Privacy Policy

1. Introduction and Data Controller

Satria Firm ("the Firm", "we", "us", or "our") is a legal practice registered in Malaysia, operating from Level 6, Wisma MCA, 163 Jalan Ampang, 50450 Kuala Lumpur. We are the data controller for personal data collected through our website and in the course of providing legal services.

We treat the protection of personal data as a professional obligation. This policy explains what data we collect, why we collect it, how it is used, and your rights under Malaysian law.

If you have questions regarding this policy, please contact us at: [email protected]

2. Scope of This Policy

This policy applies to:

• Visitors to our website at satriafirmin.sbs
• Individuals who submit enquiry forms or contact us through the website
• Clients and prospective clients engaged in or considering legal services
• Business contacts and professional correspondents

It does not apply to third-party websites linked from our site. We are not responsible for the privacy practices of external parties.

3. Personal Data We Collect

3.1 Data Provided Directly

When you contact us through the website or engage our services, we may collect:

• Full name
• Email address
• Phone number (where provided)
• Company name or organisation (where applicable)
• Details of your enquiry or legal matter
• Correspondence and instructions you provide during an engagement

3.2 Data Collected Automatically

When you visit our website, certain technical data is collected automatically:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and time spent on the site
• Referring URL (the page that directed you to our site)
• Cookie data (see our Cookie Policy for details)

3.3 Data Collected from Third Parties

In some matters, particularly where legal representation involves multiple parties, we may receive data from opposing parties, courts, government agencies, or instructing solicitors. Such data is handled in accordance with this policy and applicable professional obligations.

4. Legal Basis for Processing

Under the Personal Data Protection Act 2010 (PDPA), we process personal data on the following bases:

• Consent: Where you have submitted an enquiry form or have provided information for a specific purpose
• Contract performance: Where processing is necessary to provide legal services you have engaged us for
• Legitimate interest: For website analytics, client communication, and professional administration
• Legal obligation: Where we are required to retain records under applicable law or professional regulations

5. How We Use Personal Data

We use the data we collect to:

• Respond to your enquiries and communicate about your legal matter
• Provide legal advisory, adjudication support, and infrastructure project services
• Maintain client records and matter files as required by professional standards
• Conduct conflict-of-interest checks prior to accepting instructions
• Comply with anti-money laundering and client due diligence obligations
• Improve our website and understand how visitors interact with our content
• Send updates or information relevant to your engagement (not unsolicited marketing)

6. Data Retention

We retain personal data for as long as it is necessary for the purpose collected, or as required by law or professional standards:

• Enquiry records: Up to 12 months if no engagement follows
• Active client files: Duration of engagement plus 7 years, in accordance with Malaysian legal professional obligations
• Website analytics data: Up to 26 months (Google Analytics default)
• Cookie consent records: Stored locally in your browser; cleared when you clear browser data

After the applicable retention period, data is securely deleted or anonymised.

7. Sharing of Personal Data

We do not sell personal data to third parties. We may share data in the following circumstances:

• Courts and tribunals: Where required in the course of legal proceedings
• Government and regulatory bodies: Where required by law (e.g., Land Office, DOE, CIDB)
• Professional advisers: Other solicitors, consultants, or experts engaged with your consent
• Service providers: IT systems, cloud storage, and analytics providers who process data on our behalf under data processing agreements

Any third party processing data on our behalf is required to maintain appropriate data security measures.

8. Third-Party Services

Our website uses the following third-party services which may process your data:

• Google Analytics (GA4): Website usage statistics. Data may be stored on servers outside Malaysia.
• Google Maps: Location display functionality. Governed by Google's Privacy Policy.
• Meta (Facebook) Pixel: May be used for website analytics. Governed by Meta's data policy.
• Google Fonts & Font Awesome: Font delivery services that may log IP addresses.

We encourage you to review the privacy policies of these third parties if you wish to understand how they handle your data.

9. Data Protection Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, loss, or alteration. These include:

• Encrypted data transmission (SSL/TLS) for website communications
• Access controls limiting data access to authorised personnel
• Secure document management for client files
• Regular review of data handling practices

In the event of a data breach that may affect your rights, we will notify affected individuals and, where required, the relevant authorities, without undue delay.

10. Cookies

Our website uses cookies to support basic functionality and to understand how visitors use the site. Cookies are small text files stored on your device.

We use essential cookies (required for the site to function) and optional analytics and preference cookies. You can manage your cookie preferences via our Cookie Policy page, which includes functional preference toggles.

11. Your Rights Under PDPA 2010

The Personal Data Protection Act 2010 provides the following rights, which you may exercise by contacting us at [email protected]:

• Right of access: You may request a copy of personal data we hold about you
• Right of correction: You may request correction of inaccurate or incomplete data
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing
• Right to object: You may object to processing for direct marketing purposes
• Right to limit processing: In certain circumstances, you may request that we restrict processing of your data

We will respond to data access or correction requests within 21 days. There may be circumstances where we are unable to comply with a request, for example where data must be retained for professional or legal reasons.

12. Children's Privacy

Our website and services are directed at business and professional users. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data through our website, please contact us and we will delete the relevant records.

13. International Data Transfers

Some third-party services we use (such as Google Analytics) may transfer data outside Malaysia. Where this occurs, we satisfy ourselves that adequate protections are in place consistent with PDPA requirements and the nature of the data transferred.

14. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised "Last Updated" date. Continued use of our website following any update constitutes acceptance of the revised policy.

15. Contact for Privacy Matters

For questions, requests, or concerns regarding this policy or the handling of your personal data, please contact us: