Privacy Policy
1. Introduction
China Medical and Tourism connects international patients with hospitals in China and coordinates related travel services. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. Because we process health-related information, a sensitive category of data, we apply heightened safeguards throughout.
2. Information We Collect
Account information (name, email, phone), identity documents (passport details), health information (medical history, diagnostic reports, treatment records), payment billing details, in-platform communications, and travel details such as flight information and emergency contacts.
3. How We Use Your Information
To create and manage your account, match you with hospitals, prepare visa documentation, arrange hotel and transfer bookings, process payments, and communicate about your case. We never use health information for advertising or sell it to third parties.
4. Who We Share Information With
Your treating hospital/doctor, your assigned case manager, hotel and transport partners you book with, our payment processor, and immigration authorities as required for visa support. Partners are contractually bound to protect your data — we do not sell personal information.
5. International Data Transfers
Because our services connect patients across borders with hospitals in China, personal data may be transferred to and processed in China and other jurisdictions. Where required by applicable law, we use approved transfer mechanisms and only transfer the minimum data necessary.
6. Data Retention
Account and case data is retained for the duration of your relationship with the platform plus a defined period for legal and financial record-keeping. Identity and medical documents are retained only as long as necessary, then securely deleted.
7. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal information, and to withdraw consent at any time. Contact us to exercise these rights.
8. Security
We apply encryption in transit and at rest, role-based access control, and audit logging of document access. No system is completely secure; we will notify affected users of a data breach as required by law.