Privacy Policy
Effective Date: October 29, 2025
This Privacy Policy describes how R Suresh & Associates ("We," "Us," or "Our") collects, uses, and shares your personal information when you visit our website at https://rsureshlawoffice.com and book a paid consultation service with us using the Calendly platform.
R Suresh & Associates is a dual-jurisdiction legal practice serving clients in both Malaysia and Australia. This Privacy Policy is therefore issued in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA 2010) and Australia's Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act.
Information We Collect
We collect personal information in two ways:
| Category | Data Collected | Purpose for Collection | Source |
|---|---|---|---|
| A. Booking Information | Full Name, Email Address, Phone Number (optional), Pre-session questions/notes (your text input). | To schedule, confirm, and provide the consulting service you requested. | Collected directly by us via Calendly. |
| B. Financial/Payment Data | Credit Card Type, Last four digits of the card number, Expiration Date, Billing Address. | To process the payment for the consultation fee. | Collected and processed by our Third-Party Payment Processor (e.g., Stripe or PayPal) through Calendly. We do not store full credit card numbers. |
| C. Usage Data | IP Address, Browser Type, Device Type, pages visited on our site, time spent on pages. | To monitor website traffic, analyse trends, and ensure the security of our website and services. | Collected automatically via our website hosting and analytics tools. |
How We Use Your Information
- ⯈ Service Delivery: To manage your booking, send appointment confirmations, reminders, and follow-up communications, and to conduct the scheduled consulting session.
- ⯈ Payment Processing: To verify payment and complete the financial transaction for the booked service.
- ⯈ Customer Support: To respond to your inquiries, concerns, and requests for rescheduling or cancellation.
- ⯈ Legal Compliance: To comply with our legal obligations under the Personal Data Protection Act 2010 (Malaysia) and the Privacy Act 1988 (Cth) (Australia), to enforce our Terms & Conditions, and to protect our rights and the rights of our clients.
Sharing Your Personal Information (Third-Party Processors)
We rely on third-party service providers to power our paid booking process. By using our Services, you acknowledge and agree to the following data sharing:
| Third-Party Processor | Function | Data Shared | Processor's Privacy Policy |
|---|---|---|---|
| Calendly | Online scheduling and event management. | Name, Email, Phone, Booking Details (Date/Time). | Calendly Privacy Policy |
| Stripe/PayPal | Payment processing. | Name, Email, Billing Address, Payment Instrument Data (securely encrypted). | Stripe Privacy Policy / PayPal Privacy Policy |
| Hostinger | Website hosting and analytics. | Usage Data (IP address, pages visited). | Hostinger Privacy Policy |
Important Note on Payments (PCI Compliance):
Your full payment card details are collected and processed directly by our third-party payment processor (e.g., Stripe or PayPal) via Calendly. This transaction is secured and governed by their terms and privacy policies. We never directly access, store, or process your full credit card information and do not accept any liability for any wrongful use of this information by any Third Party.
Security and Data Retention
We take reasonable technical and organisational steps to protect your personal data from unauthorised access or disclosure. We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy — typically 7 years for financial and billing records (as required under Malaysian and Australian tax and legal professional standards), or 1 year after the last consultation for general inquiry data, unless a longer retention period is required or permitted by law.
Applicable Law & Dual Jurisdiction
As a dual-jurisdiction practice, R Suresh & Associates is subject to data protection obligations in both Malaysia and Australia. The applicable framework depends on your location and the nature of the services provided to you.
Malaysia
For clients based in Malaysia, or where legal services are provided under Malaysian law, this Privacy Policy complies with the Personal Data Protection Act 2010 (PDPA 2010) (Act 709).
- ⯈ Personal data is processed only with your consent or for a lawful purpose.
- ⯈ Data is not transferred outside Malaysia without adequate protection.
- ⯈ You have the right to access and correct your personal data under Sections 30–31 of the PDPA 2010.
- ⯈ You may withdraw consent at any time, subject to legal or contractual obligations.
Australia
For clients based in Australia, or where legal services are provided under Australian law, this Privacy Policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) (Schedule 1).
- ⯈ We collect only personal information that is reasonably necessary for our functions (APP 3).
- ⯈ We will not use or disclose personal information for a purpose other than the primary purpose of collection without consent (APP 6).
- ⯈ You may request access to, or correction of, your personal information under APPs 12–13.
- ⯈ Complaints may be lodged with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
Your Data Rights
Depending on your location and the applicable law, you have the following rights regarding your personal data:
- ⯈ Access: Request a copy of the personal data we hold about you. (PDPA 2010 s.30 / APP 12)
- ⯈ Correction: Request correction of inaccurate or incomplete data. (PDPA 2010 s.34 / APP 13)
- ⯈ Withdrawal of Consent: Withdraw your consent to processing at any time, subject to legal or contractual restrictions. (PDPA 2010 s.38)
- ⯈ Erasure / Deletion: Request deletion of your personal data where it is no longer required for its original purpose. (APP 11.2)
- ⯈ Prevent Processing: Prevent processing of your personal data that causes or is likely to cause damage or distress. (PDPA 2010 s.42)
To exercise any of these rights, please contact us at: . We will respond within 21 days as required under the PDPA 2010, or 30 days as required under the Privacy Act 1988 (Cth).
Cookies
Our website may use cookies and similar tracking technologies to enhance your experience and analyse website traffic. You may configure your browser to refuse cookies, though this may affect the functionality of certain features. We do not use cookies for targeted advertising.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The revised policy will be posted on this page with an updated effective date. We encourage you to review this page periodically.