01 — Introduction
Cahaya Pencen ("we", "us", or "our") is committed to handling your personal information with care and transparency. This Privacy Policy explains what data we collect when you visit our website or engage our legal advisory services, how we use it, and the choices you have.
Our practices are guided by the Personal Data Protection Act 2010 (PDPA) of Malaysia. By using our website or submitting an enquiry, you acknowledge that you have read and understood this policy.
If you have questions about how your information is handled, please reach out to us at [email protected] before using our services.
02 — Data We Collect
We collect personal data only to the extent necessary to provide our services and operate this website responsibly.
Information You Provide Directly
- —Full name and preferred form of address
- —Email address and telephone number
- —Your message or enquiry content
- —Relevant pension or EPF account information shared during consultations
- —Identification documents provided for legal representation purposes
Information Collected Automatically
- —IP address and approximate geographic location
- —Browser type, operating system, and device category
- —Pages visited, time spent, and referral source
- —Cookie data (see Section 05)
Legal Basis for Processing
Under the PDPA 2010, we process your data on the following bases:
- —Consent — when you submit a contact form or agree to cookies
- —Contractual necessity — when processing is required to deliver the service you have engaged
- —Legitimate interest — for website security and fraud prevention
- —Legal obligation — where retention is required by applicable Malaysian law
Retention: Enquiry data is held for 12 months. Client engagement records are retained for 7 years in accordance with legal professional obligations under Malaysian law.
03 — How We Use Your Data
Your information is used only for purposes you would reasonably expect when engaging a legal advisory practice:
- —Responding to your enquiry and scheduling consultations
- —Delivering the legal services you have engaged, including representing you at hearings or drafting documents
- —Sending follow-up communications related to your matter
- —Maintaining internal records for compliance and professional conduct obligations
- —Improving the website and understanding how visitors use it (using anonymised analytics)
We do not sell, rent, or trade your personal data to third parties. We do not use your information for automated decision-making or profiling.
Data Sharing
In limited circumstances, data may be shared with:
- —Regulatory authorities — when required for pension appeal hearings or EPF-related proceedings
- —Trusted third-party processors — such as our web hosting provider, operating under strict confidentiality obligations
- —Law enforcement or courts — only where required by a legal obligation we cannot reasonably refuse
04 — Data Protection Measures
Encrypted Transmission
All data submitted through our website is transmitted over HTTPS with TLS encryption.
Secure Storage
Client records are stored on access-controlled servers. Physical documents are kept in secure, locked premises.
Access Controls
Only staff with a direct need to handle your matter can access your personal information.
Breach Notification
In the event of a data breach that may affect your rights, we will notify you and the relevant authorities without undue delay.
06 — Your Rights
Under the PDPA 2010 and general principles of data protection, you have the following rights with respect to your personal data:
Right of Access
You may request a copy of the personal data we hold about you.
Right to Correction
If any of your information is inaccurate or incomplete, you may ask us to correct it.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time. This will not affect the lawfulness of prior processing.
Right to Object
You may object to us processing your data for direct marketing purposes.
Right to Data Portability
Where technically feasible, you may request your data in a structured, commonly used format.
Right to Lodge a Complaint
If you believe your data rights have not been respected, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.
To exercise any of these rights, please write to us at [email protected]. We aim to respond within 21 days.
07 — Third-Party Links
Our website may occasionally reference external resources, including government portals such as the EPF website or KWAP. These third-party sites operate under their own privacy policies, which we have no control over. We recommend reviewing their policies before submitting any information to them.
08 — Children's Privacy
Our services are intended for adults aged 18 and above, typically retirees or individuals planning their retirement arrangements. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor's data has been submitted to us in error, please contact us so we can arrange prompt deletion.
09 — Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last Updated" date at the top of this page. For significant changes that affect how your data is used, we will place a notice on our homepage for a reasonable period.
Continuing to use our website after any revision takes effect constitutes your acknowledgement of the updated policy.
10 — Contact Us
For any questions, concerns, or requests relating to your personal data or this policy, please contact our privacy team:
Data Controller
Cahaya Pencen
19, Jalan SS2/24, 47300 Petaling Jaya, Selangor, Malaysia
Privacy Enquiries
[email protected]Telephone
+60 3-7958 6249 (Mon–Fri, 9:00am–5:30pm)