1. Introduction

1.1. The Firm is a civil and commercial dispute resolution law Firm with its office in Kuala Lumpur. We are committed to safeguarding the privacy of information and information about guests to our website and to our premises.

1.2. CAP is the data controller of any personal information provided when our services are used.

1.3. This policy explains how we may collect and use information and rights in relation to such information. Any use of our online services or your provision of information evidences your acknowledgment and consent to the terms of this policy.

1.4. Please do not send us any of your information if you do not want it to be used in the ways described in this policy document.

1.5. We take reasonable steps to hold information and data securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. Our information security policy is supported by a number of security measures, processes and procedures and we store information in access controlled premises or in electronic databases requiring logins and passwords.

1.6. Our third party data storage providers are required to comply with appropriate information security industry standards. All partners and staff and third party providers with access to confidential information are subject to confidentiality obligations.

1.7. The transmission of information online cannot be completely secure. As such, we cannot guarantee the security of your data transmitted to our online services; any transmission must necessarily be at your own risk.

1.8. The use of our website and online services involves the use of cookies. By engaging with us online and on our website, you agree to our use of cookies. If you wish to restrict, block or delete the cookies which are set by any websites, you can generally do this through your browser settings

2. Scope

2.1. This policy applies when we receive any personal information from you, our clients or other third-parties, including in the following circumstances:

  1. when you or your organisation for engages our services;
  2. when you request information from us;
  3. when you directly or indirectly provide any information to us (physical or electronic);
  4. when you or your organisation are a counterparty in any matter in which we are engaged;
  5. when you or your organisation provide services to a counterparty;
  6. when you or your organisation are a client;
  7. when, as a result of your relationship with our client(s)
  8. when you or your organisation is a regulator, government agency, court, tribunal or other agency (including enforcement agency);
  9. when you apply to us for work; recruitment; placement; or other event;
  10. when you email us or complete application forms on our website or social media pages;
  11. when you attend our seminars or events;
  12. when we conduct open source searches in connection with our practice or business development activities;
  13. when you visit our website;
  14. when you participate in our online services
  15. when you email us;
  16. if you are an alumni of the Firm; and
  17. when you consent to being on our mailing lists or marketing emails.

3. Information & Data Collected

3.1. We collect personal information directly from you, from our clients or their counterparties and authorised representatives.

3.2. We may also collect personal information from third parties such as government agencies, regulatory authorities, you or your organisation, other organisations with whom you deal, credit reporting agencies, recruitment agencies, information or service providers, publicly available records and the third parties described in Part 5 below.

3.3. We collect personal information including your name (including name prefix or title), contact details (such as your postal address, email address and phone and facsimile number(s)), nationality, identification details, gender, organisation, business interests, employment, positions held, special categories of data (such as race and ethnicity , information about health or information, political opinions or religious beliefs), billing and financial information (such as billing address, bank account and payment information) and enquiry/complaint details.

3.4. We may also collect personal information about your other dealings with us and our clients, including any contact we have with you in person, by telephone, email or online.

4. Services

4.1. When you use our services, we will collect the following:

  1. information you provide by completing any online forms; registration and application forms (including when you submit material or request further services);
  2. information you provide to us when your fill out an online form or write us an email or a letter;
  3. details of visits made to us or our online services g. traffic volume, logs (including, the internet protocol (IP) address and location of the device connecting to the online services and other identifiers about the device and the nature of the visit) and the resources accessed.

5. Careers and Recruitment

5.1. If you apply for work or placement with us, you will need to provide information about your education, employment, background and health.

5.2. Your application signifies consent to our retention and use of this information to assess your application and to allow us to carry out any activities as a reasonable potential employer would and as required of us under applicable law or internal policy.

5.3. We may also carry out such background checks as we see fit and consider you for other positions.

5.4. We may disclose your personal information to academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees and your current and previous employers.

5.5. We may also collect your personal information from these parties in some circumstances. Without your personal information we may not be able to progress considering you for positions with us.

5.6. As part of our pre-employment screening, a third party may conduct checks on the Firm’s behalf. These checks involve searches of publicly available records and material.


6.1. Our offices are protected by CCTV and you may be recorded when you visit. We use CCTV to help provide a safe and secure environment for our visitors. CCTV cameras are located at various locations in our premises.

6.2. We use CCTV Systems to record images to assist in the provision of a safe and secure environment for public safety; security of our property; assist in the prevention, apprehension and prosecution of crime; offer reassurance to staff.

6.3. The processing of personal data for these purposes is in our lawful interests.

6.4. Access to our CCTV Systems and any associated recorded images which contain personal information is controlled and is limited to those who need to have access in accordance with this policy. Any such access will only be given with the approval of our Partners. Access can be refused on grounds of confidentiality and privilege.

6.5. Recorded Materials may only be viewed for the following purposes:

  1. the investigation of an alleged crime; or
  2. the investigation of a security incident.

6.6. Any authorised viewings shall be registered.

6.7. Recorded Materials may be used by us after an incident to assist in the identification and detection of offenders or in the investigation of a security incident or in establishing policy.

6.8. Investigating agencies should not require or be provided with access to any of our CCTV Systems except under the following circumstances;

  1. emergencies or investigation of serious incidents;
  2. identification of offenders; or
  3. at our request (in accordance with this policy).

6.9. Recorded Materials will be supplied to investigating agencies for crime incidents on receipt of a formal request together with reasons.

6.10. Any requests to remove CCTV recordings will be notified to us and will only be met where the request complies with applicable data laws. Any such requests will also be registered.

6.11. CCTV recordings will not be retained for any longer than is required. Ordinarily footage is only retained for as long as is necessary to fulfil the stated purpose.

6.12. Covert recordings will not be used unless the circumstances require it.

7. Use of Information & Data

7.1. We will use such information and data collected –

  1. To maintain and develop our relationship with you and our clients to protect, enforce, exercise, establish or defend legal rights;
  2. To respond to any requests or enquiries from you;
  3. To monitor and analyse our practice, internal operations, legal, regulatory, accounting, reporting, risk management or professional obligations;
  4. Where we are required or authorised by law or contract or any legal or regulatory obligation;
  5. Where we or a third party have a legitimate interest that is not overridden by your interests or rights;
  6. To identify any services you may be interested in including to issue legal updates, publications, marketing and details of events;
  7. Where necessary to carry out a contract, engagement or application with you, involving you or for you (including your organisation);
  8. Where your consent (including your organisation’s consent) has been provided (impliedly or expressly). In such event, the information and data that we hold on you and your organisation should be current and accurate. Please advise us in writing of any changes to your information and data at general@cecilabraham.com;
  9. Where necessary in connection with a legal or regulatory obligation;
  10. Some of your information and data may be stored with, and managed by a cloud service provider or service provider located in a different country;
  11. We will retain your information and data as long as we deem reasonably necessary considering the circumstances of the case. Such information and data will be provided in connection with our legal services and will be retained in accordance with the Firm’s retention policies unless we agree otherwise, expressly and in writing, with you.
  12. If you have any questions in relation to the use or transfer of your personal information, please contact us at general@cecilabraham.com.

8. Third party websites

Where our website links to external websites, please note that such external websites are or may be controlled by third parties. Please consult these sites’ privacy and data policies. We do not and cannot accept responsibility for their use of your personal information and data.

9. Marketing Information

If you receive any legal updates or marketing information from us, you may withdraw your consent to receive these updates or information by informing us at general@cecilabraham.com.

10. Updates to this Policy

We may review this policy from time to time and we reserve our right to do so. You agree to review this amended policy from time to time.

11. Contact Information

Please email general@cecilabraham.com for any queries on this policy document.