Privacy Policy

1. Introduction

Legaris ("we", "us", or "our") is a legal services practice registered and operating in Kota Kinabalu, Sabah, Malaysia. We are committed to handling personal information responsibly and in a manner consistent with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This Policy explains what personal data we collect, why we collect it, how we use it, and what choices are available to you. It applies to all information collected through our website at legarisx.live, through our contact forms, and in the ordinary course of client engagement.

If you have questions or concerns about this Policy, you may contact us at [email protected].

2. Data Controller

The data controller responsible for your personal information is:

3. Personal Data We Collect

We collect personal data only when there is a lawful basis to do so. The categories of information we may collect include:

4. How We Collect Personal Data

Personal data may reach us through the following channels:

• The enquiry form on our website at legarisx.live
• Direct email or telephone contact initiated by you
• Documents and information shared during the course of a legal matter
• Cookies and analytics tools when you browse our website (subject to your consent preferences)
• Referrals from third parties such as other professionals or clients who recommend your matter to us

5. Legal Basis & Purpose of Processing

Under the PDPA 2010, we process personal data on the following bases:

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, and in accordance with our professional and legal obligations as a legal practice in Malaysia.

• Client matter files: Retained for a minimum of 7 years after the conclusion of the matter, as required by professional standards.
• Website enquiries (non-client): Retained for up to 12 months, after which they are securely deleted unless a client relationship has been formed.
• Analytics data: Retained in anonymised form for up to 26 months.

7. Cookies

Our website uses cookies to support basic functionality, remember your preferences, and — with your consent — gather anonymised analytics. We do not use cookies for advertising or behavioural profiling.

You may review and manage your cookie preferences at any time through our Cookie Policy page. You may also manage cookies through your browser settings; please note that disabling certain cookies may affect the functionality of our website.

8. Sharing of Personal Data

We do not sell, rent, or trade your personal information to any third party. We may share data in limited circumstances:

• Service providers: Third-party tools that assist our operations (e.g., email hosting, analytics platforms) — only to the extent needed for that service and subject to appropriate agreements.
• Regulatory authorities: Where disclosure is required by Malaysian law, court order, or the directions of a relevant authority such as the Malaysian Bar.
• Counterparties and courts: In the course of conducting legal proceedings or negotiations on your behalf, where disclosure is inherent to the service.
• Professional advisers: Barristers, expert witnesses, or other professional consultants engaged in connection with your matter.

9. Data Security

We take reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. These include:

• Secure, encrypted connections (HTTPS/TLS) for data transmitted through our website
• Access controls limiting who within the firm can view sensitive client information
• Secure document storage practices for physical and electronic case files
• Regular review of our data handling practices

In the event of a personal data breach that is likely to affect your rights, we will notify you and the relevant authority in accordance with the requirements under Malaysian law.

10. Your Rights

As a data subject under the PDPA 2010, you have the following rights in respect of your personal data held by us:

To exercise any of these rights, please write to us at [email protected]. We will respond within a reasonable timeframe and, where required by law, within 21 days.

If you are dissatisfied with how we have handled your personal data, you may lodge a complaint with the Department of Personal Data Protection (JPDP), Malaysia's data protection supervisory authority.

11. Third-Party Links

Our website may contain links to external websites, including government portals and regulatory bodies. We are not responsible for the privacy practices of those sites and encourage you to review their respective privacy notices before submitting any personal information.

12. Children's Privacy

Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted information to us, please contact us so that we may take appropriate steps.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we do, we will revise the "Last Updated" date at the top of this page.

Continued use of our website following any updates constitutes your acknowledgement of the revised Policy. We encourage you to review this page periodically.