Privacy Policy
Last Updated: 20 March 2026 | Effective: 20 March 2026
Claiven ("we", "us", or "our") respects the privacy of everyone who interacts with our firm. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the choices available to you under applicable Malaysian law.
This policy applies to personal data collected through our website, through direct client engagements, and through any other communication channel by which you contact Claiven. By using our website or engaging our services, you acknowledge that you have read and understood this policy.
1. Personal Data We Collect
We collect personal data that you provide directly to us and information that arises from your use of our website. The categories of data we may collect include:
- Full name and contact details (email address, telephone number, postal address)
- Company name, registration number, and position or role
- Nature of legal matter or query submitted through our contact form
- Communication records including emails and correspondence
- Technical data such as IP address, browser type, and pages visited (collected automatically via analytics tools)
- Cookie preferences and consent records
We do not knowingly collect sensitive personal data (such as health, financial, or religious information) through our public website. Where a client engagement requires such data, a separate data processing agreement will govern its handling.
2. How Personal Data Is Collected
- Contact and enquiry forms on our website
- Email, telephone, or written correspondence initiated by you
- Client onboarding documentation during engagement setup
- Cookies and analytics tools active on our website (subject to your consent)
- Referrals from third parties, with your prior knowledge
3. Legal Basis for Processing
Claiven processes personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. Our legal bases for processing include:
- Consent — where you have provided explicit agreement, such as through the cookie consent mechanism on our website
- Contractual necessity — to carry out obligations under a client service agreement
- Legitimate interests — to operate, improve, and communicate about our services, balanced against your rights
- Legal obligation — where processing is required to comply with Malaysian law or professional regulatory requirements
4. How We Use Your Personal Data
- Responding to enquiries and providing legal services as requested
- Managing client relationships, billing, and service documentation
- Sending service-related communications and updates relevant to your engagement
- Improving our website's functionality through anonymised analytics
- Fulfilling professional obligations under Malaysian Bar Council rules and applicable law
- Complying with legal hold, court order, or regulatory request where required
We do not use your personal data for unsolicited marketing purposes without your prior consent.
5. Sharing of Personal Data
Claiven does not sell personal data. We may share data with the following parties only where necessary:
- Service providers — hosting, email delivery, and analytics providers engaged on our behalf under data processing terms
- Professional advisors — barristers, expert witnesses, or co-counsel involved in your matter, bound by professional confidentiality
- Regulatory or government bodies — courts, the Malaysian Bar, or public authorities when required by law
- Successor entities — in the event of a firm restructuring or merger, with equivalent protections in place
6. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer period is required by law:
- Client matter files — retained for a minimum of 7 years following matter closure, in line with Malaysian legal professional standards
- Website enquiry records — retained for 24 months from the date of submission
- Analytics data — retained in aggregated or anonymised form for up to 26 months
- Cookie consent records — retained for 12 months from the date of consent
7. Data Protection Measures
We implement reasonable technical and organisational measures to protect personal data against loss, misuse, or unauthorised access. These include:
- Encrypted data transmission (TLS/HTTPS) for all web communications
- Access controls limiting data access to authorised personnel only
- Regular review of data handling practices within the firm
- Staff awareness on data protection obligations under the PDPA
- Incident response procedures to address and report data breaches where required
8. Cookies
Our website uses cookies to distinguish users, remember preferences, and understand how the site is used. You may manage your cookie preferences at any time through our Cookie Policy page.
Essential cookies are necessary for the website to function and cannot be disabled. All other cookie categories (analytics, marketing, preferences) are optional and require your consent.
9. Your Rights
Under the PDPA and applicable Malaysian law, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right of correction — request that inaccurate or incomplete data be corrected
- Right to withdraw consent — withdraw consent for optional data processing at any time, without affecting prior lawful processing
- Right to limit processing — object to or restrict certain types of processing in specified circumstances
- Right to lodge a complaint — direct a complaint to the Personal Data Protection Commissioner of Malaysia
To exercise any of these rights, write to us at privacy@claivenxs. We will respond within 21 days. Note that certain requests may be subject to limitations under professional secrecy obligations or applicable law.
10. Third-Party Links
Our website may contain links to external websites. Claiven is not responsible for the privacy practices of those sites and this policy does not extend to them. We encourage you to review the privacy notices of any third-party website you visit.
11. Children's Privacy
Our services are directed at businesses and individuals aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently received data from a minor, please contact us immediately and we will take steps to remove it.
12. International Data Transfers
Where personal data is transferred outside Malaysia (for example, through cloud-based service providers), we take reasonable steps to ensure that equivalent data protection standards apply, in accordance with the PDPA's requirements on cross-border data transfers.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. Material changes will be communicated via a notice on our website. Continued use of our website or services after such changes constitutes your acceptance of the revised policy.
14. Contact Us on Data Matters
For any questions, requests, or concerns relating to your personal data, please contact: