1. Introduction
Bestari Legal ("we", "us", "our") respects the privacy of every individual who interacts with our firm. This Privacy Policy sets out how we handle personal data collected through our website at bestarilein.biz and in the course of providing our tax advisory services.
We process personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using our website or engaging our services, you acknowledge that you have read and understood this policy.
If you have questions at any point, please contact us before proceeding. Details are at the end of this document.
2. Data Controller
3. Personal Data We Collect
We collect personal data through different means depending on how you interact with us.
3.1 Data You Provide Directly
- Contact form submissions: name, email address, phone number, and any information included in your message.
- Client engagement data: MyKad or passport number, tax identification number (TIN), employment or business details, financial statements, and income documentation.
- Correspondence: emails, phone call notes, and meeting records relating to your matter.
3.2 Data Collected Automatically
- Technical data: IP address, browser type and version, device type, operating system, referring URL, and pages visited.
- Usage data: time spent on pages, click paths, and form interactions, collected via analytics tools.
- Cookie data: preferences stored locally. See Section 9 for details.
4. How We Use Your Personal Data
| Purpose | Details |
|---|---|
| Service Delivery | Preparing tax computations, filing returns, and communicating advisory findings. |
| Client Communication | Responding to enquiries, scheduling consultations, and providing progress updates. |
| Regulatory Compliance | Meeting obligations under the Income Tax Act 1967, PDPA, and anti-money laundering legislation. |
| Website Improvement | Understanding how visitors use our site to improve content and usability. |
| Record Keeping | Maintaining engagement files as required by professional standards and regulatory expectations. |
5. Legal Basis for Processing
Under the PDPA 2010, we process personal data on the following grounds:
- Consent: When you submit a contact form or cookie preferences, you provide consent to the processing described herein.
- Contract performance: Processing necessary to fulfil our advisory engagement agreement with you.
- Legal obligation: Compliance with Malaysian tax law, anti-money laundering requirements, and professional regulatory obligations.
- Legitimate interests: Website analytics and improving the quality of our services, where these interests do not override your rights.
6. Data Sharing
We do not sell or trade your personal data. We may share it only in the following circumstances:
- Inland Revenue Board (LHDN): When submitting returns or responding to audit or enquiry notices on your behalf, with your prior instruction.
- Regulatory bodies: As required by law, court order, or lawful demand from a competent authority.
- Service providers: IT infrastructure, document management, and professional software vendors who process data only on our instruction and under confidentiality agreements.
- Analytics providers: Aggregated, anonymised usage data may be processed by analytics platforms such as Google Analytics.
All third-party service providers are required to implement appropriate data protection measures.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Tax engagement files | 7 years from the end of the tax year of assessment |
| Contact enquiry data | 2 years from date of last contact |
| Website analytics | Up to 26 months (aggregated and anonymised) |
| Cookie consent records | 12 months from last consent update |
| Billing and invoice records | 7 years as required under the Income Tax Act 1967 |
8. Security Measures
We take data security seriously and maintain the following controls:
All data transmitted via our website is encrypted using TLS. We do not accept sensitive data over unencrypted channels.
Client files are accessible only to the advisors assigned to your matter, protected by role-based access policies.
Client documents are stored on servers with encryption at rest and regular backup procedures.
In the event of a data breach affecting your personal data, we will notify you and relevant authorities promptly in accordance with PDPA obligations.
10. Your Rights
Under the PDPA 2010, you have the following rights regarding your personal data:
To exercise any of these rights, please write to us at [email protected]. We will respond within 21 days. Note that certain requests may be subject to verification of identity.
If you believe your rights under the PDPA have not been respected, you may lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia.
11. Children's Privacy
Our services are directed at adults aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted personal data to us, please contact us promptly so we can remove it.
12. Third-Party Links
Our website may contain links to external websites such as LHDN's e-Filing portal or the Companies Commission of Malaysia. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy notices before providing any personal data.
13. Policy Updates
We may revise this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date at the top of this page. We encourage you to review this page periodically.
Continued use of our website following any update constitutes acceptance of the revised policy.
14. Contact Us
For any questions regarding this Privacy Policy or your personal data, please reach us through: