1
Introduction
Chase Health, operated by Songyuan Zhukang Network Technology Co., Ltd., is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website at chasehealth.hair or engage with our computer systems design and related services.
We have designed our privacy practices to align with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable and the California Consumer Privacy Act (CCPA). By using our website or services, you acknowledge that you have read and understood the practices described in this policy. If you do not agree with any part of this policy, please discontinue use of our website and services.
This policy applies to all information collected through our website, email communications, service engagements, and any other interaction where you provide personal data to Chase Health or Songyuan Zhukang Network Technology Co., Ltd. We encourage you to review this policy periodically, as we may update it to reflect changes in our practices or legal obligations.
2
Information We Collect
We collect several categories of information to provide and improve our services. The types of data we gather depend on how you interact with us and which services you use.
Personal Data. When you contact us through our website form, send us an email, or engage our services, we may collect identifiers such as your full name, email address, phone number, company name, job title, and any other information you choose to provide in your message. We collect only the personal data that is reasonably necessary for the purpose of our interaction.
Technical Data. When you visit our website, our servers automatically record certain technical information. This includes your Internet Protocol (IP) address, browser type and version, operating system, device type, referring URLs, and the date and time of your visit. This data is collected through server logs and is used for operational purposes such as diagnosing technical issues and preventing abuse.
Usage Data. We collect information about how you navigate and interact with our website, including pages visited, time spent on each page, links clicked, and scroll depth. This data helps us understand how visitors use our site and informs improvements to our content and user experience. Usage data is aggregated and anonymized wherever possible.
Communication Data. If you correspond with us by email or through our contact form, we retain the content of your messages and our responses. This includes any attachments, metadata, and the date and time of each communication.
3
How We Use Information
We use the information we collect for legitimate business purposes that support the delivery and improvement of our services. We do not sell your personal data to third parties, and we do not use your information for purposes incompatible with those described in this policy.
Service Delivery. We use your personal data to respond to your inquiries, provide consulting and systems design services you have requested, manage client relationships, and fulfill our contractual obligations. This includes processing contact form submissions, scheduling consultations, and delivering project deliverables.
Business Operations. We process technical and usage data to operate, maintain, and improve our website and infrastructure. This includes monitoring system performance, diagnosing technical issues, analyzing usage trends, and enhancing the security and reliability of our digital platforms.
Communications. With your consent where required by law, we may use your contact information to send you relevant updates about our services, industry insights, or administrative messages related to your account or ongoing engagements. You may opt out of marketing communications at any time by contacting us at hello@chasehealth.hair.
Legal Compliance. We may process your data as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. This includes maintaining records required by tax, corporate, and data protection regulations in the jurisdictions where we operate.
4
Legal Basis for Processing
For individuals located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions that require a specified lawful basis for processing personal data, we rely on the following legal grounds under Article 6 of the GDPR:
Consent. Where you have given clear and unambiguous consent for us to process your personal data for a specific purpose, such as receiving marketing communications or accepting non-essential cookies on our website. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Contractual Necessity. Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract. This applies when you engage us for systems design, integration, consulting, or managed services.
Legitimate Interests. Where processing is necessary for our legitimate business interests or those of a third party, provided your fundamental rights and freedoms do not override those interests. Our legitimate interests include operating and improving our website, responding to inquiries, protecting our systems against fraud and abuse, and conducting business analytics in support of service quality.
Legal Obligation. Where processing is necessary for compliance with a legal obligation to which we are subject, such as tax record-keeping requirements, regulatory reporting, or responding to valid legal requests from competent authorities.
5
Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your information only in the limited circumstances described below, and we require all third parties to respect the security of your data and to treat it in accordance with applicable law.
Service Providers. We may engage trusted third-party companies and individuals to facilitate our website and services, such as hosting providers, analytics services, email delivery platforms, and IT infrastructure partners. These providers have access to your personal data only to perform specific tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose.
Legal Requirements. We may disclose your information if required to do so by law or in response to valid requests by public authorities, including courts, regulatory agencies, and law enforcement. We will make reasonable efforts to notify you of such disclosure unless prohibited by law or where urgent circumstances require immediate action.
Business Transfers. In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, your personal data may be among the assets transferred. We will provide notice on our website and, where feasible, direct communication to affected individuals before personal data is transferred or becomes subject to a different privacy policy.
With Your Consent. We may share your information for any other purpose with your explicit consent, which you may withdraw at any time.
6
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from. A cookie is a small text file that is stored on your device when you visit a website. Cookies may be session-based, expiring when you close your browser, or persistent, remaining on your device for a set period or until you delete them.
Essential Cookies. These cookies are necessary for the core functionality of our website. They enable basic features such as page navigation, form submission, and security measures. Our website cannot function properly without these cookies, and they do not require your consent under most data protection frameworks.
Analytics Cookies. We use analytics cookies to collect information about how visitors interact with our website. This data helps us measure performance, identify popular content, and detect usability issues. We use aggregated and anonymized analytics wherever possible to minimize the collection of personally identifiable information through these tools.
Controlling Cookies. Most web browsers allow you to control cookie behavior through their settings. You can configure your browser to block all cookies, delete existing cookies, or alert you when a cookie is being set. Please note that disabling essential cookies may affect the functionality of our website. For more detailed information about managing cookies, consult the help documentation for your specific browser.
7
Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention periods are determined by the nature of the data, the purpose of collection, and our legal obligations.
Contact and Inquiry Data. Information submitted through our contact form or direct email correspondence is retained for the duration of our business relationship and for a reasonable period thereafter to maintain a record of our interactions and to address any follow-up inquiries. If a business relationship does not materialize, we typically delete inquiry data within twenty-four months of the last communication.
Technical and Usage Data. Server logs and analytics data are retained in identifiable form for a maximum of twenty-six months. After this period, data is either deleted or irreversibly anonymized for long-term trend analysis and business planning.
Client Engagement Records. Data related to active and former client engagements, including project documentation, communications, and deliverables, is retained in accordance with contractual obligations and applicable statutes of limitation. Financial and tax-related records are retained for the period required by Chinese law and any other relevant jurisdictions.
When personal data is no longer needed, we securely delete or anonymize it using industry-standard methods. You may request earlier deletion of your data where permitted by law, as described in the Your Rights section below.
8
Security Measures
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Our security framework is designed to provide a level of protection commensurate with the sensitivity of the data we handle and the evolving threat landscape.
Encryption. We use Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Data at rest is encrypted using industry-standard algorithms. All communication channels used for client engagements are secured with end-to-end encryption where technically feasible.
Access Controls. Access to personal data is restricted to authorized personnel who require it to perform their job functions. We enforce role-based access controls, requiring unique credentials and, where appropriate, multi-factor authentication. Access privileges are reviewed regularly and revoked promptly upon role change or termination.
Regular Audits. We conduct periodic security assessments and audits of our systems, policies, and procedures to identify and remediate vulnerabilities. Our infrastructure is monitored continuously for suspicious activity, and we maintain incident response procedures to address potential data breaches without undue delay.
Third-Party Risk Management. We evaluate the security practices of all service providers who may process personal data on our behalf and contractually require them to maintain equivalent security standards. Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to responding promptly to any security incident and notifying affected individuals and authorities as required by law.
9
Your Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data. We are committed to honoring these rights in accordance with applicable law and will respond to verifiable requests within the timeframes required by regulation.
GDPR Rights. If you are located in the EEA or the United Kingdom, you have the following rights under the GDPR: the right of access — you may request a copy of the personal data we hold about you; the right to rectification — you may request that we correct inaccurate or incomplete data; the right to erasure — you may request that we delete your personal data in certain circumstances, also known as the right to be forgotten; the right to restrict processing — you may request that we limit how we process your data; the right to data portability — you may request a copy of your data in a structured, machine-readable format and have it transmitted to another controller; the right to object — you may object to processing based on legitimate interests or for direct marketing purposes; and rights related to automated decision-making — you have the right not to be subject to decisions based solely on automated processing that produce legal effects concerning you.
CCPA Rights. If you are a California resident, you have the following rights under the California Consumer Privacy Act: the right to know — you may request disclosure of the categories and specific pieces of personal data we have collected about you, the sources of that data, the purposes for collection, and the categories of third parties with whom we share it; the right to delete — you may request that we delete personal data we have collected from you, subject to certain exceptions; the right to opt out — you have the right to direct us not to sell your personal data, though we do not sell personal data as a matter of practice; and the right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights, including by denying services, charging different prices, or providing a different quality of service.
To exercise any of these rights, please contact us at hello@chasehealth.hair or at the postal address provided in the Contact Information section. We may need to verify your identity before processing your request. If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
10
International Data Transfers
Chase Health operates under Songyuan Zhukang Network Technology Co., Ltd., which is headquartered in Songyuan City, Jilin Province, China. Your personal data may be transferred to, stored, and processed in China or other countries where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.
When we transfer personal data across international borders, we implement appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Policy and applicable law. For transfers from the EEA or the United Kingdom to countries that have not been deemed to provide an adequate level of data protection by the relevant authorities, we rely on recognized legal mechanisms, including Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Agreement, as applicable.
We also take organizational measures to supplement these legal safeguards, including conducting transfer impact assessments, implementing supplementary technical controls where necessary, and contractually requiring that any party receiving your data maintain confidentiality and security standards consistent with this policy. If you would like more information about the specific safeguards applied to your data, please contact us using the details provided below.
11
Children’s Privacy
Our website and services are not directed to individuals under the age of sixteen. We do not knowingly collect, solicit, or maintain personal data from children under sixteen years of age. If we become aware that we have inadvertently collected personal data from a child under the applicable age of digital consent in their jurisdiction without verifiable parental consent, we will take prompt steps to delete that information from our records.
If you are a parent or legal guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at hello@chasehealth.hair. We will investigate the matter and, if confirmed, delete the data without undue delay. We encourage parents and guardians to monitor their children’s online activities and to instruct them never to provide personal information through websites without permission.
12
Third-Party Links
Our website may contain links to external websites, platforms, and services that are not owned, operated, or controlled by Chase Health or Songyuan Zhukang Network Technology Co., Ltd. These links are provided for your convenience and informational purposes only. We do not endorse, and are not responsible for, the content, privacy practices, or security of any third-party website.
When you click on a third-party link, you will be directed away from our website. We encourage you to review the privacy policy of every website you visit before providing any personal data. Third-party websites operate under their own privacy practices and terms, and we have no control over — and assume no liability for — how those entities collect, use, or disclose your information.
If you believe that a link on our website directs to inappropriate or harmful content, please notify us so we can investigate and take appropriate action.
13
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, operational requirements, or legal and regulatory obligations. When we make material changes, we will revise the Last updated date at the top of this page and, where appropriate, provide more prominent notice — such as a banner on our website or a direct email notification to individuals with whom we have an ongoing relationship.
We encourage you to review this policy periodically to stay informed about how we protect your information. Changes to this Privacy Policy are effective when they are posted on this page, unless a different effective date is specified. Your continued use of our website or services after any modification to this policy constitutes your acknowledgment of the changes and your agreement to abide by the updated terms. If you disagree with any change, you should discontinue use of our website and services and may request deletion of your data as described in the Your Rights section.
14
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, we encourage you to reach out to us. We are committed to addressing your inquiries promptly and transparently.
Email. For privacy-specific inquiries and to exercise your data rights, please email us at hello@chasehealth.hair. We aim to acknowledge all privacy-related correspondence within three business days and to provide a substantive response within thirty calendar days, or sooner where required by applicable law.
Postal Address. You may also write to us at our registered business address:
Songyuan Zhukang Network Technology Co., Ltd.
Attn: Data Protection / Privacy Inquiries
Room A0222, 4th Floor, No. 102, Building 2, Commercial Complex
Boxue Road, Ningjiang District
Songyuan City, Jilin Province, 131000
China
If you are located in the EEA or the United Kingdom and believe that we have not adequately resolved your privacy concern, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence.