Legal

Privacy Policy

Last updated: 2026-01-01

GDPR Compliant
HIPAA Aligned
China PIPL
TLS 1.3 / AES-256
⚠️
This document is a professional draft intended to provide WellMeet Medical Tourism Platform with a structurally complete and logically rigorous legal text foundation. It incorporates core requirements of GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and China's Personal Information Protection Law (PIPL).
Home Privacy Policy

Introduction

Welcome to WellMeet (禄见) ("we", "us", or "the Platform"). We understand that trust is the foundation of medical travel, and protecting your privacy is our highest priority. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information and sensitive health data when you visit wellmeet.com or use our medical coordination services.

We strictly comply with the following regulations:

  • EU General Data Protection Regulation (GDPR)
  • US Health Insurance Portability and Accountability Act (HIPAA)
  • China Personal Information Protection Law (PIPL)
  • Other applicable international and local data protection laws

By using our services, you indicate your acceptance of the practices described in this Policy.

Information We Collect

To provide safe and efficient medical travel services, we may collect the following categories of information:

2.1 Personal Identifiable Information (PII)

  • Basic Information: Full name, date of birth, gender, nationality, passport number.
  • Contact Details: Email address, phone number, home address, emergency contact information.
  • Payment Information: Credit/debit card details, billing address. Note: we do not directly store full card numbers; payments are processed by PCI-DSS compliant third-party processors.

2.2 Protected Health Information (PHI)

  • Medical Records: Medical history summary, diagnostic reports, prescriptions, allergy records.
  • Imaging Data: X-rays, CT/MRI scan images, pathology slide photographs.
  • Treatment Plans: Physician assessments, surgical plans, rehabilitation programmes.
  • Biometric Data: Collected only when necessary (e.g. facial recognition for hospital access), encrypted and handled with highest security.

2.3 Travel & Logistics Information

  • Itinerary Details: Flight information, hotel bookings, visa status, airport transfer requirements.
  • Preferences: Dietary requirements (Halal, vegetarian), language preferences, accommodation needs, accessibility requirements.

2.4 Automatically Collected Technical Data

  • Device Information: IP address, browser type, operating system, device ID.
  • Usage Data: Pages visited, click-through paths, time on site, search queries (used to optimise user experience).
  • Cookies & Tracking: Used to remember login state, language preferences, and analyse website traffic (see Section 10.8).

How We Use Your Information

We use your information only for the following lawful purposes:

  1. Core Service Delivery: Assessing your medical needs and matching you with the right doctor and hospital; scheduling appointments, surgeries and hospitalisation; coordinating travel logistics (visa invitation, flights, hotels, airport transfers); providing multilingual medical translation and accompaniment.
  2. Communication & Customer Support: Responding to enquiries, sending appointment confirmations, treatment updates, and itinerary change notifications; conducting post-care follow-up and health monitoring.
  3. Payment Processing: Processing service fees, medical deposits, and refunds.
  4. Security & Fraud Prevention: Verifying identity, preventing unauthorised transactions, and detecting misuse of services.
  5. Legal Compliance: Fulfilling legal obligations such as providing visa support documents to immigration authorities, or responding to lawful requests from law enforcement.
  6. Service Improvement (Anonymised): Analysing anonymised aggregate data to optimise processes, develop new features, and improve overall service quality.

Information Sharing and Disclosure

We never sell your personal information. We only share your information in the following necessary circumstances:

4.1 Medical Service Providers

  • Partner Hospitals & Doctors: For evaluation and treatment, we must share your health records with the selected Grade 3A hospital or JCI-accredited medical institution. All such institutions sign strict Business Associate Agreements (BAA).
  • Diagnostic Laboratories & Imaging Centres: If additional tests are required, data will be shared with the relevant institution.

4.2 Service Partners

  • Travel Service Providers: Airlines, hotels, visa agencies, ground transport companies (only sharing necessary itinerary and identity information).
  • Payment Processors: Stripe, PayPal, Alipay, etc. (only sharing information necessary for the transaction).
  • Insurance Companies: If you submit an insurance claim, we will assist in providing necessary medical certificates to your insurer (with your authorisation).

4.3 Legal & Safety Requirements

  • When required by law, court order, or government regulatory authority.
  • To protect the rights, property, or safety of WellMeet, users, or the public.

4.4 Business Transfers

If WellMeet participates in a merger, acquisition, or asset sale, your information may be transferred as part of the transferred assets. We will ensure the receiving party continues to comply with this Privacy Policy.

International Data Transfers

WellMeet is a global company. Your data may be transferred to locations outside your country or region (primarily to China, and to locations where our servers are hosted).

  • Safeguards for EU/UK to China transfers: We use Standard Contractual Clauses (SCCs) and other legally recognised mechanisms to ensure the level of data protection is not lower than in the country of origin.
  • China Compliance: All data processed within China strictly complies with PIPL, is stored on encrypted servers located in China, and has passed the security assessment of the Cyberspace Administration of China (CAC).

Data Security

We employ industry-leading technical and organisational measures to protect your data:

  • Encryption: All data in transit uses TLS 1.3 encryption; data at rest (including databases and file storage) uses AES-256 encryption.
  • Access Control: Strict role-based access control (RBAC) is implemented, so only authorised employees who need access to specific data for their work can access it. Multi-factor authentication (MFA) is enabled.
  • Physical Security: Servers are hosted in ISO 27001 certified data centres.
  • Regular Audits: Quarterly penetration testing and security audits; annual third-party compliance assessments.
  • Employee Training: All employees must complete annual data protection and HIPAA/GDPR compliance training.

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right of Access: Request a copy of the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete information.
  • Right to Erasure (Right to Be Forgotten): Request deletion of your personal information under certain conditions (except where legally required retention applies — e.g. medical records are typically retained for 15–30 years).
  • Right to Restrict Processing: Request that we limit the processing of your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to Object: Object to certain processing activities based on legitimate interests.
  • Right to Withdraw Consent: Withdraw your consent to data processing at any time (without affecting the lawfulness of processing prior to withdrawal).

To exercise your rights, send an email to privacy@wellmeet.com or submit a request via the website contact form. We will respond within 30 days (GDPR requires one month; this may be extended in exceptional circumstances).

Cookies and Tracking Technologies

We use cookies to enhance the experience and analyse traffic. Types used:

  • Essential Cookies: Necessary for site operation (e.g. login sessions).
  • Functional Cookies: Remember your preferences (e.g. language).
  • Analytics Cookies: Help us understand user behaviour (e.g. Google Analytics — anonymised).
  • Marketing Cookies: Used to display relevant advertising (requires your explicit consent).

You can manage or disable cookies in your browser settings, though this may affect some website functionality.

Children's Privacy

Our services are not directed at children under 16 (EU) or 13 (US). If we discover we have inadvertently collected children's data, it will be deleted immediately. Medical data for minors must be submitted and managed by a parent or legal guardian.

Data Retention

  • Medical Records: Surgical and treatment records are retained for at least 15–30 years under Chinese and international medical regulations.
  • Account Information: Retained for 5 years after account deletion to address potential legal disputes.
  • Transaction Records: Retained for 7–10 years under financial regulations.
  • Marketing Data: Until you opt out or delete your account.

Changes to This Policy

We may update this Policy from time to time. Significant changes will be posted on the website and registered users will be notified by email. Continued use of our services after changes are posted constitutes acceptance of the revised Policy.

Contact Us

For any privacy queries, complaints, or rights requests, please contact our Data Protection Officer (DPO):

  • Email: privacy@wellmeet.com
  • Address: WellMeet Legal Department, Nanshan District, Shenzhen, China
  • Phone: +86-10-XXXX-XXXX

If you believe our processing of your data violates applicable law, you have the right to lodge a complaint with your national supervisory authority (e.g. EU: EDPS, USA: HHS OCR, China: CAC).

Back to top
WhatsApp