General Privacy Statement

FirmLabLegal recognises the importance of protecting personal and corporate data collected in the course of providing legal services. This policy explains the categories of information we process, the purposes of processing, legal bases relied upon, and the practical steps clients and users can take to exercise their rights. We adopt administrative, technical and organisational safeguards appropriate to the nature of the data and the context of processing.

09-05-2026 FirmLabLegal Sdn. Bhd. (Business ID 950148408820), 68, Jalan Ibrahim, Pusat Bandar Sungai Petani, 08000 Sungai Petani, Kedah, Malaysia 68, Jalan Ibrahim, Pusat Bandar Sungai Petani, 08000 Sungai Petani, Kedah, Malaysia [email protected]

Definitions

This section provides plain-language definitions of the principal terms used in the policy to ensure clarity about the data we process and the roles of parties involved.

Personal data means any information that identifies or can reasonably be used to identify an individual, whether directly or indirectly, such as names, contact details, identification numbers and professional information.
Processing refers to any operation performed on personal data, including collection, recording, organisation, storage, retrieval, consultation, use, disclosure, erasure and destruction.
User refers to any individual who interacts with FirmLabLegal through the website, client portal, email correspondence or other service channels, including clients, prospective clients and their representatives.
Service means the legal advisory, compliance, transactional and related support provided by FirmLabLegal to companies and their authorised representatives.
Cookies are small data files placed on a user's device by the website to recognise returning visitors, support session management and provide anonymised analytics about site usage.

Data Collection

We collect personal data necessary for the delivery of legal services and for administrative, billing and security purposes. Collection sources include information you provide, data obtained automatically and data received from third-party partners.

Information You Provide

Information provided directly when engaging our services, registering an account or communicating with our team.

  • Contact details: name, business address, email and telephone numbers.
  • Corporate information: company name, registration numbers, partner and director details.
  • Identity and verification documents submitted for onboarding or due diligence.
  • Case-related documents, contracts, correspondence and instructions relevant to legal matters.
  • Billing and payment information required to process invoices and receipts.
  • Preferences and consents provided for communications and service delivery.

Information Collected Automatically

When you visit our website or use online services, our systems may collect technical and usage information to support functionality, security and analytics.

  • Device and browser details such as type, operating system and browser version.
  • IP address and approximate geolocation data inferred from network information.
  • Pages visited, session duration, interaction events and navigation patterns.
  • HTTP headers and referral information from external sites or services.
  • Cookie identifiers and similar persistent identifiers used for session management and analytics.
  • Error logs and diagnostic data generated during service use.

Third-Party Sources

We may receive relevant information about clients and entities from service providers, public registries and counterparties as part of normal legal engagement and verification processes.

  • Professional advisers and external counsel engaged to support a matter.
  • Payment processors and business institutions for transaction verification.
  • Public registers and corporate databases used for due diligence and compliance checks.

Purposes of Processing

We process personal data only for legitimate and specific purposes necessary to provide legal services, comply with obligations and manage our relationship with clients.

  • To provide and manage legal advice, documentation and transactional support requested by clients.
  • To onboard clients, perform identity verification and complete anti-funds laundering checks where required.
  • To process billing, payments and maintain business records for services rendered.
  • To communicate with clients regarding case progress, regulatory updates and administrative matters.
  • To detect, prevent and respond to security incidents, fraud and other unlawful activity affecting our services.
  • To meet legal and regulatory obligations, including reporting requirements under applicable Malaysian law.
  • To improve service delivery, user experience and site functionality through aggregated analytics.
  • To manage potential business transactions such as mergers, acquisitions or reorganisations where relevant client information may be required.

Legal Bases for Processing

FirmLabLegal relies on appropriate legal bases when processing personal data. The applicable basis depends on the nature of the processing activity and the jurisdictional requirements that apply.

  • Performance of a contract: processing necessary to provide requested legal services and fulfil engagement terms.
  • Compliance with a legal obligation: processing required to meet statutory or regulatory duties.
  • Consent: where users have expressly agreed to specific processing activities, such as marketing communications.
  • Legitimate interests: where processing is necessary for FirmLabLegal's lawful business purposes and balanced against individual rights.

International Data Protection Considerations

Although FirmLabLegal is based in Malaysia, we recognise international privacy frameworks. Where data protection laws such as the GDPR may apply, we consider applicable standards and individual rights when processing data of persons located outside Malaysia.

  • Right of access: individuals may request confirmation of processing and access to their personal data.
  • Right to rectification: inaccurate or incomplete personal data can be corrected on request.
  • Right to erasure: subject to legal and contractual limitations, requests to remove data will be assessed and actioned where appropriate.
  • Right to restrict processing: individuals may request limitation of processing in certain circumstances.
  • Right to data portability: where technically feasible and lawful, individuals may request a copy of their data in a structured format.
  • Right to lodge a complaint with a supervisory authority where applicable, should an individual consider their data rights to have been infringed.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to provide essential functionality, improve performance and generate anonymised analytics to enhance the user experience.

We use essential cookies for site operation, functional cookies for preferences, analytics cookies for usage insights and optional marketing cookies where consent is provided.

Essential: required for site functions; Functional: remember preferences; Analytics: measure site usage; Marketing: support personalised content subject to consent.

You can manage cookie preferences through your browser settings and the cookie control tools provided on our site. Disabling certain cookies may affect site functionality.

View our Cookie Policy

Data Sharing and Disclosure

We limit disclosures of personal data to third parties where necessary to provide services, comply with legal duties or support legitimate business operations. Any sharing is subject to contractual controls and confidentiality obligations.

  • Service providers engaged to deliver IT, cloud hosting, analytics and document management.
  • External advisers and specialist consultants assisting with client matters.
  • Regulatory authorities, courts or law enforcement when disclosure is required by law.
  • Payment processors and banks to facilitate billing and transactional verification.
  • Professional counterparties and counterpart representatives as necessary for transactional work.
  • Successors and third parties in the event of an internal reorganisation, sale or transfer of business assets.

International Data Transfers

Personal data may be transferred to jurisdictions outside Malaysia in order to provide our services. Such transfers are assessed and managed to ensure appropriate protections are in place consistent with applicable law.

Safeguards may include contractual data protection clauses, encryption, restricted access controls and selection of processors subject to recognised privacy standards.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, to meet legal or regulatory obligations, and to defend legal claims where relevant.

Account and client records are retained for a period necessary for ongoing client relationship management and statutory requirements, typically aligned with business recordkeeping obligations.

Communications and case correspondence are retained for periods required to support the delivery of services and to address regulatory or dispute resolution needs.

System logs and diagnostic records are retained for operational and security purposes for limited periods, typically subject to routine archival and deletion schedules.

Upon valid requests to delete personal data we evaluate applicable legal and contractual constraints and apply secure deletion procedures where retention is no longer justified.

Security Measures

FirmLabLegal applies a comprehensive set of administrative, technical and physical controls to protect personal data. Measures are proportionate to the sensitivity of information and regularly reviewed to address evolving risks.

  • Encryption of data in transit and at rest where appropriate to protect confidentiality.
  • Role-based access controls, multi-factor authentication and least-privilege principles for internal systems.
  • Regular security assessments, staff training and incident response procedures to detect and mitigate threats.

Your Data Rights

FirmLabLegal recognises the data rights of company representatives and authorised users. Below we outline the specific rights available under applicable Malaysian data protection standards and how you may exercise them in relation to the personal data we process in the course of providing corporate legal services.

  • Right of access — You may request confirmation of whether FirmLabLegal holds personal data about you and, where applicable, request a copy of that data and relevant processing information.
  • Right to rectification — If personal data we hold about you is inaccurate or incomplete, you may request correction or completion of that information.
  • Right to erasure (where applicable) — In certain circumstances you may request deletion of personal data we process, subject to legal and contractual retention obligations applicable to corporate legal matters.
  • Right to restriction of processing — You may request that FirmLabLegal suspend or restrict processing of your personal data while a dispute about accuracy or lawful processing is resolved.
  • Right to data portability — For data you have provided directly to us in a structured, commonly used and machine-readable format, you may request transfer to another controller where technically feasible and lawful.
  • Right to object — You may object to processing based on legitimate interests or direct marketing; we will assess and respond in accordance with applicable law and the nature of the objection.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw consent at any time; withdrawal will not affect processing carried out prior to withdrawal where lawful.
  • Right to lodge a complaint — If you believe your rights have been infringed, you may contact FirmLabLegal first and, if unresolved, refer the matter to the relevant Malaysian data protection authority.

How to Submit a Rights Request

Submit a request by post to FirmLabLegal at 68, Jalan Ibrahim, Pusat Bandar Sungai Petani, 08000 Sungai Petani, Kedah, Malaysia, or by email via the contact form on FirmLabLegal.pro. Include your name, company, Business ID if applicable, the right you wish to exercise, and sufficient details to identify the data involved. We may request verification to protect data subjects and the security of records.

[email protected]

We will acknowledge receipt of a properly formulated request promptly and typically respond substantively within 30 business days. Complex requests or requests requiring coordination with third parties may require additional time; we will keep you informed of progress.

Marketing and Communications

FirmLabLegal may send service-related notices, updates relevant to corporate legal compliance, and occasional invitations to educational events. Marketing communications are limited to professional content relevant to company legal needs and will be sent only where a lawful basis for processing exists, such as consent or a legitimate interest aligned with prior professional engagement.

To stop receiving marketing communications, follow the unsubscribe link included in any marketing message or contact FirmLabLegal via the details on FirmLabLegal.pro. We will process opt-out requests promptly and will cease marketing communications while retaining service-related notices where required for contractual or compliance reasons.

Children and Minors

FirmLabLegal provides legal services for companies and business representatives. Our services and the FirmLabLegal.pro website are not directed to children or minors. We do not knowingly collect personal data from individuals under the age required by applicable law to enter into contractual arrangements for legal services. If we become aware that we have inadvertently collected such data, we will take reasonable steps to remove it.

Third-Party Links and Services

The FirmLabLegal.pro website may contain links to third-party sites, platforms, or tools used to support our professional services. Those services operate under their own privacy policies. FirmLabLegal is not responsible for the privacy practices or content of external websites. We encourage clients to review third-party privacy statements before providing personal data.

Policy Updates and Versioning

FirmLabLegal reviews this privacy statement periodically to reflect legal developments and operational changes. This version is effective as of 26-01-2026. When material changes occur, we will publish an updated date and summary of key changes on FirmLabLegal.pro so that clients and visitors can track revisions and assess any impact on their data.

Contact for Privacy Matters

For privacy enquiries, rights requests or concerns, contact FirmLabLegal at: 68, Jalan Ibrahim, Pusat Bandar Sungai Petani, 08000 Sungai Petani, Kedah, Malaysia; phone +60127745528; Business ID 950148408820. You may also use the contact form on FirmLabLegal.pro to initiate a privacy request. We aim to address matters efficiently and transparently.

  • +60127745528
  • [email protected]
  • 68, Jalan Ibrahim, Pusat Bandar Sungai Petani, 08000 Sungai Petani, Kedah, Malaysia