Legal Notices
Privacy Policy
Last revised: 1 January 2025 · Effective: 1 January 2025
Vxieuxamis Legal AI Advisory ("Vxieuxamis", "we", "us") respects the privacy of everyone who contacts us or engages our advisory services. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with the Personal Data Protection Act 2010 (Malaysia) and the Bar Council's data handling guidance.
We have written this policy in plain language so that it is genuinely readable. If any part is unclear, you are welcome to contact us directly. Where this policy refers to "client data" processed within an engagement, please note that such data is subject to a separate data processing agreement and the relevant privilege obligations.
Clause 1
Who We Are
The data controller for personal data collected through this website and our advisory engagements is:
Vxieuxamis Legal AI Advisory
Level 14, Wisma Goldhill
Jalan Raja Chulan, 50200 Kuala Lumpur
Malaysia
Clause 2
What Personal Data We Collect
We collect personal data in two broad circumstances: when you use this website, and when you engage us for advisory services.
2.1 — Website Enquiries
When you submit an enquiry through our contact form, we collect your name, email address, telephone number (if provided), firm name, and the content of your message. We also collect standard server log data — IP address, browser type, referring URL, and pages visited — for security and performance purposes.
2.2 — Advisory Engagements
During an engagement, we may collect contact details for fee earners, professional profiles, and workflow descriptions provided by the firm. We do not collect or retain any client personal data belonging to a firm's own clients unless it is incidentally included in sample documents provided for review, in which case we treat it as privileged and delete it promptly after the review.
2.3 — Cookies and Tracking
Our website uses cookies and similar technologies. Please refer to our Cookie Policy for a full explanation of what is set and why.
Clause 3
How We Use Personal Data
We use personal data for the following purposes, each resting on a lawful basis under the PDPA 2010:
Purpose
Responding to enquiries and proposals
We use your contact details and message content to respond to you promptly and accurately. Without this, we cannot reply.
Purpose
Performing advisory engagements
We use contact and professional information to carry out the work described in our engagement letter and to communicate with the right people at the firm.
Purpose
Compliance and record-keeping
We retain engagement records as required by applicable professional and tax regulations. These are held securely and not used for any other purpose.
Purpose
Website security and performance
Server log data is used solely to maintain the technical integrity of this website and is not used to profile visitors.
We do not use personal data for unsolicited marketing, and we do not sell, rent, or trade personal data to third parties.
Clause 4
Disclosure of Personal Data
We share personal data only where necessary and only with parties who handle it appropriately:
4.1 — Service Providers
We use a small number of third-party services to operate this website and our communications — including hosting providers and email infrastructure. These providers act as data processors under our instruction and are bound by appropriate data processing terms.
4.2 — Legal Obligations
We may disclose personal data where required by law, court order, or the direction of a regulatory authority with jurisdiction over our practice.
4.3 — No Cross-Border Transfers Without Consent
We do not transfer personal data outside Malaysia without first obtaining your consent or satisfying the transfer conditions set out in the PDPA 2010.
Clause 5
Retention of Personal Data
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law. Our general retention periods are:
| Data Category | Retention Period |
|---|---|
| Website enquiry records | 2 years from date of enquiry, or 1 year after engagement ends |
| Engagement correspondence and deliverables | 7 years from end of engagement (statutory minimum) |
| Financial and invoice records | 7 years (Income Tax Act 1967) |
| Server log data | 90 days, then deleted |
Clause 6
Your Rights
Under the PDPA 2010, you have the right to access personal data we hold about you and to request correction of any inaccuracies. To exercise these rights, please write to us at the address in Clause 1. We will respond within 21 days. There is no charge for a first access request in any 12-month period.
You may also withdraw consent for processing carried out on that basis at any time, by writing to us. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal, and does not affect processing carried out under other lawful bases.
Clause 7
Security
We take reasonable technical and organisational measures to protect personal data from unauthorised access, disclosure, or loss. These include access controls, encrypted communications, and careful selection of third-party processors.
No transmission over the internet is entirely without risk. If you have concerns about transmitting sensitive information, please contact us by telephone in the first instance.
Clause 8
Changes to This Policy
We may update this Privacy Policy from time to time as our services or applicable law changes. The revised date at the top of this page reflects the most recent version. If a change materially affects how we use personal data collected from you, we will contact you directly where practicable.
Questions About This Policy
We are happy to clarify
If any part of this policy is unclear, or if you wish to exercise your rights under the PDPA 2010, please reach out. We aim to respond within three working days.
Contact Vxieuxamis