Privacy aware

Privacy and Data Handling

AgentTopFirm collects and processes personal data necessary to provide legal advisory services to real estate professionals and their clients. We limit processing to what is relevant for service delivery, compliance and legitimate business administration, and we adopt reasonable administrative and technical measures to protect data integrity and confidentiality.

11-04-2026
AgentTopFirm, Business ID 903669741906, Jalan Desa Jaya, Taman Desa, 58100 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia. Phone: +60123877191
Jalan Desa Jaya, Taman Desa, 58100 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia
[email protected]
01

Key Definitions

This section clarifies terms used in the policy to make responsibilities and processing activities easy to understand for our clients and site visitors.

Personal data means any information relating to an identified or identifiable natural person, such as name, contact details, identification numbers, or transaction-related information relevant to providing legal services. Processing refers to any operation performed on personal data including collection, storage, retrieval, use, disclosure and deletion carried out in the context of delivering legal advisory services and business administration. User refers to any individual whose data we process in relation to legal services, including realtors, property buyers and sellers, and representatives who interact with AgentTopFirm. Service denotes the legal advisory, document review, compliance support and other professional services AgentTopFirm provides to real estate professionals and their clients. Cookies are small data files stored in a browser that help recognize returning visitors, support basic site functionality and allow performance analysis; we use them in line with user preferences and applicable law.
02

What Data We Collect

We collect information necessary to establish client relationships, provide legal advice, manage engagements and comply with legal obligations. Collection is limited to data categories relevant to these purposes.

Data You Provide Directly

When you engage with AgentTopFirm or use our contact channels, we may collect the following categories of data you provide:

  • Identification details such as full name and national identification or company registration numbers when required for contractual matters.
  • Contact information including email address, phone number and business address necessary for communications and service delivery.
  • Transactional information about property matters, contract terms and other case-specific documents submitted for review.
  • Professional credentials and licensing details for real estate agents to verify compliance and provide tailored advice.
  • Payment and billing information required for invoicing and business record-keeping where applicable.
  • Communications such as emails, voice messages or meeting notes that help us manage and fulfill your service request.

Automatically Collected Data

When you visit our website or use our online services, we automatically gather limited technical and usage data to ensure site functionality and security.

  • Device and browser information including user agent string and basic device identifiers used to optimize site compatibility.
  • IP address and approximate geolocation data for security monitoring and to prevent fraudulent activity.
  • Usage data such as pages visited, time on site and navigation paths to improve website performance and content relevance.
  • Cookie identifiers and preferences that support session continuity and consent management.
  • Log data and error reports to diagnose technical issues and improve service reliability.
  • Analytics aggregates used to compile anonymized metrics about site usage and engagement patterns.

Data from Third Parties

In some engagements we may receive data from third-party sources to verify identity or support a transaction; we limit use to what is necessary and permitted by law.

  • Information from payment processors when fees are paid through third-party platforms.
  • Publicly available registries or official records used to verify title, corporate status or client identity.
  • Referrals and professional introductions where a referrer provides basic contact data to initiate an engagement.
03

Why We Process Data

We process personal data for specific, legitimate purposes aligned with service delivery, compliance and business needs.

  • To provide legal advisory services, prepare and review documents, and manage case workflows.
  • To communicate with clients, respond to queries and coordinate meetings or document platform.
  • To comply with legal and regulatory obligations, including anti-funds laundering checks where required by Malaysian law.
  • To administer billing, invoicing and accounting related to services rendered.
  • To detect, prevent and contribute security incidents, fraud or misuse of our services.
  • To improve our website, service offerings and client communications through aggregated analytics.
  • To handle disputes, claims or compliance enquiries that require retention and review of engagement records.
  • To fulfill any other purpose explicitly agreed with a client where processing is necessary for that engagement.

Legal Bases for Processing

We rely on appropriate legal bases to process personal data, selecting the basis that corresponds to each purpose described above.

  • Performance of a contract: processing necessary to provide our contracted legal services.
  • Legal obligation: processing required to comply with statutory duties such as AML and tax-related record keeping.
  • Legitimate interests: processing for fraud prevention, security and business administration where such interests do not override individual rights.
  • Consent: where we ask for consent to process personal data for optional purposes, such as certain marketing communications.

GDPR-related Information for EU Data Subjects

For individuals located in the European Economic Area and the United Kingdom, AgentTopFirm adopts privacy practices aligned with core GDPR principles and provides mechanisms to exercise statutory rights where applicable.

  • Right to access: you may request a copy of personal data we hold about you and details of processing purposes.
  • Right to rectification: you can request correction of inaccurate or incomplete data.
  • Right to erasure: in limited circumstances you may request deletion of personal data we hold about you.
  • Right to restriction and objection: you may request restriction of processing or object to certain types of processing on grounds relating to your situation.
  • Right to data portability: where applicable, you may request transfer of certain personal data to another controller in a structured format.
  • Right to lodge a complaint with a supervisory authority if you consider your rights under applicable data protection laws have been infringed.
04

Cookies and Similar Technologies

We use cookies to provide basic site functionality, remember preferences and collect usage data. You can control cookie preferences via your browser settings and consent tools on the site.

Cookies used include essential cookies for site operation, preference cookies to remember settings and analytics cookies to measure site performance. We do not use persistent tracking for advertising without consent.

Categories: essential, preferences, analytics. Essential cookies are required for core functionality; analytics cookies help us understand usage and improve the site.

You may manage cookie settings through the consent banner, browser controls or by contacting our privacy contact. Disabling non-essential cookies may limit some site features.

Cookie Policy

When We Share Data

We may share personal data with limited, trusted recipients strictly for the purposes described and under confidentiality arrangements.

  • Service providers who perform functions such as payment processing, secure document storage and IT support under contract and confidentiality obligations.
  • Regulatory bodies, law enforcement or courts when required by law or to defend legal rights in a legitimate manner.
  • Professional advisors, such as external counsel or accountants, when necessary for a client matter and subject to confidentiality requirements.
  • Third parties involved in a property transaction when sharing is necessary to complete agreed services and with appropriate data minimization.
  • Referrers or introducers where the data subject has been informed and sharing is consistent with the initial referral purpose.
  • Aggregated or anonymized data that cannot reasonably be used to identify an individual may be shared for analytics or reporting.

International Transfers

Personal data may be transferred to jurisdictions outside Malaysia where necessary to provide services or use third-party processors. Transfers are executed only with appropriate safeguards and contractual protections.

Safeguards include data processing agreements, standard contractual clauses where applicable, access restrictions and technical controls to protect personal data during transfer.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes described, meet legal obligations and resolve disputes. Retention periods are determined by operational needs and statutory requirements.

Client account records and engagement files are generally retained for a period consistent with professional regulations and local legal requirements, typically several years after the end of an engagement.

Communications and correspondence relevant to a legal matter are retained for the duration of the matter and for a reasonable period thereafter to support record-keeping and potential follow-up obligations.

Technical logs and backup data are retained for limited operational periods required for security monitoring, incident contribute and business continuity, then securely deleted or anonymized.

AgentTopFirm retains personal data only for as long as necessary to provide legal services to real estate professionals, comply with regulatory obligations in Malaysia, and maintain records for dispute resolution or auditing. Retention periods typically range from the duration of engagement plus seven years for contractual and property transaction records, unless a longer period is required by law. Where data is no longer required, AgentTopFirm will securely delete or anonymize it in accordance with established data minimization practices.

Data Security and Handling

AgentTopFirm applies a layered approach to protect client information, combining administrative policies, technical safeguards, and physical controls. Access to client files is limited to authorized legal staff and support personnel on a need-to-know basis. Data is handled in compliance with applicable Malaysian data protection requirements and accepted professional standards for law practices.

  • Role-based access control with unique credentials for authorized personnel.
  • Encrypted storage and secure backups for sensitive client files.
  • Regular security reviews, staff training, and incident response procedures.
05

Your Rights

As a data subject, you have rights relating to personal data processed by AgentTopFirm. Requests are handled promptly and in accordance with applicable law. Below are the principal rights you may exercise.

  • Right to access: request a copy of personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of data when retention is no longer necessary or lawful.
  • Right to restriction: request limitation of processing where accuracy is contested or processing is unlawful.
  • Right to data portability: obtain a machine-readable copy of personal data where applicable.
  • Right to object: object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: if processing is based on consent, you may withdraw it at any time.
  • Right to lodge a complaint with the relevant supervisory authority in Malaysia if you believe your rights have been violated.

How to Submit a Rights Request

To exercise any of the rights above, contact the AgentTopFirm data protection contact in writing. Provide sufficient information to identify yourself and specify the right you wish to exercise. We may request additional information to verify your identity before fulfilling requests.

[email protected]

AgentTopFirm will acknowledge rights requests within 7 business days and will respond to valid requests within 30 calendar days, unless an extension is required by law or the request is complex. We will inform you of any extension and the reason for it.

Marketing and Communications

AgentTopFirm may use contact details to send invitations, legal updates, or service information relevant to real estate professionals. Communications are limited to topics related to legal services, regulatory changes, or industry guidance that may support professional compliance and risk management.

You may opt out of marketing communications at any time by using the unsubscribe link included in emails or by contacting AgentTopFirm directly. Opting out of marketing communications will not affect transactional or engagement-related correspondence.

Children's Privacy

AgentTopFirm does not knowingly collect personal data from children under the age of 18 in the context of professional legal services for realtors. If we become aware that personal data of a minor has been collected without appropriate consent, we will take steps to delete it in accordance with applicable law.

Links to Third Parties

Our website and communications may contain links to third-party resources, government registries, or partner services. AgentTopFirm is not responsible for the content or privacy practices of those external sites. Review the privacy policies of any third party before sharing personal information with them.

Changes to This Privacy Statement

AgentTopFirm may update this privacy statement to reflect changes in legal requirements, business practices, or operational needs. Material changes will be posted on the AgentTopFirm.pro website with an updated effective date. Non-material changes may be applied as part of routine maintenance.