Legal Documentation
Privacy Policy
Last Updated: 28 March 2026
Introduction
Clermont Law ("we", "us", or "our") is committed to protecting the personal data of our clients, visitors, and all individuals who interact with our services. This Privacy Policy sets out how we collect, use, store, and safeguard personal information in connection with our legal practice, based at 51 Jalan Sultan Hishamuddin, 50000 Kuala Lumpur, Malaysia.
This policy applies to all personal data processed by Clermont Law, whether submitted through our website, in person, by telephone, or by written correspondence. By engaging our services or using our website, you acknowledge the practices described herein.
For any questions regarding this policy, contact our data officer at [email protected].
Applicable Law
Our data handling practices comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia, as well as relevant professional obligations under the Legal Profession Act 1976. Where clients are based in the European Union, we also observe the General Data Protection Regulation (GDPR) to the extent applicable.
Personal Data We Collect
We may collect the following categories of personal data:
- Identity data: full name, NRIC or passport number, date of birth
- Contact data: postal address, email address, telephone number
- Matter data: legal instructions, case documents, court records, correspondence relevant to your matter
- Financial data: billing information, payment records, fee agreement details
- Technical data: IP address, browser type, pages visited, session duration (collected via website analytics)
- Communication data: enquiry forms submitted via our website, email exchanges, and telephone call records (where permitted)
We do not knowingly collect sensitive personal data (such as health, race, or religion) beyond what is strictly necessary and legally required in the context of a specific matter.
How We Collect Personal Data
Personal data is collected through the following means:
- Enquiry forms submitted on our website
- Direct correspondence via email or post
- In-person consultations and client intake forms
- Documents provided by clients or obtained through legal proceedings
- Cookies and similar technologies on our website (see Cookie section below)
Legal Basis for Processing
We process personal data on the following legal bases:
- Performance of a contract: where processing is necessary to provide legal services you have engaged us for
- Legal obligation: where we are required to process data to comply with professional, regulatory, or statutory requirements
- Consent: where you have given express consent, such as for receiving updates or non-essential communications
- Legitimate interests: where processing is necessary for our reasonable business and professional interests, provided those interests are not overridden by your rights
How We Use Personal Data
Personal data is used for the following purposes:
- Providing legal advice and representation as instructed
- Managing the client relationship and billing matters
- Communicating updates about your matter or our services
- Complying with professional obligations, anti-money laundering checks, and court requirements
- Improving our website and understanding how visitors use it
- Responding to enquiries submitted through our contact form
We do not sell, rent, or trade personal data to third parties for commercial purposes.
Data Sharing and Third Parties
We may share personal data with the following parties in the course of providing legal services:
- Courts, tribunals, and regulatory authorities as required by law or proceedings
- Opposing counsel, where disclosure is required in the matter
- Third-party experts (e.g., forensic analysts, valuers) engaged in connection with your matter, under confidentiality obligations
- Our professional indemnity insurer, if a claim arises
- Website service providers who assist with hosting, analytics, or IT maintenance — under data processing agreements
All third parties with whom we share data are required to maintain appropriate security measures and to use data only for the specified purpose.
Data Retention
Client matter files are retained for a minimum of seven (7) years following the conclusion of a matter, in accordance with professional requirements and applicable limitation periods. Website enquiry data is retained for up to 12 months, unless a client engagement commences, in which case standard matter retention applies.
Data may be retained longer if required by ongoing legal proceedings, regulatory requirements, or a specific written agreement.
Data Protection Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These include:
- Encrypted email and secure document storage
- Access controls limited to authorised personnel on a need-to-know basis
- Regular review of data handling procedures
- Secure disposal of physical documents containing personal data
In the event of a data breach that poses a risk to your rights and interests, we will notify you and the relevant authority in accordance with applicable law.
Cookies
Our website uses cookies to enhance your experience. Cookies are small text files stored on your device. We use essential cookies for site functionality, and optional analytics cookies to understand how visitors use our site. You may manage your cookie preferences at any time via our Cookie Policy page. Withdrawing consent to non-essential cookies does not affect the legal services we provide.
Your Rights
Under the Personal Data Protection Act 2010 and, where applicable, the GDPR, you have the following rights regarding your personal data:
- Right to access: request a copy of the personal data we hold about you
- Right to correction: request that inaccurate or incomplete data be corrected
- Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing
- Right to object: object to processing carried out on the basis of legitimate interests
- Right to erasure: request deletion of your data where there is no lawful basis for continued retention
- Right to portability: receive your data in a structured, machine-readable format (where technically applicable)
- Right to lodge a complaint: contact the Department of Personal Data Protection Malaysia (JPDP) if you believe your rights have been infringed
To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days of receiving a valid request.
Please note that certain rights may be limited by our professional obligations or applicable law, particularly where data is held as part of active legal proceedings.
Children's Privacy
Our services are directed at adults aged 18 and above. We do not knowingly collect personal data from persons under 18. Where a matter involves a minor as a subject (e.g., custody proceedings), data is collected and handled with heightened care and only as necessary for the conduct of that matter.
Third-Party Links
Our website may contain links to external resources, court portals, or legal databases. We are not responsible for the privacy practices of those third-party sites and encourage you to review their respective policies.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised policy will be posted on this page with an updated effective date. Material changes will be communicated to active clients directly where practicable. Continued use of our services after such changes constitutes acceptance of the updated terms.
Contact for Data Enquiries
All enquiries, access requests, or complaints related to personal data should be directed to:
- Clermont Law
- 51 Jalan Sultan Hishamuddin, 50000 Kuala Lumpur, Malaysia
- Email: [email protected]
- Telephone: +60 3-2274 6518