Privacy Policy
Last updated: 11 June 2026
Mentari Yakin Sdn Bhd (Reg. No. 520648P), trading as PriooCare (“PriooCare”, “we”, “us”, “our”), is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how and why we use it, who we share it with, and the rights you have. It is written to comply with the Malaysian Personal Data Protection Act 2010 (PDPA) and, where applicable, the EU General Data Protection Regulation (GDPR).
This policy applies to https://prioocare.com and to any enquiry you send us through our website forms, WhatsApp, or email.
Data Controller: Mentari Yakin Sdn Bhd, 2.051 Block J, 129 Offices, Jaya One, 72a, Jalan Universiti, 46200 Petaling Jaya, Selangor, Malaysia. Email: care@prioocare.com.
1. Who We Are
PriooCare is a brand-owner and market-access partner serving the pharmacy and consumer-health sector in Malaysia. We are the data controller responsible for the personal data described in this policy. For any privacy question or request, contact us at care@prioocare.com.
2. Personal Data We Collect
We collect personal data that you provide directly and data generated automatically when you use our website:
- Information you give us — when you submit an enquiry form, message us on WhatsApp, or email us: your name, business/company name, email address, phone number, and the content of your message.
- Information collected automatically — IP address, browser and device information, pages visited, referring source, and analytics identifiers, collected via cookies and similar technologies (see Section 6).
- Communication records — your conversation history and the state of any enquiry you raise with us, retained to manage and follow up on your request.
We do not intentionally collect sensitive personal data (such as health, religious, or political data). Please do not send such information through our channels.
3. How and Why We Use Your Data (Data Flow & AI Processing)
We use automated systems to manage and respond to inquiries efficiently. Your data flows through the following operational pipeline:
- Workflow Automation: Inbound messages are routed via n8n automation workflows.
- Artificial Intelligence Processing: An AI model (Anthropic Claude) processes the text content of your message to analyse your inquiry, qualify commercial intent, and compose an automated response.
- Data Storage: Your conversation state, history, and contact details are securely stored in a Supabase (PostgreSQL) database.
- Communication Delivery: Automated replies are transmitted back to you through your chosen inbound channel via the Meta WhatsApp Business Cloud API, Google Gmail, or our web interface.
Purposes of Processing:
- To respond accurately and efficiently to your business inquiries.
- To qualify, manage, and track B2B (business-to-business) leads.
- To follow up regarding PriooCare’s services, updates, and commercial offerings.
Important Note: PriooCare does not sell your personal data to any third parties. Your data is utilised strictly for the business-development and operational purposes outlined above.
4. Lawful Basis for Processing & Consent
We process your personal data under the following lawful bases:
- Consent: By voluntarily messaging us via WhatsApp, email, or web forms, you consent to the collection and processing of your data as described herein. For the purposes of the Malaysia PDPA 2010, sending an inbound inquiry constitutes an explicit expression of consent to process your contact information for that inquiry.
- Legitimate Interests: Processing is necessary for our legitimate business interests in managing B2B leads, responding to commercial inquiries, and optimising our services using automation. Where we rely on legitimate interests, we balance those interests against your rights and freedoms.
You may withdraw your consent at any time (see Section 9). Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
5. Sharing & Third-Party Processors
We do not sell your personal data. We share it only with the service providers (“processors”) that operate our website and enquiry pipeline, each bound to process data on our instructions:
| Processor | Role | Location |
|---|---|---|
| n8n Cloud | Workflow orchestration of inbound enquiries | EU / USA |
| Anthropic (Claude) | AI analysis of enquiry text & drafting of replies | USA |
| Supabase (PostgreSQL) | Storage of conversation history & contact details | Cloud-hosted (outside Malaysia) |
| Meta Platforms (WhatsApp Business Cloud API) | Delivery of WhatsApp messages | USA / Ireland |
| Google (Gmail) | Delivery of email replies | USA |
| Google (Analytics / Tag Manager) | Website analytics | USA |
| HubSpot | CRM & enquiry forms | USA |
| LinkedIn (Insight Tag) | Advertising measurement | USA |
Some of these processors are located outside Malaysia (including the USA, the EU/Ireland, and other jurisdictions). Where we transfer your personal data abroad, we take reasonable steps to ensure it receives a level of protection comparable to that required under the PDPA and, where applicable, the GDPR. We may also disclose personal data where required by law, regulation, or a valid legal request, or to protect our rights.
6. Cookies & Tracking Technologies
Our website uses cookies and similar technologies for functionality, analytics, and marketing measurement:
| Technology | Purpose | Control |
|---|---|---|
| Google Analytics / Google Tag Manager | Understand site usage and traffic | Google Analytics opt-out / browser settings |
| HubSpot | Forms, contact management, visit tracking | Browser cookie controls |
| LinkedIn Insight Tag | Measure ad campaign performance | LinkedIn ad-settings opt-out |
| JoinChat / WhatsApp widget | Enable the WhatsApp chat button | Do not use the widget |
You can control or delete cookies through your browser settings. Blocking some cookies may affect how the website functions. We are improving our cookie controls and will introduce a consent banner that lets you accept or reject non-essential cookies before they load.
7. Data Retention
We keep personal data only as long as necessary for the purposes set out in this policy:
- Enquiry & conversation records: 24 months from your last contact, unless an ongoing business relationship requires longer.
- CRM contact details: retained until you ask us to delete them or withdraw consent.
- Analytics data: per each vendor’s standard retention period.
When data is no longer needed, we securely delete or anonymise it.
8. Security
We apply appropriate technical and organisational measures to protect your data, including HTTPS/TLS encryption in transit (with HSTS enforced), access controls on our systems, and the use of reputable processors that maintain their own security standards. No method of transmission over the internet is completely secure, but we work to protect your data against unauthorised access, loss, or misuse.
9. Your Rights
Subject to the PDPA and, where applicable, the GDPR, you have the right to:
- Access the personal data we hold about you.
- Correct or update inaccurate or incomplete data.
- Withdraw consent to processing at any time.
- Erasure — request deletion of your data where there is no overriding lawful reason to keep it.
- Restrict or object to processing, including processing for direct marketing.
- Data portability — receive your data in a portable format (GDPR).
- Human review of automated processing — because an AI model assists in analysing enquiries and drafting replies, you may request human review of any automated handling of your enquiry. The AI assists our team; it does not make final decisions about you without the option of human involvement.
To exercise any of these rights, email care@prioocare.com. We will respond within the timeframes required by applicable law.
10. Complaints
If you believe we have mishandled your personal data, please contact us first at care@prioocare.com so we can resolve the matter. You also have the right to lodge a complaint with a supervisory authority:
- Malaysia: the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi, JPDP), Ministry of Digital.
- European Union: your local Data Protection Authority.
11. Children’s Privacy
Our website and services are directed at businesses and are not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be posted on this page. Continued use of our website after changes take effect constitutes acceptance of the updated policy.
—
Contact: Mentari Yakin Sdn Bhd (PriooCare), 2.051 Block J, 129 Offices, Jaya One, 72a, Jalan Universiti, 46200 Petaling Jaya, Selangor, Malaysia — care@prioocare.com — +6017 396 7743.