Privacy Policy

1. Introduction and Scope

Cahaya Advisory ("we", "us", "our") is a business consulting practice operating in Penang, Malaysia. This Privacy Policy describes how we collect, use, store and protect personal information that you provide when you use our website at cahayaada.live or when you contact us in connection with our consulting services.

This policy applies to information collected through our website enquiry form, email correspondence, and telephone contact. It does not govern the confidential information exchanged during a consulting engagement — that is covered by a separate engagement letter and confidentiality agreement.

We are subject to the Personal Data Protection Act 2010 (PDPA) of Malaysia. Questions about this policy may be directed to [email protected].

2. Personal Data We Collect

We collect only data that is reasonably necessary for the purposes described here:

• Contact information: Name, email address, phone number, and business name — submitted via our enquiry form.
• Enquiry content: The message you submit through our contact form, which may describe your business situation.
• Technical data: IP address, browser type, pages visited, and session duration — collected automatically when you browse our website.
• Cookie preference data: Your consent choice, stored in your browser's local storage.

We do not collect sensitive personal data through our website.

Legal basis: Contact data is processed on the basis of your consent (given on form submission) and our legitimate interest in responding to business enquiries. Technical and analytics data is processed on the basis of consent or legitimate interest for basic website operation.

Retention: Enquiry data is kept for up to 24 months from submission. If an engagement follows, data is retained for five years thereafter in line with standard professional practice. Technical logs are retained for no more than 12 months.

3. How We Use Your Data

Personal data collected through this website is used to:

• Respond to your enquiry and assess whether an engagement is appropriate.
• Communicate with you about scheduling an initial conversation.
• Maintain administrative records of enquiries.
• Understand how our website is used and improve its usability.

We do not use your data for marketing communications without explicit consent. We do not share it with advertising networks or third-party marketing platforms.

Data sharing: We do not sell or rent personal data. We may share data with website hosting providers under confidentiality obligations. We may disclose data when required by Malaysian law or court order.

4. Data Protection Measures

We take reasonable technical and organisational steps to protect personal data:

• Our website is served over HTTPS, encrypting data in transit.
• Access to enquiry data is restricted to staff who need it to respond to your enquiry.
• We do not process online payments and do not store payment card information.
• Our hosting environment is subject to standard security practices, including access controls and software updates.

In the event of a data breach posing risk to your rights, we will notify affected individuals and the relevant supervisory authority in accordance with our PDPA obligations.

5. Cookies

Our website uses the following types of cookies:

• Essential cookies: Required for the site to function. Cannot be disabled.
• Analytics cookies: Used to understand how visitors use the site. Active only if you accept cookies.
• Preference cookies: Store your consent choice to avoid repeated prompts.

You can manage cookie preferences at any time on our Cookie Policy page.

6. Your Rights Under the PDPA

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.
• Limit processing for certain purposes, subject to legal exceptions.
• Opt out of direct marketing (we do not currently conduct direct marketing).

To exercise any right, write to [email protected]. We will respond within 21 days and may ask you to verify your identity.

If you consider that your data has not been handled lawfully, you may lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP).

7. Third-Party Links

Our website may link to external websites. Once you leave our site, this Privacy Policy no longer applies. We are not responsible for the privacy practices of other websites and recommend reading their policies before submitting personal information.

8. Children's Privacy

Our services are directed at business principals and professionals. We do not knowingly collect personal data from individuals under 18. If you believe we hold data about a minor, please contact us at [email protected] and we will delete it.

9. Policy Updates

We may update this policy to reflect changes in our practices or applicable law. The revised version will be posted here with an updated "Last Updated" date. Continued use of our website after an update constitutes acceptance of the revised policy.

10. Contact Details

Data Controller: Cahaya Advisory

32 Lebuh Light, 10200 George Town, Pulau Pinang, Malaysia

Privacy enquiries: [email protected]

General enquiries: [email protected]

Telephone: +60 4-7382 5169