Last Updated: Jan 2026

3C Chinese Medical Clinic (“Clinic”, “we”, “us”) respects your privacy. This Policy explains how we collect, use, disclose, retain, and protect personal data (including health-related data), and outlines your rights and choices.

We handle personal data in line with applicable privacy law principles (e.g., Hong Kong PDPO data protection principles).

If you are in Taiwan, medical/health information is generally treated as sensitive personal data and is subject to stricter handling conditions.

1. Data we collect

Depending on the services/channels used, we may collect:

Identity & Contact: name, phone, email, address, gender, age/DOB (if applicable).

Appointment & Service: bookings, visit arrangements, communications (WhatsApp/email/forms).

Health/Medical-related (Sensitive): symptoms, history, constitution descriptions, medications/allergies, test results, treatment records, documents you provide.

Payment/Transaction (if applicable): payment status and references (typically processed by payment providers).

Technical/Usage: IP address, device/browser info, cookies, and usage logs for security and analytics.

2. How we collect data

Directly from you: online forms, phone, WhatsApp, email, in-clinic forms.

Automatically: via cookies/analytics for basic usage and technical data.

From third parties (if applicable): referrals or booking platforms you authorize.

3. Purposes of use (conceptual legal basis)

We use data to:

deliver and manage clinical services, appointments, follow-ups, and records;

communicate with you (confirmations, reminders, important notices);

billing/refunds (if applicable), accounting and audit;

improve quality, training, and operations;

protect website security and prevent fraud/abuse;

comply with lawful regulatory or law enforcement requests.

For sensitive health data, we apply heightened protection (e.g., stricter access controls, encryption, least-privilege access).

4. Disclosures

We do not sell your personal data. We may disclose to:

Service providers/processors: IT hosting, website maintenance, cloud systems, booking/CRM, communications tools, analytics (limited to what is necessary);

Professional advisers: accountants and lawyers under confidentiality;

Regulators/law enforcement: where legally required;

Other parties: only with your explicit consent or instruction (e.g., referrals).

5. Cross-border transfers (if applicable)

If data is stored/processed outside your location (e.g., cloud servers), we take reasonable steps to ensure appropriate safeguards (contracts, access controls, encryption).

6. Retention

We retain data only as long as needed for the purposes collected and/or as required by law and professional obligations, then securely delete or anonymize.

7. Security

We use reasonable technical and organizational measures, such as:

role-based access and least privilege;

encryption in transit/at rest (as applicable);

logging and monitoring;

contractual confidentiality and security requirements for vendors;

staff confidentiality and training.

8. Your rights

Subject to applicable law, you may request access, correction, copies (where applicable), and withdraw consent where processing relies on consent (withdrawal does not affect prior lawful processing). Under Hong Kong PDPO, data subjects generally have access/correction rights.

9. Direct marketing (if applicable)

If we use your contact details for promotions (talks, offers), we will obtain consent/provide opt-out as required. You can opt out anytime by emailing 【Insert】.

10. Children

If you are a minor, please provide data or use services with parental/guardian consent. We do not knowingly collect unnecessary data from minors without consent.

11. Third-party sites

Our Policy does not apply to third-party websites linked from our site. Please review their privacy policies.