Privacy Policy

Privacy Policy

This Privacy Policy (“Policy”) sets out how we collect, process and use personal data in accordance with the Personal Data Protection Act 2010 (“PDPA”).

By providing us with your personal data, communicating with us, using our website at www.ganandlee.com, or engaging us to provide services, you consent to the processing of your personal data in accordance with this Policy.

We may update this Policy from time to time to reflect changes in law or our practices. The latest version will be published on our website. By continuing to engage our services, communicate with us, or use our website, you are deemed to have read and accepted the amendments to this Policy (if any).

1. Collection of Personal Data
We may collect or request your personal data, which may include:

  • personal details such as name, date of birth, gender, nationality, address, email, NRIC/ passport number, contact details, occupation, designation, and bank account details;
  • information relevant or required for our appointment and the provision of legal services;
  • information required for compliance with legal and regulatory requirements;
  • information provided in connection with recruitment, employment, or internship applications (e.g. CVs, qualifications and references); and
  • any additional information about you that is not already available in the public domain.

Certain personal data is mandatory for us to provide our services, to process recruitment or employment applications, or to comply with legal and regulatory requirements. Failure to provide such information may result in our inability to provide the requested services, consider your application, or continue our engagement with you.

2. Purposes of Collecting and Processing Personal Data
We may process your personal data for the following purposes:

  • providing legal services and corresponding with you or your representatives;
  • responding to your enquiries;
  • maintaining our internal records and administration;
  • billing, payments, accounting, taxation, and audit purposes;
  • complying with legal and regulatory requirements, and professional obligations;
  • conducting client due diligence, identity verification, conflict checks, and internal compliance reviews;
  • organising or facilitating events, conferences, seminars, or client programmes;
  • sending newsletters, articles or legal updates;
  • acting as referees for legal directories or publications;
  • recruitment and employment-related purposes, including processing job applications, HR administration, and staff management; and
  • any other purposes incidental or related to the above.

3. Disclosure to Third Parties
We acknowledge the confidentiality of your personal data and will not disclose it to third parties except where necessary for the purposes set out in this Policy, where required by law, or with your consent. In such cases, disclosure may be made to:

  • our professional advisers, solicitors, auditors, bankers, insurers or consultants;
  • IT and cloud service providers supporting our systems and infrastructure;
  • data processors engaged to process your personal data on our behalf;
  • foreign law firms or professional advisers, where cross-border matters are involved;
  • government agencies, courts, tribunals, regulators and statutory authorities, to the extent necessary to comply with legal and regulatory requirements;
  • parties necessary for the enforcement or protection of our legal rights and claims; and
  • parties you have authorised or consented for us to disclose your personal data to.

4. Transfer of Personal Data
Your personal data may be transferred outside Malaysia where required for the purposes set out in this Policy, including where foreign counsels, professional advisers, cloud service providers, or legal directories and publications are located overseas.

We will take all reasonable and practical steps to ensure that such transfers are carried out in compliance with the PDPA and subject to appropriate safeguards to protect the security of your personal data.

5. Security and Retention of Personal Data
We are committed to protecting the personal data you provide and apply safeguards to ensure it remains secure throughout our processing.

We will retain your personal data for as long as necessary to fulfil the purposes set out in this Policy, to protect our interests, or to comply with legal, regulatory, tax, or accounting requirements.

When your personal data is no longer required for these purposes, we will ensure that it is permanently deleted or securely destroyed.

6. Data Breach Notification
If a personal data breach occurs that is likely to result in significant harm, we will notify the Personal Data Protection Commissioner within the timeframe required under the PDPA and, where necessary, inform you as soon as practicable.

7. Your Rights
You have the right to:

  • request access to your personal data we hold;
  • request amendment or update of any of your personal data that is inaccurate, incomplete, misleading, or out of date; and
  • withdraw your consent or limit the use of your personal data, subject to legal, contractual, or regulatory restrictions.

We will respond to such requests within a reasonable timeframe in accordance with the PDPA.

8. Contact Us
If you have any questions about this Policy or wish to exercise your rights, please email us at info@ganandlee.com or contact us at +6012 522 5866.