Responsible data handling for client care

Privacy Policy — NuronVRetrea

NuronVRetrea operates as a wellness and rehabilitation center serving retirees in Johor, Malaysia. We collect and process personal data to provide clinical care, coordinate services, manage billing, and maintain safety. This policy explains what data we handle, why processing is necessary, and how we protect information. Our activities are conducted in accordance with applicable data protection requirements and professional healthcare standards. Contact details and our registered information are provided below for any privacy inquiries.

  • 09-01-2026
  • NuronVRetrea (Business ID 402134217153)
Privacy Policy — NuronVRetrea

We collect information that is necessary to deliver safe, effective and coordinated care, to fulfil contractual obligations with clients, and to meet regulatory and administrative requirements.

01

Definitions

In this policy, key terms are defined to clarify how we use and protect personal data. These definitions align with common privacy terminology used in healthcare and data protection practice.

Personal data means any information that identifies or can be used to identify an individual, including contact details, health information, and billing records.
Processing refers to any action performed with personal data, such as collection, storage, use, disclosure, alteration or deletion.
User refers to clients, prospective clients, family members or authorized representatives who interact with NuronVRetrea services.
Service refers to wellness, rehabilitation and related support services provided at NuronVRetrea, including assessments, therapy, monitoring and care coordination.
Cookies are small data files placed on devices to enable website functionality, remember preferences, and collect analytics information.
02

Data Collection

We collect information that is necessary to deliver safe, effective and coordinated care, to fulfil contractual obligations with clients, and to meet regulatory and administrative requirements.

03

Data You Provide

When you register for services, request information, or receive care, we collect data that you or an authorized representative provide to us. This includes clinical and administrative details necessary for treatment and operations.

  • Identifying information: full name, date of birth, national identification where required.
  • Contact details: phone number, mailing address, and email address.
  • Health and rehabilitation information: medical history, diagnoses, medications, therapy records and functional assessments.
  • Emergency contacts and authorized representatives.
  • Business and billing information required for invoicing and payment processing.
  • Consent choices, preferences, and communications related to care coordination.
04

Data Collected Automatically

We and our service providers collect certain information automatically when users interact with our online resources or when systems record operational events.

  • Device and browser information, IP address and basic geolocation (city-level) used for security and analytics.
  • Usage data and interaction logs from our website and appointment systems.
  • Cookies and similar tracking identifiers as described in our cookie information.
  • System logs and access records used for diagnosing issues and maintaining service integrity.
  • Aggregated and anonymized usage metrics for service improvement and reporting.
  • Device performance and error reports used for technical maintenance.
05

Third-Party Recipients

We may disclose personal data to trusted third parties that support our operations, under contractual protections and where disclosure is necessary for the purposes set out in this policy.

  • Healthcare professionals and partner clinics involved in coordinated treatment.
  • Payment processors and business institutions for billing and claims administration.
  • IT and cloud service providers, analytics vendors, and software suppliers who support our systems.
06

Purposes of Processing

We process data strictly for reasons that are necessary to deliver services, comply with obligations, and improve operations while minimizing data scope.

  • Provision and coordination of clinical care and rehabilitation services.
  • Scheduling appointments, managing admissions and discharge planning.
  • Billing, claims processing and business administration.
  • Safety monitoring, incident reporting and clinical quality assurance.
  • Operational management, internal reporting and staff coordination.
  • Service improvement, clinical audits and aggregated research where appropriate safeguards exist.
  • Legal and regulatory compliance, including responses to lawful requests from authorities.
  • Communications about services and consented marketing, only where explicit consent has been obtained.
07

Legal Basis for Processing

Processing is based on legal grounds relevant to healthcare and administrative functions. Where required, we rely on consent, contractual necessity, legal obligations, or legitimate interests balanced against individual rights.

  • Performance of a contract: processing necessary to provide care and fulfil service agreements.
  • Consent: where individuals have explicitly agreed to specific processing activities, such as direct marketing.
  • Legal obligation: processing required to comply with statutory duties, reporting and recordkeeping.
  • Legitimate interests: where necessary for safety, fraud prevention, operational efficiency and quality improvement, subject to appropriate safeguards.
08

Cookies and Similar Technologies

Our website uses cookies and similar technologies to support functionality, security, and analytics. You can manage cookie preferences through your browser or our preference tools.

We use essential cookies (required for website operation), functional cookies (to remember preferences), analytics cookies (to measure website performance), and optionally marketing cookies with consent.

Categories include essential, performance/analytics, functional and marketing. Essential cookies are strictly necessary and cannot be disabled via our preference banner.

To manage cookies, use the cookie controls presented on the site or adjust your browser settings. Blocking some cookies may affect site functionality. For marketing cookies, explicit consent is requested before activation.

View Cookie Policy

09

Data Sharing and Disclosure

We limit sharing to what is necessary and only with parties that implement appropriate safeguards. Contractual terms require third parties to protect the confidentiality and security of personal data.

  • Clinical partners for treatment coordination under confidentiality agreements.
  • Business institutions and insurers to process payments and claims.
  • Technical providers who host and maintain records in secured environments.
  • Authorities and regulators when required by law or public health obligations.
  • Aggregated data recipients for research or service development where individual identifiers are removed.
  • Emergency responders or authorized parties in situations necessary to protect safety.
10

International Transfers

Personal data may be transferred to service providers located outside Malaysia for hosting, analytics or specialist services. Transfers are limited and governed by contractual safeguards and appropriate technical measures.

Where transfers occur, we use standard contractual clauses, data processing agreements, or other legal mechanisms to ensure an adequate level of protection for personal data.

11

Data Retention

We retain personal data only as long as necessary for the purpose it was collected and to meet legal, regulatory or contractual obligations.

Client account records are retained for the duration of the care relationship and for a defined period thereafter to satisfy medical recordkeeping and business compliance. Typical retention for core records is up to 7 years where required for regulatory or auditing purposes.

Communications and messaging records related to clinical care are retained for a period necessary for continuity of care, typically up to 3 years unless longer retention is required by law.

System logs and technical records are generally retained for operational and security purposes for up to 12 months, except where extended retention is needed for contribute.

When data is no longer required, we securely delete or anonymize it. Some backups may persist for a limited period; deletion processes are implemented in accordance with our retention schedule.

12

Security Measures

NuronVRetrea implements administrative, technical and physical safeguards appropriate to the sensitivity of the data. Measures include role-based access controls, encrypted storage and transmission, secure authentication, staff training on data protection and regular security assessments.

  • Encryption of data in transit and at rest using industry-standard protocols.
  • Access controls, user authentication and regular access reviews to limit data exposure.
  • Staff training, confidentiality agreements and incident response procedures to address potential breaches.
13

Your Data Rights

Individuals may exercise rights over their personal data subject to applicable legal restrictions and clinical recordkeeping requirements. Requests are handled in a timely and documented manner.

  • Right of access: request a copy of personal data we hold about you.
  • Right of rectification: request correction of inaccurate or incomplete information.
  • Right to erasure: request deletion of data where retention is not required by law or clinical necessity, subject to limitations.
  • Right to restrict processing: request limitation of processing in certain circumstances.
  • Right to data portability: where applicable, receive personal data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: withdraw consent for specific processing activities without affecting other lawful processing.
  • Right to lodge a complaint with a relevant supervisory authority if you consider your rights have been infringed.
14

Applicable Privacy Standards

NuronVRetrea is committed to protecting personal data for residents, clients, visitors and family members. This privacy section explains what personal information we collect, why we collect it, how we use it, and the legal basis for processing under applicable Malaysian data protection practices. Our approach is rooted in professional standards for elderly wellness and rehabilitation services and focuses on minimal, relevant data collection to deliver safe, dignified care.

This policy applies to all personal data collected by NuronVRetrea through our website NuronVRetrea.digital, on-site intake procedures at 139, Jalan Bestari 1/5, Taman Nusa Bestari, 81300 Nusa Jaya, Johor, Malaysia, and through related communications (phone, email, and secure portals). It covers personal data of prospective clients, current residents, family contacts, and professional referrers.

  • Types of data: contact details, basic health information relevant for intake, emergency contacts, billing and insurance details, and limited sensitive data when required for clinical care and rehabilitation planning.
  • Purpose of processing: to assess needs, plan and deliver tailored wellness and rehabilitation programs, coordinate with healthcare providers, process payments, and maintain legal and safety records.
  • Legal basis: processing is based on contractual necessity for care delivery, compliance with legal obligations, and where applicable, explicit consent for specified sensitive health information needed for clinical services.
  • Retention: personal data is retained only as long as necessary for care, billing, regulatory compliance or as otherwise required by law, after which it is securely destroyed or anonymized.

If you have concerns about how your personal data is handled, please contact our privacy officer at the address below. You may request access, correction, restriction or deletion of data within the scope of applicable law. If you remain dissatisfied, you may refer the matter to the relevant Malaysian data protection authority.

15

How to exercise your data rights

Residents, clients and authorized representatives may submit requests to access, rectify, restrict processing, or delete personal data, or to obtain a copy in a commonly used electronic format. Requests must include identifying information and sufficient detail to locate the records.

[email protected]

We aim to respond to valid rights requests promptly and within statutory timeframes. Complex requests may require additional verification and reasonable extension; we will notify you if additional time is required.

16

Communication and marketing preferences

NuronVRetrea may send informational communications about programs, events and facility updates relevant to clients and families. Marketing communications are only sent with consent where required; transactional and care-related messages necessary for service provision are not considered marketing.

To stop marketing messages, follow the unsubscribe link provided in the message or contact our privacy officer. Opting out of marketing does not affect receipt of essential care communications or billing notices.

17

Children and vulnerable people

Our services are focused on retirees and adults; we do not knowingly collect personal data from minors for service provision. If information about a minor is provided by an authorized caregiver as part of family contact details, such data is processed only to support communication. For vulnerable adults, we accept information from legally authorized representatives and apply heightened safeguards for sensitive health information.

18

Third-party websites and services

Our website may link to external resources and partner services. NuronVRetrea is not responsible for external site privacy practices. When referrals or integrations involve third-party providers, we will disclose the recipient and the purpose and limit shared data to what is necessary for continuity of care.

Third-party websites and services

We limit sharing to what is necessary and only with parties that implement appropriate safeguards. Contractual terms require third parties to protect the confidentiality and security of personal data.

Cookies and Similar Technologies

View Cookie Policy

19

Policy updates

We periodically review and update this privacy information to reflect changes in practices, legal requirements, or the services we provide. Material changes will be posted on NuronVRetrea.digital with an updated effective date.