Privacy Policy

1. Introduction

Legacy Forge is committed to handling the personal information of clients and website visitors with care and discretion. This Privacy Policy describes what personal data we collect, how we use it, how it is protected, and what rights you hold in relation to it. The policy applies to all personal data processed by Legacy Forge in the course of operating this website and providing legal services in connection with pension matters.

This policy is governed by the Personal Data Protection Act 2010 of Malaysia (PDPA). By using this website or enquiring about our services, you acknowledge the practices described here.

2. Data We Collect

We collect personal data only where it is necessary for the provision of our services or the operation of this website. The categories of data we may collect include:

• Full name and contact details (email address, telephone number)
• Postal address where provided in an enquiry
• Details of your pension matter as disclosed in correspondence
• Website usage data collected via analytics cookies (see Cookie Policy)
• Records of communications sent to and received from you

We do not collect sensitive financial data, payment card details, or identity document information through this website.

3. How We Use Personal Data

Personal data collected through this website or through direct correspondence is used for the following purposes:

• To respond to enquiries submitted through the contact form or by telephone
• To carry out the legal services agreed with you
• To maintain records of completed engagements as required by professional obligations
• To improve the functionality and content of this website through anonymised analytics
• To comply with any applicable legal or regulatory obligations

We do not use personal data for direct marketing, do not sell data to third parties, and do not use automated decision-making processes in relation to any individual.

4. Legal Basis for Processing

Under the PDPA 2010, personal data is processed on the following bases:

• Consent — where you have provided information voluntarily through the contact form or by correspondence
• Contractual necessity — where processing is required to carry out services agreed with you
• Legal obligation — where retention is required by professional standards or applicable law
• Legitimate interests — for the operation and improvement of this website, where those interests do not override your rights

5. Data Retention

Personal data is retained for as long as necessary for the purpose for which it was collected. Client matter files are retained for a minimum of seven years following the close of an engagement, in accordance with professional legal practice requirements in Malaysia. Website enquiry data that does not result in an engagement is retained for no more than twelve months from receipt.

6. Third-Party Services

We use a limited number of third-party services in the operation of this website. These may include analytics providers, web hosting providers, and communication platforms. Each is engaged under terms that require them to handle personal data in accordance with applicable data protection law. We do not share personal data with third parties for marketing or commercial purposes. Third-party services used include Google Analytics (usage data) and Google Maps (mapping functionality on our home page).

7. Cookies

This website uses cookies to support its basic functionality and, where consent is given, to collect anonymised usage analytics. Full details of the cookies used and the choices available to you are set out in our Cookie Policy. You may withdraw your cookie consent at any time through the preferences page.

8. Data Security

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss. These include access controls, secure document handling procedures, and regular review of our security practices. In the event of a data breach that is likely to affect your rights, we will notify you as required by applicable law.

9. Your Rights

Under the PDPA 2010 and related legislation, you hold the following rights in connection with your personal data:

• The right to access a copy of personal data held about you
• The right to request correction of inaccurate or incomplete data
• The right to withdraw consent to processing where consent is the basis for processing
• The right to object to processing for certain purposes
• The right to lodge a complaint with the relevant supervisory authority — the Department of Personal Data Protection Malaysia (JPDP)

To exercise any of these rights, please contact us using the details below.

10. Third-Party Links

This website may contain links to external websites. We are not responsible for the privacy practices of those websites, and this policy does not apply to them. We encourage you to read the privacy policies of any external site you visit.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data through this website, please contact us and we will take steps to remove it promptly.

12. Changes to This Policy

This policy may be updated from time to time. Where material changes are made, the updated version will be published on this page with a revised date. Continued use of this website after publication of an updated policy constitutes acceptance of the revised terms.