1. Introduction
Cahaya ("we", "us", or "our") is a family law practice based at Suite 17-4, KOMTAR, Jalan Penang, 10000 George Town, Penang, Malaysia. We recognise that the personal circumstances that bring clients to a family law practice are often sensitive, and we treat every piece of information shared with us — whether through this website or during our professional engagement — with corresponding care.
This Privacy Policy describes what personal data we collect when you interact with our website at cahayaaa.pro, how we use it, how we protect it, and the choices available to you. It applies to all visitors to this site and to individuals who contact us through any digital channel.
This policy is governed by the Personal Data Protection Act 2010 (PDPA) of Malaysia, which establishes the framework within which personal data may be collected, held, processed, and used by organisations operating in Malaysia. Where applicable, we also observe international good-practice data protection standards.
2. Data We Collect
We collect personal data only to the extent necessary to respond to enquiries and deliver our legal services. The categories of data we may collect include:
2.1 Information You Provide Directly
- Your name and preferred form of address
- Contact details including email address and telephone number
- The general nature of your enquiry, as described in your message
- Any information voluntarily disclosed during a consultation or correspondence
2.2 Information Collected Automatically
- Browser type, version, and operating system
- IP address (used solely for security and analytics purposes)
- Pages visited on this site, time spent, and referring URL
- Cookie preferences and consent records
2.3 Legal Basis for Processing
We process personal data on the following legal bases under the PDPA 2010:
- Consent — where you have expressly agreed to our use of your data via our contact form or cookie consent mechanism
- Contractual necessity — where processing is required to provide the legal services you have requested
- Legitimate interests — for internal administration, service improvement, and ensuring the security of our systems
- Legal obligation — where retention or disclosure is required under Malaysian law or professional conduct rules
2.4 Retention Periods
Enquiry data submitted through this website is retained for up to 12 months from initial contact if no engagement is commenced. Where a professional relationship is established, client data is retained in accordance with the Solicitors' Accounts Rules and applicable Malaysian law, typically for a period of 7 years following the conclusion of the matter, unless a longer period is required by statute or professional obligation.
3. How We Use Your Data
3.1 Service Delivery and Communication
Personal data you provide through enquiry forms is used solely to respond to your contact and, where appropriate, to arrange an initial consultation. We do not use your details for unsolicited marketing.
3.2 Data Sharing
We do not sell, rent, or share your personal data with third parties for commercial purposes. We may share data in the following limited circumstances:
- With professional advisers (e.g. counsel, mediators) engaged on your matter, with your knowledge
- With courts, tribunals, or regulatory bodies as required by law
- With service providers who process data on our behalf under data processing agreements (e.g. secure hosting providers)
3.3 Analytics
We use aggregated, anonymised analytics data to understand how visitors use this site and to improve its usefulness. Where analytics cookies are used, this is done with your consent.
3.4 Legal Compliance
We may be required to retain or disclose data in connection with legal proceedings, regulatory enquiries, or professional obligations under the Malaysian Bar's rules of conduct.
4. Data Protection Measures
Encryption in Transit
All data transmitted between your browser and our server is encrypted via TLS (HTTPS).
Secure Storage
Data is stored on secured servers with restricted access controls and regular security reviews.
Access Controls
Access to personal data is limited to personnel with a professional need to handle it.
Breach Response
In the event of a data breach affecting your rights, we will notify you and, where required, the relevant authority without undue delay.
No method of electronic transmission or storage is entirely without risk. While we take our data security obligations seriously and take reasonable measures to protect your information, we cannot guarantee absolute security against all eventualities.
6. Your Rights
Under the Personal Data Protection Act 2010 (Malaysia), and consistent with good international practice, you have the following rights with respect to your personal data:
You may request a copy of the personal data we hold about you.
Where data we hold is inaccurate or incomplete, you may ask us to correct it.
Where data is no longer necessary for the purposes for which it was collected, you may request its deletion, subject to our legal retention obligations.
You may request a copy of data you have provided to us in a structured, machine-readable format.
You may object to processing based on legitimate interests or for direct marketing purposes at any time.
Where processing is based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing prior to withdrawal.
You may raise a concern with the Department of Personal Data Protection (JPDP), Malaysia, the relevant supervisory authority under the PDPA 2010.
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days of receiving your request.
7. Third-Party Links
This website may contain links to external sites, including court portals and regulatory bodies, for your convenience. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently before submitting any personal information. The presence of a link does not constitute an endorsement of that site or its practices.
8. Children's Privacy
Our legal services and this website are directed at adults aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18 through this website.
We recognise that some of our work, particularly in custody matters, involves information about children. Such information is handled with the utmost discretion and used only in connection with the legal matter for which it has been provided. If you believe a minor's information has been submitted to us without appropriate authority, please contact us promptly.
9. Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in how we operate, changes in applicable law, or feedback from our clients. When we make material changes, we will update the "Last Updated" date at the top of this page.
We encourage you to review this policy periodically. Continued use of this website after changes are posted constitutes acknowledgement of the revised policy. If a change significantly affects how we handle your data, we will take steps to notify you directly where we hold your contact details.
10. Contact & Data Controller Details
If you have any questions or concerns about this Privacy Policy or how we handle your personal data, you are welcome to reach us through the channels below. We will respond to all data-related enquiries within 21 working days.
Suite 17-4, KOMTAR, Jalan Penang
10000 George Town, Penang, Malaysia