Warisan Legal Get in Touch

Legal & Compliance

Privacy Policy

Last Updated: 12 March 2026

Effective Date: 12 March 2026

1. Introduction

Warisan Legal ("we", "us", "our") is a specialist arbitration and mediation practice operating from No. 28, Jalan Stonor, 50450 Kuala Lumpur, Malaysia. We are committed to protecting the personal data of individuals who interact with our website and engage with our services.

This Privacy Policy describes what personal information we collect, why we collect it, how we use it, and the choices available to you. It applies to all visitors to our website at warisanlegin.pro and to clients who engage Warisan Legal for dispute resolution services.

We process personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. If you have questions about this policy or how your data is handled, please contact us at [email protected].

2. Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

2.1 Data You Provide Directly

  • Contact information — your full name, email address, and telephone number when you submit an enquiry through our contact form.
  • Matter-related information — details about a dispute or legal situation that you voluntarily share when seeking our services.
  • Correspondence — emails, messages, and other written communications directed to our team.

2.2 Data Collected Automatically

  • Technical data — IP address, browser type and version, operating system, and device type.
  • Usage data — pages visited, time spent on pages, referring URLs, and navigation patterns within our website.
  • Cookie data — as described in Section 6 of this policy.

2.3 Legal Basis and Retention

Data Category Legal Basis Retention Period
Contact enquiry data Consent / Legitimate interest 24 months from last contact
Client matter data Contractual necessity 7 years from matter closure
Website analytics data Consent (cookie acceptance) 26 months (Google Analytics default)
Technical/server logs Legitimate interest (security) 90 days

3. How We Use Your Data

We use personal data collected from you for the following purposes:

Responding to Enquiries

We use your contact information to follow up on enquiries submitted through the website and to provide the information you have requested.

Service Delivery

When you engage Warisan Legal, we use matter-related information to carry out the services described in our engagement terms.

Website Improvement

Anonymised and aggregated analytics data helps us understand how visitors use our website so we can improve the quality of information provided.

Security & Compliance

Technical data is used to monitor for suspicious activity, maintain website security, and comply with applicable legal obligations.

We do not use your personal data for unsolicited marketing communications. If you receive a communication from us following an enquiry, it is directly related to your request.

4. Data Sharing

Warisan Legal does not sell personal data to third parties. We may share data in the following limited circumstances:

  • Service Providers

    Trusted technology vendors who provide hosting, email delivery, and analytics infrastructure. These parties are contractually restricted from using data for any purpose beyond the service they provide.

  • Legal Obligations

    Where disclosure is required by Malaysian law, court order, or regulatory authority, we will comply while notifying you where permitted to do so.

  • Professional Counterparts

    In the course of arbitration or mediation proceedings, certain matter-related information may be shared with opposing parties, arbitrators, or mediators as procedurally required and with your knowledge.

Any international data transfers comply with applicable data protection requirements, including appropriate safeguards where data moves outside Malaysia.

5. Data Protection Measures

We take the security of personal data seriously and apply appropriate technical and organisational measures, including:

TLS Encryption

All data transmitted between your browser and our servers is encrypted using Transport Layer Security.

Access Controls

Internal access to personal data is restricted on a need-to-know basis with role-based authentication.

Regular Reviews

Our data handling practices and vendor agreements are reviewed periodically to ensure ongoing compliance.

Breach Procedures

In the event of a data breach, we will assess the situation promptly and notify affected individuals where required under the PDPA.

While we apply reasonable measures to protect your data, no method of transmission over the internet is entirely without risk. We encourage you to contact us by phone for particularly sensitive matters.

6. Cookies

Our website uses cookies to distinguish you from other users and to improve your browsing experience. We use the following categories:

  • Essential cookies — necessary for basic website functionality and cannot be disabled.
  • Analytics cookies — used to understand how visitors interact with our website (e.g., Google Analytics). These are only set with your consent.
  • Preference cookies — used to remember your choices and settings during and between visits.
  • Marketing cookies — may be set where applicable for advertising purposes, subject to your consent.

You can manage your cookie preferences at any time via our Cookie Policy page, which includes interactive controls for each category.

7. Your Rights

Under the Personal Data Protection Act 2010 (PDPA) and applicable law, you have the following rights in relation to your personal data:

Right to Access

You may request a copy of the personal data we hold about you and information about how it is processed.

Right to Correction

You may request that inaccurate or incomplete personal data be corrected or updated.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right to Object

You may object to processing of your personal data where we rely on legitimate interest as our legal basis, subject to our ability to demonstrate overriding grounds.

Right to Lodge a Complaint

If you believe your data rights have not been respected, you may lodge a complaint with the Department of Personal Data Protection (JPDP), the relevant supervisory authority in Malaysia.

To exercise any of these rights, please contact us in writing at [email protected]. We will respond within 21 days of receiving a valid request.

8. Third-Party Links

Our website may contain links to external websites, including arbitration institutions such as AIAC, ICC, SIAC, and LCIA. These links are provided for reference only. Warisan Legal is not responsible for the privacy practices of third-party websites and encourages you to review the privacy policies of any external sites you visit.

9. Children's Privacy

Our services are intended for businesses and individuals aged 18 and above who have the capacity to engage in commercial agreements. We do not knowingly collect personal data from persons under the age of 18. If you believe that a minor has submitted data to us, please notify us at [email protected] and we will take appropriate steps.

10. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website following the posting of changes constitutes your acknowledgment of the updated policy.

11. Contact Us

For questions about this Privacy Policy, to exercise your data rights, or to raise a concern about how your information has been handled, please contact our privacy team:

Privacy Enquiries

[email protected]

Telephone

+60 3-2145 3861

Postal Address

Warisan Legal, No. 28, Jalan Stonor,
50450 Kuala Lumpur, Malaysia