Privacy first

Privacy Policy — CareNowSenior

This Privacy Policy explains how CareNowSenior collects, uses, discloses and protects personal data in connection with our senior sanatorium services delivered at Jalan Bengkulang, Taman Petaling, 52000 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia. Our business identification number is 871190995595. The policy covers personal information provided directly by residents, family members, referrers and data collected automatically when interacting with our systems. The information is used to provide clinical care, manage accommodation and billing, meet legal and regulatory obligations and to improve the safety and quality of services. This policy takes effect on 09-04-2026.

09-04-2026 CareNowSenior Jalan Bengkulang, Taman Petaling, 52000 Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia [email protected]
01

Definitions

The following definitions describe key terms used in this policy to help clarify the types of data we process and the services we provide.

Personal data means any information that identifies or can reasonably identify an individual, such as name, contact details, identification numbers, health and clinical information, emergency contacts and payment details. Processing means any operation performed on personal data, including collection, recording, organization, storage, retrieval, use, disclosure, erasure and destruction. User refers to any resident, prospective resident, family member, legal representative, referrer or other individual whose personal data is processed by CareNowSenior in relation to our services. Service means senior sanatorium accommodation, clinical care, rehabilitation, assessments, social support and related administrative services provided by CareNowSenior at our Kuala Lumpur location. Cookies are small text files placed on a device when visiting a website, used to remember preferences, support analytics and provide essential functionality.
02

Data We Collect

We collect personal data from multiple sources to deliver care and manage administrative functions. Collection is limited to information relevant to the purpose for which it is obtained.

Information You Provide

We collect information you or your representative supply when arranging assessments, admission, care or other interactions with CareNowSenior.

  • Full name, date of birth and identification numbers
  • Contact details including phone number and email address
  • Medical history, current medications and care plans
  • Emergency contact and next-of-kin information
  • Payment and insurance details necessary for billing
  • Preferences related to care, dietary needs and mobility assistance

Information Collected Automatically

When you use our website or electronic services we may collect technical and interaction data automatically to support service operations and improvement.

  • Device and browser information, including browser type and version
  • IP address and approximate geographic location
  • Usage data such as pages visited, time spent and navigation paths
  • System logs and diagnostic data related to service performance
  • Analytics identifiers used to measure service use
  • Cookie identifiers when enabled in your browser

Data from Third-Party Sources

We may receive personal data about you from third parties where permitted by law, for example from referring clinicians or partner organizations.

  • Referring hospitals, clinics and allied health providers supplying clinical records
  • Payment processors and insurers for billing and claims information
  • Regulatory bodies and authorities as required by law
03

How We Use Personal Data

Personal data is processed for specific, explicit and legitimate purposes necessary to provide care and operate the sanatorium.

  • Provision and coordination of clinical care, rehabilitation and accommodation
  • Assessment, admission processing and care planning
  • Billing, invoicing and insurance claims administration
  • Safety, incident management and emergency contact procedures
  • Regulatory compliance and recordkeeping required by Malaysian law
  • Service quality reviews, staff training and internal audits
  • Communications regarding appointments, care updates and operational notices
  • Aggregated, de-identified analysis to understand service use and improve operations

Legal Bases for Processing

Where applicable, processing is carried out on lawful grounds such as consent, contract performance, legal obligations and legitimate interests.

  • Consent: where you have given clear consent to process specific personal data for a stated purpose
  • Contract: processing necessary to perform obligations under an admission or care contract
  • Legal obligation: processing required to comply with laws or regulatory requirements
  • Legitimate interests: processing necessary for operational needs, quality improvement and safety, balanced against individual rights

GDPR and International Considerations

If you are an EU resident or otherwise subject to the GDPR, you may have additional rights in relation to your personal data. We will respond to such requests in accordance with applicable law.

  • Right of access to personal data we hold about you
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure subject to legal and clinical recordkeeping obligations
  • Right to restriction of processing in certain circumstances
  • Right to data portability where processing is based on consent or contract and carried out by automated means
  • Right to object to processing based on legitimate interests and to lodge a complaint with a supervisory authority
04

Cookies and Similar Technologies

Our website uses cookies and similar technologies to provide essential functionality, measure usage and support preferences. Cookies may be set by CareNowSenior or third-party service providers.

Common cookie types include session cookies that expire on browser close, persistent cookies that remain for a set period, and third-party cookies used by analytics or service vendors.

We use essential cookies for site operation, analytics cookies to understand usage, preference cookies to store choices, and optional marketing cookies where consent is obtained.

You can manage cookie preferences through your browser settings or via cookie controls presented on the website. Disabling certain cookies may affect site functionality. For detailed controls see our cookie policy.

Cookie Policy

Data Sharing and Disclosure

CareNowSenior shares personal data with third parties only as required for care delivery, administrative functions or where disclosure is required by law.

  • Healthcare providers and allied health professionals involved in resident care
  • Payment processors, insurers and billing agents for invoicing and claims
  • Regulatory and law enforcement authorities where required by legal obligation
  • Family members or legal representatives with the resident's consent or as authorized
  • Third-party service providers that support operations, subject to contractual data protection obligations
  • Research partners only with de-identified data or with explicit consent where required

International Data Transfers

Personal data may be transferred to service providers or partners located outside Malaysia for processing. Transfers are limited to what is necessary for the stated purpose.

Where transfers occur, CareNowSenior implements safeguards such as contractual data protection terms, provider assessments and data minimisation measures to maintain an appropriate level of protection.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, to meet contractual obligations and to comply with legal and clinical recordkeeping requirements.

Account and admission records are kept for periods required by applicable healthcare regulations and for clinical continuity. In many cases clinical records are maintained for multiple years in line with professional standards.

Communications and message records are retained for a period that supports care coordination and dispute resolution, typically for a limited number of years unless otherwise required.

System logs and analytics data are retained for operational monitoring and security purposes for a period consistent with industry practice, after which they are aggregated or deleted.

When personal data is no longer needed for the original purpose and no legal retention requirement applies, we securely delete or anonymize the data. Requests for deletion are assessed against clinical and legal obligations.

Security Measures

CareNowSenior takes administrative, technical, and physical measures to protect personal data collected for senior care coordination. Measures are regularly reviewed and updated to reflect standard security practices. Access to personal information is limited to authorized staff and service partners on a need-to-know basis. Where appropriate, data is pseudonymized or encrypted in transit. Records of access and processing are maintained to support accountability and lawful handling.

  • Access controls and role-based permissions limiting access to personal data to authorized personnel only.
  • Encryption of personal data in transit and at rest where practicable, combined with routine patching and system updates.
  • Regular backups, logging of data access events, and periodic internal reviews of processing activity and infrastructure.
05

User Rights and Choices

Individuals have a set of rights in relation to their personal data processed by CareNowSenior. These rights can be exercised by submitting a request as described below. Requests will be handled in accordance with applicable Malaysian law and internal procedures to verify identity and scope of the request.

  • Right to access: obtain confirmation of processing and a copy of personal data held about you.
  • Right to rectification: request correction of inaccurate or incomplete personal data.
  • Right to erasure: request deletion of personal data where lawful grounds permit.
  • Right to restriction of processing: request limits on processing while a dispute or verification is underway.
  • Right to objection: object to certain types of processing, including direct marketing.
  • Right to data portability: obtain and reuse certain personal data in a structured, commonly used format when applicable.
  • Right to withdraw consent: withdraw previously given consent for processing where consent is the basis for processing.
  • Right to lodge a complaint: raise concerns with an appropriate supervisory authority if unresolved through our processes.

How to submit a privacy rights request

To exercise any of the rights listed above, please submit a written request including your full name, a description of the data or processing you are concerned about, and a copy of an identity document for verification. Send requests to our data protection contact at the address or email below. We may ask for supplementary information to confirm identity and to clarify the scope of the request.

[email protected]

We aim to respond to verifiable requests as promptly as possible and within any statutory timeframes that apply. Routine requests are typically acknowledged within 14 calendar days and completed within 30 calendar days, subject to verification and any lawful extensions.

Marketing and communications

CareNowSenior may use contact details to send information about services, updates, and operational notices. Marketing communications will be sent only with a lawful basis for processing, such as consent or a legitimate interest where allowed. Marketing content will clearly identify the sender and provide an option to opt out.

To stop receiving marketing communications, follow the unsubscribe link in the message or submit an unsubscribe request to the contact details shown below. Opt-out requests are processed promptly and will be respected in subsequent mailings.

Children and age limits

CareNowSenior provides services intended for adults and senior care coordination. We do not knowingly collect personal data from children under 18 for service enrollment. If we become aware that personal data of a person under 18 has been collected without appropriate consent, we will take steps to delete the information where required by law.

Third-party links

Our website and communications may include links to third-party sites or services operated by other organizations. CareNowSenior is not responsible for the privacy practices or content of those sites. We recommend reviewing the privacy notices of any third-party sites before providing personal information.

Changes to this privacy policy

CareNowSenior may update this privacy statement to reflect changes in practices or legal requirements. Material changes will be posted on the website with an updated effective date. The policy text below was last updated on 13-03-2026.