Privacy Policy

This Privacy Policy describes how Nxwlto ("we," "us," or "our") collects, uses, and shares your personal information when you visit our website, use our services, or otherwise interact with us. This policy is designed to comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable privacy laws.

By using our services, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring that your personal information is handled responsibly.

1. Information We Collect

We collect various types of information to provide and improve our services to you:

1.1. Personal Information

Information that can be used to identify you directly, including:

  • Name, email address, phone number, and mailing address
  • Date of birth and gender
  • Payment information (processed securely through our payment processors)
  • Health and fitness information relevant to our services
  • Emergency contact information
  • Photos or videos (with your consent) for progress tracking or service delivery

1.2. Usage Data

Information collected automatically when you use our website:

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent on those pages
  • Date and time of your visit
  • Referring website or source
  • Other diagnostic data

1.3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website. See our Cookie Policy for more information.

2. How We Use Your Information

We use the collected information for various purposes, including:

  • To provide and maintain our services
  • To personalize your experience and tailor fitness and wellness programs to your needs
  • To communicate with you about appointments, services, and updates
  • To process payments and manage your account
  • To monitor and assess your progress toward fitness and wellness goals
  • To improve our website, services, marketing, and customer relationships
  • To comply with legal obligations
  • To protect against fraud and unauthorized transactions
  • To respond to your inquiries, comments, or concerns

3. Legal Basis for Processing

We process your personal information based on one or more of the following legal grounds:

  • Consent: You have given us permission to process your personal information for specific purposes.
  • Contract Performance: Processing is necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these interests do not override your rights and freedoms.
  • Legal Compliance: Processing is necessary to comply with applicable laws and regulations.

4. Information Sharing and Disclosure

We may share your personal information in the following circumstances:

  • Service Providers: We share information with trusted third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service. These providers are contractually obligated to protect your information and can only use it for specified purposes.
  • Professional Partners: With your consent, we may share relevant health and fitness information with healthcare professionals or other wellness practitioners involved in your care.
  • Corporate Clients: For corporate wellness programs, we may share aggregated, anonymized data with your employer about program participation and outcomes. Individual data is only shared with explicit consent.
  • Legal Requirements: We may disclose information when required by law, court order, or other governmental authority, or to protect our rights, property, or safety, or that of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as a business asset. We will notify you of any change in ownership or uses of your personal information.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.

5. International Data Transfers

Your information may be transferred to and processed in countries other than the one in which you reside. These countries may have data protection laws that differ from your country. When we transfer your information to other countries, we implement appropriate safeguards to ensure your information receives adequate protection, including:

  • Using standard contractual clauses approved by relevant regulatory authorities
  • Ensuring third-party service providers adhere to privacy principles and frameworks
  • Obtaining your consent for specific transfers where required by law

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The duration of our ongoing relationship with you
  • Legal obligations to retain data for certain periods
  • Statute of limitations under applicable laws
  • Ongoing or potential disputes or legal claims
  • Guidelines from relevant regulatory authorities

When personal information is no longer needed, we securely delete or anonymize it.

7. Your Rights and Choices

Depending on your location, you may have various rights regarding your personal information, including:

  • Access: You can request copies of your personal information that we hold.
  • Correction: You can ask us to correct inaccurate or incomplete information.
  • Deletion: You can ask us to delete your personal information in certain circumstances.
  • Restriction: You can ask us to restrict the processing of your information in certain circumstances.
  • Data Portability: You can ask us to transfer your information to another organization or directly to you.
  • Objection: You can object to our processing of your information based on our legitimate interests.
  • Withdraw Consent: If we rely on your consent to process your information, you can withdraw that consent at any time.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframe required by applicable law.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of sensitive data
  • Regular security assessments and testing
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Physical security measures for our facilities

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will take steps to remove that information from our systems.

10. Third-Party Links and Services

Our website may contain links to third-party websites, services, or content that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services. We encourage you to review the privacy policies of these third-party sites before providing any personal information.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide more prominent notice, such as email notification. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Nxwlto
Level 7, Menara Arina Uniti
Jalan Raja Muda Abdul Aziz
50300 Kuala Lumpur, Malaysia
Phone: +60327796100
Email: [email protected]

We will respond to your inquiry as soon as possible and within the timeframe required by applicable law.

Last Updated: January 30, 2026