Privacy notice
How we handle your information.
This notice explains what personal data wellnessguidechina.com collects, how it is used, how long it is kept, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Personal Information Protection Law of the People's Republic of China (PIPL).
1. Who we are
The website is operated by Caroline Chen as an independent personal project under the trade name "Wellness Guide in China". For the purposes of applicable data-protection law, Caroline Chen is the data controller. Contact details are listed on the contact page.
2. Information we collect
We limit collection to what is needed to provide the service. The categories are:
- Contact and inquiry form: your name, email address, selected area of interest, and the short message you provide. Sensitive health information is never requested through this form.
- Service-specific documents: only after a separate consent process is signed do we receive or store medical records, passport copies, or payment details that may be needed for verification, appointment booking, or invoicing.
- Server logs: IP address, user agent, referrer, and approximate timestamp collected by our hosting provider (Cloudflare) for security, abuse prevention, and traffic analysis.
- Cookies and similar technologies: strictly necessary cookies set by the website and Cloudflare, plus analytics cookies that are only set after you click "Accept all" on the cookie banner.
3. Cookies and consent
The cookie banner at the bottom of the page is shown the first time you visit. It records your choice in a strictly necessary cookie so the banner does not reappear on every visit.
- Strictly necessary cookies are set without consent because the site cannot function without them (for example, to remember your privacy preference or to protect against bots).
- Analytics cookies are only set after you click "Accept all". They are used to understand which pages and topics are most useful. We do not use advertising trackers.
- You can withdraw consent at any time by clearing the preference cookie in your browser or by emailing the data controller.
4. How we use your data
- To respond to your inquiry and arrange a fit call.
- To research candidate wellness and healthcare pathways for you.
- To keep the website secure and prevent abuse.
- To comply with tax, accounting, and other legal obligations.
We do not sell your personal data. We do not share it with third parties except as described in section 5.
5. Third-party services
- Cloudflare Pages — hosting, edge delivery, DDoS protection, and limited request logs.
- Calendly scheduling and email booking request -- when you request a fit call, Calendly may process your name, email address, selected time, timezone, and any booking notes you provide. If you email us instead, your email provider and our email provider process your name, email address, and any message you provide.
- Analytics provider (optional) — only loaded after you accept cookies. Typically a privacy-respecting, IP-anonymised service such as Plausible or Cloudflare Web Analytics.
- Email and document handling — we use mainstream consumer-grade providers (such as a secure webmail and a paid file-sharing service) for service-specific documents, protected with strong passwords and shared only with the licensed clinicians or coordinators you have approved.
Some of these providers are located outside the European Economic Area or the People's Republic of China. Where required by GDPR or PIPL, we rely on appropriate safeguards (such as standard contractual clauses or a recognised adequacy mechanism) for the transfer of your data.
6. Sensitive information
Health-related information is treated as sensitive under both GDPR (special category data) and PIPL (sensitive personal information). We do not collect it through public forms. If a service engagement requires it, we will explain the legal basis, the storage period, and the access controls, and we will ask for your explicit consent before any data is transferred.
7. Your rights
Under GDPR you have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to lodge a complaint with a supervisory authority in your country of residence.
Under PIPL you have the right to know about and decide on the processing of your personal information, the right to access and copy it, the right to correct or supplement it, the right to delete it, the right to withdraw consent, and the right to request an explanation of the processing rules.
To exercise any of these rights, write to the data controller using the details on the contact page. We will respond within 30 days.
8. Retention
- Inquiry correspondence: up to 24 months after last contact.
- Service engagement records (plan, quotes, outcomes): 5 years from engagement close.
- Health documents: deleted within 90 days of engagement close, unless you ask us to keep them.
- Tax and accounting records: as required by applicable law (commonly 5–7 years).
- Server logs: typically 30 days, after which they are aggregated or deleted.
9. Children
This website is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided personal data, please contact us so we can delete it.
10. Cross-border data transfers
Visitors and clients are located in different jurisdictions. Where data is transferred from the EU/EEA or the PRC to a third country, we apply appropriate safeguards. Sensitive health data is, where possible, kept within the jurisdiction where it was collected.
11. Changes to this notice
We may update this notice to reflect operational, legal, or regulatory changes. The "last updated" date at the bottom of the page will always show when the most recent revision took effect.
12. Contact
For privacy questions or to exercise your rights, see the contact page.
Last updated: . This notice is a working draft and should be reviewed by qualified counsel before it is treated as legally binding.