Privacy Policy

1. Overview

We understand that your personal information is a matter of trust. We are committed to handling it with care, using it only for the purposes for which it was provided or for which we are otherwise permitted by law, and keeping it secure throughout our relationship with you.

This policy applies to data collected through our website at crestmoo.biz, via our contact and enquiry forms, through direct correspondence, and in the course of providing legal services to clients.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identification information: full name, identity card or passport number
• Contact details: email address, telephone number, mailing address
• Matter-related information: details of your legal matter as shared during consultations or correspondence
• Financial information: billing details necessary for invoicing and fee management
• Technical data: IP address, browser type, pages visited, and standard web server log data
• Communication records: written correspondence, emails, and call notes related to your matter

We collect personal data directly from you when you submit an enquiry, contact us by telephone or email, instruct us as a client, or use our website. We do not purchase personal data from third-party data brokers.

3. How We Use Your Personal Data

We use personal data for the following purposes:

• To respond to enquiries and assess how we may assist you
• To provide legal services and advice under a client engagement
• To manage billing, invoicing, and fee arrangements
• To comply with legal and regulatory obligations applicable to legal practitioners in Malaysia
• To communicate important updates about your matter or our practice
• To improve our website and understand how visitors interact with it
• To maintain appropriate client due diligence records as required by law

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

4. Legal Basis for Processing

Under the PDPA 2010, we process your personal data on the following grounds:

• Consent — where you have voluntarily submitted your information through our website or contact channels
• Contractual necessity — where processing is required to perform legal services you have engaged us for
• Legal obligation — where we must process data to comply with our professional and statutory obligations under Malaysian law
• Legitimate interests — where processing is reasonably necessary for practice administration and not overridden by your rights

5. Disclosure of Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share personal data with:

• Third-party service providers who assist in operating our website or practice (IT, hosting, accounting), under confidentiality obligations
• Correspondent legal firms or professionals in other jurisdictions, where necessary for your cross-border matter and with your knowledge
• Regulatory bodies, courts, or government authorities where required by law or court order
• Our professional indemnity insurers or auditors, as required for practice management

Any third party we engage is required to handle your personal data with a standard of care consistent with our own obligations.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and professional regulatory requirements.

Client matter files are generally retained for a minimum of seven (7) years following the conclusion of a matter. Website enquiry data that does not proceed to a client engagement is retained for up to twelve (12) months. Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

7. Your Rights Under the PDPA 2010

As a data subject under the Personal Data Protection Act 2010 (Malaysia), you have the following rights:

• Right of access — to request a copy of the personal data we hold about you
• Right of correction — to request correction of personal data that is inaccurate or outdated
• Right to withdraw consent — to withdraw consent for processing where consent was the basis, subject to overriding legal obligations
• Right to limit processing — to request that we limit how we use your data in certain circumstances
• Right to complain — to lodge a complaint with the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, please contact us using the details in Section 12. We will endeavour to respond within twenty-one (21) days of receiving a valid request.

8. Data Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, and destruction. These include access controls, encrypted communications, and staff awareness of data protection obligations.

No method of transmission over the internet is entirely free from risk. If you have concerns about the security of information you have shared with us, please contact us directly.

9. Cookies and Website Tracking

Our website uses cookies and similar technologies to support functionality and understand how visitors interact with the site. For full details on the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

10. Children's Data

Our services are directed at adults. We do not knowingly collect personal data from individuals under the age of eighteen (18) without the consent of a parent or legal guardian. If you believe a minor's data has been submitted without appropriate consent, please contact us promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the revised policy on this page with an updated effective date. For significant changes, we will make reasonable efforts to notify affected individuals.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your personal data, please contact us: