Privacy Policy

1. Introduction

Thornbridge ("we", "our", "the firm") is committed to protecting the personal information of those who contact us or engage our services. This policy describes what information we collect, how we use it, how we protect it, and the rights available to you in respect of it.

This policy applies to all personal data processed by Thornbridge in connection with enquiries and client engagements. It is governed by the Personal Data Protection Act 2010 (Malaysia) and, where applicable, the General Data Protection Regulation (EU) 2016/679. Questions about this policy may be directed to [email protected].

2. Data We Collect

We collect personal information in the following circumstances:

Information provided directly

• — Name and contact details (telephone, email, postal address) provided through our enquiry form or during a consultation
• — Matter details shared in the course of an engagement or preliminary discussion
• — Correspondence with the firm by email, post, or telephone

Information collected automatically

• — Technical data collected via cookies when you visit our website (see our Cookie Policy)
• — General analytics data about how pages are navigated

3. How We Use Your Data

Personal data is used for the following purposes:

• — Responding to enquiries and arranging consultations
• — Carrying out client engagements and providing legal services
• — Communicating about the progress of a matter
• — Billing and fee administration
• — Complying with professional obligations and applicable law
• — Improving our website based on aggregated usage data

Legal basis for processing

Processing is carried out on the basis of: (a) the performance of a contract or pre-contractual steps at the enquirer's request; (b) compliance with our professional and legal obligations; and (c) our legitimate interest in administering the practice. Where consent is relied upon, it may be withdrawn at any time.

Retention periods

Client file data is retained for a minimum of seven years following the close of a matter in accordance with professional obligations. Enquiry data where no engagement follows is retained for twelve months before deletion.

4. Data Sharing

We do not sell or share personal data with third parties for marketing purposes. Data may be shared in the following circumstances:

• — With counsel, experts, or other professionals instructed in connection with a matter, with the client's knowledge
• — With the court or relevant tribunal as required in the course of proceedings
• — With our technology and service providers (document storage, email, website hosting) under confidentiality obligations
• — As required by law, court order, or regulatory authority

5. Data Protection Measures

We maintain the following safeguards in respect of personal data held by the firm:

• — Physical files are held securely at our chambers and accessible only to authorised staff
• — Digital files are stored on systems with access controls and regular backups
• — Email containing sensitive matter information is transmitted using encrypted connections where possible
• — Staff access to client files is limited to those working on the matter in question
• — In the event of a breach affecting personal data, affected individuals will be notified in accordance with applicable law

6. Cookies

Our website uses cookies to enable basic functionality and to understand how the site is used. Essential cookies are necessary for the site to operate. Optional analytics cookies are only placed if you consent. Full details are set out in our Cookie Policy.

7. Your Rights

Under the Personal Data Protection Act 2010 (Malaysia) and, where applicable, the GDPR, you have the following rights in respect of your personal data:

• — Access: to request a copy of the personal data we hold about you
• — Correction: to request correction of inaccurate or incomplete data
• — Erasure: to request deletion in certain circumstances
• — Portability: to receive data in a structured, machine-readable format
• — Objection: to object to processing based on legitimate interest
• — Withdrawal of consent: where processing is based on consent

To exercise any of these rights, please write to us at [email protected]. We will respond within thirty days. You also have the right to lodge a complaint with the Personal Data Protection Department of Malaysia.

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and recommend reviewing their policies before providing personal data.

9. Children

Our services are directed at adults. We do not knowingly collect personal data from individuals under the age of 18. Where a matter involves a child's interests, any data relating to that child is handled with additional care and in accordance with applicable professional obligations.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by posting a revised version on this page with an updated date. Continued use of our website or services after the revised policy is posted constitutes acceptance of the updated terms.