Privacy Policy

This Personal Data Protection Notice (“Notice”) describes how we manage and safeguard personal data. Personal data is information about a living person, including identification details, contact details and other information processed in conjunction with Zaid Ibrahim & Co. services. Throughout this Notice, “we” or “our and “us” refers to Zaid Ibrahim & Co and “KPMG Persons” refers to us, being a member firm of the KPMG network (comprising of a global network of independent professional services firms), and each and all of our partners, members, directors, employees and agents, as the case may be, together with any other body or entity controlled by us or owned by us or associated or affiliated with us and each and all of its partners, members, directors, employees and agents, and “KPMG Person” means any one of them.

In general, you are not required to submit any personal data to us, but for the purpose(s) that you have interacted with us online or where you request a service, we may require you to provide certain personal data in order for us to process the request(s). We may also ask for your permission for certain uses of your personal data, and you can agree to or decline these uses. If you opt-in for specific communications, such as an electronic newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication. By submitting your personal data, you confirm that you agree to our collection, processing, use and disclosure of personal data in accordance with the terms of this Notice. Without prejudice to any of the foregoing, if you provide the personal data of any other third party to us, you warrant and agree that such third party has fully read and understood this Notice and has consented to you disclosing his/her personal data to us for the collection, processing, use and disclosure by us as described in this Notice. Please do not send us any personal data if you do not want it to be used in this way.

We may collect and process personal data of children under the age of 18 years old. If you are under 18 years old, please obtain your parent’s or guardian’s consent before you provide your personal data to us. If we learn that we have collected such information from a child under 18 without verification of parental consent, we will delete the information. If you believe we might have any information from or about a child under 18 without parental consent, please contact us at the information provided below.

1 The personal data we collect

1.1 In the course of our services, you may provide personal data to us, as clients or other parties involved in our work. Your personal data may also be provided by someone on your behalf, in which case, we will assume until notified otherwise, that you have authorised the disclosure of your personal data to us. The personal data that we collect include:

  • your name, contact details (phone and e-mail address)
  • your organization/company, designation, industry, country location.

Generally, we do not collect any sensitive personal data. If required to, your consent will be needed prior to you furnishing us with the personal data that is considered assensitive.

1.2 When you use our website, you are not required to provide any personal data on the public areas of our website. However, you may choose to provide us with information by contacting us, including for subscription to our publications, client alerts and client events, webinars, and for career enquiries or applications.

2 Where do we collect your personal data

2.1 We collect your personal data when, for example, you submit on our website, an enquiry on services that we provide or register for events that we organize. If you were previously our firm’s employee, partner, consultant, chambering pupil and/or intern or, we may also collect your personal data when you register as an alumni member.

2.2 We may collect your personal data:

  • that you provide to us through various channels including on social media pages in the form of queries, messages or comments, online forms, physical forms and/or email;
  • collected through the use of technologies such as cookies, web beacons and other similar technology when you visit our website.
  • that you provide to us when you commence a business relationship with us, visit our premises or attend any of our corporate events or third party events;
  • collected through other sources where you have given your consent for the processing and disclosure of personal data relating to you, and/or where otherwise lawfully permitted.
  • from publicly available sources.

3 What we use your personal data for

3.1 We only use your information in connection with the provision of Zaid Ibrahim & Co. services, including:

  • to provide you with publications and client communications which we think you will find valuable,
  • to invite you to events we think you will be interested in;
  • to provide or improve our services to you and our clients;
  • if you are an existing or potential client or counterparty, to conduct Know-Your-Client (KYC) checks and screening;
  • to manage our relationship with you and our clients;
  • to fulfil our legal obligations, protect our legal interests and rights;
  • for the purposes of recruitment and other legitimate business purposes.

3.2 Your personal data is not used for other purposes, unless we obtain your consent, or unless otherwise required or permitted by laws and regulations. We do not sell or otherwise make personal data commercially available to any third party, except as described in this Notice or with your prior permission.

4 Sharing and transfer of your personal data

4.1 Transfer within the network of KPMG Persons. We may share information about you within the network of KPMG persons or with entities outside of the network of KPMG persons where the purpose of collection of your personal data requires us to, where required or desirable to meet our legal and regulatory obligations globally.

4.2 Transfer to third parties. We do not share personal data with third parties, except as necessary for our legitimate professional and business needs, in response to your requests, and/or as required or permitted by laws and regulations.

Third parties that we may share your personal data with would include:

  • Third party service providers or professional advisors, including auditors, lawyers, company secretary and consultants.
  • Any contractors, suppliers or third parties who require your personal data to assist us with establishing, managing, administering or ending our business relationship with you, including: parties that provide products or services to us or on our behalf and parties that collaborate with us in the provision of their products or services to you. This may include providing certain information technology and data processing services to us.
  • Payment processors.  
  • If our business or any part thereof are transferred to a third party pursuant to any reorganization or sale,  we may be required to disclose personal data in connection with the sale, assignment, or other transfer of any element of our business to which the personal data relates.
  • Courts, tribunals, law enforcement, statutory authorities, industry regulators, government or regulatory bodies. We will disclose personal data in order to respond to requests, directives or orders of courts, tribunals, government or law enforcement agencies or where it is necessary or prudent to comply with applicable laws (e.g. Employees Provident Fund, Social Security Organisation and Inland Revenue Board), court or tribunal orders or rules, or government or professional regulations.
  • Audits or investigations: disclosures of personal data may also be needed for compliance, data privacy or security audits and/or to investigate or respond to a complaint or security threat.
  • Business partners and affiliate networks.
  • Persons under a duty of confidentiality to us.
  • Persons requesting for such information under law.
  • Persons to whom you have given your consent.

4.3 Transfer outside of Malaysia. It may be necessary for us to transfer your personal data outside of Malaysia if any of the parties mentioned in this section 4 are located or have processing facilities in countries outside of Malaysia.

We shall take necessary steps to ensure that any such third parties are contractually bound to protect your personal data and that they can only process your personal data under our instructions.

5 Security

We will take reasonable care to implement security measures which safeguard against any loss, misuse, modification, unauthorised or accidental access to, or alteration, disclosure or destruction of your personal data. Despite our best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal data is limited to those who have a need to know and our employees who have access are required to maintain the confidentiality of such information. If our data processing is carried out by a third party, we will require that they adhere to our standards.

6 How long we keep your personal data

How long we keep your personal data depends on the context in which you provided it and the purposes for which we use it. Your personal data will be retained for such duration as is reasonably necessary for the fulfilment of the purposes or for such period as may be necessary to protect our legal interest. We will delete your data if we no longer have a legal basis to retain it.

7 Your rights

You can request to access the personal data we hold about you and, if the personal data is inaccurate, you can request that we correct it. You may do so by sending us an email at info@ziclegal.com. Please allow us reasonable time to respond and effect any change. If you would like to obtain further information on how to limit the processing of your personal data or withdraw your consent to our processing of your personal data you can do so by using the contact information we provided below under Contact Us.

8 Opt-out

If you do not want us to use your personal data to provide you with publications and information about Zaid Ibrahim & Co. services, please send us an email at info@ziclegal.com or click the unsubscribe link at the bottom of our e-mails.

By not informing us or unsubscribing, we will assume we have your implied consent to use your personal data as described above.

9 Revisions

Zaid Ibrahim & Co. reserves the right to change this Notice from time to time. The current version will always be posted on our website. The amended Notice will take effect upon our notice to you and supersede earlier versions. The amended Notice will apply to the personal data you had provided to us previously. Where you provide any personal data after this Notice has been amended or where you do not contact us to raise any objection to the amended Notice, we will take this to mean that you consent to the revised terms of the Notice.  

10 Contact us

Any questions or requests concerning this Notice should be directed to our Data Protection Compliance Officer who can be reached at info@ziclegal.com or by phone at +603 2087 9999.

11 Conflict

In the event of any conflict between this English language Notice and its corresponding Bahasa Malaysia Notice, the terms in this English language Notice shall prevail.

This Notice was last updated on 14 March 2024.

For the Bahasa Malaysia version, please click here.