Bestari
Legal Information

Privacy Policy

Bestari Legal Counsel is committed to handling your personal information with care and discretion. This policy explains what information we collect when you use our website or engage our services, how we use it, and the rights you have in relation to it. It applies to all visitors to this website and to clients and prospective clients of Bestari Legal Counsel.

Last Updated: 1 May 2025 Jurisdiction: Malaysia [email protected]

1. Information We Collect

We collect personal information in the ordinary course of providing legal services and operating this website. The categories of information we may collect include:

Information you provide directly

When you submit an enquiry through our contact form, we collect your name, email address, and any information you include in your message. If you engage our services, we will collect additional information necessary to advise you — such as your employment history, pension account details, and relevant correspondence with former employers or pension administrators.

Information collected automatically

When you visit our website, we may collect technical information such as your IP address, browser type, pages visited, and approximate location derived from your IP address. This is collected through cookies and similar technologies. Please see Section 5 below and our Cookie Policy for further detail.

Legal basis for processing

We process your personal data on the basis of your consent (where you have provided it), the performance of a contract or pre-contractual steps at your request, compliance with our legal obligations, and our legitimate interests in operating a professional legal practice — such as maintaining records and responding to enquiries.

Retention periods

Enquiry records are retained for up to 12 months if no engagement follows. Client matter files are retained for a minimum of 7 years from the close of the matter, in accordance with professional obligations under Malaysian Bar guidelines. Website analytics data is retained for up to 24 months.

2. How We Use Your Information

We use personal information only for the purposes for which it was collected or purposes that are directly related. Specifically:

  • Service delivery: To respond to your enquiry, assess your matter, and provide the legal services you have engaged us for.
  • Communication: To send you correspondence related to your matter, including advice notes, document requests, and status updates.
  • Legal compliance: To meet our obligations under the Legal Profession Act 1976, the Personal Data Protection Act 2010 (PDPA), and other applicable Malaysian laws.
  • Website improvement: To understand how visitors use our website so we can improve its content and accessibility. This is done using anonymised or aggregated analytics data where possible.
  • Direct communications: We do not send unsolicited marketing messages. Any service updates or information we share with existing clients will be relevant to the matter you engaged us for.

We do not sell your personal data to any third party, and we do not use it for purposes unrelated to your engagement with us.

3. Data Sharing

We share personal data only in limited and appropriate circumstances:

  • Opposing parties and their representatives: Where required by the conduct of your matter — for example, formal correspondence or court proceedings.
  • Regulatory and statutory bodies: Where we are obliged to disclose by law, court order, or regulatory requirement under Malaysian legislation.
  • Service providers: We engage certain third-party providers (such as secure email hosting and document management services) who process data on our behalf under appropriate data processing agreements. They are not permitted to use your data for their own purposes.
  • Analytics providers: Anonymised website usage data may be processed by analytics services such as Google Analytics. Please refer to their respective privacy policies for further information.

4. How We Protect Your Information

We take data protection seriously and maintain reasonable technical and organisational measures to safeguard the personal information in our care:

Encryption in transit

All communications between your browser and this website are encrypted using TLS (HTTPS). Email communications containing sensitive matter information are handled using secure channels where practicable.

Access controls

Access to client files and personal data within our practice is restricted to the legal team members working on your matter. We do not maintain publicly accessible databases containing client information.

Secure storage

Physical and digital client records are maintained in accordance with professional obligations. Digital records are stored on password-protected systems with appropriate backup procedures.

Breach notification

In the event of a data breach that is likely to affect your rights, we will notify you and, where required, the relevant authority in accordance with our obligations under the PDPA and any applicable guidelines.

No system of data protection is entirely without risk. If you have concerns about how we handle your information, we welcome you to contact us directly.

5. Cookies and Similar Technologies

This website uses cookies — small text files stored on your device — to support basic website functionality and to help us understand how the site is used. We use the following categories of cookie:

Category Purpose Required
Essential Basic website function, security, and your cookie preference record Always active
Analytics Understanding page visits and user journeys to improve our website Optional
Marketing Understanding which channels bring visitors to our website Optional
Preferences Remembering your settings and communication preferences Optional

You may manage your cookie preferences at any time through our Cookie Policy page. Disabling optional cookies will not affect your ability to use this website or engage our services.

6. Your Rights

Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, and where applicable, you have the following rights in relation to your personal data:

Right of access

You may request a copy of the personal data we hold about you. We will respond within 21 days of receiving a valid request.

Right to correction

If any personal data we hold is inaccurate or incomplete, you may request that we correct it. We take reasonable steps to ensure the data we hold is current and accurate.

Right to withdraw consent

Where we rely on your consent to process your data, you may withdraw that consent at any time. This will not affect the lawfulness of any processing that took place before your withdrawal.

Right to object to processing

You may object to certain types of processing, including processing for purposes beyond your original engagement with us. We will consider your objection in light of our legal obligations.

Right to lodge a complaint

If you are not satisfied with how we have handled your personal data, you may lodge a complaint with the Personal Data Protection Commissioner of Malaysia. Details are available at the Ministry of Digital's official website.

To exercise any of these rights, please contact us at [email protected] with your request and sufficient information to allow us to identify your records.

7. Links to External Websites

This website may contain links to external websites — such as government pension portals, the EPF website, or the Malaysian Bar — for your convenience. We are not responsible for the privacy practices of those websites, and this policy does not extend to them. We encourage you to review the privacy notices of any external site before providing personal information.

8. Minors

Our services are intended for adults aged 18 and above. We do not knowingly collect personal information from anyone under 18. If you believe we hold information about a minor in our records in error, please contact us and we will take appropriate steps to remove it.

9. Updates to This Policy

We may revise this privacy policy from time to time to reflect changes in law, our services, or our data practices. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this page periodically. Continued use of our website following any revision constitutes your acknowledgement of the updated policy.

10. Contact Us About This Policy

If you have questions about this policy, wish to exercise your rights, or have concerns about how your personal data has been handled, you are welcome to contact us:

Bestari Legal Counsel

[email protected]

+60 3-2964 8753

Unit 28-3A, Menara Q Sentral, 2A Jalan Stesen Sentral 2, 50470 Kuala Lumpur, Malaysia

We aim to acknowledge all privacy-related enquiries within 5 working days and to provide a full response within 21 days.