Privacy Policy

1. Introduction

Cahaya Pencen ("the Firm", "we", "us", "our") is committed to protecting the personal data of individuals who contact us, engage our services, or visit our website. This Privacy Policy explains how we collect, use, retain, and disclose personal data, and the rights you have in relation to it.

This Policy applies to all personal data processed by Cahaya Pencen in connection with our legal practice and website. For questions, please contact us at [email protected].

2. Data We Collect

We collect personal data in the following ways:

• Contact forms and enquiries: Name, email address, telephone number, and the contents of your message.
• Engagement and retainer: Full name, identification documents, address, employment history, pension statements, correspondence with former employers or scheme administrators, and financial information relevant to your matter.
• Website usage: IP address, browser type, pages visited, and referral sources, collected via analytics cookies where consent has been given.

We collect only what is necessary for the purpose stated at the time of collection.

3. Legal Basis for Processing

We process personal data under the Personal Data Protection Act 2010 (PDPA) of Malaysia on the following bases:

• Consent: Where you have provided explicit consent, such as by submitting a contact form or accepting analytics cookies.
• Contract performance: To carry out legal services you have engaged us to provide.
• Legal obligation: Where we are required to process data by law, including anti-money laundering requirements.
• Legitimate interests: To manage our practice, improve our services, and communicate with existing clients on related matters.

4. How We Use Your Data

• To respond to enquiries and arrange consultations.
• To provide legal services and prepare advice documents.
• To comply with our professional obligations as Malaysian advocates and solicitors.
• To maintain accurate client records and billing information.
• To improve the content and usability of our website (analytics, with consent only).

We do not use your personal data for direct marketing without your consent.

5. Data Retention

Client files are retained for a minimum of seven years following the close of a matter, in accordance with Bar Council of Malaysia guidelines and limitation period requirements under Malaysian law. Website enquiry data that does not proceed to a client engagement is retained for up to 12 months. Analytics data is retained for 26 months.

6. Data Sharing

We do not sell or rent your personal data. We may share data with:

• Courts and tribunals: As required in the course of proceedings you have instructed us to conduct.
• Regulatory bodies: Including the Bar Council of Malaysia and the EPF Board where disclosure is legally required.
• Service providers: Limited to IT and document management services that process data on our behalf, subject to data processing agreements.

We do not transfer your personal data outside Malaysia without your consent, except where required by law.

7. Cookies

Our website uses cookies to function and, with your consent, to understand usage patterns. Detailed information is available in our Cookie Policy. You can manage your cookie preferences at any time via the Cookie Policy page.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:

• Password-protected systems with access limited to the case team.
• Encrypted email for sending sensitive documents on request.
• Physical file storage in locked cabinets.
• Regular review of data handling procedures.

In the event of a data breach affecting your rights and freedoms, we will notify you and, where required, the relevant authority promptly.

9. Your Rights

Under the PDPA 2010, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Withdraw consent where processing is based on consent.
• Request restriction of processing in certain circumstances.
• Raise a complaint with the Department of Personal Data Protection Malaysia.

To exercise any of these rights, write to us at [email protected]. We will respond within 21 days.

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

11. Children's Privacy

Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we become aware that we have inadvertently received such data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date above and, where appropriate, by direct notification. Continued use of our services after an update constitutes acceptance of the revised Policy.

13. Contact

Cahaya Pencen
Jalan Dato Keramat, 10150 George Town, Penang, Malaysia
Telephone: +60 4-262 7483
Email: [email protected]