Legal Document

Privacy Policy

Last Updated: 14 February 2025  |  Hikmah Law

1. Introduction

Hikmah Law ("we", "us", "our") is committed to protecting the personal data of individuals who engage with our services or visit our website. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have under Malaysian law, particularly the Personal Data Protection Act 2010 (PDPA 2010).

This policy applies to personal data collected through our website at hiikmahlles.top, through enquiry forms, by email, and in the course of providing legal services. By submitting an enquiry or entering into an engagement with us, you acknowledge that you have read and understood this policy.

For questions about this policy or your data, contact us at: [email protected]

2. Personal Data We Collect

We may collect the following categories of personal data:

• Contact details: name, email address, telephone number
• Enquiry content: details of the regulatory matter you describe to us
• Technical data: IP address, browser type, pages visited (via analytics cookies, with consent)
• Communications: emails and records of telephone consultations
• Business information: company name, role, and relevant regulatory context provided during engagement

We collect this data when you complete our contact form, send us an email, call our office, or enter into an engagement as a client.

3. Legal Basis for Processing

We process personal data on the following bases under PDPA 2010 and applicable principles:

• Consent: where you have given clear consent — for example, by submitting a contact form or accepting non-essential cookies
• Contract: where processing is necessary to provide legal services you have engaged us for
• Legal obligation: where processing is required to comply with our professional obligations under the Legal Profession Act 1976 and anti-money laundering regulations
• Legitimate interest: for communications related to your enquiry and for maintaining records of completed engagements

4. How We Use Your Personal Data

• To respond to enquiries and assess whether an engagement is appropriate
• To provide legal services and deliver engagement deliverables
• To maintain client matter records as required by professional obligations
• To comply with AMLA requirements, including client due diligence
• To send communications about your matter (not for marketing without explicit consent)
• To improve our website using aggregated, anonymised analytics data

We do not use personal data for automated decision-making. We do not send unsolicited marketing communications.

5. Data Retention

We retain personal data for the following periods:

• Enquiries that do not result in an engagement: 12 months from enquiry date
• Active client matter files: duration of engagement plus 7 years (in accordance with professional obligation standards)
• Anti-money laundering records: 6 years from end of business relationship, as required by AMLA 2001
• Website analytics data: 13 months (where consent has been given)

6. Sharing Personal Data with Third Parties

We do not sell personal data. We may share data in the following limited circumstances:

• Professional service providers supporting our practice (e.g. IT support, document management) — subject to appropriate data processing agreements
• Regulatory authorities where disclosure is required by law (e.g. BNM, MACC, or pursuant to court order)
• Co-counsel or specialist advisers engaged in connection with a client matter — only with client consent

7. Data Protection Measures

• Client communications are transmitted over encrypted channels where technically available
• Access to client files is restricted to lawyers and staff directly involved in the relevant matter
• Physical documents are stored securely and disposed of in accordance with our file destruction policy
• We conduct periodic reviews of our data handling practices

8. Cookies

Our website uses cookies as described in our Cookie Policy. Essential cookies are required for site functionality. Analytics and other non-essential cookies are only placed with your consent. You can manage cookie preferences at any time through the cookie settings on our website.

9. Your Rights Under PDPA 2010

Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:

• Access your personal data held by us
• Correct inaccurate or incomplete personal data
• Withdraw consent to processing, where processing is based on consent
• Request cessation of processing that is causing damage or distress
• Lodge a complaint with the Department of Personal Data Protection (JPDP) if you believe your rights have been infringed

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

10. Children's Privacy

Our services are directed to business and professional clients. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that such data has been collected, we will delete it promptly.

11. Third-Party Links

Our website may contain links to external websites. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies independently.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we update the policy, we will revise the "Last Updated" date at the top of this page. Continued use of our website or services after an update constitutes acceptance of the revised policy.

13. Contact Us

For any questions, requests, or concerns relating to your personal data, contact our privacy team:

• Email: [email protected]
• Address: Suite 25-1, Menara Hikmah, Jalan Pinang, 50450 Kuala Lumpur, Wilayah Persekutuan
• Telephone: +60 3-2697 4831 (Monday–Friday, 9am–6pm)