Privacy compliant. Case-oriented data handling.

General Privacy Statement

SeraThealth collects and processes personal information to provide wellness retreat and rehabilitation services tailored for retirees. This policy explains our practices using practical scenarios and examples so service users can understand how their data is used in real cases, such as intake assessments, therapy scheduling, and post-stay follow-ups.

2026-01-21 SeraThealth, Jalan Meranti, Pekan Meru, 41050 Klang, Selangor, Malaysia; Business ID 736504795418; SeraThealth.pro Jalan Meranti, Pekan Meru, 41050 Klang, Selangor, Malaysia [email protected]
01

Key Definitions

To make explanations practical, we define terms used in this policy and provide short case examples illustrating each concept. Example scenario: an intake form completed by a retiree before an initial rehabilitation consultation.

Personal data means any information that identifies an individual, such as name, contact details, medical history, and emergency contacts. Example: a retiree provides their medication list during an intake session so therapists can plan safe treatments. Processing covers any operation on personal data: collection, storage, analysis, sharing, or deletion. Example: compiling rehabilitation progress notes after weekly physiotherapy sessions. User refers to anyone using SeraThealth services, including retirees attending retreats, family members requesting information, and care coordinators arranging transfers. Case note: a family member requests an updated itinerary for a client’s therapy schedule. Service describes wellness retreats, clinical rehabilitation sessions, teleconsultations, and follow-up support provided by SeraThealth. Practical case: a 10-day mobility-focused retreat that includes assessments, tailored exercises, and lifestyle coaching. Cookies are small files placed on a device to enable website features and analytics. Example: a session cookie keeps a logged-in user on their booking page while they complete a reservation.
02

What Data We Collect

We collect both data you provide and data collected automatically. To clarify, we present typical data items collected for common scenarios: initial assessment, booking and payments, on-site clinical notes, and follow-up outcome tracking.

Data You Provide Directly

When you book or attend a retreat, you may provide information that we need to deliver care and manage logistics. Below are common items illustrated with short-case examples.

  • Identity and contact details: name, date of birth, postal address, phone number, and email. Case: used to confirm a retreat reservation and send arrival instructions.
  • Health and medical information: medical history, medications, allergies, mobility assessments, and rehabilitation goals. Case: physiotherapist uses this to design a safe exercise program.
  • Payment and billing information: billing address, invoice details, and transaction records (handled by secure payment processors). Case: processing retreat fees and issuing receipts.
  • Intake questionnaires and consent forms: signed consent for therapies and data processing choices. Case: consent to share rehabilitation notes with a referring physician.
  • Emergency contact and next-of-kin details used for on-site safety and urgent communication. Case: contacting a family member in the event of a sudden medical issue.
  • User feedback and outcome surveys collected after stays to evaluate program effectiveness and refine protocols. Case: post-retreat survey used to adjust future therapy plans.

Data Collected Automatically

We also collect data automatically to operate the site and improve services. Examples below are tied to common scenarios such as booking flows, website troubleshooting, and service analysis.

  • Log data: IP address, device type, browser, and access times. Case: troubleshooting an appointment booking error reported by a user.
  • Cookies and similar trackers used for session management and analytics. Case: remembering language preference during a multi-step booking.
  • Usage analytics: pages visited, clicks, and time on site to evaluate service pages and improve clarity. Case: identifying frequent drop-off points in the retreat sign-up flow.
  • Performance metrics from telehealth sessions such as connection quality logs (no audio content saved unless explicitly recorded with consent). Case: diagnosing a disrupted teleconsultation.
  • Security-related information such as failed login attempts to detect potential abuse. Case: blocking automated malicious activity against booking endpoints.
  • Aggregated anonymized data used for internal program evaluation and reporting, without identifying individuals. Case: reviewing average mobility improvement across a cohort.

Data From Third Parties

We may receive data from partner organizations to deliver services, always limited to what is necessary and subject to agreements. Below are typical third-party sources with example use cases.

  • Referring healthcare providers: clinical summaries or test results to inform treatment planning. Case: receiving a recent blood test to assess medication safety.
  • Payment processors and banks to complete transactions and prevent fraud. Case: verifying a payment for a retreat booking.
  • Technology providers for analytics, appointment scheduling, and telehealth platforms. Case: integrating teleconsultation logs to coordinate follow-up care.
03

How We Use Your Data

We process data to operate services, keep participants safe, and improve programs. Below are purpose statements accompanied by short practical scenarios illustrating typical processing activities.

  • To provide booked services such as retreats, rehabilitation sessions, and teleconsultations. Example: scheduling physiotherapy sessions based on intake findings.
  • To manage payments, billing, and refunds. Example: issuing an invoice and reconciliation after a retreat stay.
  • To ensure on-site safety and medical coordination. Example: sharing allergy information with the kitchen for meal planning.
  • To personalize programs and communicate relevant care instructions. Example: adjusting exercise intensity after weekly progress notes.
  • To evaluate outcomes and improve services through aggregated analysis. Example: comparing mobility scores before and after a 14-day program to refine protocols.
  • To detect and prevent fraud, abuse, and security incidents. Example: contribute anomalous booking patterns that suggest misuse.
  • To comply with legal obligations and respond to lawful requests from authorities. Example: providing records in response to a court order where required.
  • To send service-related updates and optional marketing communications where consent was given. Example: informing former participants about a new senior balance workshop if they opted in.

Legal Bases for Processing (Illustrative)

We rely on appropriate legal bases for processing personal data, depending on the purpose. The selected basis reflects the practical need for the activity—for example, contract performance for bookings or consent for marketing.

  • Performance of a contract: processing necessary to fulfill retreat bookings and provide rehabilitation services.
  • Consent: where you explicitly opt in to marketing communications or optional data collection beyond core services.
  • Legal obligation: processing required to comply with laws or official contribute.
  • Legitimate interests: limited processing necessary for safety, fraud prevention, and service improvement after balancing user rights.

Data Subject Rights (Illustrative Guidance)

Although SeraThealth operates in Malaysia, we recognize internationally accepted privacy protections. The following sections explain rights commonly referenced in international frameworks, illustrated with practical steps for exercising them.

  • Right to access: you can request a copy of personal data we hold about you. Example: requesting your intake form and rehabilitation notes to share with another provider.
  • Right to rectification: you may ask us to correct inaccurate data. Example: updating a medication list after a physician changes prescriptions.
  • Right to erasure: subject to legal and service requirements, you may request deletion of data. Example: asking to remove marketing contact details while retaining clinical records required for safety.
  • Right to restriction of processing: you may ask to limit certain uses of your data. Example: pausing data use for secondary research while still receiving care.
  • Right to data portability: where technically feasible, we can provide personal data in a structured, commonly used format. Example: exporting your appointment history for transfer to another provider.
  • Right to object: you can object to certain processing, such as direct marketing, and we will respect opt-outs in line with applicable law.
04

Cookies and Tracking Technologies

We use cookies and similar technologies to run the website, support bookings, and analyze usage. Below we list types and how they are applied in operational examples.

Common types include session cookies (temporary), persistent cookies (remember preferences), analytics cookies (usage statistics), and functional cookies (site features). Example: a persistent cookie storing language preference for future visits.

Categories: strictly necessary, performance/analytics, functional, and advertising. We only use advertising cookies where explicit consent is provided.

You can manage cookie settings via your browser or our cookie banner. Example: disabling analytics cookies will prevent certain usage reports from being collected but will not affect your booking confirmation.

See full cookie policy on SeraThealth.pro/cookie-policy for configuration and opt-out instructions.

When We Share Your Data

We share personal data only as needed to provide services or comply with legal obligations. Each sharing scenario has safeguards and a specific, documented purpose.

  • Healthcare partners and consultants for coordinated care and treatment planning.
  • Payment processors and banks to complete and reconcile payments.
  • Third-party service providers such as telehealth platforms and booking systems under contractual terms restricting use.
  • Legal or regulatory authorities when required by law or court orders.
  • Aggregated and anonymized data shared with researchers or partners to improve therapies, without personal identifiers.
  • Family members or nominated contacts when you have provided consent or in emergency situations for safety.

International Data Transfers

Some service providers and partners may be located outside Malaysia. Transfers are limited to necessary recipients and conducted with appropriate protections. Example: a telehealth vendor hosting video logs in a neighboring jurisdiction to support remote consultations.

We implement safeguards such as contractual data protection terms, vendor assessments, encryption of data in transit, and limiting transferred data to the minimum required for the service.

Data Retention

Retention periods are based on operational needs, clinical safety, and legal requirements. Below are illustrative retention rules with practical case explanations to help users understand why data is kept.

Account information and core service records are retained for a period necessary to provide ongoing care and for statutory record-keeping, typically several years following the last service interaction to support continuity and safety.

Communications such as appointment confirmations and key messages are retained for a period required for billing and audit trails, after which they are securely deleted unless needed for a legitimate reason.

System logs and security records are kept for a limited period to detect and contribute incidents, then archived or deleted according to our internal retention schedule.

When data is no longer required, it is deleted or anonymized. Example: anonymized outcome data may be retained for long-term program evaluation while personal identifiers are removed.

Security Measures

We apply technical and organizational measures to protect personal data, tailored to the sensitivity of the information and informed by practical risk assessments. Example: clinical notes are stored separately from public profiles and accessed only by authorized clinicians.

  • Encryption of data in transit and at rest where applicable to protect confidentiality.
  • Access controls and role-based permissions restricting data access to authorized staff only.
  • Regular vendor security assessments, staff training on data handling, and incident response procedures.
05

Your Rights and How to Exercise Them

You can exercise your rights by contacting our privacy team. We use practical case handling to respond, for example verifying identity before providing copies of clinical records to protect confidentiality.

  • How to request access, correction, or deletion: contact [email protected] or send a request to our privacy office at Jalan Meranti, Pekan Meru, 41050 Klang.
  • Verification process: to protect privacy, we will confirm identity and may ask for clarifying information about the request.
  • Response timeframe: we aim to respond promptly and will provide updates on complex requests. If we cannot comply fully, we will explain the reason and any applicable limitations.
  • Complaints: if you are not satisfied with our response, you may contact local data protection authorities or seek legal advice.
  • Contact details for privacy inquiries: [email protected], or call +60128035097 for general assistance; for formal requests send a signed letter to Jalan Meranti, Pekan Meru, 41050 Klang, Selangor, Malaysia.
  • Right to restrict processing: You may request temporary limitation of how we use your personal data while a dispute about accuracy or lawfulness is resolved, or when processing is no longer necessary but you request retention.
  • Right to object: You may object to direct marketing communications and to processing based on legitimate interests; we will stop processing for those purposes unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time for future processing without affecting prior lawful processing.

How to exercise your privacy rights

To submit a request regarding access, correction, portability, restriction, objection, or deletion of your personal data, contact our data protection team via the contact details below or through the contact form on SeraThealth.pro/contact. Please include your full name, Business ID 736504795418 if applicable, and a clear description of the request. We may ask for information to verify your identity before processing the request.

[email protected]

We will acknowledge receipt of your request promptly and aim to respond substantively within 30 calendar days. Complex requests may require additional time; in such cases we will inform you and provide a reasonable timeframe.

Marketing communications and preferences

SeraThealth sends event invitations, program updates, and educational content relevant to wellness retreats and rehabilitative services. We rely on consent or legitimate interest to communicate. You control your marketing preferences through your account settings or by contacting us directly. We use practical case studies and scenario-based newsletters geared toward retirees and caregivers.

To opt out of marketing emails or SMS, use the unsubscribe link provided in any marketing message or update your preferences in your SeraThealth account. If you need assistance, contact our team at the address below and we will update your preferences.

Children and minors

SeraThealth services and content are designed for adults and retirees. We do not intentionally collect personal information from children under 18. If we become aware that we have received personal data from a child under 18 without parental consent, we will take steps to delete that information.

Third-party links and services

Our website and materials may include links to trusted third-party providers such as local clinics, insurance partners, or booking platforms. These links are provided for convenience and do not imply endorsement. Third-party sites have their own privacy practices; please review their policies before sharing personal information.

Changes to this privacy policy

We review and may update our privacy policy to reflect operational changes, legal requirements, or new services. Material changes will be posted on SeraThealth.pro with the updated effective date. We encourage users to review this policy periodically to stay informed about how we handle personal data.