Privacy Policy

1. Introduction

Mestika Legal ("we", "us", "our") is a legal practice registered in Malaysia and operating from No. 18, Jalan Masjid India, 50100 Kuala Lumpur. We are the data controller in respect of personal data collected through this website and in the course of our advisory engagements.

This Privacy Policy applies to information collected via our website at https://mestikalis.club, through our contact forms, and through direct communications. By using our website or contacting us, you acknowledge the practices described in this policy.

For questions about this policy, please contact us at [email protected].

2. Data We Collect

We may collect the following categories of personal data:

• Contact information — name, email address, telephone number
• Enquiry content — the message or description of your enquiry submitted through our contact form
• Technical data — IP address, browser type, pages visited, session duration (via analytics tools)
• Communication records — correspondence via email or telephone, where relevant to an engagement

We do not collect sensitive personal data such as national identity numbers, financial account credentials, or medical information through this website.

3. How We Collect Data

• Contact forms — when you submit an enquiry on our website
• Direct communication — when you email or telephone us
• Analytics tools — automated collection of browsing behaviour via Google Analytics (anonymised)
• Advertising pixels — where enabled, Facebook Pixel and Microsoft Bing Pixel may record page visits for advertising attribution purposes

4. Legal Basis for Processing

Under Malaysia's PDPA 2010, we process your personal data on the following grounds:

• Consent — where you have provided explicit consent (e.g., by submitting our contact form and agreeing to our terms)
• Legitimate interest — for website analytics to improve our services and for responding to enquiries about our practice
• Legal obligation — where processing is required to comply with applicable laws, professional regulations, or court orders

5. How We Use Your Data

• Responding to your enquiries and facilitating the provision of legal advisory services
• Maintaining records of communications relevant to our engagement with you
• Improving our website and understanding how visitors engage with our content
• Complying with our professional obligations as a regulated legal practice
• Sending relevant updates or publications where you have consented to receive them

We do not use your personal data for automated decision-making or profiling.

6. Data Sharing with Third Parties

We may share limited personal data with the following categories of recipients:

• Google LLC — for website analytics via Google Analytics. Data is processed under Google's privacy terms and may be subject to data transfer safeguards.
• Meta Platforms Ireland Ltd — for advertising attribution via Facebook Pixel, where enabled. You may opt out via cookie preferences.
• Microsoft Corporation — for advertising attribution via Bing Pixel, where enabled.
• Professional advisors — legal, compliance, or IT service providers engaged to support our operations, under contractual confidentiality obligations.

We do not sell your personal data to third parties. We do not share your data with other law firms or advisory practices without your prior consent.

7. Data Retention

We retain personal data for the following periods:

• Enquiry data — 12 months from the date of initial contact, unless an engagement commences
• Engagement-related data — 7 years from the conclusion of the engagement, in line with professional record-keeping requirements
• Analytics data — 14 months, as per Google Analytics default retention settings

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

8. Data Protection Measures

• Encrypted data transmission via HTTPS on all pages of our website
• Access to personal data restricted to authorised personnel within Mestika Legal
• Third-party service providers are assessed for data protection compliance before engagement
• Internal procedures for responding to data breaches, including notification obligations where required under PDPA 2010

9. Cookies

Our website uses cookies to support functionality, analytics, and advertising measurement. You may manage your cookie preferences at any time via our Cookie Policy page.

Essential cookies are required for basic site operation and cannot be disabled. All other cookie categories are optional and subject to your consent.

10. Your Rights Under PDPA 2010

As a data subject under Malaysia's Personal Data Protection Act 2010, you have the following rights:

• Right of access — to request a copy of the personal data we hold about you
• Right of correction — to request correction of inaccurate or incomplete personal data
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time (this does not affect the lawfulness of processing prior to withdrawal)
• Right to limit processing — to request that we cease using your data for direct marketing purposes
• Right to lodge a complaint — with the Department of Personal Data Protection (PDPDP) Malaysia if you believe your rights have been infringed

To exercise any of the above rights, please contact us at [email protected]. We will respond within 21 days of receiving your request.

11. Third-Party Links

Our website may contain links to external resources such as Bank Negara Malaysia's publications or Securities Commission Malaysia's filing portals. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy notices of any external sites you visit.

12. Children's Privacy

Our services are directed at legal entities and professionals within the financial services sector. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data to us, please contact us and we will promptly remove the relevant information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website following an update constitutes acceptance of the revised policy.

14. Contact Us

For data protection enquiries or to exercise your rights, please contact:

• Email: [email protected]
• Telephone: +60 3-2692 4175
• Post: Mestika Legal, No. 18, Jalan Masjid India, 50100 Kuala Lumpur, Malaysia