Privacy Policy — PensionaNGuard

Definitions

This section defines terms used throughout this policy and provides short examples so retirees can see how each concept applies to typical legal service interactions.

Personal data means any information that identifies or can be used to identify an individual, such as name, contact details, national identification, employment history, pension numbers and bank account details. Example: a client uploads a pension statement to support a benefits review.

Processing covers any operation performed on personal data, such as collection, recording, organization, structuring, storage, retrieval, consultation, use, disclosure, erasure or destruction. Example: storing scanned documents in a secure case file for use in an appeal.

User refers to the individual interacting with our service, typically retirees, family members or authorized representatives seeking legal advice on pension, estate or elder-law matters.

Service means the legal consultation, document preparation, representation, and online resources provided by PensionaNGuard through our website and physical office.

Cookies are small data files placed on a visitor’s device to improve site functionality and remember preferences. We explain cookie categories and give examples like session cookies to keep a login active during a consultation booking.

Purposes of processing

We process personal data for specific, limited and transparent purposes related to delivering legal services to retirees. Below are the principal purposes with practical examples for each.

• To provide and manage legal advice, representation, and document drafting — e.g., preparing a will or filing an administrative appeal for pension benefits.
• To verify identity and eligibility when acting on behalf of a client — e.g., confirming pension numbers with an administrator.
• To communicate case updates, schedule appointments, and send invoices — practical communications necessary for ongoing case management.
• To perform conflict checks and maintain accurate client records — ensuring independent and ethical representation.
• To comply with legal and regulatory obligations, such as reporting where required by law — such as court filings or statutory notices.
• To improve services and site usability through aggregated analytics — for example, identifying common queries where additional case guides would help retirees.
• To respond to requests to exercise data subject rights and to resolve complaints — including practical steps for correcting or providing copies of records.
• To protect the security and integrity of our services, including fraud detection and prevention in appointment booking and payments.

Legal basis for processing

We rely on appropriate legal bases for processing personal data depending on the nature of the activity. Examples show which basis applies in common legal service scenarios.

• Performance of a contract: processing necessary to provide legal services you requested, such as drafting documents or representing you in a hearing.
• Legal obligation: processing needed to comply with statutory duties, court orders or reporting requirements related to legal practice.
• Legitimate interests: limited processing for case administration, fraud prevention and service improvement where these interests do not override individual rights.
• Consent: where required for special categories of data (for example, health information provided to support a guardianship application), we will obtain explicit consent and document the scope and timeframe.

GDPR and data subject rights (where applicable)

If GDPR applies to you, the following summarizes your rights and how PensionaNGuard supports them in a legal-services context. Each right includes a short example of how to exercise it.

• Right of access — request a copy of personal data we hold about you. Example: obtaining a copy of your case file documents.
• Right to rectification — request correction of inaccurate or incomplete data. Example: updating an incorrect pension number in your file.
• Right to erasure — request deletion of data where no legal obligation to retain exists. Example: removing marketing preferences or obsolete contact records.
• Right to restriction of processing — ask us to limit use of your data while a dispute is resolved. Example: pausing further use of documents while parties verify facts.
• Right to data portability — request transfer of your structured personal data to another controller, where technically feasible. Example: exporting client contact and case reference data for transfer to another firm.
• Right to object — object to processing based on legitimate interests, such as profiling for marketing. Example: opting out of non-essential outreach about seminars and guides.

Cookies and similar technologies

We use cookies to improve website functionality and the user experience. This section explains cookie types, categories and how to manage preferences with concrete steps for retirees or caregivers.

Types include session cookies, persistent cookies, and functional cookies for bookings. We also use analytics cookies to improve content and performance. Example: a session cookie keeps your booking form active while you complete details.

Categories: Essential (necessary for site operation), Functional (remember preferences), Performance (analytics), and Marketing (third-party content). We provide an explicit cookie banner to choose your preferences on first visit.

You can manage cookies via browser settings or the cookie banner on our site. For retirees unfamiliar with browser settings, our support team can assist with step-by-step guidance by phone at +60123183187.

Full cookie policy and preference center

Data sharing and disclosure

We only share personal data when necessary for service delivery, with service providers who help us administer cases, or where legally required. Below are typical categories of recipients and examples tied to retiree cases.

• Service providers and professional advisors engaged to perform tasks such as document hosting, secure payment processing, or expert reports for a case.
• Government agencies and pension administrators when submitting formal requests or complying with statutory obligations related to benefits.
• Courts, tribunals and opposing parties as required by legal proceedings — shared in compliance with procedural rules and only to the extent necessary.
• Authorized representatives nominated by the client, such as an appointed attorney-in-fact or family member, after verification of authority.
• Third-party analytics and hosting providers that process aggregated or pseudonymized data to help us improve services.
• Other parties where the client has given explicit consent to share specific documents or data for a particular purpose.

International data transfers

Occasionally we may transfer data to service providers or advisors outside Malaysia for specific tasks, such as hosting or specialized legal research. Transfers are limited, documented, and only made when appropriate safeguards are in place.

Where transfers occur, we use contractual safeguards, data processing agreements, and assessments of the recipient’s data protection measures to protect personal data. We avoid transfers unless necessary and inform clients when cross-border processing is required for a case.

Data retention

We retain personal data only as long as needed for the purpose it was collected, to meet legal or regulatory obligations, and to support potential future claims related to the services provided. Practical retention intervals for common record types are described below.

Client account and identity records: retained for the duration of the client relationship and for at least 7 years after closure where required for legal and accounting obligations, or longer if necessary for case-related enforcement.

Communications, emails and consultation notes: retained in the case file for the duration of representation and typically for the same period as account records unless a shorter retention is requested and lawful.

System logs and security records: retained as necessary to contribute and prevent fraud or security incidents and according to legal or regulatory requirements, usually for a period aligned with incident response needs.

Deletion and anonymization: when retention periods expire, we securely delete or anonymize data. If a client requests deletion and no legal obligations require continued retention, we will explain practical implications for ongoing or future legal matters before proceeding.

Security of personal data

PensionaNGuard uses industry-standard administrative, technical and physical safeguards to protect personal data against unauthorized access, disclosure, alteration or destruction. Measures are chosen to reflect the sensitivity of case files, including encryption of stored documents, role-based access controls in case management systems, and secure disposal procedures for physical records. We regularly review security practices and adapt them to evolving risks.

• Access controls and role-based permissions restricting case files to authorized staff only.
• Encryption of sensitive documents at rest and in transit, secure backups, and routine security training for staff.
• Regular third-party security audits and patch management to reduce exposure risks based on real-world case reviews and incident post-mortems.

Your Rights Over Personal Data

PensionaNGuard respects the rights of retirees and their representatives. Below we outline practical steps you can take, with scenarios and examples drawn from typical pension and elder-law inquiries, to exercise your data rights in accordance with applicable Malaysian standards.

• Access: You may request a copy of personal data we hold about you. Example scenario: a retiree requests records of past consultations to prepare for a hearing; we provide redacted copies within the response period.
• Correction: If your contact details or legal status change, submit a correction request. Case example: updating beneficiary information after a change in family circumstances.
• Deletion: You can request removal of personal data that is no longer necessary for the purposes collected. Practical case: removing archived intake forms when the matter is closed and retention period has expired.
• Restriction: Ask to limit processing of your data while a dispute about accuracy or lawfulness is resolved. Scenario: a retiree disputes the scope of records shared with a third party and requests temporary restriction.
• Portability: Where feasible, request transfer of your data in a structured, machine-readable format. Use case: transferring client history to another legal advisor for continued representation.
• Objection: You may object to processing based on legitimate interests, including direct marketing. Practical response: PensionaNGuard reviews objections case-by-case and documents the legal basis for continued processing, if any.
• Withdraw Consent: If processing is based on consent, you can withdraw it without affecting processing prior to withdrawal. Case example: rescinding consent to receive promotional newsletters about workshops.
• File a Complaint: If you believe your rights were not respected, you may lodge a complaint with the relevant data protection authority and we will cooperate with inquiries.

How to Submit a Rights Request

To submit a request regarding your personal data, provide proof of identity and a clear description of the request. Use our online request form at PensionaNGuard.link/contact or send a signed letter to our office. Include case references where available to help us locate records quickly. We document each request and provide a reference number for follow-up.

contact@pensionanguard.link

We aim to acknowledge requests within 7 business days and complete them within 30 calendar days where practicable. Complex requests or those requiring verification may take longer; we will inform you of any extension and the reasons based on specific case circumstances.