Legal · Data Protection
Privacy Policy
Last Updated: 28 March 2025 · Effective Date: 28 March 2025
sumerisxxad ("we," "us," "our") is a commercial litigation practice with offices at Suite 22-1, Wisma UOA II, Jalan Pinang, 50450 Kuala Lumpur, Malaysia. We handle personal data in the ordinary course of our professional work, and this policy explains what data we collect, how we use it, and what rights you hold in relation to it.
This policy applies to personal data collected through our website at sumerisxxad.pro, through our enquiry form, and in the course of any engagement with our practice. It is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia.
Questions about this policy or the handling of your data may be directed to [email protected].
Section 01
Data We Collect
We collect personal data only when it is relevant to providing our services or responding to your enquiry. The categories of data we may collect include:
- — Identity data: full name, position, and the name of the company or entity you represent.
- — Contact data: email address, telephone number, and correspondence address.
- — Matter data: information about a dispute or potential dispute that you share with us in the course of seeking advice, including contract documents, correspondence, and financial records where relevant.
- — Technical data: IP address, browser type, and pages visited, collected automatically when you access our website.
- — Enquiry data: the content of messages submitted through our contact form.
We do not knowingly collect sensitive personal data (such as data relating to health, race, religion, or political opinion) unless it is directly relevant to your matter and you have provided it voluntarily.
Section 02
How We Use Your Data
Personal data collected by sumerisxxad is used for the following purposes:
- — Responding to enquiries and determining whether we are in a position to act for you.
- — Conducting conflict-of-interest checks prior to accepting an engagement.
- — Providing legal advice, preparing documents, and conducting proceedings on your behalf where an engagement is formed.
- — Communicating with you about the progress of a matter and any developments that require your instructions.
- — Issuing invoices and managing payment records.
- — Maintaining records as required under Malaysian Bar rules and applicable legislation.
- — Improving the performance and usability of this website using aggregated, anonymised analytics data.
We do not use your personal data for automated decision-making or profiling. We do not send marketing communications without your consent.
Section 03
Legal Basis for Processing
Under the Personal Data Protection Act 2010, we process your personal data on one or more of the following bases:
Consent
Where you have submitted an enquiry form or provided data voluntarily, your submission constitutes consent to the processing described in this policy. You may withdraw consent at any time by contacting us.
Contract Performance
Where an engagement is formed, we process data as necessary to carry out our obligations under that engagement.
Legal Obligation
We process and retain certain data as required by the Legal Profession Act 1976, Bar Council rules, the Limitation Act 1953, and other applicable Malaysian legislation.
Legitimate Interest
We process limited technical data to maintain the security and functionality of this website, where that interest is not overridden by your privacy interests.
Section 04
Data Sharing
We do not sell or trade your personal data. We share it only in the following circumstances:
- — With courts and tribunals: where required by the conduct of proceedings.
- — With opposing parties or their advisers: in the ordinary course of litigation conduct, to the extent required by procedural rules.
- — With senior counsel: where we brief senior counsel on your matter, limited data is shared to enable proper conduct of the brief.
- — With professional service providers: we use trusted providers for IT infrastructure, accounting, and file management who are bound by confidentiality obligations.
- — With regulatory bodies: including the Malaysian Bar and relevant authorities where we are legally obliged to disclose.
Where data is shared with processors outside Malaysia, we take reasonable steps to ensure it is handled with a standard of protection consistent with the PDPA.
Section 05
Retention Periods
| Data Category | Retention Period |
|---|---|
| Enquiry data (no engagement formed) | 12 months from initial contact |
| Matter files (engagement formed) | 7 years from close of matter |
| Billing and financial records | 7 years as required by Malaysian tax law |
| Website technical/analytics data | Up to 26 months (anonymised) |
| Cookie consent records | 12 months from consent |
After the applicable retention period, data is deleted or anonymised in a manner appropriate to its sensitivity and the medium of storage.
Section 06
Security Measures
We apply measures appropriate to the nature of the data we hold and the risk of harm from unauthorised access or disclosure. These include:
- — TLS encryption for data in transit between your browser and our website.
- — Access controls that restrict matter data to the practitioners and support staff working on that matter.
- — Password-protected and, where appropriate, encrypted file storage for sensitive client documents.
- — Periodic review of our IT and data-handling practices.
In the event of a data breach that poses a material risk to your rights or interests, we will notify you and, where required, the relevant authority without undue delay.
Section 08
Your Rights
Under the Personal Data Protection Act 2010, you hold the following rights in relation to your personal data:
Right of Access
You may request a copy of the personal data we hold about you.
Right to Correction
You may request that inaccurate or incomplete data be corrected.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right to Prevent Processing
You may request that we cease processing your data for purposes that cause or are likely to cause unwarranted damage or distress.
Right to Complain
You may lodge a complaint with the Department of Personal Data Protection Malaysia (pdp.gov.my) if you consider that your rights have not been respected.
Exercising Your Rights
To exercise any right, write to us at [email protected]. We will respond within 21 days.
Please note that some rights are subject to conditions and limitations under the PDPA, particularly where retention is required for legal proceedings or by statute.
Section 09
Third-Party Links
Our website may contain links to external websites, including court portals and professional body resources. These links are provided for reference only. We have no control over those sites and are not responsible for their content or privacy practices. We encourage you to read the privacy policies of any external site you visit.
Section 10
Children's Privacy
Our services are directed at businesses and individuals aged 18 and above. We do not knowingly collect personal data from persons under the age of 18. If you believe a minor has submitted data to us, please contact us at [email protected] and we will arrange for its deletion.
Section 11
Policy Updates
We may revise this policy from time to time to reflect changes in our practice or applicable law. The current version will always be available at this address on our website. The "Last Updated" date at the top of the page indicates when the most recent revision was made.
Where a revision materially affects how we handle data you have already provided, we will notify you by email where we have your contact details.
Section 12
Contact Information
The data controller for the purposes of this policy is:
sumerisxxad
Suite 22-1, Wisma UOA II, Jalan Pinang, 50450 Kuala Lumpur, Malaysia
Tel: +60 3-2148 6735
Data enquiries: [email protected]
General: [email protected]