Privacy Policy
Last updated: 20 April 2026
1. Who We Are (Data Controller)
MedinChina (“we”, “us”, “our”) is the data controller responsible for your personal data.
Contact: concierge@medinchina.net
This policy applies to all personal data collected through medinchina.net and our coordination services.
2. Personal Data We Collect
We collect the following categories of personal data:
- Identity data: name
- Contact data: email address, phone/WhatsApp number, country of residence
- Service data: treatment interests, travel dates, appointment details
- Health data (special category): medical history or conditions you voluntarily share to receive a treatment quote — collected only with your explicit consent
- Transaction data: deposit and payment records
- Technical data: IP address, browser type, pages visited (via cookies — see Section 10)
Note on health data:Health information is a “special category” under GDPR Article 9. We only process it where you have given explicit consent and where it is necessary to provide the service you requested.
3. Lawful Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6 (and Article 9 for health data):
| Purpose | Lawful Basis |
|---|---|
| Provide appointment coordination and concierge service | Performance of a contract (Art. 6(1)(b)) |
| Process health data to build your treatment plan | Explicit consent (Art. 9(2)(a)) |
| Send quotes, updates, and service communications | Performance of a contract (Art. 6(1)(b)) |
| Send marketing and promotional messages | Consent (Art. 6(1)(a)) |
| Fraud prevention, legal compliance, dispute resolution | Legal obligation (Art. 6(1)(c)) / Legitimate interests (Art. 6(1)(f)) |
| Improve website and service performance | Legitimate interests (Art. 6(1)(f)) |
4. How We Share Your Data
We share personal data only with:
- Partner clinics in China — to arrange your appointments (see Section 5 on international transfers)
- Stripe — for payment processing (their privacy policy governs their use of your payment data)
- Twilio — for WhatsApp and SMS communications
- SendGrid — for transactional email delivery
We do not sell, rent, or trade your personal data. All third-party processors are bound by data processing agreements.
5. International Data Transfers
To deliver our services, your personal data (including health data) is shared with partner clinics located in China, which is outside the UK/EEA and does not have an EU adequacy decision.
We rely on the following safeguards for such transfers:
- Your explicit consent to the transfer, given when you submit an enquiry or booking
- Standard Contractual Clauses (SCCs) with clinic partners where applicable
- The transfer is necessary for the performance of the contract between you and MedinChina (Art. 49(1)(b))
By using our services, you acknowledge that your data will be transferred to China for the purposes of arranging your healthcare.
6. Data Retention
We retain your personal data for the following periods:
- Enquiry / lead data: 2 years from last contact, unless you request earlier deletion
- Booking and transaction records: 7 years to meet financial and legal obligations
- Health data: Deleted within 90 days after your treatment is complete, unless you consent to longer retention for follow-up care
- Marketing consent records: Until you withdraw consent
After the applicable retention period, data is securely deleted or anonymised.
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Ask us to correct inaccurate or incomplete data.
- Right to erasure / “right to be forgotten” (Art. 17): Request deletion of your data where there is no legitimate reason for us to keep it.
- Right to restriction of processing (Art. 18): Ask us to pause processing of your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format and transfer it to another controller.
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Rights related to automated decision-making (Art. 22): We do not use automated decision-making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, email us at concierge@medinchina.net. We will respond within 30 days. We may need to verify your identity before fulfilling your request.
8. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority:
- UK: Information Commissioner’s Office (ICO) — ico.org.uk
- EU: The data protection authority in your country of residence
We would appreciate the opportunity to address your concerns before you contact the regulator — please reach out to us first.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, or destruction. These include encrypted data transmission (HTTPS), access controls, and regular security reviews.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you without undue delay where required.
10. Cookies
Our website uses cookies to improve your experience. We use:
- Essential cookies: Required for the website to function (no consent needed)
- Analytics cookies: Used to understand how visitors use our site — only with your consent
You can manage or withdraw cookie consent at any time through your browser settings.
11. Children’s Data
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us immediately.
12. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or a prominent notice on our website. The date at the top of this page reflects the most recent revision.
13. Contact Us
For any privacy-related questions or to exercise your rights:
Email: concierge@medinchina.net
We aim to respond to all data subject requests within 30 days.