Personal Data Protection Notice,
Privacy Policy & Consent Form

Bayu Wellness Venture Sdn. Bhd.

Spa & Wellness

1. Collection & Use of Personal Data

In compliance with the Personal Data Protection Act 2010 (PDPA), we collect and process your personal data for the following purposes:

  • Appointment booking and spa treatment management
  • Customer identification and verification
  • Health and safety assessment
  • Communication regarding appointments, promotions, and updates
  • Service improvement and quality control
  • Legal and regulatory compliance

Types of personal data collected may include:

  • Full name, contact details, date of birth
  • Identification number (IC / Passport)
  • Health information (medical conditions, allergies, contraindications)

2. Spa Treatment Consent & Health Declaration

By receiving treatment at our spa, you confirm the following:

You have disclosed all relevant medical conditions, allergies, and health concerns
You understand that certain treatments (massage, facial, etc.) may not be suitable for individuals with specific conditions
You agree to inform our therapists of any discomfort during the treatment
You accept that the spa is not liable for any adverse effects resulting from undisclosed conditions

You acknowledge that the following contraindications may apply:

Pregnancy Skin conditions, infections, or open wounds Cardiovascular conditions Recent surgery or injuries Allergies to products or essential oils

3. Consent

By signing this form, you:

Consent to the processing of your personal data
Consent to receive spa treatments
Agree to be contacted for appointments and updates via phone, WhatsApp, SMS, or email

4. Disclosure of Data

We will not disclose your personal data to third parties except:

  • As required by law
  • With your explicit consent
  • For operational purposes (e.g., booking systems, payment processors)

5. Privacy Policy

We are committed to safeguarding your personal data. All data is stored securely and handled in accordance with PDPA. We implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, or misuse of your personal data.

6. Data Protection Officer (DPO)

For any inquiries, requests, or complaints regarding your personal data, please contact our Data Protection Officer:

7. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of your data
  • Withdraw consent at any time
  • Request deletion of your data (subject to legal obligations)