Privacy Policy

1. Introduction

corvaulte ("we", "our", "us") is committed to protecting the privacy of individuals who interact with our firm. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website or engage our legal services.

This policy applies to all personal data processed in connection with our website at https://corvaulte.club and our legal practice based at 53 Jalan Bangsar, 59200 Kuala Lumpur, Malaysia. We process personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

If you have any questions about this policy, you may contact us at [email protected].

2. Data We Collect

We may collect the following categories of personal data:

Information you provide directly: When you contact us through our website form, by email, or by telephone, we may collect your name, email address, telephone number, and the content of your message or enquiry.

Information from legal engagements: If you instruct us as your legal advisers, we may collect additional information relevant to your matter, including identification documents, medical records (for negligence claims), business records (for franchise matters), and legal documents (for notarial services).

Technical information: When you visit our website, we may collect your IP address, browser type, operating system, pages visited, and time spent on the site through cookies and analytics tools.

3. How We Use Your Data

We use personal data for the following purposes:

To respond to your enquiries and communicate with you about potential or ongoing legal matters. To provide our legal services, including medical negligence claims, franchise law advisory, and notarial services. To comply with our legal and regulatory obligations as a law firm regulated by the Bar Council of Malaysia. To improve our website and understand how visitors use it. To send you relevant updates about our services, but only where you have given us consent to do so.

The legal basis for processing your data under the PDPA includes: your consent; the performance of a contract or steps taken at your request prior to entering a contract; compliance with legal obligations; and our legitimate interests in operating and improving our practice.

4. Data Sharing

We do not sell or rent your personal data to third parties. We may share your data in limited circumstances:

With independent medical experts, where necessary for the preparation of medical negligence claims, and only with your informed consent. With the Registrar of Franchises or other regulatory bodies, where required for franchise registration and compliance. With courts and opposing parties, where necessary for the conduct of legal proceedings. With apostille authorities and foreign legal practitioners, where required for notarial services involving cross-border documents. With our professional indemnity insurers and the Bar Council of Malaysia, where required by professional regulations.

We may also share anonymised, aggregated data with analytics providers for the purpose of understanding website usage. This data cannot be used to identify you personally.

5. Data Protection Measures

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information, including encrypted storage for digital records, access controls limiting data access to authorised personnel only, secure communication channels for sensitive documents, regular review of our data handling procedures, and physical security measures at our office premises.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities in accordance with applicable law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. For website enquiries that do not lead to a legal engagement, we retain your information for up to twelve months. For legal matters, we retain client files for a period of seven years following the conclusion of the matter, in accordance with professional guidelines and regulatory requirements. Cookie data and analytics information are retained for the periods specified in our Cookie Policy.

7. Cookies

Our website uses cookies and similar technologies to improve your browsing experience and to understand how visitors interact with our site. For detailed information about the cookies we use, how to manage them, and your choices regarding cookies, please refer to our Cookie Policy.

8. Your Rights

Under the PDPA and applicable data protection laws, you have the following rights in relation to your personal data:

Right of access: You may request a copy of the personal data we hold about you.

Right to correction: You may request that we correct any inaccurate or incomplete personal data.

Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time.

Right to prevent processing: You may object to the processing of your personal data in certain circumstances.

Right to lodge a complaint: You have the right to lodge a complaint with the Department of Personal Data Protection (JPDP) if you believe your data has been processed unlawfully.

To exercise any of these rights, please contact us at [email protected] or write to us at our office address. We will respond to your request within a reasonable timeframe.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are directed at individuals aged 18 and above. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact Information

Data Controller: corvaulte

Address: 53 Jalan Bangsar, 59200 Kuala Lumpur, Malaysia

Email: [email protected]

Phone: +60 3-2282 4569

The relevant supervisory authority for data protection matters in Malaysia is the Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi, JPDP), which operates under the Ministry of Communications and Digital.