Legal
Privacy Policy
Last Updated: 14 February 2026 | Jaya Counsel
This policy explains how Jaya Counsel collects, uses, discloses, and safeguards your personal data. It is prepared in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using our website or submitting an enquiry, you acknowledge that you have read and understood this policy.
1. Data Controller
The data controller responsible for your personal data is:
Jaya Counsel
No. 5, Jalan PJU 5/1, Dataran Sunway, Kota Damansara, 47810 Petaling Jaya, Selangor, Malaysia
Email: [email protected]
Phone: +60 3-6151 7284
Jaya Counsel is a Malaysian law firm operating under the Legal Profession Act 1976. All personal data processed by this firm is subject to the professional conduct obligations applicable to Malaysian solicitors, in addition to the PDPA 2010.
2. Personal Data We Collect
We collect personal data that you provide directly to us and data collected automatically when you visit our website.
Data You Provide
- Your name and contact details (email address, telephone number)
- The subject of your enquiry and any information you include in your message
- Business name or role, where provided voluntarily
Data Collected Automatically
- Browser type, device type, and operating system
- IP address and approximate geographic location (country / city level)
- Pages visited, time spent on site, and referring URL
- Cookie-related data as described in our Cookie Policy
Data from Third Parties
We do not purchase personal data from data brokers or third-party marketing lists.
3. Legal Basis for Processing
Under the PDPA 2010, we process your personal data on the following bases:
- Consent — where you have submitted a contact form or consented to analytics cookies
- Contractual necessity — where processing is required to respond to your enquiry and, if engaged, to provide legal services
- Legitimate interests — for website security, fraud prevention, and improving our services, balanced against your rights
- Legal obligation — where we are required by law or professional rules to retain certain records
4. How We Use Your Personal Data
We use your personal data for the following purposes:
- Responding to your enquiries and communicating with you about potential or existing matters
- Providing legal advisory services where an engagement has been established
- Maintaining client and matter records as required by professional obligations
- Analysing website usage to identify technical issues and improve the site (analytics cookies only, where consented)
- Complying with anti-money laundering obligations under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) where applicable
- Responding to lawful requests from regulatory or enforcement authorities
We do not use your personal data for unsolicited marketing communications. If we send any service-related communications, you may opt out at any time by contacting us at [email protected].
5. Data Retention
- Enquiry data — retained for 12 months from the date of last contact if no engagement follows
- Client matter records — retained for 7 years from the conclusion of the matter, in accordance with professional obligations and limitation period considerations under the Limitation Act 1953
- Analytics data — retained for up to 26 months as configured in our analytics platform
- Cookie preference data — retained in your browser's local storage until you clear it
When data is no longer required, it is securely deleted or anonymised.
6. Sharing Your Personal Data
We do not sell your personal data. We share it only in the following limited circumstances:
- Service providers — hosting providers, email service providers, and analytics platforms who process data on our behalf under data processing agreements
- Legal and regulatory obligations — disclosure to courts, the Bar Council Malaysia, the Registrar of Franchises, or other authorities where required by law or court order
- Matter-related third parties — where you have engaged us and disclosure to opposing parties, courts, or mediators is necessary to conduct your matter
- Professional advisers — in limited circumstances where external specialist advice is required on a confidential basis
Any third party receiving your data is required to maintain appropriate security measures and use data only for the specified purpose.
7. Security Measures
We take the security of your personal data seriously and implement the following measures:
- HTTPS encryption for all data transmitted to and from this website
- Access controls limiting data access to personnel with a genuine need
- Secure storage systems for client matter records
- Regular review of third-party service providers' security practices
No data transmission over the internet is completely without risk. In the event of a data breach affecting your personal data, we will notify the Personal Data Protection Department (JPDP) and, where required, notify you directly in accordance with our obligations under the PDPA 2010.
8. Cookies
Our website uses cookies to function correctly and, where you consent, to analyse website usage. A full explanation of the cookies we use and how to manage them is available in our Cookie Policy.
9. Your Rights Under the PDPA 2010
As a data subject under the PDPA 2010, you have the following rights:
- Right of access — to request a copy of the personal data we hold about you
- Right to correction — to request that inaccurate or incomplete data be corrected
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
- Right to prevent processing — to object to processing that is causing or likely to cause damage or distress
- Right to prevent direct marketing — to opt out of any marketing communications
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days of receiving a written request. We may request verification of your identity before processing a request.
If you are dissatisfied with how we handle a request or a complaint, you may refer the matter to the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi) at pdp.gov.my.
10. Third-Party Links
Our website may contain links to third-party websites, including the Malaysian government's franchise registry portal and court systems. We are not responsible for the privacy practices of those websites. We recommend reviewing the privacy policy of any third-party site you visit.
11. Minors
Our services are directed at businesses and individuals aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that a minor has submitted personal data through this website, we will delete it promptly.
12. International Data Transfers
Our primary operations are in Malaysia. Where data is processed by third-party service providers whose infrastructure is located outside Malaysia (for example, cloud hosting services), we ensure such transfers comply with the provisions of the PDPA 2010 on data transfer outside Malaysia, and that appropriate safeguards are in place.
13. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or the law. The most current version will always be available on this page, with the "Last Updated" date revised accordingly. Continued use of our website after any change constitutes acceptance of the updated policy.
14. Contact Us
For any privacy-related queries, requests to exercise your rights, or to report a concern:
Jaya Counsel — Privacy Matters
Email: [email protected]
Phone: +60 3-6151 7284
Address: No. 5, Jalan PJU 5/1, Dataran Sunway, Kota Damansara, 47810 Petaling Jaya, Selangor
We aim to respond to all privacy enquiries within 10 working days.