Legal
Privacy Policy
Last updated: 10 April 2025 · Mestika Damai, Ipoh, Perak, Malaysia
1. Introduction
Mestika Damai ("the firm", "we", "us", "our") is committed to protecting the personal information of clients, prospective clients, and visitors to this website. This policy explains what personal data we collect, how we use it, and what rights you have in relation to it.
This policy applies to information collected through this website and through direct contact with the firm. If you have questions, please contact us at privacy@mestikades.
As a legal practice based in Malaysia, we process personal data in accordance with the Personal Data Protection Act 2010 (PDPA).
2. Information We Collect
Information you provide directly
- Name and contact details (email, telephone) submitted via the website enquiry form
- Any description of your situation that you include in a message
- Information shared during consultations (subject to solicitor-client privilege)
Information collected automatically
- Basic website analytics data (pages visited, browser type, general location) — only if analytics cookies are accepted
- Technical data required for website operation (session cookies)
We do not collect sensitive personal data (such as health information, financial account data, or biometric data) through the website. Any sensitive information shared in the course of a legal engagement is handled under the separate protections of solicitor-client privilege.
3. How We Use Personal Data
- Responding to enquiries: To contact you in response to a message or appointment request
- Service delivery: To conduct the legal engagement you have instructed
- Legal obligations: To comply with applicable law, court orders, or regulatory requirements
- Improving the website: To understand how the site is used, with your consent
We do not use personal data for marketing without separate, explicit consent. We do not share personal data with third parties for advertising purposes.
Legal basis for processing (PDPA 2010)
- Consent — where you have submitted an enquiry form or accepted analytics cookies
- Contractual necessity — where processing is required to carry out a legal engagement
- Legal obligation — where processing is required by applicable law
- Legitimate interests — limited analytics to improve website usability
4. Data Sharing
We share personal data only in the following circumstances:
- With Syariah advisors or other professionals where required to carry out your instructions, and only with your knowledge
- With court registries or other bodies as required by your engagement
- With our website hosting provider (limited to technical operation; no access to content)
- With analytics providers, only if you have accepted analytics cookies
We do not sell personal data. We do not share personal data with third parties for their own commercial purposes.
5. Data Retention
Enquiry form submissions are retained for 12 months from the date of contact. If an engagement follows, client matter files are retained for 7 years from the conclusion of the matter, in accordance with Malaysian legal practice requirements. Analytics data, where collected, is retained for 26 months.
6. Cookies
This website uses essential cookies required for basic functionality, and optional analytics cookies to understand site usage. You may accept or decline optional cookies when you first visit the site. Your preference is stored in your browser. For more detail, please read our Cookie Policy.
7. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. Digital communications with the firm may be sent via encrypted email where requested. The website is served over HTTPS.
8. Your Rights
Under the PDPA 2010 and in line with generally recognised data subject rights, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data, subject to legal retention requirements
- Withdraw consent where processing is based on consent
- Object to processing for purposes other than your engagement
To exercise any of these rights, please contact privacy@mestikades. We will respond within 21 days.
9. Third-Party Links
This website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal information.
10. Children
This website is not directed at persons under 18. We do not knowingly collect personal data from minors through this website. If you believe a minor has submitted personal data to us in error, please contact us so we may delete it.
11. Contact
For all privacy-related enquiries, including requests to access or correct your data:
Email: privacy@mestikades
Address: No. 51, Jalan Dato Maharajalela, 30000 Ipoh, Perak, Malaysia
Phone: +60 5-738 26491
If you are not satisfied with our handling of your personal data, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP).