General Privacy Statement

Directly provided data typically comes from engagements, forms, emails and documents you supply to enable advisory and transaction activities.

• Identity details: full name, national identification number or passport
• Contact details: phone number and email address
• Property details: title numbers, addresses, purchase terms
• Business information: bank statements, revenue evidence required for affordability assessment
• Transaction documents: sale agreements, power of attorney, solicitors’ correspondence
• Communications: notes from meetings, phone call records and advisory instructions

We also gather technical and behavioural data automatically when you use our website or engage with our online services to operate securely and improve service delivery.

• Device and browser information for compatibility and security
• IP address and approximate location to detect suspicious activity
• Usage analytics such as pages visited and session length to improve user experience
• Cookies and similar tracking identifiers as explained below
• Login timestamps and access logs for account and case management
• Error and performance data to support technical maintenance

We process personal data for specific, documented purposes necessary to provide advisory services and comply with legal obligations relevant to property transactions in Malaysia.

• To assess property titles, encumbrances and suitability for purchase
• To prepare advisory reports, negotiation strategies and transaction schedules
• To communicate with you, your representatives and transaction counterparties
• To coordinate payments, deposits and disbursements in line with contractual terms
• To meet statutory and regulatory requirements, including anti-funds laundering checks
• To maintain records of advice provided and steps taken during a transaction
• To improve service processes using anonymised analytics
• To respond to legal requests, dispute resolution and compliance reviews

SoraTestate uses cookies and similar technologies to enable site functionality, measure performance and provide a secure user experience. You can manage cookie preferences through your browser settings or our cookie banner.

We use session cookies for site operation, persistent cookies for preferences, and analytics cookies to understand site usage. No intrusive profiling cookies are used without consent.

Categories include strictly necessary, performance/analytics and functional cookies used to maintain sessions and collect aggregated usage data.

You may disable or delete cookies via your browser, but certain site features may be affected. For site-specific settings use the cookie preference tool presented on your first visit.

Full cookie details and management

We share personal data only as required to carry out transaction services or to comply with law. Third-party recipients are selected for reliability and confidentiality safeguards.

• Engaged solicitors and legal advisors acting for the buyer or seller
• Banks, lenders and payment processors involved in funding and settlement
• Regulators, enforcement bodies or courts when legally compelled
• Professional service providers such as valuers and surveyors engaged for due diligence
• IT and hosting service providers under contract to support platform operation
• Third-party verification providers for identity and background checks

We retain personal data only as long as necessary to deliver services, comply with legal obligations and meet legitimate business needs.

Client account records and key transaction documents are retained for a period consistent with regulatory requirements and professional recordkeeping standards, typically several years after completion.

Communications and advisory notes are retained for operational reasons and dispute resolution; retention periods reflect the nature of the engagement and applicable law.

System logs and access records are retained for security monitoring and compliance purposes for a limited period.

When retention periods expire or upon verified request where permitted, personal data will be securely deleted or anonymised in accordance with our deletion procedures.

SoraTestate implements administrative, technical and physical controls to protect personal data against unauthorised access, disclosure, alteration or destruction. Security measures are reviewed periodically to align with evolving risks and industry practices.

• Role-based access control and audit logging for sensitive records
• Encryption for data at rest and in transit where appropriate
• Regular vulnerability assessments and staff security training

SoraTestate, operating from Malaysia, recognizes EU data protection principles and, where SoraTestate processes personal data of individuals in the EEA, will apply GDPR-aligned protections to those processing activities as appropriate and required by law.

GDPR-related rights and obligations described here apply to personal data of individuals located in the European Economic Area when SoraTestate is the data controller or otherwise processes such data in a context that triggers GDPR application. This does not supersede local legal requirements in Malaysia but reflects our approach to cross-border data handling for EEA individuals.

• Lawful basis: SoraTestate relies on lawful bases such as consent, legitimate interests, contractual necessity, or compliance with legal obligations when processing personal data of EEA residents.
• Individual rights: EEA individuals have rights to access, rectification, erasure, restriction, portability, objection, and to withdraw consent when applicable; SoraTestate provides mechanisms to exercise these rights.
• International transfers: personal data transfers outside the EEA are managed using appropriate safeguards, such as standard contractual clauses or other measures permitted under applicable law.
• Data retention and minimisation: SoraTestate retains personal data only as necessary for the purposes for which it was collected, in line with applicable retention policies and legal requirements.

If you believe SoraTestate has not addressed your GDPR-related concern satisfactorily, you may lodge a complaint with the appropriate supervisory authority in your EEA member state after first contacting our data protection contact detailed below to seek resolution.

We use personal data to send relevant information about services, events, and updates about SoraTestate only when we have a lawful basis to do so. Marketing may be based on consent or legitimate interest, depending on the channel and context.

You may opt out of marketing communications at any time by following the unsubscribe link in emails, adjusting your account preferences, or contacting our office. Opt-out requests will be processed promptly and in accordance with applicable law.

SoraTestate does not knowingly collect personal data from individuals under 18 without verifiable parental or guardian consent. If we become aware that we have collected personal data of a child under 18 without appropriate consent, we will take steps to remove the data as required by law.

Our website and communications may include links to third-party sites or services. SoraTestate is not responsible for the privacy practices or content of those third parties. We recommend reviewing the privacy policies of any external sites you visit.

SoraTestate may update this privacy policy to reflect changes in our practices or legal obligations. The policy was last updated on 19-02-2026. Material changes will be communicated through the website or other direct channels where appropriate.