T
Thenlaw Contact Us

Legal & Compliance

Privacy Policy

Last Updated: 18 March 2026  |  Effective Date: 18 March 2026

Thenlaw (“we,” “us,” or “our”) respects your privacy and is committed to handling your personal data with care and transparency. This Privacy Policy explains how we collect, use, store, and protect information when you interact with our website or engage our legal advisory services. It applies to all individuals whose data we process in connection with our services.

1. Data Controller

The data controller responsible for your personal data is:

Thenlaw
21 Jalan Pudu, 55100 Kuala Lumpur, Malaysia
Email: [email protected]
Phone: +60 3-8472 6139

2. Personal Data We Collect

We collect personal data through your interactions with our website and when you engage our services. This may include:

  • Identity data: Full name, designation, and organisation name.
  • Contact data: Email address, phone number, and postal address.
  • Enquiry data: Information you share in your message or consultation request.
  • Technical data: IP address, browser type, pages visited, and session duration collected via cookies and analytics tools.
  • Communication data: Records of correspondence between you and Thenlaw.

3. How We Collect Your Data

  • Website contact and enquiry forms submitted directly by you.
  • Email and telephone communications initiated by you.
  • Cookies and analytics tools when you browse our website.
  • Referrals from third parties with your knowledge and consent.

4. Legal Basis for Processing

We process your personal data on the following grounds under the Personal Data Protection Act 2010 (PDPA) of Malaysia:

  • Consent: Where you have provided explicit consent to the processing of your data.
  • Contractual necessity: Where processing is necessary to deliver the legal services you have engaged us for.
  • Legitimate interest: For improving our services, website security, and communication management, where your interests are not overridden.
  • Legal obligation: Where we are required to process data to comply with applicable Malaysian laws or regulatory requirements.

5. How We Use Your Personal Data

  • To respond to your enquiries and provide the legal advisory services you have requested.
  • To manage our client relationship and maintain records as required by professional obligations.
  • To send service-related communications, including updates on your matter.
  • To improve our website, services, and internal processes using aggregated analytics.
  • To comply with legal, regulatory, or court-ordered requirements.
  • To detect, investigate, and prevent fraudulent or unauthorised activity on our systems.

6. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy, and in accordance with applicable laws. Client matter records are generally retained for a minimum of seven (7) years after the close of a matter, consistent with Malaysian legal professional requirements. Website enquiry data not resulting in an engagement is held for up to twelve (12) months. Analytics and technical data are retained for no longer than twenty-six (26) months. Upon expiry of the applicable retention period, data is securely deleted or anonymised.

7. Data Sharing and Third Parties

We do not sell or rent your personal data. We may share data in the following circumstances:

  • Service providers: Trusted third-party vendors who assist with website hosting, analytics, or communications — bound by confidentiality agreements.
  • Regulatory bodies: Where required by Malaysian law, court order, or regulatory authority.
  • Professional advisors: Where co-counsel or subject matter experts are engaged in connection with your matter, with your knowledge.
  • Business transfers: In the event of a firm restructuring or transfer of practice, your data may be transferred with appropriate safeguards in place.

Analytics may be processed by Google Analytics. You may review Google's privacy practices at policies.google.com/privacy.

8. Data Protection Measures

We take reasonable technical and organisational steps to protect your personal data from unauthorised access, loss, disclosure, or misuse. These include:

  • Secure HTTPS transmission for all website communications.
  • Access controls limiting data access to authorised personnel only.
  • Regular review of our data handling practices and security posture.
  • Confidentiality obligations binding all personnel who handle client data.
  • Procedures for detecting, reporting, and responding to personal data incidents.

9. Cookies

Our website uses cookies to support basic functionality, understand how visitors interact with our pages, and improve your experience. Essential cookies are always active. Analytics, marketing, and preference cookies are optional and subject to your consent. You may manage your cookie preferences at any time through our Cookie Policy page. Continuing to use the website without changing your settings is taken as acceptance of essential cookies only.

10. Your Rights Under Malaysian Law

Under the Personal Data Protection Act 2010 (PDPA), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that inaccurate or incomplete data be corrected.
  • Withdrawal of consent: Withdraw consent to processing at any time, where consent is the basis for processing.
  • Restriction of processing: Request that we limit how we use your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests where your situation warrants it.

To exercise any of these rights, please contact us at [email protected]. We will respond within a reasonable timeframe in accordance with our obligations under the PDPA. Please note that certain rights may be subject to legal or professional restrictions.

If you are dissatisfied with our response, you may direct a complaint to the Department of Personal Data Protection Malaysia (www.pdp.gov.my).

11. Third-Party Links

Our website may contain links to external websites, regulatory bodies, or resources not operated by Thenlaw. We are not responsible for the privacy practices of those third-party sites and encourage you to review their respective privacy notices before submitting any personal information.

12. Children's Privacy

Our services are directed to individuals aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If you believe that a minor has submitted data through our website, please contact us and we will arrange for its prompt removal.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we do, the revised policy will be published on this page with an updated “Last Updated” date. We recommend checking this page periodically. For material changes affecting how we handle your data, we will make reasonable efforts to notify you directly.

14. Contact Us

For questions, requests, or concerns regarding this Privacy Policy or our data handling practices:

[email protected]
+60 3-8472 6139
21 Jalan Pudu, 55100 Kuala Lumpur, Malaysia