Skip links
Haskart

Privacy Policy

Ensuring Trust Through Privacy and Protection

HASKART PRIVACY POLICY

v1.1 — Updated December 2025

Haskart is a Lifestyle and wellness platform that enables users to:

  • Discover scenic locations and merchants through Pitstop+
  • Book virtual non‑clinical wellness sessions
  • Book in‑person 1‑to‑1 services offered by participating wellness centres
  • Interact with contributors and merchants
  • Share user‑generated content

Haskart does not provide medical or clinical services. All wellness sessions are non‑clinical, and all in‑person services are delivered by independent wellness centres.

We are committed to protecting your personal data in accordance with the Malaysian Personal Data Protection Act 2010 (“PDPA”) and the Personal Data Protection (Amendment) Act 2024. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Haskart platform.

By accessing or using Haskart, you consent to the practices described in this Privacy Policy.

1. Data Collection

1.1 Types of Data Collected

Haskart collects only the data necessary to operate and improve the platform:

Identity Data

  • Name
  • NRIC/Passport (where required)
  • Date of birth
  • Gender
  • Profile photo

Contact Information

  • Email address
  • Phone number
  • Address

Booking/Appointment Data

  • Virtual session Booking/Appointments
  • In‑person service Booking/Appointments
  • Selected contributors or wellness centres
  • Session preferences

Location Data

  • Check‑ins
  • GPS (only when you grant permission)
  • Merchant visits

Behavioural Data

  • Likes, shares, flags on Pitstop+
  • Browsing patterns
  • Search history

Technical Data

  • Device identifiers
  • IP address
  • Browser type
  • Login logs

Transaction Data

  • Payments for Booking/Appointments
  • Settlement records

User‑Generated Content

  • Posts
  • Images
  • Videos
  • Audio uploads
  • Comments

We do NOT collect:

  • Medical records
  • Clinical diagnoses
  • Prescriptions
  • Regulated health data
  • Wallet balances or cashback data
  • Telemedicine data
1.2 How Data Is Collected

We collect data:

  • When you register
  • When you update your profile
  • When you book virtual or in‑person sessions
  • When you interact with Pitstop+
  • When you upload content
  • When you make payments
  • When required by law
1.3 Data Minimization

We only collect what is necessary for:

  • Account creation
  • Booking/Appointment and payment processing
  • Platform safety
  • Feature functionality
  • Legal compliance

2. Consent

2.1 How Consent Is Obtained

You provide consent when you:

  • Register for an account
  • Accept our privacy notices
  • Book a session
  • Enable device permissions (camera, microphone, location)
  • Upload content

No sensitive medical data is collected.

2.2 Withdrawal of Consent

You may withdraw consent at any time.
Some features may become unavailable if consent is withdrawn.

3. How We Use Your Data

Your data is used for:

  • Managing your account
  • Processing virtual and in‑person Booking/Appointments
  • Sending confirmations and updates
  • Connecting you with contributors and wellness centres
  • Processing payments
  • Improving platform performance
  • Ensuring safety and compliance

We do not use your data for unrelated purposes without fresh consent.

4. Data Disclosure

We may share your data with:

Wellness Contributors & Centres

To fulfil your Booking/Appointments.

Payment Processors

To process secure payments.

Technical Service Providers

For hosting, analytics, and support.

Regulatory Authorities

When required by Malaysian law.

We do not share data with medical providers or telemedicine partners.

All third parties must comply with PDPA standards.

5. Data Retention

We retain data only as long as necessary for:

  • Service delivery
  • Legal compliance
  • Dispute resolution

When no longer needed, data is securely deleted or anonymized.

You may request deletion of your data at any time (subject to legal requirements).

6. Data Security

We protect your data using:

  • Encryption (in transit and at rest)
  • Role‑based access control
  • Multi‑factor authentication for admin access
  • Secure development practices
  • Continuous monitoring
  • Incident response procedures

7. Your Rights

Under PDPA, you may request:

  • Access to your data
  • Correction of inaccurate data
  • Deletion (where legally permitted)
  • Withdrawal of consent
  • Objection to certain processing
  • Data portability (where feasible)

Requests are processed within PDPA timelines.

8. Third‑Party Integrations

Haskart integrates with:

  • Payment gateways
  • Wellness centre Booking/Appointment systems
  • Technical service providers

All integrations require PDPA‑compliant agreements.

No telemedicine or clinical integrations exist.

9. Cross‑Border Data Transfers

Cross‑border transfers occur only when:

  • Required for technical hosting
  • Adequate protection is ensured
  • User consent is obtained
  • A Transfer Impact Assessment is completed

10. Data Breach Notification

If a breach occurs that may cause harm:

  • The PDPA Commissioner will be notified within 72 hours (if required)
  • Affected users will be notified within 7 days
  • Remediation steps will be taken immediately

This is required under the PDPA Amendment Act 2024.

11. Contact Information

Haskart Admin
Email: admin@haskart.com
Phone: 603‑3319 1445
Address: No 62‑2, Lorong Batu Nilam 4B, Bandar Bukit Tinggi, Klang, Selangor