Privacy and data handling

CoraTlegal collects and processes personal data limited to what is necessary to provide legal consulting services, such as contact details, corporate information, and documents relevant to engagements. Data is handled in accordance with applicable Malaysian data protection laws and retained only for the period required to fulfil legal obligations, manage the client relationship, and maintain records. Access to client information is restricted to authorized personnel, and administrative, physical, and technical safeguards are applied to reduce unauthorized access risks. Where third parties are engaged for specific tasks, data sharing is subject to written agreements that require appropriate confidentiality and security measures.

01-03-2026 CoraTlegal (Business ID: 057658266995) [email protected]

Key definitions

This section explains the main terms used in this privacy policy so readers can understand what we mean by personal data, processing, users and services. The definitions are provided for clarity and to support consistent interpretation of the policy provisions across different sections and practical scenarios.

Personal data means any information relating to an identified or identifiable natural person. Examples include names, contact details, job titles, email addresses, identifiers assigned to devices or accounts, and other information that can be linked to an individual either directly or indirectly.
Processing refers to any operation or set of operations performed on personal data, whether automated or not. This includes collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure and destruction.
User refers to an individual who interacts with CoraTlegal services, visits the website, requests information, registers an account, or otherwise provides personal data to CoraTlegal in the context of legal consulting services for technology companies.
Service means the legal consulting and related services offered by CoraTlegal to technology sector clients, including contract review, regulatory advice, data protection assessment support, compliance guidance and other professional services described on coratlegal.vip.
Cookies are small text files placed on a device when a user visits a website. They are used to remember preferences, support site functionality, measure usage and deliver relevant information. Similar technologies include local storage, web beacons and tracking pixels.

Data collection

CoraTlegal collects personal data that is necessary to provide professional legal consulting services, to administer client relationships and to comply with applicable legal obligations. The types and sources of data collected vary by context and the specific services requested.

Data you provide directly

When you contact CoraTlegal or use our services you may provide different types of information. We collect only what is relevant to deliver the requested service, to communicate with you, and to meet legal or regulatory requirements.

  • Contact details: name, business email address, phone number and postal address.
  • Identity and company information: company name, position, business registration numbers and jurisdiction.
  • Case and support materials: documents, contracts, technical descriptions and other materials you upload or share for legal review.
  • Billing and payment details: invoicing information, corporate billing contact, and records necessary for accounting and tax purposes.
  • Communications: messages, meeting notes, email platform and instructions relevant to the provision of our services.
  • Consents and preferences: communications preferences, marketing opt-ins and consents for specific processing activities where requested.

Data collected automatically

When you visit coratlegal.vip or interact with online resources, some data is collected automatically to support site operation, analytics and security. This data helps us maintain the website, troubleshoot issues, and understand general usage patterns.

  • Device and browser information: type of device, operating system, browser version and language settings.
  • Usage data: pages visited, time spent on pages, referring URLs and interaction events.
  • IP addresses and approximate geolocation derived from network information.
  • Cookies and similar identifiers used for session management and analytics.
  • Security-related logs: failed login attempts, access logs and other telemetry used to detect and mitigate abuse.
  • Performance and diagnostic information collected to identify and fix errors and improve service stability.

Data obtained from third parties

In some cases we receive personal data from third parties such as corporate clients, partners, service providers or publicly available sources. We use such data only where necessary and in compliance with applicable laws and contractual terms.

  • Partner referrals and corporate client submissions that include contact and organisational details.
  • Service providers that supply payment processing, cloud hosting, analytics or identity verification.
  • Public registers and commercial databases used to verify company information and perform basic due diligence.

Purposes of processing

CoraTlegal processes personal data for legitimate, specified purposes. Processing is limited to what is necessary to achieve those purposes and to meet legal and contractual requirements.

  • Provision of legal consulting services, including review of documents and delivery of advice tailored to technology-sector clients.
  • Communication and case management: scheduling, client correspondence and managing service delivery.
  • Billing, invoicing and business administration related to contracted services.
  • Website operation, analytics and performance monitoring to maintain and improve coratlegal.vip.
  • Compliance with legal, regulatory and tax obligations applicable to CoraTlegal in Malaysia and relevant jurisdictions.
  • Security and fraud prevention, including detection, mitigation and contribute of incidents affecting systems or client data.
  • Record keeping and internal audit to support professional standards and risk management.
  • Where consent is obtained, for marketing communications or other activities specified at the time of consent.

Legal bases for processing

We rely on lawful bases set out in applicable data protection laws to process personal data. The relevant basis depends on the purpose of processing and the relationship with the individual.

  • Performance of a contract or steps taken at the request of an individual before entering a contract (e.g., providing legal services).
  • Compliance with a legal obligation (e.g., accounting, tax and regulatory reporting duties).
  • Legitimate interests pursued by CoraTlegal, such as maintaining service security, preventing fraud and managing client relationships, balanced against individual rights.
  • Where required, explicit consent obtained from the individual for specific processing activities such as marketing communications.

Applicable data protection laws

Although CoraTlegal is located in Malaysia, the European Union General Data Protection Regulation (GDPR) may apply to processing activities involving personal data of individuals located in the EU/EEA. We take measures to respect applicable cross-border requirements and to respond to rights requests from affected individuals.

  • Right of access: individuals may request confirmation whether we process their personal data and obtain a copy of the data processed.
  • Right to rectification: individuals can request correction of inaccurate personal data without undue delay.
  • Right to erasure: subject to legal and contractual limitations, individuals may request deletion of personal data that is no longer necessary for the purposes collected.
  • Right to restriction of processing: individuals may request limits on the use of their data in certain circumstances, for example during dispute resolution.
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, individuals may request transfer of their data to another controller.
  • Right to object: individuals may object to processing based on legitimate interests or for direct marketing, subject to applicable legal grounds.

Cookies and similar technologies

Our website uses cookies and similar technologies to support essential site functions, measure website performance and enable optional features. This section describes the types of cookies used and how you can manage them.

Cookies used include session cookies (temporary and removed when the browser closes), persistent cookies (retain settings and preferences across visits), and first- or third-party cookies deployed by analytics or service providers. Similar technologies include local storage and tracking pixels.

Categories of cookies: strictly necessary (required for site function), performance and analytics (used to measure and improve the site), functional (to remember preferences) and marketing/tracking (used by third parties to deliver tailored content).

You can manage cookie settings via your browser controls or by using any preference tools presented on the site. Blocking certain cookies may affect site functionality. For detailed controls, consult your browser documentation or visit coratlegal.vip/cookie-policy.

Detailed cookie policy available at https://coratlegal.vip/cookie-policy

Disclosure and sharing of personal data

CoraTlegal shares personal data only where necessary to provide services, to comply with legal obligations, or with service providers who process data on our behalf under contract. We apply contractual and technical measures to protect shared data.

  • Service providers: cloud hosting, document storage, payment processors and secure communication platforms engaged to support service delivery.
  • Professional advisors: auditors, accountants or external legal counsel where required for compliance or to support a client matter.
  • Regulatory or government authorities when disclosure is required by law, court order or to meet regulatory obligations.
  • Corporate clients and their authorized representatives when acting on instructions or where required to carry out contracted services.
  • Transaction counterparties in connection with mergers, acquisitions or restructuring events, with appropriate confidentiality safeguards.
  • Third parties where an individual has provided explicit consent for the disclosure.

International data transfers

Personal data processed by CoraTlegal may be stored or transferred to jurisdictions outside the individuals home country, including Malaysia and countries where our service providers operate. Transfers occur where necessary for service delivery or legal compliance.

When data is transferred internationally we rely on appropriate safeguards such as contractual data protection clauses, standard contractual clauses where available, encryption and access restrictions. Transfers are assessed to ensure an adequate level of protection consistent with applicable law.

Data retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations and to resolve disputes. Retention periods depend on the type of data and the context of processing.

Account records and client engagement information are retained for the duration of the client relationship and generally for a period of up to 7 years after the engagement ends to satisfy accounting, tax and regulatory record-keeping obligations.

Communications and case-related messages are retained for the period necessary to manage the matter and typically for up to 5 years after conclusion, unless a different retention period is required by law or contract.

Technical and security logs are retained to support incident contribute and system operation. Retention is limited and generally does not exceed 1 to 2 years, subject to operational and legal requirements.

When retention periods expire or data is no longer needed, we securely delete or anonymize the information. Deletion procedures are applied in accordance with documented retention schedules and technical constraints.

Security of personal data

CoraTlegal implements administrative, technical and physical measures designed to protect personal data against unauthorized access, accidental loss, disclosure or destruction. Measures are reviewed periodically to address evolving risks and technologies.

  • Access controls and role-based permissions to restrict access to personal data on a need-to-know basis.
  • Encryption of data in transit and, where appropriate, data at rest; regular vulnerability scanning and patch management.
  • Operational procedures including staff training, incident response plans and contractual requirements for third-party processors.

User rights

Depending on applicable law and the individuals location, affected persons may exercise certain rights with respect to their personal data. Requests will be processed in accordance with legal requirements and subject to verification.

  • Access: obtain confirmation of processing and a copy of the personal data processed.
  • Rectification: request correction of inaccurate or incomplete personal data.
  • Erasure: request deletion of personal data when it is no longer necessary or where legal grounds allow, taking into account retention obligations.
  • Restriction: request limitation of processing in specific circumstances, such as during dispute resolution.
  • Objection: object to processing based on legitimate interests or for direct marketing purposes, where applicable.
  • Portability: request transfer of personal data in a commonly used, structured and machine-readable format where applicable.
  • Withdraw consent: where processing is based on consent, withdraw consent for future processing without affecting prior processing.
  • Complaint: lodge a complaint with a competent supervisory authority if you consider your data protection rights have been infringed.

Your privacy rights and how to submit a request

Individuals may request access to, correction of, portability of, restriction of processing of, or deletion of personal data held by CoraTlegal. To make a request, clearly identify the right you are exercising and provide sufficient information for CoraTlegal to locate the relevant data (for example, name, email address, company name, and any relevant reference numbers). Requests should be submitted via the contact details set out below. CoraTlegal may require additional information to verify the identity of the requester before processing the request, in line with applicable law.

[email protected]

CoraTlegal aims to respond to valid privacy rights requests within 30 days of receipt. Where additional time is necessary because of the complexity or volume of requests, you will be informed of the expected extended timeframe and the reasons for the extension. If a request is limited by applicable law, CoraTlegal will explain the legal basis for the limitation.

Marketing communications

CoraTlegal may use contact details provided by clients and prospects to send information about services, events, and updates relevant to technology companies. Marketing communications are based on consent or legitimate interest where permitted by law. Communications will be limited to content relevant to corporate legal consulting, compliance updates, regulatory developments, and invitations to informational events.

You may opt out of marketing communications at any time by following the unsubscribe link in any marketing email or by contacting CoraTlegal via the contact information below. Unsubscribing will be processed promptly; however, you may continue to receive transactional or service-related messages that are necessary to manage an existing engagement.

Children's personal data

CoraTlegal does not provide services targeted at children and does not knowingly collect personal data from individuals under the age of 13. If CoraTlegal becomes aware that it has collected personal data from a child without appropriate consent, reasonable steps will be taken to delete the information in accordance with applicable law. If you believe that we may hold personal data of a child, please contact us so we can take appropriate action.

Links to third-party sites

CoraTlegal may provide links to third-party websites, tools, or resources for convenience and additional information. These external sites have their own privacy policies and practices, which CoraTlegal does not control. You should review the privacy and data-handling practices of any third-party site before sharing personal information. Inclusion of a link does not imply endorsement of the third party by CoraTlegal.

Changes to this privacy notice

CoraTlegal may update this privacy statement to reflect changes in legal, regulatory, business, or technical developments. When significant changes are made, CoraTlegal will provide notice through the website or by other communication channels as appropriate. The effective date for the current version is indicated in the notice. Continued use of CoraTlegal services following publication of an updated policy indicates acceptance of the updated terms.