Privacy Policy

Damai Legal ("we," "us," or "our") is committed to protecting the personal data of individuals who use our services or interact with our website. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA 2010).

This policy applies to clients, prospective clients, and visitors to our website. If you have questions about how we handle your data, please contact us at [email protected].

1. Data Controller

Damai Legal is the data controller for personal data collected through this website and in the course of client engagements. Our registered office is at Level 4, Wisma Satok, Jalan Satok, 93400 Kuching, Sarawak, Malaysia.

2. Personal Data We Collect

We may collect the following categories of personal data:

• Identification data: full name, identity card or passport number where required
• Contact details: email address, telephone number, postal address
• Matter-related data: information about your insurance claim, policy documents, correspondence, and related factual materials provided by you
• Technical data: IP address, browser type, pages visited, and session duration, collected via cookies and analytics tools
• Communication data: records of enquiries, emails, and messages sent to the practice

3. How We Collect Personal Data

• Directly from you via enquiry forms, email, telephone, or document submissions
• Through our website using cookies and analytics tools (subject to your consent)
• From third parties involved in your matter, such as insurers, loss adjusters, or FMOS, where you have authorised us to engage with them

4. Legal Basis for Processing

We process your personal data on the following grounds under the PDPA 2010:

• Consent: where you have expressly provided consent, including for marketing communications or analytics cookies
• Contract: where processing is necessary to perform or prepare for a client engagement
• Legitimate interests: to manage the practice's operations, improve our services, and maintain records
• Legal compliance: where we are required to retain or disclose data by law or court order

5. How We Use Personal Data

• To provide insurance claims advisory, correspondence, and litigation services
• To communicate with you about your matter and respond to enquiries
• To prepare documents, correspondence, and submissions on your behalf
• To comply with professional obligations and legal requirements
• To improve the website and monitor usage through anonymised analytics
• To send service-related updates where you have consented

6. Data Retention

Client matter files are retained for a minimum of seven years from the date of engagement closure, in accordance with professional conduct requirements. Enquiry data where no engagement results is retained for twelve months. Website analytics data is retained for twenty-four months. After the relevant retention period, data is securely deleted.

7. Data Sharing with Third Parties

We do not sell, rent, or trade personal data. We may share data with:

• Insurers, loss adjusters, FMOS, and courts, where you have authorised us to do so in the conduct of your matter
• Expert witnesses engaged on your behalf (actuarial, medical, engineering)
• Professional indemnity insurers for the practice, as required
• IT and document management service providers operating under data processing agreements
• Law enforcement or regulatory bodies where required by law

All third parties engaged to process data on our behalf are required to handle it securely and in accordance with the PDPA 2010.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These measures include encrypted file transfer for document submissions, access controls on client matter files, and regular review of data handling procedures. In the event of a data breach that poses a risk to individuals, we will notify affected parties and the relevant authorities as required by law.

9. Cookies

Our website uses cookies to maintain basic functionality and to understand how the site is used. Essential cookies cannot be disabled. Analytics and preference cookies are only used with your consent. For full information on cookies, please see our Cookie Policy.

10. Your Rights Under the PDPA 2010

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Withdraw consent to processing at any time (where processing is based on consent)
• Request that we cease processing your data for direct marketing purposes
• Lodge a complaint with the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, please contact us at [email protected]. We will respond within thirty days.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies separately.

12. Children's Privacy

Our services are directed at individuals aged 18 and above. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted personal data without appropriate consent, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting a revised version on this page with an updated effective date. Continued use of our services after such changes constitutes acceptance of the revised policy.

14. Contact for Data Enquiries

For questions about this policy or your personal data:

• Email: [email protected]
• Post: Damai Legal, Level 4, Wisma Satok, Jalan Satok, 93400 Kuching, Sarawak, Malaysia
• Telephone: +60 82 415 739