Legal
Privacy Policy
Last Updated: 8 March 2025 | Effective Date: 8 March 2025
Stonehelm ("we", "our", or "us") is committed to protecting the personal data of our clients, prospective clients, and website visitors. This Privacy Policy explains what personal data we collect, how we use it, and the rights available to you under Malaysian law — in particular, the Personal Data Protection Act 2010 (PDPA).
1. Who We Are
Stonehelm is a law firm based in Kuala Lumpur, Malaysia. Our registered address is 48 Jalan Hang Tuah, 55200 Kuala Lumpur, Malaysia. For data protection enquiries, contact us at privacy@stonehelm.
2. Data We Collect
We may collect the following categories of personal data:
- Name, email address, and telephone number submitted via contact forms or direct communication
- Business information provided in the course of an enquiry or engagement
- Identification documents where required by law or for client onboarding
- Correspondence and communication records
- Technical data including IP address, browser type, and pages visited (collected via cookies and analytics tools)
We collect only the data necessary for the purposes described below.
3. How We Collect Data
- Through contact forms and enquiry submissions on our website
- Through direct correspondence by email or telephone
- Through the formal client engagement and onboarding process
- Automatically, through cookies and website analytics tools when you visit our website
4. Legal Basis for Processing
- Consent: Where you have provided consent for us to contact you or use your data for a specific purpose
- Contractual necessity: Where processing is required to perform a legal engagement or respond to your enquiry
- Legitimate interests: For website analytics and improving our services, where not overridden by your interests
- Legal obligations: Where we are required to process data to comply with applicable law
5. How We Use Your Data
- Responding to your enquiries and communications
- Conducting client onboarding, due diligence, and conflict checks
- Providing legal services under an engagement agreement
- Managing our legal practice and internal records
- Complying with legal and regulatory obligations
- Improving the content and functionality of our website (via anonymised analytics data)
6. Data Sharing
We do not sell personal data. We may share personal data in the following circumstances:
- With courts, regulatory bodies, and counterparties as required in the course of legal proceedings or regulatory compliance
- With IT and technology service providers who assist in operating our systems, under confidentiality obligations
- With professional advisers (accountants, barristers, co-counsel) where necessary for your matter
- Where required by law or court order
7. Data Retention
We retain personal data for as long as necessary for the purposes for which it was collected. For client matter files, this is generally seven years from the conclusion of an engagement, in accordance with professional practice requirements. Website enquiry data is retained for 12 months unless a client relationship results.
8. Cookies
Our website uses cookies to support basic functionality and to understand how visitors use the site. You can manage your cookie preferences at any time via our Cookie Policy page.
9. Your Rights
Under the PDPA and applicable Malaysian law, you have the following rights in relation to your personal data:
- Right of access: You may request a copy of the personal data we hold about you
- Right to correction: You may request correction of inaccurate or incomplete data
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
- Right to object: You may object to certain types of processing, including direct marketing
- Right to complain: You may lodge a complaint with the Personal Data Protection Commissioner of Malaysia
To exercise any of these rights, contact us at privacy@stonehelm.
10. Data Security
We maintain appropriate technical and organisational measures to protect personal data against loss, unauthorised access, disclosure, and alteration. These include secure file storage, access controls, and confidentiality obligations for all staff. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required under applicable law.
11. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend that you review their privacy policies directly.
12. Children's Privacy
Our services are intended for persons aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to us, please contact us promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The date of the most recent update appears at the top of this page. Where changes are material, we will communicate them via our website.
14. Contact
For any questions or requests relating to this Privacy Policy or the handling of your personal data, please contact:
Stonehelm
48 Jalan Hang Tuah, 55200 Kuala Lumpur, Malaysia
Email: privacy@stonehelm
Phone: +60 3-5182 7364