Privacy Policy

1. Introduction

Obsidian Gate ("we", "our", or "us") is committed to protecting the privacy and security of the personal information entrusted to us by our clients and visitors. This Privacy Policy explains what data we collect, how we use and safeguard it, and what rights you have in relation to your personal information.

This policy applies to all personal data collected through our website at https://obsidop.sbs, as well as through our legal consultations, correspondence, and any other interactions you have with our firm.

If you have any questions about this policy or how we handle your data, please contact us at [email protected].

2. Data Controller

The data controller responsible for your personal information is Obsidian Gate, with its registered office at 33 Jalan Sultan Ismail, Level 16, Menara IGB, 50250 Kuala Lumpur, Malaysia.

We process personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

3. Information We Collect

We may collect the following categories of personal data:

Contact Information: Your name, email address, telephone number, and postal address when you submit enquiries through our contact form or communicate with us directly.

Case-Related Information: Details you provide about your legal matter during consultations, including documents, correspondence, and other records relevant to your case.

Technical Data: Your IP address, browser type, operating system, referring URLs, and pages visited on our website, collected automatically through cookies and analytics tools.

Payment Information: Billing details when you engage our services, processed through secure payment channels. We do not store credit card numbers on our servers.

4. How We Collect Your Data

We collect personal data through several means:

Directly from you: When you fill in the contact form on our website, email us, telephone our office, or attend a consultation.

Automatically: Through cookies and similar tracking technologies when you visit our website. For details, please see our Cookie Policy.

From third parties: Occasionally, we may receive information about you from other legal professionals, courts, or regulatory bodies in connection with legal proceedings.

5. Legal Basis for Processing

We process your personal data on the following legal grounds under the PDPA:

Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving communications or submitting a contact form enquiry.

Contractual necessity: Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request, such as providing legal consultation services.

Legal obligation: Where processing is necessary to comply with a legal obligation, including regulatory requirements, court orders, or professional conduct rules.

Legitimate interest: Where processing is necessary for our legitimate business interests, such as improving our services or maintaining security, provided those interests do not override your rights.

6. How We Use Your Data

We use the personal data we collect for the following purposes:

Service delivery: To provide legal counsel, prepare documents, represent you in proceedings, and communicate about your matter.

Responding to enquiries: To reply to questions and requests submitted through our website or other channels.

Administrative purposes: To manage appointments, send invoices, process payments, and maintain our client records.

Website improvement: To analyse website traffic, understand visitor behaviour, and improve the functionality and content of our site.

Legal compliance: To meet our obligations under applicable laws and professional regulations.

7. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your data in the following limited circumstances:

Legal proceedings: With courts, tribunals, or opposing parties where necessary for the conduct of your legal matter, and only with your knowledge.

Service providers: With trusted third-party providers who assist us in operating our website, managing client data, or processing payments, subject to confidentiality obligations.

Regulatory bodies: With the Malaysian Bar Council or other regulatory authorities where required by professional conduct rules.

Legal requirements: Where we are required by law or court order to disclose information.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specifically:

Client files: Retained for a minimum of seven years after the conclusion of a matter, as required by the Malaysian Bar Council's record-keeping rules.

Contact form submissions: Retained for up to twelve months if no engagement follows.

Website analytics data: Retained for up to twenty-six months in anonymised form.

9. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it. These include:

Encryption of data in transit using SSL/TLS protocols.

Restricted access to personal data on a need-to-know basis among our staff.

Regular security reviews and updates to our systems and procedures.

Secure physical storage of paper records in our offices.

In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authorities promptly in accordance with the PDPA.

10. Cookies

Our website uses cookies and similar technologies to enhance your browsing experience. We use essential cookies for basic site functionality, as well as optional analytics and preference cookies.

For full details on the cookies we use and how to manage your preferences, please visit our Cookie Policy.

11. Your Rights

Under the Personal Data Protection Act 2010, you have the following rights in relation to your personal data:

Right of access: You may request a copy of the personal data we hold about you.

Right to correction: You may request that we correct any inaccurate or incomplete personal data.

Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time.

Right to prevent processing: You may object to the processing of your personal data in certain circumstances.

Right to lodge a complaint: You may file a complaint with the Department of Personal Data Protection (JPDP) if you believe your rights have been violated.

To exercise any of these rights, please contact us at [email protected] or write to our office address. We will respond to your request within fourteen days.

12. Third-Party Links

Our website may contain links to external websites or services. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any external site before providing personal information.

13. Children's Privacy

Our services are not directed at individuals under the age of eighteen. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete that information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

Email: [email protected]

Address: 33 Jalan Sultan Ismail, Level 16, Menara IGB, 50250 Kuala Lumpur, Malaysia

Phone: +60 3-6148 2753