Skip links
Haskart

Privacy Policy

Ensuring Trust Through Privacy and Protection

HASKART PRIVACY POLICY

v1.1 — Updated April 2026

Haskart is a Lifestyle and wellness platform that enables users to:

  • Discover scenic locations and merchants through Pitstop+
  • Book virtual and in-person wellness sessions, including yoga, massage, nutrition guidance, and clinical consultations delivered by independent providers
  • Interact with contributors and service providers
  • Share user-generated content.

Haskart itself does not provide medical services. All clinical consultations are delivered by independent, verified service providers. We are committed to protecting your personal data in accordance with the Malaysian Personal Data Protection Act 2010 (“PDPA”) and the Personal Data Protection (Amendment) Act 2024. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Haskart platform. By accessing or using Haskart, you consent to the practices described in this Privacy Policy.

1. Data Collection

1.1 Types of Data Collected

Haskart collects only the data necessary to operate and improve the platform:

Identity Data

  • Name
  • NRIC/Passport (where required)
  • Date of birth
  • Gender
  • Profile photo

Contact Information

  • Email address
  • Phone number
  • Address

Booking/Appointment Data

  • Virtual session Booking/Appointments
  • In‑person service Booking/Appointments
  • Selected contributors or wellness centres
  • Session preferences

Location Data

  • Check‑ins
  • GPS (only when you grant permission)
  • Merchant visits

Behavioural Data

  • Likes, shares, flags on Pitstop+
  • Browsing patterns
  • Search history

Technical Data

  • Device identifiers
  • IP address
  • Browser type
  • Login logs

Transaction Data

  • Payments for Booking/Appointments
  • Settlement records

User‑Generated Content

  • Posts
  • Images
  • Videos
  • Audio uploads
  • Comments

We do NOT collect:

  • Full Medical records
  • Regulated health data beyond what is necessary for booking and compliance

For clinical consultations, limited data such as consultation booking details, provider information, and session notes may be processed to ensure service delivery and compliance.

1.2 How Data Is Collected

We collect data:

  • When you register
  • When you update your profile
  • When you book virtual or in‑person sessions
  • When you interact with Pitstop+
  • When you upload content
  • When you make payments
  • When required by law
1.3 Data Minimization

We only collect what is necessary for:

  • Account creation
  • Booking/Appointment and payment processing
  • Platform safety
  • Feature functionality
  • Legal compliance

2. Consent

2.1 How Consent Is Obtained

You provide consent when you:

  • Register for an account
  • Accept our privacy notices
  • Book a session
  • Enable device permissions (camera, microphone, location)
  • Upload content

For clinical consultations, you consent to the processing of limited consultationrelated data necessary for service delivery..

2.2 Withdrawal of Consent

You may withdraw consent at any time.
Some features may become unavailable if consent is withdrawn.

3. How We Use Your Data

Your data is used for:

  • Managing your account
  • Processing virtual and in‑person Booking/Appointments
  • Sending confirmations and updates
  • Connecting you with contributors and wellness centres
  • Processing payments
  • Improving platform performance
  • Ensuring safety and compliance

We do not use your data for unrelated purposes without fresh consent.

4. Data Disclosure

Wellness Contributors & Centres
• Verified Clinical Service Providers (for clinical consultations)
• Payment Processors
• Technical Service Providers (including Zoom or equivalent teleconsultation platforms)
• Regulatory Authorities (when required by Malaysian law)
All third parties must comply with PDPA standards.

5. Data Retention

We retain data only as long as necessary for:

  • Service delivery
  • Legal compliance
  • Dispute resolution

When no longer needed, data is securely deleted or anonymized.

You may request deletion of your data at any time (subject to legal requirements).

6. Data Security

We protect your data using:

  • Encryption (in transit and at rest)
  • Role‑based access control
  • Multi‑factor authentication for admin access
  • Secure development practices
  • Continuous monitoring
  • Incident response procedures

7. Your Rights

Under PDPA, you may request:

  • Access to your data
  • Correction of inaccurate data
  • Deletion (where legally permitted)
  • Withdrawal of consent
  • Objection to certain processing
  • Data portability (where feasible)

Requests are processed within PDPA timelines.

8. Third‑Party Integrations

Haskart integrates with:

  • Payment gateways
  • Wellness centre Booking/Appointment systems
  • Technical service providers
  • Teleconsultation platforms (e.g., Zoom) for secure clinical consultations

All integrations require PDPA‑compliant agreements.

9. Cross‑Border Data Transfers

Cross‑border transfers occur only when:

  • Required for technical hosting
  • Adequate protection is ensured
  • User consent is obtained
  • A Transfer Impact Assessment is completed

10. Data Breach Notification

If a breach occurs that may cause harm:

  • The PDPA Commissioner will be notified within 72 hours (if required)
  • Affected users will be notified within 7 days
  • Remediation steps will be taken immediately

This is required under the PDPA Amendment Act 2024.

11. Contact Information

Haskart Admin
Email: admin@haskart.com
Address: No 62‑2, Lorong Batu Nilam 4B, Bandar Bukit Tinggi, Klang, Selangor