Privacy Policy

Company Name: Lentur Sari Sdn Bhd

Registration Number: 202501043534 (1644942-U)

Operating Name: Uurut Spa Muslimah

Address: 37-1, Jalan Eco Majestic 10/1E, Eco Majestic, 43500 Semenyih, Selangor

Email: info@uurut.spa

Phone: +60 19-209 1132

We collect the following categories of personal data when you book appointments or use our services:

We process your personal data for the following purposes:

• Service Delivery: To provide spa treatments, manage bookings, and ensure your safety and comfort during treatments
• Communication: To confirm appointments, send reminders, and respond to your inquiries via WhatsApp, phone, or email
• Health & Safety: To review your health information and ensure treatments are safe and suitable for your conditions
• Record Keeping: To maintain treatment records for continuity of care and legal compliance
• Marketing (with consent): To send you promotional offers, special deals, and updates about our services only if you have explicitly consented
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our terms and conditions

We process your personal data based on:

• Your explicit consent - especially for sensitive health data and marketing communications
• Performance of contract - to fulfill our service agreement with you
• Legal obligations - to comply with Malaysian laws and regulations
• Legitimate interests - for business operations, security, and service improvement

We share your personal data with the following trusted third-party service providers:

• Supabase (Database Hosting): Your data is securely stored in Southeast Asia servers. Supabase complies with international security standards.
• WhatsApp Business: Used for appointment communications and customer service inquiries.
• Payment Processors: For processing payments securely (if applicable).

All third-party providers are carefully selected and required to maintain appropriate security measures to protect your data. We do not sell, rent, or trade your personal data to any third parties for marketing purposes.

We retain your personal data for the following periods:

• Treatment Records: 7 years from last treatment (for medical and legal compliance)
• Booking History: 3 years for accounting and customer service purposes
• Marketing Consent: Until you withdraw consent or 2 years of inactivity
• Website Cookies: 12 months or as specified in our Cookie Policy

After the retention period, your data will be securely deleted or anonymized.

We implement comprehensive security measures to protect your personal data:

Under the Personal Data Protection Act 2010, you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Withdraw Consent: Withdraw your consent for data processing at any time
• Right to Data Portability: Request your data in a structured, commonly used format
• Right to Limit Processing: Request restriction of processing your data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)

We will only send you marketing communications (promotional offers, special deals, newsletters) if you have given us explicit consent. You can opt out at any time by:

• Clicking the unsubscribe link in our emails
• Replying "STOP" to our WhatsApp messages
• Contacting us directly to update your preferences

Withdrawing marketing consent will not affect our ability to send you essential communications about your appointments and treatments.

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device. We use:

• Essential Cookies: Required for website functionality (e.g., booking system)
• Functional Cookies: Remember your preferences (e.g., language selection)

You can manage cookie preferences through your browser settings. For more details, please see our Cookie Policy.

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the Personal Data Protection Commissioner within 72 hours as required by the PDPA Amendment Act 2024 (effective June 1, 2025). We will inform you of:

• The nature of the breach
• The data affected
• The potential consequences
• The measures taken to address the breach
• Recommended actions to protect yourself

Your personal data is primarily stored on servers located in Southeast Asia (Supabase infrastructure). Some third-party services may involve data transfers to other countries. We ensure that all cross-border transfers comply with PDPA requirements and that adequate safeguards are in place to protect your data.

As a spa exclusively for Muslimah women, we take additional measures to protect your privacy:

• All staff members are female and trained in Islamic privacy values
• Individual treatment rooms ensure complete privacy during sessions
• Respectful handling of personal and health information
• Consideration for modesty and cultural sensitivities in all interactions

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you a notification via email or WhatsApp if the changes are significant
• Obtaining fresh consent where required by law

If you have concerns about how we handle your personal data, please contact us first. We are committed to resolving any issues promptly and fairly.

If you are not satisfied with our response, you have the right to lodge a complaint with:

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: