General Privacy Principles
At CareLabPlan we collect and process personal information to provide tailored senior insurance planning services through our site CareLabPlan.club and direct advisory channels. We limit collection to data necessary for providing quotes, policy administration, communications, and regulatory compliance. We use technical and organizational measures to protect personal data and maintain access controls. If you contact us, we use your details to respond and follow up. We do not sell personal data to third parties. Our contact details and business identifiers are listed below for transparency and to support your rights to access, correction, or deletion where applicable.
Key Definitions
This section defines terms used in the policy so you can clearly understand the types of data we process and the purposes behind processing activities.
What Data We Collect
We collect data directly from you, automatically through your device, and from third-party sources when necessary. The types and extent vary by interaction: quote requests, consultations, or ongoing policy support.
Data You Provide
When you request a quote or engage our advisors, you may provide:
- Identity and contact details: name, email address, postal address, phone number.
- Insurance-related details: policy numbers, coverage history, insurer names.
- Health and medical information provided voluntarily to evaluate eligibility or recommend suitable cover.
- Business details relevant to premium calculations or payment arrangements.
- Documents you upload for assessment, such as identity documents or medical reports.
- Communications content when you contact support or our advisors, including messages and call records for quality and training.
Data Collected Automatically
When you visit CareLabPlan.club, some data is gathered automatically to support site functionality and analytics.
- Device and browser information (user agent, screen resolution).
- IP address and approximate location based on IP for security and localization.
- Usage analytics such as pages visited, time spent, and referral sources.
- Cookies and similar tracking identifiers used to remember preferences and session state.
- Crash and performance data to improve the website experience.
- Log files recording interactions with our services for security and troubleshooting.
Third-Party Data
We may receive data from partners and public sources to complete a request or verify information required to provide services.
- Insurers and intermediaries who provide policy and claims information.
- Data processors and service providers assisting with analytics and communications.
- Public registers and credit reference agencies for identity or eligibility checks.
Why We Use Personal Data
We use personal data for a limited set of purposes necessary to deliver and improve our services to you. Each purpose aligns with lawful grounds for processing.
- To provide senior insurance planning advice, quotes, and policy administration.
- To communicate with you about applications, renewals, and claims support.
- To verify identity and perform necessary checks with insurers and partners.
- To manage payments and billing where applicable.
- To maintain records and meet legal, tax, or regulatory obligations in Malaysia.
- To analyze and improve CareLabPlan.club user experience and service delivery.
- To respond to complaints, requests to exercise rights, or supervisory authority inquiries.
- To protect our systems and users by detecting and preventing fraud, abuse, and security incidents.
Legal Bases for Processing
We rely on appropriate lawful grounds when processing personal data. Where applicable, we reference consent, contractual necessity, legal obligations, and legitimate interests.
- Contractual necessity: processing needed to perform services you requested, such as producing a quote or handling a claim.
- Consent: where you explicitly agree to process sensitive personal data, such as health information, for assessment purposes.
- Legal obligation: compliance with Malaysian laws or regulatory requests requiring retention or disclosure of data.
- Legitimate interests: for fraud prevention, network and information security, and improving our services, balanced against your rights and expectations.
European Data Rights (Where Applicable)
For individuals located in the European Economic Area, Swiss residents, or where GDPR rights otherwise apply, the following outlines additional protections and rights available to you in relation to our processing.
- Right to access: you may request confirmation of whether we process your personal data and obtain a copy.
- Right to rectification: you may ask us to correct inaccurate or incomplete personal data.
- Right to erasure: in certain circumstances you may request deletion of personal data we hold about you.
- Right to restriction of processing: you may ask to limit how we use your data while a dispute is resolved.
- Right to data portability: where processing is based on consent or contract, you may request a machine-readable copy of your data.
- Right to object: you can object to processing based on legitimate interests; we will assess and respond in accordance with applicable law.
Cookies and Tracking
CareLabPlan.club uses cookies to provide core functionality, improve performance, and deliver analytics. Cookies do not store sensitive business details or protected health information unless you explicitly provide them within secure forms.
We use session cookies for navigation, persistent cookies for remembering preferences, and analytics cookies to collect aggregated usage data. Third-party cookies used by analytics providers may also be present.
Categories include: strictly necessary, performance and analytics, and functional cookies. Marketing cookies are not used by default unless you opt in during a promotional campaign.
You can manage cookie preferences through your browser settings or via the cookie preference tool on CareLabPlan.club. Blocking cookies may affect site functionality and ability to provide personalized features.
View detailed cookie settings
Who We Share Data With
We share personal data only with parties necessary to deliver the requested service and where permitted by law, under confidentiality safeguards.
- Insurance companies and underwriters involved in quoting or policy administration.
- Third-party service providers performing functions on our behalf (hosting, analytics, communications).
- Regulators, courts, or law enforcement where required by law or to defend legal rights.
- Professional advisers and auditors for compliance and operational oversight.
- Payment processors for billing and receipt management when applicable.
- Affiliated partners only if you have consented to shared offers or joint services.
International Transfers
Some service providers we engage may operate in jurisdictions outside Malaysia. Where personal data is transferred internationally, we implement contractual or other appropriate safeguards to protect your information consistent with applicable law.
Safeguards may include standard contractual clauses, data processing agreements, and access controls. We evaluate third-party security practices and require contractual commitments to protect personal data.
Data Retention
We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, to comply with legal obligations, resolve disputes, and enforce agreements.
Account and customer records are retained for a period aligned with regulatory requirements and business needs; typically this may be several years after the end of the client relationship to support potential claims or audits.
Communications and support correspondence are kept for a reasonable period to provide continuity of service and for record-keeping, subject to applicable legal retention rules.
System logs and security records are retained for diagnostic and security purposes, often for a fixed period unless an incident requires extended retention.
When data is no longer necessary, we securely delete or anonymize personal data. You may request deletion in line with your rights, recognizing some data must be retained for legal or contractual reasons.
Security Measures
CareLabPlan employs industry-standard technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. Measures include encryption of data in transit, access controls, secure hosting environments, regular security assessments, and staff training on data handling. While we strive to protect information, no system can be entirely immune to threats; we monitor and respond to incidents in accordance with legal obligations and best practices.
- Data encryption in transit and at rest using industry-standard protocols to protect personal and business information collected for senior insurance planning.
- Role-based access controls and regular staff training to ensure only authorized personnel at CareLabPlan can view sensitive client records.
- Regular backups, vulnerability scans and secure disposal procedures for physical and electronic records to minimize risk of data loss or unauthorized disclosure.
Your Rights
As a resident of Malaysia interacting with CareLabPlan, you have several rights regarding your personal data. Below are the practical steps you can take and the rights we respect when managing your information.
- Right to access: request a copy of the personal data we hold about you and receive a readable summary of how it is used.
- Right to correction: ask us to correct or update inaccurate or incomplete personal information related to your insurance planning.
- Right to restriction: request that we limit processing of your personal data while a dispute about accuracy or lawfulness is resolved.
- Right to portability: where technically feasible, request a machine-readable copy of data you provided to CareLabPlan for use with another provider.
- Right to object: object to direct marketing communications and certain types of profiling used for product recommendations.
- Right to withdraw consent: when processing is based on consent, you may withdraw consent for future processing without affecting past lawful processing.
- Right to erasure: request deletion of personal data when it is no longer necessary for the purposes it was collected, subject to statutory retention obligations.
- Right to lodge a complaint: if you believe your rights have been infringed, you may contact us or the relevant supervisory authority in Malaysia.
How to submit a rights request
To exercise any of the rights above, contact CareLabPlan using the details below. Include your full name, Business ID if applicable, a clear description of the request and a copy of an identity document to verify your identity. We will respond to verified requests to protect your privacy.
We aim to respond to verified requests promptly and typically within 30 calendar days. Complex requests may require additional time; if so we will inform you within the initial response period and provide a completion estimate.
Marketing communications and choices
CareLabPlan may send product updates, newsletters and offers relevant to senior insurance planning. Communications are tailored based on preferences and the services you have expressed interest in. We use lawful bases such as consent or legitimate interest for these communications.
You can opt out of promotional emails and SMS at any time via the unsubscribe link in messages or by contacting our support team. Opting out will not affect transactional messages related to active policies or consultations.
Children and personal data
Our services are focused on adults planning senior insurance solutions. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
Links to third-party websites
CareLabPlan may link to partner insurers, business tools and external resources. These third-party sites have their own privacy practices; we encourage you to review their policies before sharing personal data. We are not responsible for the practices or content of external sites.
Changes to this privacy policy
We review and may update our privacy policy to reflect changes in legal requirements or service offerings. Material changes will be posted on our site with the updated effective date. Continued use of CareLabPlan services after updates means you accept the revised policy.
Contact Information
For privacy inquiries, data requests or complaints contact: CareLabPlan, 2, Jalan Melati Square, Bandar Baru Nilai, 71800 Nilai, Negri Sembilan, Malaysia. Phone: +60128190252. Business ID: 564038503526. Email: [email protected]. Date of record: 07-03-2026.