Privacy Policy

1. Introduction

Benteng Emas ("the Firm", "we", "us") is committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it.

This policy applies to individuals who contact us, submit enquiries through our website, or engage us to provide legal services. Questions about this policy may be directed to [email protected].

2. Data We Collect

Personal information you provide:

• Full name and contact details (phone, email, address)
• Details of your employment history or pension matter as relevant to your enquiry
• Copies of documents you share (pension statements, scheme rules, correspondence)
• Information exchanged during consultations or in correspondence

Information collected automatically:

• Browser type and device information when you visit our website
• Pages visited and approximate session duration (via analytics cookies, if consented)
• IP address (retained for a limited period for security purposes)

We do not collect special category personal data beyond what is strictly relevant to the legal matter you have brought to us.

3. How We Use Your Data

We process personal data for the following purposes:

• Service delivery: to assess your pension matter, prepare advisory notes, opinions, and submissions, and handle your engagement with the Firm
• Communication: to respond to your enquiries and keep you updated on your matter
• Legal compliance: to meet obligations under the Legal Profession Act 1976, the PDPA 2010, and any applicable court or regulatory requirements
• Record-keeping: to maintain files in accordance with professional requirements for a minimum of seven years after the conclusion of each matter
• Website analytics: to understand how our site is used and improve its content (subject to your cookie consent)

We do not use personal data for profiling, automated decision-making, or marketing to existing or prospective clients beyond the lawful basis for each engagement.

4. Legal Basis for Processing

• Contract performance: processing necessary to deliver the legal service you have engaged
• Consent: for communications where you have indicated agreement, and for non-essential cookies
• Legitimate interest: for internal record-keeping, conflict checks, and security purposes
• Legal obligation: where Malaysian law or professional rules require retention or disclosure of information

5. Sharing of Personal Data

We do not sell, rent, or trade personal data. Data may be shared only in the following circumstances:

• With regulators, courts, or counterparties as required by the legal matter you have instructed us to handle
• With third-party service providers who support our practice (e.g., secure document storage, email hosting) under strict data processing agreements
• Where required by Malaysian law, court order, or professional regulatory body

Any third-party providers used are required to protect data to a standard consistent with this policy and the PDPA 2010.

6. Data Retention

Client files are retained for a minimum of seven years following the conclusion of each matter, in accordance with Malaysian legal professional practice requirements. Website enquiry data is retained for a period of twelve months if no engagement is initiated. Analytics data is retained in aggregated, anonymised form.

7. Cookies

Our website uses cookies to support basic site functionality and, with your consent, to collect analytics information about site usage. You can manage your cookie preferences at any time through our Cookie Policy page. Essential cookies cannot be disabled as they are necessary for the site to function.

8. Your Rights Under the PDPA 2010

Under the Personal Data Protection Act 2010 (Malaysia), you have the right to:

• Access personal data held about you
• Correct inaccurate or incomplete data
• Withdraw consent for processing based on consent (this does not affect lawfulness of prior processing)
• Request that processing be limited in certain circumstances
• Lodge a complaint with the Department of Personal Data Protection Malaysia

To exercise any of these rights, write to [email protected]. We will respond within fourteen working days.

Legal professional privilege may limit the extent to which certain information in a client file can be disclosed under an access request, in accordance with applicable law.

9. Data Security

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. These include password-protected document management systems, restricted access to client files, and secure email communications for sensitive correspondence. In the event of a data breach that poses a risk to your rights, we will notify affected individuals and, where required, the relevant authority within a reasonable time.

10. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any site you visit.

11. Children

Our legal services are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted data to us, please contact us so that we can take appropriate steps.

12. Changes to This Policy

We may update this policy from time to time to reflect changes in law or our practices. The updated policy will be published on this page with a revised "Last Updated" date. Continued use of our services following publication of changes constitutes acceptance of the updated policy.

13. Contact

For questions, requests, or complaints regarding this policy:

• Email: [email protected]
• Address: Lebuh Pantai, 10300 George Town, Penang, Malaysia
• Telephone: +60 4-264 5173