Legal
Privacy Policy
Last Updated: 10 April 2025 · Effective Date: 10 April 2025
Cahaya Strategi ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how it is used, and the rights you have over it. It applies to visitors and clients who interact with our website or engage our consulting services.
1. Data Controller
The data controller responsible for your personal information is:
Cahaya Strategi
7 Persiaran Gurney, 10250 George Town, Penang, Malaysia
Email: [email protected]
Phone: +60 4-228 6741
2. Personal Data We Collect
We collect personal data through the following means:
2.1 Information you provide directly
- Full name and job title
- Email address
- Phone number
- Company name and business address
- Message content submitted via our contact form
- Business information shared during consulting engagements
2.2 Information collected automatically
- IP address and approximate geographic location
- Browser type and operating system
- Pages visited and time spent on each page
- Referring URLs
- Cookie identifiers (see our Cookie Policy)
2.3 Information from third parties
On occasion we may receive information about you from referral sources, professional directories, or business networking contacts. We handle this data with the same care as information you provide directly.
3. Legal Basis for Processing
We process your personal data on the following legal grounds under the Personal Data Protection Act 2010 (PDPA) of Malaysia:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., submitting a contact form or accepting cookies).
- Contractual necessity: Where processing is necessary for the performance of a consulting engagement you have entered into with us.
- Legitimate interests: Where we have a legitimate business interest in processing your data (e.g., responding to enquiries, improving our services), provided this does not override your rights.
- Legal obligation: Where we are required to process data to comply with applicable Malaysian law.
4. How We Use Your Personal Data
- Responding to enquiries and messages submitted through our website
- Conducting consulting engagements and delivering agreed services
- Sending invoices and managing payments
- Communicating updates relevant to your engagement
- Improving the performance and content of our website
- Complying with legal and regulatory requirements
We do not use your personal data for automated decision-making or profiling.
5. Data Sharing
We do not sell, rent, or trade your personal data to third parties. We may share information in the following limited circumstances:
- Service providers: Third-party providers who assist in operating our website or business (e.g., web hosting, analytics). These parties process data only on our instructions and are contractually bound to keep it confidential.
- Legal requirements: Where disclosure is required by applicable law, court order, or regulatory authority in Malaysia.
- Business transfers: If Cahaya Strategi is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify you before this occurs.
6. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this policy, or as required by law. Our general retention periods are:
- Contact form enquiries: 12 months from receipt
- Client engagement records: 7 years from engagement close (in compliance with Malaysian accounting and tax requirements)
- Website analytics data: 26 months (industry standard)
- Cookie consent records: 12 months
7. How We Protect Your Data
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- Encrypted transmission (HTTPS/TLS) for all data sent to and from our website
- Access controls limiting data to staff members who need it for their work
- Regular review of our data handling practices
- Secure storage of physical documents containing personal information
In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant authorities within the timeframes required by Malaysian law.
8. Cookies
We use cookies and similar technologies on our website. Essential cookies are necessary for the site to function; analytics and marketing cookies are only placed with your consent. For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.
9. Your Rights Under Malaysian Data Protection Law
Under the Personal Data Protection Act 2010 (Malaysia), you have the following rights:
- Right of access: You may request a copy of the personal data we hold about you.
- Right of correction: You may request that we correct inaccurate or incomplete personal data.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to cease processing: In certain circumstances, you may request that we stop processing your personal data for specific purposes.
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days of receipt of your request. In certain cases, we may request proof of identity before processing your request.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia.
10. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any third-party website you visit.
11. Children's Privacy
Our services are intended for business professionals aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately at [email protected].
12. International Data Transfers
Our primary operations are based in Malaysia and data is stored within Malaysia or in countries that provide an adequate level of data protection. Where data is transferred internationally (e.g., through the use of cloud services), we take steps to ensure adequate protections are in place.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. Continued use of our website following the posting of changes constitutes your acknowledgement of those changes.
14. Contact Us
For any questions about this Privacy Policy, or to exercise your data rights, please contact:
Privacy & Data Enquiries
Cahaya Strategi
7 Persiaran Gurney, 10250 George Town, Penang, Malaysia
Email: [email protected]