Privacy Policy
Last Updated: 12 May 2025
1. Introduction
Sentosa ("we", "us", "our") is a legal practice registered in Malaysia, with offices at No. 27, Jalan Telawi 5, Bangsar Baru, 59100 Kuala Lumpur. We are committed to handling the personal information of our clients and website visitors responsibly and in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).
This Privacy Policy explains what personal data we collect, how we use it, and what rights you have in relation to it. It applies to information collected through our website at sentosam.pro, through our contact forms, and in the course of delivering our services.
If you have questions about this policy or about how we handle your information, you may contact us at [email protected].
2. Data We Collect
We may collect the following categories of personal data:
- Contact information: name, email address, telephone number
- Case-related information: pension or EPF documents, correspondence with authorities, employment history, dependant details — only where provided by the client for the purpose of the engagement
- Website usage data: IP address, browser type, pages visited, time on site — collected via cookies and analytics tools
We collect personal data through our website contact form, via email and telephone, and in person at our office. We only collect information that is necessary for the purposes described in this policy.
Legal Basis for Processing
We process personal data on the following legal bases under the PDPA:
- Consent: where you have submitted an enquiry form or agreed to the use of optional cookies
- Contract performance: to deliver the legal services you have engaged us to provide
- Legitimate interest: to maintain records of our engagements, improve our service, and ensure security of our systems
Data Retention
Client files and associated personal data are retained for seven (7) years from the close of an engagement, in line with standard legal practice requirements in Malaysia. Website contact form submissions not resulting in a formal engagement are retained for twelve (12) months. Analytics data is retained for up to twenty-four (24) months.
3. How We Use Your Data
Personal data collected through our website and in the course of our practice is used for the following purposes:
- Responding to enquiries and arranging consultations
- Delivering the legal services agreed with you
- Preparing correspondence and documentation on your behalf
- Maintaining accurate case records
- Complying with legal and regulatory obligations
- Improving our website and services (via aggregated analytics)
We do not use your personal data for marketing purposes without your explicit consent, and we do not send unsolicited communications of any kind.
Data Sharing
We do not sell, rent, or share your personal data with third parties for commercial purposes. We may share information with the following parties strictly as necessary:
- Government and regulatory authorities: KWSP, pension departments, or other bodies as required by your case
- Analytical services: website analytics tools (e.g. Google Analytics), used only in aggregated, non-personally-identifiable form
- Professional advisers: legal or technical consultants engaged by Sentosa under confidentiality obligations
Any sharing is done only with your knowledge or as permitted under Malaysian law.
4. Data Protection Measures
We take the security of your personal information seriously. Measures in place include:
- Encrypted storage for digital client files
- Access controls limiting file access to the assigned adviser and senior staff only
- Physical security at our office for paper documents
- Regular review of data handling practices
In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authority as required by Malaysian law and good practice.
5. Cookies
Our website uses cookies to improve your browsing experience and to collect aggregate information about how the site is used. Essential cookies are required for the site to function; optional cookies for analytics and preferences can be accepted or declined through the cookie banner on the homepage.
For full details, see our Cookie Policy.
6. Your Rights
Under Malaysia's Personal Data Protection Act 2010, you have the following rights in relation to personal data we hold about you:
- Right of access: to request a copy of the personal data we hold
- Right to rectification: to request correction of inaccurate data
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
- Right to limit processing: to request that we restrict how we use your data in certain circumstances
- Right to raise a complaint: to the Department of Personal Data Protection (JPDP) if you believe your rights have been infringed
To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.
7. Third-Party Links
Our website may contain links to external websites — for example, government pension portals or the KWSP website. We are not responsible for the privacy practices of those sites, and this policy does not apply to them. We encourage you to read the privacy notices of any third-party site you visit.
8. Children's Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted information to us, please contact us promptly and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The current version will always be published on this page with the date it was last revised. Continued use of our website or services after an update constitutes acceptance of the revised policy.
10. Contact
For privacy-related enquiries, to exercise your rights, or to raise a concern, please contact:
Sentosa
No. 27, Jalan Telawi 5, Bangsar Baru, 59100 Kuala Lumpur
Email: [email protected]
Phone: +60 3-2161 8472