Privacy-first approach

Privacy policy overview

CareMResort respects personal data and collects only information necessary to deliver wellness and recreation services. This policy explains what we collect, why we collect it and how we use it to support safe, scenario-driven care. Our facility address is 6057, Jalan Persiaran Indahpura 3, Taman Siantan, 81000 Kulai, Johor, Malaysia and phone +60129707338.

05-04-2026
CareMResort Sdn Bhd, Business ID 833287717627
6057, Jalan Persiaran Indahpura 3, Taman Siantan, 81000 Kulai, Johor, Malaysia
[email protected]

Foundations and scope

Definitions

Key terms used in this policy to clarify what we mean by personal data, processing, user and service.

Personal data means any information relating to an identified or identifiable individual, provided directly by the user or collected during service delivery.
Processing refers to any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval and erasure.
User is any individual who receives services, contacts CareMResort or registers for programs, including family members acting on their behalf.
Service refers to wellness and recreation programs, assessments, classes and supervised outings provided by CareMResort at our Johor facility.
Cookies are small data files stored on a device to improve navigation and remember preferences; they do not contain personal health records.

Data collection practices

We collect data necessary for assessments, program tailoring and safe participation. Collection is limited to what supports those purposes and is documented according to retention schedules.

Types of data collected

Information you provide

When you register for services or consult with staff, we may collect identifiers and voluntary health-related details to tailor programs and manage safety.

  • Contact details: name, emergency contact, email address and phone number
  • Health and mobility information provided voluntarily for program tailoring and risk assessment
  • Emergency contact details provided by participants for onsite activities, used only to notify relatives or appointed guardians in case of an incident during a wellness session.
  • Health and mobility information supplied during enrollment to tailor recreation programs, including mobility restrictions, medication notes, and preferred activity levels.
  • Payment and billing details when purchasing program packages or booking day sessions, retained to manage invoices and refunds with relevant payment processors.
  • Feedback, registration forms, and consent acknowledgements collected after classes and events to improve scheduling and adjust program intensity for participants.

Information Collected Automatically

When visitors use CareMResort.pro or attend our on-site activities, some technical and usage data are collected automatically to support service delivery, safety monitoring, and operational planning. Below are practical examples and scenarios showing what is collected and how it is used.

  • Device and browser information captured when registering online or booking classes, used to troubleshoot registration issues and improve the booking interface.
  • IP address and approximate location used to prevent fraud in online payments and to route support requests to the nearest facility for face-to-face consultations.
  • Session logs that record pages visited, time on schedule pages, and downloads so we can identify common barriers to enrollment and streamline the sign-up flow.
  • Usage patterns of our wellness content (for example, which exercise videos are frequently accessed), used to plan new classes and group sessions based on participant interest.
  • Cookie identifiers used to remember preferences for language, accessibility settings, and saved program selections during repeat visits.
  • Error and performance reports generated by our systems to detect and fix issues that affect booking confirmations, activity rosters, or emergency notifications.

Third-Party Data Sharing

CareMResort partners with carefully selected third parties to deliver services such as payment processing, health provider coordination, and analytics. In each case we share only data necessary for the third party to perform its function, and we document real-world scenarios where this sharing occurs.

  • Payment processors receive billing details strictly to authorize and settle transactions when members purchase program packages or book sessions.
  • Certified therapists and external instructors receive participant health summaries and mobility notes when explicitly consented to for tailored therapy or assessment sessions.
  • Emergency medical services or hospitals receive relevant medical and contact information in urgent situations to support continuity of care during transfers.

How We Use Your Information

Purposes of Processing Personal Data

We process personal data to operate CareMResort services safely and efficiently. Below are concrete purposes paired with practical cases illustrating the reason for each processing activity.

  • Program delivery: using mobility profiles and health notes to assign suitable group classes and avoid activities that conflict with medical advice. Example: adjusting a chair-yoga session for a participant recovering from hip surgery.
  • Safety and emergency response: using emergency contact information and on-site attendance logs to reach guardians or medical services in incidents occurring during recreation activities.
  • Billing and accounting: processing payment details and invoices for class packages, day visits, and therapy sessions, and maintaining records for tax and audit purposes.
  • Program improvement: analyzing attendance trends and participant feedback to refine timetables, add popular classes, and retire underused sessions based on real attendance data.
  • Legal compliance: retaining records and sharing information with authorities when required under Malaysian law or to respond to lawful requests such as health inspections.
  • Communication: sending booking confirmations, activity reminders, and safety notices by email or phone relevant to registered programs and upcoming sessions.
  • Research and evaluation: with explicit consent, anonymized data may be used in internal studies to evaluate the effectiveness of recreation programs for older adults.
  • Facility management: using attendance and scheduling data to allocate staff, manage room allocations, and plan maintenance to ensure safe, accessible facilities.

Legal Basis for Processing

Processing of personal data at CareMResort is based on legally valid reasons such as participant consent, necessity for contract performance, compliance with legal obligations, and legitimate interests balanced against participant privacy. The examples below describe typical bases in practice.

Cookies and Similar Technologies

CareMResort.pro uses cookies and similar technologies to improve user experience and to support secure online booking. We describe types, purposes, and how visitors can manage preferences.

We use session cookies to maintain booking transactions, preference cookies to remember language and accessibility settings, and analytics cookies to track anonymous usage patterns that help us optimize class schedules.

Categories include essential cookies for service functionality, performance cookies for site analytics, and preference cookies for saved settings. Marketing cookies are used only with explicit consent.

Visitors can manage cookie preferences via the cookie banner on CareMResort.pro or by adjusting browser settings. Practical scenario: if a user disables performance cookies, they may need to manually reselect class filters each visit.

View our full Cookie Policy on CareMResort.pro/cookie-policy

When We Share Your Data

We limit sharing to necessary partners and only the minimum information required. Examples below explain typical recipients and the reason for disclosure in real operational scenarios.

  • Healthcare professionals engaged by CareMResort receive health summaries and consent forms when participants enroll in therapeutic services.
  • Payment service providers and banks receive billing details during transaction processing for class purchases.
  • Emergency responders and hospitals receive pertinent medical and contact information only when needed for urgent care during an incident.
  • External auditors and legal advisors may receive records during compliance reviews or to resolve contractual disputes.
  • Analytics providers receive aggregated, pseudonymized usage metrics that do not disclose personal identities for product improvement.
  • Facility vendors or external activity venues may receive participant counts and schedule information to prepare appropriate accommodations.

International Transfers

Where third-party suppliers process data outside Malaysia, CareMResort applies contractual safeguards and ensures transfers meet applicable legal standards. For example, hosting providers may operate in regional data centers subject to contractual security measures.

Safeguards include standard contractual clauses, data minimization, pseudonymization where possible, and selecting vendors that demonstrate compliance with recognized data protection practices.

Data Storage and Location

Data Retention

CareMResort retains personal data only as long as necessary for the purpose collected, for legal compliance, or as otherwise required for safe program delivery. We describe typical retention periods with practical cases below.

Account records and enrollment history are kept while the account is active and for up to seven years after account closure for tax and audit purposes or to resolve disputes from program participation.

Communication records such as booking confirmations and safety notices are retained for up to two years to support ongoing care coordination and to provide historical context in case of incidents.

System logs and performance metrics are retained in aggregated or rotated form for up to 12 months to help diagnose issues and to inform capacity planning for scheduled activities.

Participants may request deletion of personal data; where deletion is possible without violating legal or safety obligations, we remove identifying records and keep anonymized summaries to maintain program evaluation integrity.

Security of Personal Data

CareMResort implements technical and organizational measures to protect participant data in everyday operations and during transfers. We describe concrete controls and their practical impact on service delivery.

  • Access controls limiting staff access to participant records to only those with an operational need, used in scenarios like assigning instructors based on health needs.
  • Encrypted backups and secure hosting to protect booking and health data against unauthorized access while enabling timely recovery after system incidents.
  • Regular staff training and incident response drills focused on practical case scenarios such as managing a lost tablet containing schedule data and ensuring no sensitive information is exposed.

Your Rights

User Rights Overview

Participants have rights regarding their personal data. We describe each right and provide scenarios showing how they apply, for example when updating health profiles or requesting copies of attendance records.

  • Access: request a copy of personal information we hold, such as class attendance logs and submitted health notes.
  • Correction: request rectification of inaccurate or incomplete records, for example correcting a medication note before a therapy session.
  • Deletion: request removal of personal data where retention is no longer necessary and there are no overriding legal or safety requirements.
  • Restriction: request limitations on processing in specific situations, such as pausing marketing communications while continuing essential booking communications.
  • Portability: request a structured copy of data provided by the user, like enrollment history and consent forms, suitable for transfer to another service provider.
  • Objection: object to processing based on legitimate interests, such as profiling for non-essential program recommendations.
  • Withdraw consent: where processing is based on consent, participants can withdraw consent for future processing without affecting activities carried out before withdrawal.
  • Complain: raise concerns about data handling with our contact points or with relevant regulators if unresolved.

How to Make a Rights Request

To exercise any rights, participants may contact our Data Protection Officer with details of the request and any relevant documents. Practical scenario: when a participant requests enrollment history to share with a new care provider, we verify identity and provide the records in a structured format.

[email protected]

We aim to respond to verified rights requests within 30 days. Complex requests or those requiring additional verification may take up to 60 days; we will communicate status and reasons for any extension.

Applicable Data Protection Standards

While CareMResort is based in Malaysia and follows local data protection requirements, we also align practices with international data protection principles. Below are specific commitments and examples that reflect these standards.

  • Transparency: clear notices and examples of processing activities to help participants understand how data is used in everyday program operations.
  • Data minimization: collecting only necessary health and contact details for program delivery and safety, such as collecting mobility notes rather than full medical histories where appropriate.
  • Purpose limitation: using personal data only for the stated purposes, for example using attendance logs for scheduling rather than unrelated profiling.
  • Security: implementing access controls, encryption, and staff training to mitigate risks to participant data during recreational activities.
  • Accountability: maintaining records of processing activities and practical case notes that show how individual decisions are made for therapy referrals.
  • Data protection by design: designing booking workflows and consent dialogs with clear, use-case oriented explanations so participants can make informed choices.

Participants may contact local supervisory authorities if concerns are not resolved. CareMResort will cooperate with regulators and provide necessary documentation to support contribute of processing practices.

Other Privacy Considerations

Marketing Communications

With consent, we send program updates, class invitations, and safety notices relevant to participants. Practical case: a registrant may opt in to receive announcements about new low-impact classes tailored to older adults recovering mobility.

Participants can unsubscribe from non-essential communications at any time using the unsubscribe link in emails or by contacting our support team. Essential service messages such as booking confirmations are not affected.

Children and Dependent Adults

CareMResort focuses on wellness for older adults and does not intentionally collect data from children under 16. If dependent adults are represented by a legal guardian, we require appropriate authorizations and document cases where a guardian acts on behalf of a participant.

External Links

CareMResort.pro may contain links to partner sites or resources. These third-party sites have their own privacy practices; we recommend reviewing their policies before sharing personal information. Example: a partner physiotherapy clinic's registration link opens a separate form managed by that clinic.

Policy Updates

This privacy policy was last updated on 18 March 2026. When material changes occur, we will publish the updated policy on CareMResort.pro and provide notice to registered participants describing the key changes and any actions they may need to take.

Contact Information

For privacy questions or to exercise your rights, contact CareMResort Data Protection Officer at CareMResort.pro/contact. Postal address: 6057, Jalan Persiaran Indahpura 3, Taman Siantan, 81000 Kulai, Johor, Malaysia. Phone for general enquiries: +60129707338. Business ID: 833287717627.

  • +60129707338
  • [email protected]
  • 6057, Jalan Persiaran Indahpura 3, Taman Siantan, 81000 Kulai, Johor, Malaysia
Wellness for Seniors

Join a Practical Wellness Session

Explore case-based programs at CareMResort that adapt to real participant needs. See scenarios of how sessions were adjusted after health assessments and learn which class fits your situation.

Book a Visit Schedule a Tour
Case-based program adjustments based on health profiles
Onsite safety protocols with real incident response examples
Local facility in Kulai with tailored activity schedules
Programs & Outcomes

Practical Case Studies

Real scenarios showing how specific programs supported participants

  • Case study: adapting low-impact aerobics for a participant with knee replacement recovery, including the assessment, modifications, and outcomes documented over eight weekly sessions.
  • Scenario: coordination between our on-site nurse and an external physiotherapist to adjust a mobility plan after a mid-program health review.
  • Operational case: managing class rescheduling and refunds when an instructor is unavailable, outlining the steps taken to communicate and rebook participants.
Explore Case Studies Learn How We Adapt Programs
Attendance Improvement Practical scheduling revisions based on participant feedback

We use attendance patterns to reschedule classes to times that serve the most participants, illustrated by a scenario where moving a morning class to late morning increased consistent attendance for a mobility group.

Therapy Coordination Examples of joint care plans

Care plans are shared with consent between on-site staff and external therapists to provide coherent progression steps; one example describes a phased increase in activity after post-op clearance.

Operational Resilience Documented incident response procedures

We maintain logs and practical playbooks for handling unexpected events such as power outages or staff shortages, and these guides are used to train staff for continuity of services.