Privacy Policy

Introduction

Pelagos is committed to protecting the privacy and personal information of our guests and website visitors. This Privacy Policy explains how we collect, use, protect, and handle your personal data in accordance with Malaysia's Personal Data Protection Act 2010 and applicable international standards.

By using our website or services, you consent to the data practices described in this policy. We encourage you to review this policy carefully and contact us if you have any questions.

For privacy-related inquiries, please contact us at [email protected].

Information We Collect

Personal Information You Provide

When you interact with our services, we may collect the following types of personal information:

• Name and contact details (email address, phone number, mailing address)
• Booking and reservation information
• Payment information (processed securely through third-party payment processors)
• Health and wellness information relevant to treatment customization (provided voluntarily during consultation)
• Communication preferences and feedback

Information Collected Automatically

When you visit our website, certain information is collected automatically, including:

• Browser type and version
• Device information and operating system
• IP address and general location data
• Pages visited and time spent on pages
• Referring website addresses

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie usage, please refer to our Cookie Policy.

How We Use Your Information

We use the personal information we collect for the following purposes:

• Service Delivery: To process bookings, provide wellness services, and fulfill retreat reservations
• Communication: To respond to inquiries, send booking confirmations, and provide customer support
• Treatment Customization: To tailor wellness programs to individual needs and preferences
• Business Operations: To maintain records, conduct internal analysis, and improve our services
• Marketing: To send promotional communications about our services (only with your consent, and you may opt out at any time)
• Legal Compliance: To comply with legal obligations and respond to lawful requests from authorities

We process personal data based on consent, contractual necessity, and our understanding of interests in providing quality wellness services, always in accordance with Malaysian law.

Data Sharing and Disclosure

We respect your privacy and do not sell your personal information. We may share your data with third parties only in the following circumstances:

• Service Providers: We work with trusted third-party vendors who assist with payment processing, booking systems, email communications, and website hosting. These providers are contractually obligated to protect your information
• Highland Retreat Partners: We share necessary booking and wellness information with the retreat facilities where services are provided
• Legal Requirements: We may disclose information when required by law, in response to legal processes, or to protect our rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the new entity

We ensure all third parties with whom we share data maintain appropriate security measures and comply with applicable privacy laws.

Data Protection Measures

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data transmission using SSL/TLS protocols
• Secure storage of personal information on protected servers
• Access controls limiting employee access to personal data on a need-to-know basis
• Regular security assessments and updates to our systems
• Staff training on data protection and privacy practices

While we strive to protect your personal information, no method of transmission or storage is completely secure. We encourage you to use strong passwords and safeguard your login credentials.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

• Booking Records: Retained for 7 years for business and accounting purposes
• Health Information: Retained for 6 years following your last visit, in accordance with healthcare record retention standards
• Marketing Communications: Retained until you withdraw consent or request deletion
• Website Analytics: Anonymized data may be retained indefinitely for statistical purposes

When personal information is no longer needed, it is securely deleted or anonymized.

Your Rights

Under Malaysia's Personal Data Protection Act and international privacy principles, you have the following rights regarding your personal information:

• Right to Access: You may request a copy of the personal information we hold about you
• Right to Rectification: You may request correction of inaccurate or incomplete personal data
• Right to Erasure: You may request deletion of your personal information, subject to legal retention requirements
• Right to Restrict Processing: You may request that we limit how we use your personal data
• Right to Data Portability: You may request a copy of your data in a commonly used format
• Right to Object: You may object to certain types of processing, including marketing communications
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 21 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commissioner of Malaysia.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected information about a child, please contact us immediately so we can delete the information.

International Data Transfers

While we primarily operate in Malaysia, some of our service providers may be located in other countries. When we transfer personal data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your information in accordance with Malaysian data protection standards.

Third-Party Websites

Our website may contain links to third-party websites for your convenience. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make significant changes, we will notify you by posting a notice on our website or by sending you an email. The "Last Updated" date at the top of this policy indicates when it was last revised.

We encourage you to review this policy regularly to stay informed about how we protect your information.