privacy notice

1. Who We Are 

MESSRS RIVERA, ROSLIE & CO.

(Malaysian Bar Registration No.: 000020009131)

Advocates & Solicitors | Peguambela & Peguamcara

Registered Address:

No. 16-2, Desa Mentari Commercial Centre, 

Jalan PJS 6/6, Taman Desa Mentari, 46150, 

Petaling Jaya, Selangor

Email Address:

legal@riveraroslieco.com

Telephone No.: 

+6 010 – 902 0205 | +6 019 – 250 0228 

We are a law firm providing legal and related professional services. 

For the purposes of the Personal Data Protection Act 2010 (“PDPA”), we act as a data controller in respect of personal data processed by us.

In this Privacy Notice, “you” refers to any individual whose personal data is processed by us, including clients, prospective clients, website visitors (clause 14 only), and other individuals whose personal data we handle in the course of our professional and business activities. 

2. Contact Person / Data Protection Contact 

If you have any questions, requests, or complaints regarding this Privacy Notice or how your personal data is handled, please contact:-

Designation : Data Protection Officer 

Name : Noraini Roslie

Email : legal@riveraroslieco.com

Telephone No. : +6 019 – 250 0228

(appointed pursuant to internal governance arrangements) 

3. What Personal Data We Collect

3.1. We may collect and process personal data including, but not limited to:-

a) Identification details (e.g. name, NRIC / passport number); 

b) Contact details (e.g. address, email, phone number); 

c) Employment or business information; 

d) Financial or billing information; 

e) Information contained in documents, correspondence, or instructions provided to us; 

f) Litigation, transaction, or dispute-related information; 

g) Any other personal data relevant to the provision of legal services. 

3.3. Where applicable, we may also process sensitive personal data as defined under the PDPA, strictly in accordance with the law. 

4. Source of Personal Data

4.1. We may obtain personal data:-

a) Directly from you;

b) From our clients, counterparties, witnesses, experts, or other third parties involved in a matter; and

c) From public records, courts, tribunals, regulators, or other lawful public sources.

5. Purposes of Processing

5.1. We process personal data for purposes including:-

a) Providing legal advice and legal services;

b) Client onboarding, verification, and conflict checks;

c) Managing files, matters, and case administration;

d) Communicating with clients, courts, authorities, and third parties;

e) Billing, accounting, audit, and record-keeping;

f) Compliance with legal, regulatory, and professional obligations;

g) Internal risk management, quality control, and training; 

h) Any other purpose reasonably related to the above.

5.2. We do not process personal data for purposes unrelated to our professional functions. 

6. Legal Basis for Processing

6.1. We process personal data in accordance with the PDPA, including on the basis of one or more of the following, where applicable:-

a) Your consent;
b) Performance of a contract or engagement;
c) Compliance with legal or regulatory obligations;
d) Legitimate professional purposes permitted under the PDPA;
e) Any other basis authorised by applicable law.

6.2. Where consent is required, it may be express or implied depending on the circumstances. 

7. Disclosure to Third Parties

7.1. We may disclose personal data to:-

a) Courts, tribunals, regulators, and enforcement authorities;
b) Opposing parties, solicitors, counsel, experts, and witnesses;
c) third-party service providers acting as data processors on our behalf (including IT systems, cloud storage, and administrative services);
d) Professional advisers, insurers, or auditors;
e) Any party where disclosure is required or permitted by law.

7.2. Such disclosures are made strictly on a need-to-know basis and, where applicable, subject to contractual and legal safeguards consistent with the PDPA. 

8. Transfer of Personal Data Outside Malaysia

8.2. Where necessary, personal data may be transferred outside Malaysia, including to jurisdictions where service providers, counterparties or cloud infrastructures are located.

8.3. In such cases, we take reasonable steps to ensure that:-

a) The transfer is permitted under the PDPA; and

b) Appropriate safeguards are in place to protect the personal data. 

9. Retention of Personal Data

9.1. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:-

a) Compliance with legal and regulatory requirements; 

b) Professional practice standards;
c) Limitation periods, dispute resolution, and risk management.

9.2. When personal data is no longer required, it is securely destroyed or anonymised. 

10. Data Security

10.1. We implement reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access or disclosure and alteration or destruction.

10.2. In the event of a personal data breach, we will take appropriate steps in accordance with the PDPA, including notification to the relevant authorities and affected individuals where required by law.

11. Your Rights as a Data Subject

11.1. Subject to the PDPA and applicable exceptions, you have the right to:-

a) Request access to your personal data;
b) Request correction of inaccurate or incomplete personal data;
c) Withdraw consent, where processing is based on consent;
d) request data portability, where applicable and subject to technical feasibility and regulatory requirements;
e) Limit or object to certain processing, where permitted by law;
f) Be informed of third parties to whom your personal data is disclosed.

11.2. Requests may be subject to statutory exceptions, professional obligations, and reasonable administrative requirements. 

12. Mandatory or Voluntary Provision of Data

12.1. The provision of certain personal data may be:-

a) Mandatory, where required by law, regulation, or for us to provide legal services; or 

b) Voluntary, depending on the nature of the engagement. 

12.2. Failure to provide mandatory personal data may result in our inability to act for you or continue providing legal services. 

13. Automated Decision-Making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals. 

14. Cookies and Website Data

(This section applies to visitors to our website and does not relate to personal data processed in the course of providing legal services to our clients)

14.1. Our website is hosted using Google Sites. We may use cookies or similar technologies that are necessary for the operation, security, and basic functionality of the website.

14.2. Where applicable, we may also use analytics tools (such as Google Analytics) to collect aggregated and de-identified information about website usage, including pages visited, duration of visits, and general location data. These cookies do not enable us to identify individual users directly.

14.3. You may manage or disable cookies through your browser settings. Please note that disabling cookies may affect certain website functions.

14.4. By continuing to use our website, you acknowledge that cookies may be used for website functionality and analytics purposes as described in this Section 14 of the Privacy Notice.

15. Complaints

15.1. If you have concerns regarding how your personal data is handled, you may contact us using the details in Section 2. 

15.2. You also have the right to lodge a complaint with the relevant supervisory authority under Malaysian law. 

16. Updates to This Privacy Notice

16.1. We may update this Privacy Notice from time to time to reflect changes in law, regulatory guidance, or our practices. 

16.2. Any material changes will be communicated or made available appropriately. The latest version will be accessible at https://www.riveraroslieco.com/terms-policies/privacy-notice .

Version              : 1.0

Updated as at   : 22 January 2026