Privacy Policy

1. Our commitment to privacy

Harmoni Legal handles personal information with the care that its nature demands. Clients share sensitive details with us — about their families, their finances, and their personal circumstances — and we treat that information with the same discretion we apply to all aspects of our practice. This policy explains what data we collect, why we collect it, and what rights you have in relation to it.

This policy is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia, which sets out the obligations of data processors and the rights of individuals whose data is held.

2. What personal data we collect

We collect the following categories of personal data:

• Contact details: name, email address, telephone number
• Correspondence: messages submitted through our contact form or sent by email
• Matter-related information: documents and information shared in the course of legal advice
• Technical data: IP address, browser type, pages visited — collected via cookies and analytics tools
• Payment information: where fees are paid, billing records are maintained

3. How and why we use your data

Personal data collected through this website or in the course of an engagement is used for the following purposes:

• Responding to enquiries submitted through the contact form
• Providing the legal services requested — consultation, counsel, or ongoing advisory
• Maintaining client records as required by legal professional obligations
• Sending information about appointments, documents, or the progress of a matter
• Complying with legal and regulatory obligations
• Improving the website using aggregated analytics data

The legal basis for processing personal data includes: consent (where given), performance of a contract (for service engagements), compliance with legal obligations, and legitimate interests (for correspondence and site improvement).

4. Data retention

Contact enquiries and pre-engagement correspondence are retained for up to 12 months following the last communication. Client matter files are retained for a minimum of seven years after the conclusion of an engagement, in accordance with professional conduct obligations under the Legal Profession Act 1976. After the retention period, data is securely destroyed.

5. Data protection measures

Personal data held by Harmoni Legal is protected through the following measures:

• Client files stored in secure, access-controlled systems
• Electronic communications transmitted over encrypted connections
• Access to client information limited to assigned practitioners and support staff
• Regular review of data storage and access protocols

6. Sharing of personal data

Harmoni Legal does not sell personal data or share it with third parties for marketing purposes. Data may be shared in the following limited circumstances:

• With courts, tribunals, or regulatory bodies, where required by law or legal proceedings
• With mediators, counsellors, or other professionals engaged as part of a matter, with client knowledge and consent
• With IT service providers operating under confidentiality obligations, for the purpose of hosting and maintaining secure systems

7. Cookies

This website uses cookies to understand how visitors use the site and to improve its performance. For full details of the cookies used, please see our Cookie Policy. You may manage your cookie preferences through the controls provided on the site.

8. Your rights under the PDPA

Under the Personal Data Protection Act 2010, you have the following rights in relation to the personal data we hold about you:

• The right to access personal data held about you
• The right to correct inaccurate or incomplete data
• The right to withdraw consent to processing, where consent is the basis for processing
• The right to request that data no longer necessary for the original purpose be ceased from being processed
• The right to be informed of the categories of data held and the purposes for which it is used

To exercise any of these rights, please contact us at [email protected]. We will respond to data access requests within 21 days, in accordance with the PDPA.

9. External links

This website may contain links to other websites. We are not responsible for the privacy practices of external sites and recommend reviewing their privacy policies independently.

10. Children

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided data through our website, please contact us at [email protected] so we can arrange for its removal.

11. Changes to this policy

This policy may be updated from time to time. Where changes are material, we will update the "last updated" date at the top of this page. Continued use of the website after a policy update constitutes acceptance of the revised policy.

12. Contact for data enquiries

If you have questions about this policy or wish to exercise your data rights, please contact: