Privacy Policy

Thornbridge ("we", "us", "our") is committed to protecting the personal data of individuals who engage with our services or visit our website. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have in relation to it.

Our practice is based at 8 Persiaran Stonor, 50450 Kuala Lumpur, Malaysia, and our data handling practices are governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia.

If you have questions about this policy or how we handle your data, please contact us at privacy@thornbridge.

We may collect the following types of personal data:

• Contact information: name, email address, phone number
• Communication content: the content of messages sent through our contact form or by email
• Technical data: browser type, IP address, and pages visited (collected via cookies)
• Engagement data: correspondence and documents shared in the course of a legal engagement

Legal basis: We process personal data on the basis of consent (for website enquiries and marketing communications), contractual necessity (for client engagements), and legitimate interest (for maintaining the security and functioning of our website).

Retention: Contact enquiry data is retained for 12 months. Client engagement data is retained for a minimum of 7 years in accordance with professional obligations.

• To respond to enquiries submitted through our website
• To deliver and manage legal advisory services for clients
• To communicate updates relevant to your matter
• To comply with our legal and professional obligations
• To improve the performance and usability of our website (via aggregated analytics data)

We do not use your personal data for unsolicited marketing without your consent. We do not sell your data to third parties.

We share personal data only where necessary:

• Regulatory bodies: where required by law, court order, or professional obligation
• Service providers: third-party tools used for document management and secure communication, bound by data processing agreements
• Analytics providers: aggregated, anonymised usage data only

We take reasonable technical and organisational steps to protect personal data against unauthorised access, loss, or misuse. These include:

• Secure storage of client documents with access controls
• Encrypted communications for sensitive correspondence
• Staff awareness of data protection obligations
• Regular review of data handling procedures

In the event of a data breach that affects your rights, we will notify you and, where required, the relevant authority within the timeframes required by the PDPA.

Our website uses cookies to support basic functionality and to understand how it is used. You can manage your cookie preferences through the banner displayed on your first visit or through our Cookie Policy page. Essential cookies are required for the site to operate and cannot be disabled.

Under the PDPA, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Withdraw consent to processing (where consent is the legal basis)
• Request that we limit or cease processing in certain circumstances
• Lodge a complaint with the Personal Data Protection Department of Malaysia

To exercise any of these rights, contact us at privacy@thornbridge. We will respond within 21 working days.

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their respective privacy policies.

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe we have received data from a person under 18, please contact us so we can address it appropriately.

We may update this policy from time to time. Material changes will be communicated by updating the "Last Updated" date and, where appropriate, by notice on our website. Continued use of our website or services after any update constitutes acceptance of the revised policy.