09-04-2026

General information

NurixVLegal operates as a provider of business law consulting for operational compliance in Malaysia. This policy explains how NurixVLegal collects, uses, stores and discloses personal data in the context of our professional services. Our contact and business details are provided for clarity and to facilitate rights requests or other enquiries. The policy describes types of data processed, lawful bases for processing, retention periods, security measures and the steps individuals can take to exercise applicable rights.

NurixVLegal 114, Susuran Sultan Abdul Hamid 1B, Kompleks Perniagaan Sultan Abdul Hamid, 05050 Alor Setar, Kedah, Malaysia info@nurixvlegal.pro

Definitions

The following definitions are used in this policy to clarify terms. They are intended for general explanatory purposes and reflect common usages in privacy documentation relevant to legal advisory services.

1Personal data means any information relating to an identified or identifiable natural person, including names, contact details, identifiers, and business contact information received in the course of delivering legal or compliance services.
2Processing refers to any operation performed on personal data, including collection, recording, organization, storage, retrieval, consultation, use, disclosure and erasure, carried out in the context of providing professional services.
3User refers to a client, prospective client, representative, employee or other individual whose personal information is processed by NurixVLegal in connection with our services.
4Service means the business law consulting and operational compliance activities, including audits, policy drafting, training, and advisory services delivered by NurixVLegal.
5Cookies are small text files placed on a device by a website to store preferences, session identifiers or analytics information. Cookies are used to improve site function and to collect usage data.

Data collection and categories

We collect personal data that is necessary for delivering professional legal and compliance services, for administrative purposes, and to satisfy legal or regulatory obligations. Data may be provided directly by users or obtained automatically when interacting with our website and systems.

Data you provide directly

Information provided when contacting us, engaging our services, or completing forms, including details needed to verify identity and to perform contracted services.

  • Contact details (name, business email, telephone number, business address)
  • Company information and business identifiers (company name, registration numbers, Business ID 004219779862 where applicable)
  • Documents and records relevant to compliance reviews (corporate records, licences, contracts)
  • Payment and billing information necessary to process invoices and payments for services
  • Communications and correspondence platform with our advisors and support staff
  • KYC and verification information provided to fulfil professional and regulatory obligations

Automatically collected data

When you use our website or interact with our digital services we may collect technical and usage information automatically to support service delivery, security and analytics.

  • Device and browser information (device type, browser version, operating system)
  • IP address and approximate location for security and fraud prevention
  • Usage data (pages visited, time spent on site, clicks) for service improvement
  • Cookie identifiers and similar tracking technologies
  • Server logs and diagnostic data collected for maintenance and security monitoring
  • Analytics identifiers used to assess site performance and usage trends

Third-party sources

We may receive personal data from third parties where necessary for service delivery or where you have authorised such sharing. Examples include professional advisors, service providers and regulatory authorities.

  • Payment processors and business institutions to process invoices and payments
  • Third-party service providers assisting with hosting, analytics and IT operations
  • Professional advisers and external auditors engaged to support compliance work

Purposes of processing

We process personal data only for specified, legitimate purposes related to our services and operations. These purposes are described below and align with what clients reasonably expect when engaging a legal consultancy.

  • Provision of legal and compliance services, including audits, advice, drafting and training
  • Client onboarding, identity verification and Know Your Client (KYC) processes
  • Billing, invoicing and business administration
  • Regulatory reporting and responding to lawful requests from government or supervisory authorities
  • Improving service delivery, including analytics and site performance monitoring
  • Security, fraud prevention, and detection of abuse or unauthorized access
  • Communications with clients regarding engagements, updates and administrative matters
  • Record keeping for professional responsibility and risk management

Legal bases for processing

Processing is based on lawful grounds appropriate to the context of professional services and applicable Malaysian data protection principles. These include contractual necessity, compliance with legal obligations and legitimate interests.

  • Performance of a contract: processing necessary to provide the services you have requested
  • Legal obligation: processing required to comply with statutory, regulatory or professional duties
  • Legitimate interests: necessary processing for business operations, security and fraud prevention, balanced against individual rights
  • Consent: where explicit consent is obtained for particular processing activities such as direct marketing or non-essential cookies

Applicable rights and principles

Where relevant privacy frameworks apply, we recognize core rights and principles that support transparent handling of personal data. The following list summarizes common rights that individuals may seek to exercise in relation to their data.

  • Right of access — to request confirmation of whether personal data is being processed and to receive a copy
  • Right to rectification — to request correction of inaccurate personal data
  • Right to erasure — to request deletion of personal data where retention is no longer necessary and no legal obligation prevents deletion
  • Right to restriction of processing — to request limitation of certain processing activities in specific circumstances
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to data portability — to request transfer of data in a structured, commonly used and machine-readable format where technically feasible

Cookies and similar technologies

NurixVLegal uses cookies to support site functionality, to gather analytics and to store user preferences. Cookies do not typically contain personal data beyond identifiers tied to other records.

We use session cookies to maintain site functionality and persistent cookies for remembering preferences. Third-party cookies may be used by analytics providers to collect anonymous usage statistics.

Categories include strictly necessary cookies, performance and analytics cookies, and preference cookies. Advertising cookies are not used for targeted advertising on this site.

Users can manage cookie preferences through their browser settings and through any cookie controls provided on the site. Disabling certain cookies may affect site functionality.

View our Cookie Policy at https://NurixVLegal.pro/cookie-policy

Data sharing and disclosures

We share personal data only where necessary for service provision, with authorised processors, or when required by law. Data sharing is subject to contractual and technical safeguards to protect confidentiality and integrity.

  • Service providers acting as processors (hosting, IT support, analytics)
  • Professional advisers and auditors engaged in connection with service delivery
  • Payment processors and business institutions for billing purposes
  • Regulatory and law enforcement authorities if required by law or court order
  • Other parties in the event of corporate reorganization, sale or merger subject to appropriate safeguards
  • Any third party where you have explicitly consented to the disclosure

International transfers

Some processing may be carried out by third-party providers located outside Malaysia. In those cases we implement appropriate safeguards to protect personal data and to maintain compliance with applicable requirements.

Safeguards include data processing agreements, contractual clauses, and ensuring that recipients maintain adequate security standards and only process data for specified purposes.

Data retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, to meet professional and legal obligations, and to support legitimate business interests such as record keeping and dispute resolution.

Client records and account information are retained for periods required by professional obligations and tax law; typically business records are retained for up to seven years unless a shorter period is appropriate.

Email correspondence and transactional messages related to service delivery are retained for a period appropriate to the purpose, commonly between two and seven years depending on context.

System logs and security event records are retained to support incident response and security monitoring; retention periods are generally between one and three years, consistent with operational needs.

When personal data is no longer required and no legal obligation or legitimate interest requires retention, we will delete or anonymize the data in a secure manner.

Security measures

NurixVLegal implements organisational and technical measures to protect personal data against unauthorized access, accidental loss, disclosure or alteration. Measures are reviewed periodically and adjusted as needed in response to risk assessments.

  • Access controls and role-based permissions for systems handling personal data
  • Encryption of sensitive data in transit and where appropriate at rest
  • Regular security reviews, monitoring, and staff training on data protection practices

User rights and how to exercise them

Individuals may exercise applicable rights related to their personal data. Requests should contain sufficient detail to locate the records and to allow us to verify the requester’s identity.

  • To make a request to access, correct, or delete your personal data, contact our data protection contact at the address below
  • If you are not satisfied with our response you may seek guidance from the relevant supervisory authority or pursue any remedies available under applicable law
  • Right to rectification: You may request correction of inaccurate or incomplete personal data that NurixVLegal holds about you. We will update records after verifying the request and informing you of the outcome in accordance with applicable data protection requirements.
  • Right to erasure (right to be forgotten): Where permitted by applicable law, you may request deletion of personal data that is no longer necessary for the purposes stated in this policy, or which has been processed unlawfully. Requests are evaluated against legal retention obligations before action is taken.
  • Right to restriction of processing: You may request that we suspend processing of specific personal data while a dispute about accuracy, lawfulness, or data retention is resolved. If accepted, we will flag the data and limit processing to storage and specified actions only.
  • Right to data portability: Where technically feasible and legally required, you may request a copy of personal data in a structured, commonly used, and machine-readable format for your own use or transfer to another provider. The scope is limited to data you provided and processing based on consent or contract.
  • Right to object to processing: You may object to processing based on our legitimate interests, direct marketing, or automated decision-making where applicable. We will review and either accommodate the objection or explain why we must continue processing under applicable law.
  • Right to withdraw consent: If processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal, and other lawful bases for processing may remain valid.

How to exercise your privacy rights

To exercise any of the rights described, please contact our Data Protection Officer at the address or email below. Include your full name, contact details, a clear description of the request, and any documents needed to verify your identity. We may request reasonable information to confirm identity before taking action.

info@nurixvlegal.pro

We aim to respond to valid requests without undue delay and within 30 calendar days of receipt. In complex cases or where verification is required, we may extend the response period and will notify you of any extension and its reasons in writing.

Marketing communications

NurixVLegal may send informational updates, newsletters, and service notices to clients and subscribers where consent has been provided or where communications are necessary for the service relationship. Marketing messages will be clearly identified and include an option to opt out. We process marketing data in accordance with Malaysian regulations and good practice.

To stop receiving marketing communications, follow the unsubscribe link in the message or send an opt-out request to our contact address. Unsubscribe requests will be processed promptly; you may still receive non-marketing messages related to services or legal obligations.

Children and personal data

Our services are intended for adults and business users. We do not knowingly collect personal data from persons under 18 without appropriate parental or guardian consent. If we learn that we have collected data from a minor without consent, we will take steps to delete it in accordance with applicable law.

Links to third-party sites

Our website may contain links to third-party websites and services that are not operated by NurixVLegal. We are not responsible for the privacy practices or content of those sites. Please review third-party privacy policies before providing personal data to other providers.

Changes to this privacy policy

We may update this privacy policy to reflect changes in our practices, legal requirements, or the features of our services. Material changes will be published on our website with an updated effective date. Continued use of our services after publication indicates acceptance of the updated policy.

Contact and company details

Data controller and contact: NurixVLegal, 114, Susuran Sultan Abdul Hamid 1B, Kompleks Perniagaan Sultan Abdul Hamid, 05050 Alor Setar, Kedah, Malaysia. Business ID: 004219779862. Phone: +60123153355. For privacy inquiries and data rights requests, email: privacy@NurixVLegal.pro or send written requests to the postal address above.

+60123153355
info@nurixvlegal.pro
114, Susuran Sultan Abdul Hamid 1B, Kompleks Perniagaan Sultan Abdul Hamid, 05050 Alor Setar, Kedah, Malaysia