General privacy information

ITNowLegal provides legal support services to technology companies and collects personal data necessary to deliver those services, manage client relationships and comply with legal obligations. This policy explains what we collect, why we collect it, how we use it, with whom we may share it, and the choices available to individuals. We describe practical scenarios such as onboarding a SaaS client, handling a data breach, and performing due diligence during a commercial transaction so you can see how data flows in real cases. Our office address is Kampung Telaga Mengkudu, 21400 Marang, Trengganu, Malaysia.

2026-04-17 ITNowLegal, Kampung Telaga Mengkudu, 21400 Marang, Trengganu, Malaysia. Business ID: 808176699961. Tel: +60123949225. Kampung Telaga Mengkudu, 21400 Marang, Trengganu, Malaysia [email protected]

Definitions

This section explains the principal terms used throughout the privacy policy and provides context for their use in scenarios such as client onboarding, incident response and vendor assessments.

Personal data means any information relating to an identifiable person, such as name, email, phone number, company role, billing address, and any materials uploaded to our platforms for legal review.
Processing refers to any operation performed on personal data, including collection, storage, use, disclosure, archiving and deletion. Examples include reviewing contracts, performing background checks during vendor due diligence, and logging access to client documents.
User means an individual who interacts with ITNowLegal services, whether as a client contact, service user, visitor to our website, or a third-party representative providing information on behalf of a company.
Service means the legal support, templates, incident playbooks, contract drafting and advisory services offered to technology companies and related online tools provided by ITNowLegal.
Cookies are small text files placed on a device used to recognise returning visitors, manage sessions, store preferences and gather analytics to improve services and user experience.

Data collection

We collect data directly from users, automatically through our systems, and from third parties. Below are categories with examples tied to how data is used in typical legal scenarios.

User-provided data

Information you provide when engaging our services, registering for resources or communicating with our team to support case handling and contractual relationships.

  • Contact details: name, company, role, email, phone number used for engagement, invoicing and case communication.
  • Company information: business registration numbers, addresses, descriptions of products or services for legal advice and due diligence.
  • Payment and billing data: billing contact, invoice details and payment confirmations necessary to process fees for services.
  • Case materials: contracts, source code excerpts, logs or other documents uploaded for legal review or incident response.
  • Communications: messages and notes from consultations, meeting records and instructions for executing legal tasks.
  • Preferences and consents: marketing preferences, subscription choices and consents relevant to specific communications.

Automatically collected data

Data collected by our systems when users visit our site or use our tools, used to operate services securely and improve them based on real usage scenarios.

  • Device and browser information such as IP address, user-agent and screen resolution used for diagnostics and security decisions.
  • Usage data including pages visited, download activity and time spent on resources to prioritise content that helped resolve similar legal scenarios.
  • Cookies and local storage data that maintain session state and remember user preferences for repeat engagements.
  • Error and performance logs used to troubleshoot incidents and refine playbooks following real case responses.
  • Geolocation at a coarse level where necessary to comply with regional legal restrictions or local contract requirements.
  • Analytics identifiers from third-party services to measure service effectiveness and to plan improvements rooted in practical cases.

Third-party sources

We may receive or verify information from trusted third parties when necessary for service delivery or legal compliance in specific scenarios such as vendor checks.

  • Payment processors and banks to confirm transactions and resolve billing queries.
  • Cloud providers and hosting services that store and back up case materials and logs.
  • Professional advisors and partners engaged to provide specialist services during a case (e.g., forensic analysts).

Purposes of processing

We process personal data to provide legal services, manage relationships, secure systems and meet regulatory obligations. Each purpose is illustrated with practical examples where relevant.

  • To provide and manage legal services, draft and review contracts and support negotiations in client engagements.
  • To perform due diligence and vendor assessments in mergers, partnerships or procurement scenarios.
  • To respond to security incidents and data breach scenarios, including triage, notification and remediation steps.
  • To process payments, issue invoices and handle collections related to service fees.
  • To communicate service updates, legal alerts and scenario-focused guidance requested by clients.
  • To improve our services through analytics and feedback gathered from real case outcomes and user sessions.
  • To comply with legal obligations, court orders or to defend our legal rights when disputes arise.
  • To anonymise and aggregate data for research and training materials derived from case studies without identifying individuals.

Legal basis for processing

Processing is based on a combination of bases depending on the context: contractual necessity, consent, compliance with legal obligations, and legitimate interests tied to operational needs and security.

  • Contract: processing necessary to provide the services you requested, such as drafting agreements or incident response.
  • Consent: where you have agreed to receive marketing communications or optional services.
  • Legal obligation: where data must be retained or disclosed to comply with laws or regulatory requests.
  • Legitimate interests: for example securing our systems, preventing fraud, and improving services based on aggregated case data, subject to individuals' rights and assessments.

Rights and requests

Although governed primarily by Malaysian law, we recognise rights commonly found in international frameworks. Below are rights available and how to exercise them in practice-oriented scenarios like correcting onboarding data or requesting deletion after a closed engagement.

  • Access: request a copy of personal data we hold related to your client account or past engagements.
  • Rectification: ask us to correct inaccurate or incomplete data used in a case file or billing record.
  • Erasure: request deletion of personal data where retention is no longer necessary, subject to legal and contractual obligations.
  • Portability: request that we provide your data in a commonly used format when feasible, for records you supplied during engagement.
  • Objection and restriction: object to processing based on legitimate interest or request restriction where appropriate during dispute handling.
  • How to exercise: submit requests to [email protected] or by post to our office; we aim to respond within reasonable timeframes and will explain any limitations tied to legal duties.

Cookies and similar technologies

We use cookies for essential site functions, analytics and optional preferences. Examples are provided from real scenarios such as session tracking during document uploads and anonymous analytics used to improve template utility.

Types include session cookies for login sessions, persistent cookies for preferences, and third-party analytics cookies used to assess site performance.

Categories: Essential (required for service), Performance (analytics), Functional (preferences) and Marketing (only with consent).

You can manage cookie preferences via your browser settings and any cookie banner controls. Disabling non-essential cookies may reduce functionality such as saved preferences or analytics-driven improvements.

Cookie policy

Data sharing

We share personal data only as necessary to deliver services or meet legal requirements, illustrated by examples such as engaging a forensic specialist during incident response or a payment processor for billing.

  • Service providers and subcontractors engaged to perform tasks on our behalf, such as cloud hosting, analytics and payment processing.
  • Professional advisers, including external counsels, forensic experts and accountants, for specific client matters.
  • Regulators, courts or law enforcement when required by law or to comply with binding orders.
  • Potential buyers or advisors in connection with a sale, merger or reorganisation, subject to confidentiality and limited use.
  • Affiliates and partners when necessary to coordinate service delivery in multi-jurisdictional engagements.
  • Aggregated or anonymised data may be shared for research or training without identifying individuals.

International transfers

Data may be transferred to service providers or partners located outside Malaysia when required to provide services, for example cloud hosts or specialist advisors in neighbouring jurisdictions. Transfers are managed with appropriate contractual safeguards and technical protections.

When data is transferred internationally we implement safeguards such as data processing agreements, encryption in transit and at rest, and where applicable, standard contractual clauses or industry-recognised contractual frameworks.

Data retention

Retention periods reflect operational needs, legal obligations and the context of specific engagements. Below are typical retention timeframes used in case scenarios.

Account records and client engagement files are retained while the account is active and for up to seven years after termination to meet contractual and statutory recordkeeping requirements related to professional services and tax.

Communications and case-related messages are retained for the duration of the engagement and typically for two years after case closure unless longer retention is required for legal reasons.

System logs and diagnostics used for security and incident contribute are retained for a rolling period, typically no longer than one year, except where a specific contribute requires longer preservation.

We retain personal data only as long as necessary for the purposes described in this policy and to meet legal, tax and accounting obligations. For active client matters, files are retained for the duration of the engagement and subsequently archived for up to seven years where required by Malaysian business practice. In practice: case files related to corporate formation and IP registration are kept for up to seven years after the matter closes; routine marketing contact data is retained until you unsubscribe; data justified solely for invoicing and tax is kept for statutory periods. You may request deletion of personal data when retention is no longer required for legal or legitimate business purposes. Deletion requests will be assessed against the need to preserve data for regulatory, contractual or defense reasons; where deletion is not possible, we will remove or anonymize data to the extent permitted by law and inform you of the reasons. Practical scenario: if an IT company requests deletion of contact information after a one-off consultation, we will remove active marketing entries and anonymize case notes while preserving minimal billing records if required by law.

Data security and handling

ITNowLegal applies administrative, technical and physical safeguards tailored to the legal support we provide to technology businesses. Security measures are selected based on risk assessments and focus on protecting client confidentiality and the integrity of case records. We treat security as an ongoing program, informed by operational lessons and practical case reviews rather than absolute claims of invulnerability.

  • Access controls: role-based access to client files, strong password policies and multi-factor authentication for critical systems.
  • Encryption and backups: encryption of data in transit and at rest where practical, regular encrypted backups, and tested restore procedures used in real-case recovery scenarios.
  • Operational safeguards: periodic security reviews, staff training on confidentiality in client scenarios, and incident logging to support prompt incident response.

Your privacy rights

Clients and contacts of ITNowLegal have specific rights over their personal data. We explain these rights below and give practical examples of how to exercise them in the context of legal service engagements.

  • Right of access — you may request a copy of the personal data we hold about you. Example: a founder requests all files where their personal email appears in a corporate formation matter.
  • Right to rectification — you can ask us to correct inaccurate or incomplete information. Example: update of company representative contact details used in a contract review.
  • Right to erasure (deletion) — where retention is no longer necessary and no legal basis requires continued storage, you may request deletion. Example: removal of a marketing contact from our database after a completed advisory session.
  • Right to restriction of processing — you may request limitations on how we process your data while a dispute about accuracy is resolved.
  • Right to data portability — to the extent applicable, you can request a machine-readable copy of data you provided to us, useful when moving case management data to an alternative legal provider.
  • Right to object — you may object to certain processing activities, including direct marketing, based on your particular situation.
  • Right to withdraw consent — where processing is based on consent, you may withdraw that consent going forward; withdrawal does not affect processing completed before withdrawal.
  • Right to lodge a complaint — if you believe your rights have been infringed, you may submit a complaint to ITNowLegal and, if unresolved, to the relevant supervisory authority.

How to make a rights request

Submit a rights request by postal mail to our registered address or via the contact form on ITNowLegal.club. Please include sufficient detail to identify the data and the right you wish to exercise and, where possible, supporting documentation. We will verify your identity before responding to protect privacy and confidentiality.

[email protected]

We aim to respond to straightforward requests within 30 calendar days. For complex requests or where additional verification is required, we may need up to 60 calendar days; we will communicate any extension and reasons in writing.

Marketing communications

ITNowLegal may send service announcements, law updates and event invitations relevant to technology businesses. Marketing content is based on a legitimate interest in sharing timely legal information and on prior consent where required. Examples: invitations to a workshop on data protection for software platforms, or a bulletin on IP best practices for start-ups.

You can opt out of marketing messages at any time using the unsubscribe link included in electronic messages or by contacting us at the address below. We will process unsubscribe requests promptly and stop marketing communications while preserving any legal or contractual notices that must still be delivered.

Children's privacy

Our services and content are directed at businesses and adult professionals. We do not knowingly collect personal data from children under 18 in the context of our services. If we become aware of such collection, we will take steps to remove the data unless retention is required by law.

Third-party links and services

ITNowLegal may include links to third-party websites, legal databases and partner service providers. These sites have their own privacy terms; we are not responsible for third-party practices. Practical note: where we integrate a contract template hosted by a third party, review that provider's terms before submitting personal data.

Changes to this privacy notice

We review and update this privacy notice to reflect changes in law and practice. Material changes will be posted on ITNowLegal.club with a revised effective date. For example, an update may follow the adoption of new local regulatory guidance; in such cases we will explain the effect on client processing.

Contact information

To exercise rights or ask questions about privacy, contact: ITNowLegal, Kampung Telaga Mengkudu, 21400 Marang, Trengganu, Malaysia. Phone: +60123949225. Business ID: 808176699961. For time-sensitive matters, phone contact is recommended during business hours; for formal requests, postal submissions or the contact form on ITNowLegal.club are preferred.

  • +60123949225
  • [email protected]
  • Kampung Telaga Mengkudu, 21400 Marang, Trengganu, Malaysia