Privacy Policy

1. Introduction

Ordelis is committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This policy sets out how we collect, use, store, and protect personal data that you provide to us or that we receive in the course of providing legal services.

This policy applies to visitors to our website, prospective clients who submit enquiries, and current or former clients whose data we hold in connection with matters we have handled. We encourage you to read this policy carefully.

If you have questions about how we handle your data, you may reach us at [email protected].

2. Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

• Identity data: your full name and, where relevant to your matter, identification document details.
• Contact data: email address, telephone number, and postal address.
• Matter data: information you provide when describing your legal matter, including documents, correspondence, and background details.
• Usage data: technical information about how you access and use our website, including your IP address, browser type, and pages visited.
• Communication data: the content of messages and emails you send to us.

We collect this data through our website contact form, direct email correspondence, telephone calls, and in-person meetings. We do not purchase data from third parties or receive data from data brokers.

Legal Basis for Processing

We process your personal data on the following bases under the PDPA 2010:

• Consent: where you have given explicit consent, such as when submitting our contact form.
• Contract: where processing is necessary for the performance of an engagement agreement.
• Legitimate interests: where we have a legitimate reason to process data, such as maintaining client records and responding to enquiries.
• Legal obligation: where we are required by law to retain or process certain records.

3. How We Use Your Personal Data

We use personal data for the following purposes:

• Responding to enquiries and providing legal advisory services
• Managing client engagements and maintaining matter files
• Communicating with you about your matter or enquiry
• Complying with our legal and regulatory obligations as legal practitioners
• Improving our website based on usage patterns (in aggregate and anonymised form)
• Sending service-related communications where relevant to an active or previous engagement

We do not send marketing communications without your prior consent, and we do not use your data to build advertising profiles or share it for advertising purposes.

Data Retention

We retain personal data for as long as is necessary for the purpose for which it was collected, and in accordance with our obligations under the Legal Profession Act 1976 and the PDPA 2010. Client matter files are generally retained for a minimum of seven years following the conclusion of an engagement. Website enquiry data is retained for up to two years unless it leads to a client engagement.

4. Sharing Your Personal Data

We share personal data only in the following circumstances:

• Regulatory bodies: where required or authorised by law, or where you have instructed us to liaise with a government authority on your behalf.
• Legal obligations: where we are required to disclose information by a court order or applicable law.
• Service providers: we use a small number of third-party services to operate our website and communication infrastructure (such as web hosting and email services). These providers are engaged under data processing obligations consistent with PDPA requirements.
• Counterparties: where your matter involves correspondence with another party, and you have authorised us to act on your behalf.

We do not sell, rent, or trade personal data. We do not share data with third-party marketing organisations.

Third-Party Services

Our website uses the following third-party services that may process limited usage data:

• Google Analytics — anonymised website traffic analysis
• Google Maps — location display on our contact section
• Google Fonts — typeface delivery

Each of these services operates under its own privacy policies, which we encourage you to review if you have concerns about how they handle data.

5. How We Protect Your Data

We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss. These include:

• Encrypted transmission of data via HTTPS on our website
• Access controls limiting data access to relevant staff members
• Secure storage of client matter files, both physical and digital
• Periodic review of our data handling practices

In the event of a data breach that is likely to affect your rights or interests, we will notify you and the relevant authorities in accordance with our obligations under the PDPA 2010.

6. Cookies

Our website uses cookies to enable basic site functionality and, where you have consented, to support analytics. We use the following categories of cookies:

• Essential cookies: required for the site to function correctly, including session management. These cannot be disabled.
• Analytics cookies: used to understand how visitors use our website, in aggregate and anonymised form.
• Preference cookies: used to remember your consent choices.

You can manage your cookie preferences at any time through our Cookie Policy page, which includes functional toggle controls.

7. Your Rights Under the PDPA 2010

Under Malaysian data protection law, you have the following rights in relation to your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right of correction: you may request correction of inaccurate or incomplete data.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of prior processing.
• Right to limit processing: in certain circumstances, you may ask us to restrict how we use your data.
• Right to lodge a complaint: you may raise concerns with the Department of Personal Data Protection Malaysia (JPDP) if you consider that our processing of your data is inconsistent with the PDPA 2010.

To exercise any of these rights, please contact us at [email protected]. We will respond within fourteen working days.

8. Third-Party Links

Our website may contain links to external websites, including regulatory bodies or reference resources. We are not responsible for the privacy practices of those sites and encourage you to review their respective policies.

9. Children's Privacy

Our services are intended for adults aged 18 and above. We do not knowingly collect or process personal data belonging to individuals under 18 years of age. If you believe that we have inadvertently received data from a minor, please contact us so that we can take appropriate action.

10. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when the policy was last revised. Continued use of our website following any update constitutes acceptance of the revised policy. For material changes, we will make reasonable efforts to notify existing clients directly.

11. Contact Information

For any questions, requests, or concerns relating to this privacy policy or the handling of your personal data, please contact us: