Data & Privacy


This Privacy Policy (“Policy”) applies to all visitors to our Website. By using our Website, communicating with us or engaging us for the performance of our legal services (“Services”), you consent to the data practices described in this statement. The Personal Data Protection Act 2010 of Malaysia and its regulation(s) (“PDPA”) regulates the processing of personal data by David & Paulian (“D&P Law”) (collectively, “our”, “us” or “we”). This Policy governs the collection, use and disclosure of personal data submitted to D&P Law and explains how we collect and handle the personal data of individuals and comply with the requirements of the PDPA.  For the purpose of this Policy, the terms “personal data” shall have the same meaning as prescribed in the PDPA.


Take note that we reserve the right to modify or update this Policy from time to time and therefore, we encourage you to periodically review the latest version of this Policy.

Data Protection Officer

If you have any concerns, comments or further queries regarding this Policy, please contact our Data Protection Officer, David Lim (“DPO”) at [email protected] . You may also contact our DPO for any of the following reasons:

  1. you wish to access your own personal data;
  2. you wish to correct or amend your own personal data;
  3. you wish to withdraw consent in respect of our collection, use or disclosure of your personal data; and
  4. for any other reason listed below.


Information you provide to us:

  1. This Policy serves to inform you that we will obtain personal data about you when you visit us / our Website and submit your personal data when you engage our Services. By submitting your information to us, such as your name, e-mail address, telephone number, address, gender, identity card and/or passport number, occupation, birth date, nationality, race, particulars of your spouse or family members, bank account information and other data you provide voluntarily, you hereby give your consent to the processing of your personal data.
  2. You hereby warrant and represent to us that (a) personal data which you disclose to us is accurate and complete; and (b) where you volunteer personal data of another person to us, that you are authorized by such other person to disclose such personal data to us, and that such personal data is accurate and complete.
  3. The Website and our related services are not intended for those under 18, and we do not knowingly collect information from those under the age of 18. Those under 18 should not submit any personal information without the permission of their parents or guardians.

Information we collect through third parties, cookies and similar technologies:

  1. In addition to the personal data you provide to us directly, we may also obtain your personal data through our verification from third party sources such as the Insolvency Department, the Companies Commission, credit reporting agencies and/or other local authorities to be able to perform our Services effectively. We may also collect your personal data from a variety of sources, including without limitation at any events, conferences, seminars or talks organised or sponsored by us.
  2. In operating this Website, we may monitor the use of our Website through the use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Website gives to your computer when you access a website. For example, we may monitor the number of times you visit our Website or which pages you go to. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
  3. We may collect and process information about your computer hardware and software when you use our Website. The information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used by D&P Law for the operation of the Services (which are defined in our Terms of Use), to maintain quality of the Services, and to provide general statistics regarding use of the D&P Law Website.
  4. Please note that our Website uses Google Analytics. D&P Law does not have control over third party analytics software and therefore, you are advised to refer to to find out more about how Google uses data when you use our Website and how you may control the information sent to Google.
  5. For EU residents, we will not collect personal data that reveals any of the following about you: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or sex life, or sexual orientation.


  1. Your personal data is being or is to be collected and further processed for:
    1. providing our Services to you;
    2. communicating with you to send email updates, meeting invitations and/or materials such as newsletters, articles, write-ups and/or information on events;
    3. responding to your questions, requests, inquiries, comments and/or complaints;
    4. internal administrative purposes such as maintenance of client records, files and contact lists;
    5. update you on changes to the Website and Services;
    6. sending, as potential referees, to (i) editors/researchers in ranking legal publications and journals and/or (ii) potential clients who request for referees of past work;
    7. providing you with information on our Services and our related corporations and business partners, unless you have otherwise indicated that you do not wish for us to process your personal data for such purpose;
    8. complying with any legal requirements; and
    9. such other purposes directly related to the foregoing.

    (collectively, the “Purposes”).


  1. We do not release your personal data to third parties, except when for the situations listed below or unless we specifically inform you and give you an opportunity to opt out of our sharing your personal information.
  2. We may share your personal information with:
    1. Authorised service providers. Our authorised service providers are companies that perform certain services on our behalf relating to information technology (IT), records management, storage facility providers, banks and financial institutions, insurance and professional advisors, external auditors or trusted partners specifically to assist with D&P Law’s Services. These service providers may have access to your personal data to the extent necessary to perform their functions, but we do not allow them to share or use any of your personal data for any other purpose. Any such third parties whom we engage will be bound contractually to keep all information confidential and are prohibited from using your personal data except to provide these services to D&P Law.
    2. Affiliates. We may share information we collect, including personal data, with affiliated law firms. Sharing information with our affiliates enables us to provide you with information about a variety of products and services that might interest you. All our affiliates comply with applicable privacy and security laws and, at a minimum, in any commercial email they send to you, will give you the opportunity to choose not to receive such email messages in the future.
    3. When required by law. We also may disclose your personal data, in good faith, in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by the law. In such cases, we may raise or waive any legal objection or right available to us.


  1. You have the right to request access to and to request correction of your personal data. We will provide you with access to your own personal data or other appropriate information on your personal data, within thirty (30) days upon receiving request from you, in accordance with the requirements of the PDPA.
  2. We will correct an error or omission in your personal data that is in our possession or control, within thirty (30) days upon receiving request from you, in accordance with the requirements of the PDPA.
  3. Subject to provisions of the Act:
    1. we may charge a fee for a request for access. In the event a fee is to be charged, we will inform you of the amount beforehand and respond to your request after payment is received; and
    2. we may refuse to comply with a data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.


  1. You have the right to withdraw any consent given or deemed to have been given in respect of our collection, use or disclosure of your personal data and you may give us notice of your intention to do so by contacting our DPO, who will inform you of the likely consequences of withdrawing your consent. We will cease to perform our Services and/or (and cause any of our data intermediaries and agents to cease) collecting, using or disclosing the personal data unless it is required or authorised under applicable laws.


  1. We will make a reasonable effort to ensure that personal data collected by us or on our behalf is accurate and complete.


  1. We strive to implement generally accepted standards of technology and operational security to try to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website or that hackers or unauthorised personnel will not gain access to your personal information despite our efforts. You should note that in using the Website and/or the App and our related services, this information will travel through third party infrastructures which are not under our control. Hence, we cannot be held responsible for unauthorised or unintended use, access or disclosure that is beyond our control and you acknowledge that any transmission of data to our Website is done at your own risk.
  2. All D&P Law personnel follow a strict internal security policy. Only authorised D&P Law personnel are provided access to personally identifiable information and these personnel have agreed to ensure confidentiality of this information.


  1. We will cease to retain personal data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes.


  1. We do not transfer your personal data outside Malaysia at this point. However, your personal data may be transferred, stored and/or processed in a country or territory outside Malaysia in the future in the event our information technology storage facilities and servers may be located in other jurisdictions and/or for the purposes as described in Section 9(f) where such ranking legal publications and journals and/or potential clients are located outside of Malaysia, and you consent to any such transfer, storage and/or processing of your personal data outside Malaysia. We will however ensure that any party to whom we transfer your personal data outside Malaysia provides to such personal data a standard of protection at least comparable to the protection under the PDPA.

Disclaimer Notice

  1. This Policy only applies to our D&P Law Website and not to any third-party sites. Our Website may contain certain links to other websites which are maintained by third parties. When visiting other third party websites, please ensure that you read their own privacy policies before disclosing your personal data to them. D&P Law makes no representations as to the accuracy or any other aspect of information contained in other third party websites.
  2. In no event will D&P Law, its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any consequential, special, punitive, indirect, incidental or similar damages, or for any loss of reputation or goodwill, whether based in contract, tort (including negligence), equity, strict liability, statute or otherwise, even if advised of the possibility of such damages, as a result of unauthorised or unintended use, access or disclosure of your personal data.
  3. The contents of the website are to provide general information only which does not constitute professional advice and are not intended to be comprehensive and/or complete.
  4. All contents of our Website are owned by D&P Law and no contents shall be copied, distributed, modified, displayed, reproduced, published, licensed, sold or commercially dealt with any manner without prior written consent from D&P Law.
  5. D&P Law does not send out unsolicited emails. As such, beware of email scams and/or persons claiming to be from D&P Law.