Data protection

Privacy and data handling

How LegalMBase collects, uses and protects information

Data protection and corporate privacy compliance

What we collect

Information necessary to provide legal services, including client identifiers, corporate records, contract documents, and communications. Data collection is limited to what is relevant for the agreed engagement.

Read full privacy policy Contact privacy officer

How we use data

Collected information is used to perform contracted legal services, communicate with clients, comply with legal obligations, and to improve service delivery processes. Use is aligned with the scope set out in engagement letters.

Read full privacy policy

Data retention

Records are retained in accordance with statutory requirements and professional obligations. Retention periods depend on the type of record, regulatory requirements, and the terms of client engagement.

Read full privacy policy

Data security

Technical and organisational measures are applied to protect client information, including access controls and secure storage.

Read full privacy policy

General privacy statement

LegalMBase operates LegalMBase.club and collects personal and corporate information to provide legal services to enterprises in Malaysia and to manage client relationships. Personal data is processed lawfully and only to the extent necessary for service delivery, legal compliance, billing, and legitimate business operations. LegalMBase applies role-based access controls and industry-standard security measures to protect data. This policy describes the categories of data processed, the purposes of processing, lawful bases relied upon, data retention practices, security measures and the rights available to individuals under applicable privacy laws. Where local law requires additional protections, LegalMBase implements measures to meet those requirements. For questions or requests about personal information, clients may contact our data protection contact listed below.

24-03-2026 LegalMBase [email protected]

Definitions

This section explains key terms used in this privacy policy to clarify the types of data and processing activities described below.

Personal data refers to any information relating to an identified or identifiable natural person, such as names, contact details, identification numbers, and professional identifiers provided by corporate representatives.
Processing means any operation performed on personal data, including collection, storage, use, modification, retrieval, transmission, or deletion carried out in the course of providing legal services.
User means an individual who interacts with LegalMBase.club, including corporate clients, representatives, prospective clients, and visitors to the website.
Service refers to legal advisory, document drafting and review, compliance support, and ancillary services offered by LegalMBase to enterprise clients.
Cookies are small data files stored on a device by a website to remember preferences, enable functionality, and collect analytics about site usage.

What we collect

LegalMBase collects information directly from users and automatically through website interactions. Data categories collected depend on the nature of the engagement and may include corporate documents, contact information, identification, billing information, and technical data from website visits.

Data provided by users

When clients or prospective clients engage with LegalMBase, they may provide the following categories of information necessary for intake, legal advice, and engagement management.

  • Company and representative names, business registration details and corporate identifiers.
  • Contact information including email addresses, postal addresses and telephone numbers.
  • Contractual documents, corporate records, minutes, business summaries and other documents relevant to the legal matter.
  • Billing and payment details required to issue invoices and process payments.
  • Communications and instructions provided to LegalMBase during the course of legal advice.
  • Any additional information provided voluntarily to support specific legal services or compliance requirements.

Data collected automatically

When visiting LegalMBase.club or using online services, certain information is collected automatically to support website functionality, security and analytics.

  • IP address, browser type and version, device identifiers and operating system.
  • Pages visited, time spent on pages, clickstream data and referral sources.
  • Cookie identifiers and similar local storage data.
  • Usage metrics for online tools and document access logs.
  • Technical logs related to errors, security events and performance monitoring.
  • Geolocation data derived from IP addresses when needed for security and compliance checks.

Third-party data sources

LegalMBase may receive information from third parties to validate corporate data, support anti-funds laundering checks, or to complete identity verification as required by law.

  • Corporate registries and official public registers to confirm company status and directors.
  • Payment processors and business institutions for billing verification.
  • Third-party document repositories or cloud services used to platform files with clients.

Purposes of processing

We process data for specific, explicit and legitimate purposes connected to the delivery of legal services and to meet regulatory obligations.

  • To perform legal services under the terms of a client engagement, including document drafting, review and advisory work.
  • To manage client accounts, billing, invoicing and record-keeping.
  • To communicate with clients about matters, meetings, deadlines and case progress.
  • To comply with legal and regulatory obligations, including anti-funds laundering checks and professional standards.
  • To maintain internal records for conflict checks, quality control and professional compliance.
  • To improve service delivery, including analysis of case workflows and client feedback.
  • To ensure the security of systems and to detect and prevent fraud or abuse.
  • To respond to lawful requests from courts, regulators or other authorities in accordance with applicable law.

Legal bases for processing

Processing is based on lawful grounds applicable to professional legal services and client relationships. Applicable bases may include performance of a contract, compliance with legal obligations, legitimate interests and where necessary, consent.

  • Performance of contract: processing required to provide the legal services agreed with a client.
  • Legal obligation: processing necessary to comply with statutory or regulatory duties (for example, anti-funds laundering obligations).
  • Legitimate interests: processing for purposes such as fraud prevention, security, and maintaining professional records, balanced against individual rights.
  • Consent: where specific processing falls outside other bases, explicit consent may be sought and recorded.

European data protection (where applicable)

Where GDPR or similar European data protection rules apply, LegalMBase observes the applicable rights and principles for data subjects located in the European Economic Area. This includes transparency, purpose limitation and data minimisation.

  • Right of access: individuals may request confirmation of whether we process their personal data and obtain a copy of it.
  • Right to rectification: individuals may ask to correct inaccurate or incomplete personal data.
  • Right to erasure: in limited circumstances, individuals may request deletion of their personal data when legal conditions apply.
  • Right to restriction of processing: individuals can request a temporary limitation on processing where applicable.
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, individuals may request transfer of their data in a commonly used format.
  • Right to object: individuals may object to processing based on legitimate interests, subject to lawful grounds for continuing processing.

Cookies and similar technologies

LegalMBase uses cookies and similar technologies to support site functionality, analytics and user preferences. Users can manage cookie settings via their browser or through provided preference controls on the website.

Cookies used include essential cookies for site operation, preference cookies to remember settings, analytics cookies to measure site usage and performance, and marketing cookies where applicable for site improvement.

Essential cookies: required for site navigation; Functional cookies: remember choices; Analytics cookies: gather usage data; Advertising cookies: third-party services for marketing insights (used only with appropriate legal basis).

Users can manage or disable cookies through browser settings; disabling some cookies may affect site functionality. A cookie preference tool may be available on LegalMBase.club to customise choices.

Cookie policy and settings

When we share data

LegalMBase shares personal data only where necessary and with appropriate safeguards. Sharing occurs with service providers, regulators, and as required by law.

  • Service providers and contractors performing tasks on our behalf, such as cloud hosting, secure document storage, billing and analytics.
  • Professional advisers, auditors or consultants engaged to support a specific client matter, subject to confidentiality obligations.
  • Regulators, courts and authorities when required by law or to comply with a legal process.
  • Counterparties in a legal matter where disclosure is necessary for the purpose of the engagement or under legal process.
  • Third parties when clients instruct LegalMBase to share documents or information, consistent with the engagement terms.
  • Buyers or successors in the event of a business transfer, subject to appropriate confidentiality and data protection safeguards.

International data transfers

Data may be transferred to service providers or third parties located outside Malaysia when necessary to deliver services. Transfers are managed in accordance with applicable law and organisational safeguards to protect personal data during transit and storage.

Where transfers occur, LegalMBase implements safeguards such as contractual data protection clauses, selecting service providers with appropriate security measures, and limiting transfers to jurisdictions with adequate protections when feasible.

Data retention

Retention periods are determined by the type of data, contractual terms, regulatory requirements and legitimate business needs. Records necessary for legal or regulatory obligations are retained for the required statutory period.

Client account records, engagement letters and identity verification documents are retained in line with professional and regulatory retention schedules, typically several years following the conclusion of the engagement.

Communications related to case management, including emails and meeting notes, are retained for operational and evidentiary purposes for a period aligned with the engagement and applicable recordkeeping rules.

System logs, access records and backup files are retained for security monitoring and incident contribute for a limited period consistent with operational needs.

When retention periods expire or when requested by an individual and legally permissible, LegalMBase removes or anonymises personal data in a secure manner, except where retention is required by law or for legitimate dispute resolution.

Security of personal data

LegalMBase applies organisational and technical measures to protect personal data against unauthorised access, disclosure, alteration or destruction. Controls are reviewed periodically and adapted to emerging risks and best practices.

  • Access controls and role-based permissions to limit data access to authorised staff.
  • Encryption of data in transit and, where appropriate, at rest; secure key management practices for encrypted information.
  • Regular backups, intrusion detection, secure configuration of systems and staff training on data handling and confidentiality.

User rights and requests

Individuals may exercise certain rights regarding their personal data. Requests should be submitted in writing and will be processed in accordance with applicable law and identity verification procedures.

  • Request access to personal data and obtain a copy of the information held about you.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion or restriction of processing where legal conditions are met, subject to retention obligations.
  • Withdraw consent where processing is based on consent and to lodge complaints with a supervisory authority where applicable.
  • Right to restriction of processing: You may request that we limit processing of your personal data while a dispute about accuracy or lawful processing is resolved.
  • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you can request a machine-readable copy of personal data provided to us.
  • Right to object: You may object to processing based on legitimate interests or direct marketing; we will assess and respond in accordance with applicable law.
  • Right to withdraw consent: If processing is based on consent, you can withdraw consent at any time; withdrawal does not affect processing carried out prior to withdrawal.

How to exercise your privacy rights

To submit a request to access, correct, delete, restrict or port your personal data, or to withdraw consent, contact our data protection team using the contact details below. Include sufficient information for us to locate your records and a clear description of the requested action. We may require additional information to verify your identity before processing the request.

[email protected]

We aim to acknowledge receipt of requests within 7 business days and to provide a substantive response within 30 calendar days. Complex requests or those requiring verification may take longer; if so we will notify you with an estimated timeline and the reason for the delay.

Marketing communications

With your consent, LegalMBase may send news, updates and information about services that may be of interest to your business. Marketing messages may include email bulletins, invitations to events, and service announcements. You can manage your preferences at any time via account settings or by contacting us directly.

To stop receiving marketing communications, use the unsubscribe link in any marketing message, adjust your preferences in your LegalMBase account, or contact us and request removal. Unsubscribe requests will be processed promptly and will not affect receipt of transactional messages related to services you use.

Children and minors

LegalMBase provides services to enterprises and business users. We do not knowingly collect personal data from children under the age of 18 for our commercial services. If we become aware that we have collected personal data from a minor in error, we will take steps to delete the information in accordance with applicable law.

Third-party links and services

Our site and services may include links, integrations or plugins provided by third parties. These links are provided for convenience and do not imply endorsement. Third-party sites have their own privacy practices; please review those providers' policies before submitting personal data to them.

Changes to this privacy policy

We review and update this privacy policy periodically to reflect operational, legal or regulatory changes. Material changes will be posted on our website with the effective date provided. Continued use of our services after changes are posted constitutes acceptance of the updated policy where permitted by law.

Contact and data protection officer

For privacy inquiries contact: LegalMBase Data Protection Team, 2637, Jalan Maju, 14000 Bukit Mertajam, Pinang, Malaysia. Phone: +60120931096. Business ID: 791816123582. You can also reach us via the contact form at LegalMBase.club/contact. We handle requests in accordance with applicable Malaysian data protection and privacy laws.

+60120931096
[email protected]
2637, Jalan Maju, 14000 Bukit Mertajam, Pinang, Malaysia

Corporate Legal Services

LegalMBase provides a range of legal services tailored to enterprise needs in Malaysia and the region. Our practice areas include corporate governance, contract drafting and review, regulatory compliance, employment law advisory, intellectual property protection, commercial dispute resolution and transactional support for mergers and acquisitions. We focus on practical analysis of legal risks, preparation of clear documentation, and measurable steps to reduce exposure in day-to-day operations. Engagements can include policy drafting, compliance audits, training for management and staff, negotiation support, and representation in administrative proceedings. Our approach is to provide actionable legal options that enable informed business decisions while aligning with applicable statutes and regulatory guidance. Services are delivered with attention to commercial context, internal controls and documentation standards relevant to enterprise operations.

Contract and Transactional Support

We assist in drafting and negotiating commercial contracts, supplier agreements and service-level arrangements with attention to risk allocation, performance metrics and dispute avoidance measures.

Regulatory Compliance and Corporate Governance

Our compliance support covers local regulatory frameworks, licensing requirements and governance procedures to help enterprises maintain regulatory alignment and prepare for inspections or audits.

Employment and HR Legal Services

We advise on employment contracts, workplace policies, disciplinary procedures and employee data management to help employers meet statutory obligations and manage workforce risks.

Learn more about corporate legal services
Daniel Tan
Daniel Tan
Online