1. Introduction
Sereni ("we", "us", "our") is committed to protecting the privacy of individuals whose personal data we process. This Privacy Policy explains what personal data we collect, how we use it, and your rights under Malaysia's Personal Data Protection Act 2010 (PDPA).
This policy applies to personal data collected through our website, enquiry forms, telephone calls, and as part of providing our care services at 31 Jalan PJU 1A/3, Ara Damansara, 47301 Petaling Jaya, Selangor.
Questions about this policy may be directed to: [email protected]
2. Data We Collect
Information you provide directly
- Name, email address, and phone number (via contact forms and enquiries)
- Health and medical information (when arranging or receiving care services)
- Emergency contact and next-of-kin details
- Payment and billing information for programme fees
Information collected automatically
- Browser type, device type, IP address, and pages visited (via cookies and analytics tools)
- Referral source and session duration
Legal basis for processing
We process personal data on the basis of: (a) consent, where you have provided it; (b) contractual necessity, where processing is needed to deliver the services you have requested; (c) legitimate interest, for improving our website and communications; and (d) legal obligation, where Malaysian law requires us to retain certain records.
3. How We Use Your Data
- To respond to enquiries and provide information about our programmes
- To deliver and administer care services, including maintaining health records
- To send service-related communications (appointment information, monthly reports)
- To improve our website performance and user experience
- To comply with legal and regulatory requirements under Malaysian health legislation
We do not sell, rent, or trade personal data to third parties for their own marketing purposes.
4. Data Sharing
We may share personal data with the following categories of recipients:
- Healthcare professionals: Doctors, physiotherapists, and specialists involved in a resident's care with their consent
- Regulatory authorities: Ministry of Health Malaysia, where legally required
- Service providers: IT systems providers operating under strict data processing agreements
- Emergency services: Where there is immediate risk to health or safety
5. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected. Care-related medical records are retained for a minimum of seven years following the end of care, in accordance with Malaysian healthcare regulations. Website enquiry data is retained for up to twelve months unless a care relationship is established.
6. Data Security
- Encrypted storage for digital health records
- Access controls limiting data to authorised staff only
- Secure server hosting in compliance with PDPA standards
- Staff training on data handling and confidentiality
- Breach notification procedures — we will notify affected individuals and, where required, the relevant authority within the timeframes prescribed by Malaysian law
7. Cookies
We use cookies to operate our website and, optionally, to analyse usage. Essential cookies are required for basic site functionality. Analytics and marketing cookies are only used with your consent. Full details are provided in our Cookie Policy.
8. Your Rights Under the PDPA
Under Malaysia's Personal Data Protection Act 2010, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Withdraw consent for processing (where consent is the basis)
- Request that we stop processing your data for direct marketing
- Lodge a complaint with the Department of Personal Data Protection Malaysia
To exercise any of these rights, please contact us at [email protected]. We will respond within 21 days.
9. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
10. Children's Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18 without parental or guardian consent.
11. International Data Transfers
Personal data collected by Sereni is stored and processed within Malaysia. Where any data is processed outside Malaysia, we ensure appropriate safeguards are in place in accordance with PDPA requirements.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be published on this page with an updated date. Continued use of our website or services following changes constitutes your acknowledgement of the updated policy.
13. Contact
For privacy-related queries:
Sereni
31 Jalan PJU 1A/3, Ara Damansara, 47301 Petaling Jaya, Selangor
Email: [email protected]
Phone: +60 3-7859 2164