Your Data

We collect personal data through several channels: when you submit our website contact form, when you email or call our office, during consultations and meetings, and through cookies and analytics tools on our website. We only collect data that is necessary for the purposes outlined in this policy.

4. Legal Basis for Processing

Under the PDPA, we process your personal data on the following grounds: your consent (provided when submitting enquiry forms or engaging our services), performance of a contract (when we are engaged to provide legal advisory services), compliance with legal obligations (such as record-keeping requirements under Malaysian law), and our legitimate interests (such as improving our website and services).

5. How We Use Your Data

Your personal data may be used for the following purposes: responding to your enquiries and requests, providing legal advisory services, communicating with you about your matter, improving our website and services, complying with legal and regulatory obligations, and sending you updates about our services if you have opted in to receive them.

We do not use your data for purposes other than those stated here without obtaining your prior consent.

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share your data with trusted service providers who assist us in operating our website and delivering services (such as hosting providers and email platforms), but only to the extent necessary and under appropriate confidentiality agreements. We may also disclose data when required by law, court order, or regulatory authority.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Enquiry form data is retained for up to 24 months. Client engagement records are retained for a minimum of 7 years in accordance with legal and regulatory requirements. Cookie and analytics data is retained for up to 26 months.

8. Data Security

We take reasonable measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include encrypted data transmission on our website, secure storage of electronic and physical records, access controls limiting data access to authorised personnel, and regular reviews of our security practices.

In the event of a data breach that poses a significant risk to your rights and interests, we will notify you and the relevant authorities as required by law.

9. Cookies

Our website uses cookies to improve your browsing experience and analyse website usage. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please visit our Cookie Policy page.

10. Your Rights

Under the PDPA, you have the right to access your personal data that we hold, request correction of inaccurate or incomplete data, withdraw your consent for data processing (where consent is the basis), request limitation of processing in certain circumstances, and lodge a complaint with the Department of Personal Data Protection (JPDP) if you believe your rights have been infringed.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 21 days, as required under the PDPA.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any external websites you visit through links on our site.

12. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

Basalt Legal
45 Jalan Gaya, Level 3, Wisma Sabah
88000 Kota Kinabalu, Sabah, Malaysia
Email: [email protected]
Phone: +60 88-4372 1586

The relevant supervisory authority for data protection matters in Malaysia is the Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi — JPDP).