Legal Document
Privacy Policy
1. Introduction
Cahaya Legal ("we", "us", "our") is committed to handling personal data responsibly and in accordance with the Personal Data Protection Act 2010 (Malaysia) ("PDPA"). This Privacy Policy explains how we collect, use, store, and disclose personal data in connection with our legal services and this website.
By contacting us or using this website, you acknowledge the practices described in this policy. Questions regarding data matters may be directed to [email protected].
2. Data We Collect
Information you provide directly
When you submit an enquiry through our contact form or communicate with us by email or telephone, we collect:
- Name and contact details (email address, telephone number)
- Company name and role (where provided)
- Description of your legal matter or enquiry
- Any additional information you choose to include in correspondence
Information collected automatically
Our website may collect certain technical data when you visit, including IP address, browser type, pages visited, and time of access. This data is collected via analytics cookies, subject to your consent preferences.
3. How We Use Your Data
We use personal data for the following purposes:
- Responding to your enquiry and assessing whether we are able to assist with your matter
- Establishing and performing a legal engagement, where one is agreed
- Complying with legal and regulatory obligations applicable to law practices in Malaysia
- Improving our website and understanding how visitors use it (analytics, subject to consent)
- Communicating with you about matters relevant to our services
We do not use your personal data for unsolicited marketing without your express consent.
4. Legal Basis for Processing
Processing of personal data is conducted on the following bases under the PDPA and applicable data protection principles:
- Consent: Where you have submitted a contact form or agreed to optional cookies
- Contract: Where processing is necessary for the performance of a legal engagement
- Legitimate interests: For website analytics and improving our services, where not overridden by your rights
- Legal obligation: Where processing is required to comply with Malaysian law
5. Data Retention
We retain personal data for as long as necessary for the purpose for which it was collected, subject to the following:
- Enquiry data (not progressed to engagement): retained for up to 12 months
- Engagement files and correspondence: retained for a minimum of 7 years after matter close, in accordance with professional practice requirements
- Analytics data: retained in accordance with our cookie policy, typically up to 26 months
6. Data Sharing
We do not sell or trade your personal data. We may share data with:
- Professional advisers engaged in connection with your matter (environmental consultants, expert witnesses), subject to confidentiality obligations
- Courts, regulatory bodies, or counterparties where disclosure is required by law or for the conduct of proceedings
- Technology service providers used to operate our website (analytics, hosting), subject to data processing agreements
7. Data Security
We maintain reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access-controlled document management systems, encrypted communications, and restricted file access policies. In the event of a data breach affecting your personal data, we will notify you as required under applicable law.
8. Cookies
This website uses cookies. Essential cookies are always active. Optional analytics and preference cookies are set only with your consent. For full details of the cookies we use and how to manage your preferences, see our Cookie Policy.
9. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend reviewing their respective privacy policies before providing any personal data.
10. Children's Privacy
Our services are directed at businesses and individuals of 18 years and above. We do not knowingly collect personal data from persons under 18. If you believe a minor has submitted data through our site, please contact us at [email protected] and we will take prompt steps to delete it.
11. Your Rights
Under the PDPA 2010 and applicable data protection principles, you have the right to:
- Access personal data we hold about you
- Correct inaccurate or incomplete personal data
- Withdraw consent to processing (where consent is the legal basis)
- Request erasure of personal data we hold, subject to legal retention requirements
- Object to processing for legitimate interests purposes
- Receive personal data in a portable format (where technically feasible)
- Lodge a complaint with the Personal Data Protection Department (PDPD) of Malaysia
To exercise any of these rights, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date at the top of this document. Continued use of this website after changes are posted constitutes acceptance of the revised policy.
13. Contact
For all data-related enquiries, please contact:
- Email: [email protected]
- Address: Cahaya Legal, Level 8, Menara IGB, Mid Valley City, 59200 Kuala Lumpur, Malaysia