Privacy Policy



Lee & Poh Partnership (LPP Law)

(“LPP”, “we”, “our”, or “the Firm”)

  1. Introduction and Our Commitment

Lee & Poh Partnership is a Malaysian law firm regulated by the Malaysian Bar. In the course of acting for our clients, operating our practice, managing our professional relationships and administering our online and physical platforms, we necessarily receive, handle and process personal data.

We recognise that the information entrusted to us is often commercially sensitive, confidential and personal in nature. We are committed to ensuring that such information is handled responsibly, lawfully and with the level of diligence expected of a firm engaged in the provision of legal services of the highest standard.

This Privacy Policy explains how we collect, use, store, disclose, transfer and retain personal data in accordance with the Personal Data Protection Act 2010 (Malaysia) (“PDPA”), subsidiary regulations, applicable professional rules, and where relevant, international data protection norms commensurate with cross-border work.

Where context requires, references to “you” mean any client, counterparty, professional contact, business partner, job applicant, website visitor or any individual whose personal data we process.

  1. Scope of this Privacy Policy

This Privacy Policy applies to personal data we process in, among others, the following circumstances:

  • When we act for you as a client (individual or organisation);
  • When you are a representative, officer, employee, shareholder or ultimate beneficial owner of an organisation for which we act, or with whom we deal;
  • When we receive, request or review information in connection with legal work, regulatory compliance, due diligence exercises or dispute resolution proceedings;
  • When you communicate with us, attend meetings or events, visit our offices, engage with us via online platforms or subscribe to our publications;
  • When you apply for employment, training contracts, internships or any other engagement with us; and
  • When you browse or interact with our website or digital platforms, including any form submissions, downloads, or login-based access.

We do not intentionally target or provide services directly to minors except insofar as their information is relevant to legal services or representation. If you provide us with personal data relating to a minor, you represent that you have authority to do so.

  1. What Personal Data We Collect

The personal data we process may include (depending on context and purpose):

  • Identity details (e.g., name, NRIC/passport number, nationality);
  • Contact information (e.g., address, email, telephone number);
  • Professional and employment details;
  • Financial, transactional or billing information where relevant to our engagement;
  • Information required for anti-money laundering, sanctions compliance, client onboarding, and Know-Your-Client (KYC) checks, including identification documents;
  • Information disclosed to us in the course of legal work (including documents, correspondence, witness details, records, communications and other evidentiary material);
  • Information obtained through our website, applications or digital communication (including IP address, browser type, device information and analytics);
  • Any information voluntarily supplied to us in person, via email, by phone or through digital engagement.

Where necessary and permitted by law, we may also process sensitive personal data, including data relating to health, religious beliefs or trade union membership, only where directly relevant to legal advice or compliance obligations.

  1. How We Collect Personal Data

We may obtain personal data:

  • Directly from you, your organisation, your advisers or authorised representatives;
  • Indirectly from public sources, regulatory databases, litigation records, asset registries, press reports, commercial information services or professional networks;
  • From counterparties, witnesses, expert advisers and other parties involved in matters in which we act;
  • From recruitment agencies and professional platforms for employment-related purposes; or
  • Automatically when you access our website or use our online tools.
  1. How We Use Personal Data

We will only process personal data where permitted under the PDPA or where such processing is reasonably necessary for legitimate professional and business purposes. These include:

  • Providing, managing and improving our legal services;
  • Conducting client onboarding, sanctions screening, and anti-money laundering due diligence;
  • Advising, representing or acting for clients in transactions, disputes, negotiations, adjudications, arbitrations, mediations, regulatory filings, or litigation;
  • Managing our professional and commercial relationships;
  • Conducting internal governance, risk management, billing, auditing and financial administration;
  • Sending you legal updates, invitations to events, training, seminars or publications, where you have not opted out;
  • Operating and securing our information systems, premises and professional assets; and
  • Assessing employment or professional engagement applications.

We will not use your personal data for unrelated or incompatible purposes without your knowledge or (where required) consent.

  1. Disclosure and Transfer of Personal Data

We may disclose personal data strictly on a need-to-know basis:

  • To regulators, courts, arbitral tribunals, governmental bodies or enforcement agencies where required by law or necessary for legal proceedings;
  • To our professional advisers, experts, consultants and service providers (e.g., IT infrastructure, secure cloud hosting, data storage, document management, translation, and e-signature platforms);
  • To foreign counsel, correspondent firms or overseas authorities where cross-border work is involved; and
  • To third parties with your consent or where such disclosure is required to advance the engagement or protect your interests.

Where personal data is transferred outside Malaysia, we will ensure that appropriate safeguards are in place commensurate with legal and professional obligations.

  1. Security and Retention

We maintain administrative, technical and physical safeguards that are designed to:

  • Protect personal data against unauthorised access, alteration, disclosure or loss; and
  • Ensure secure archiving, backup and recovery in compliance with professional confidentiality duties and industry standards.

We retain personal data for as long as is necessary having regard to:

  • Statutory limitation periods;
  • Regulatory and professional record-keeping obligations; and
  • The legitimate operational requirements of our practice.
  1. Your Rights

Subject to applicable law, you may:

  • Request access to personal data held about you;
  • Request correction of inaccurate or incomplete personal data;
  • Withdraw consent to processing (where processing is based on consent); or
  • Request clarification about our data handling practices.

Requests should be addressed to: Privacy Officer: Lee & Poh Partnership (LPP Law)

Email: office@lpplaw.asia

We may request verification of identity to safeguard confidentiality.

  1. Updates to this Policy

We may amend this Privacy Policy from time to time to reflect legal, technological or operational changes. The updated version will be published on our website with the effective revision date. For the avoidance of doubt, any written agreement between you and us shall, unless expressly stated otherwise, supersede the terms prescribed herein to the extent of any inconsistency between the terms of such written agreement and the terms herein.