top of page

​SC  Consults

Privacy Policy

1. Definitions​​

1.1 ​​"Personal Information"​​
Refers to any information recorded electronically or otherwise related to identified/identifiable natural persons (Article 4 of PIPL).

1.2 ​​"Sensitive Personal Information"​​
Includes financial accounts, biometric data, etc. (Article 28 of PIPL + GDPR Article 9).

​​2. Personal Information Collection​​

2.1 ​​Scope of Collection​​

  • Corporate clients: Company name, contact person's title, email (Civil Code Article 1034).

  • Individual users: Only name and phone number necessary for consultation (​​data minimization principle​​).

2.2 ​​Automated Technologies​​

  • Website cookies used solely for security verification (Article 9 of China's Network Data Security Management Regulations).

  • Disabling cookies doesn't affect core services (compliant with ​​ePrivacy Directive​​).

​​3. Data Processing​​

3.1 ​​Legal Basis​​

  • Contractual necessity (GDPR Article 6(1)(b)).

  • Separate consent required for:
    ✓ Cross-border transfers ✓ Marketing communications.

3.2 ​​Processor Obligations​​

  • Third-party vendors (e.g., cloud providers) must sign ​​Data Processing Agreements​​ (PIPL Article 21).

  • Regular ​​Personal Information Protection Impact Assessments​​ (PIPL Article 55).

​​4. Cross-Border Data Transfers​​

4.1 ​​China Domestic Data​​

  • Primarily stored on ​​mainland China servers​​ (Data Security Law Article 21).

  • Export mechanisms:
    ▢ Pass Cyberspace Administration ​​security assessment​​ (PIPL Article 40).
    ▢ Execute ​​Standard Contract​​ (Measures on Standard Contracts for Personal Information Export).

4.2 ​​International Client Data​​

  • EU data: ​​SCCs​​ or ​​BCRs​​ (GDPR Article 46).

  • US transfers: Comply with ​​CCPA​​ data subject rights provisions.

​​5. Data Subject Rights​​

5.1 ​​Rights Overview​​

Right TypeChina Legal BasisInt'l StandardHow to Exercise

AccessPIPL Article 45GDPR Article 15Email [DPO address]

DeletionPIPL Article 47GDPR Article 17Submit web form

Consent WithdrawalPIPL Article 15CCPA §1798.120Click "unsubscribe"

5.2 ​​Response Timeline​​

  • Standard requests: ​​15 business days​​ (PIPL Article 50).

  • Complex cases: Extendable to ​​60 days​​ (with written notice).

​​6. Security Safeguards​​

6.1 ​​Technical Measures​​

  • Encrypted storage (meeting ​​GM/T 0054-2018​​ cryptographic standards).

  • Annual ​​ISO 27001​​ certification audits.

6.2 ​​Administrative Measures​​

  • Appointed ​​Data Protection Officer​​ (PIPL Article 52).

  • Annual ​​compliance training​​ for staff (Cybersecurity Law Article 34).

​​7. Children's Data​​

7.1 We ​​do not knowingly collect​​ data from children under 14 (Juvenile Protection Law Article 72).
7.2 Accidental collection: Immediate deletion + guardian notification (GDPR Article 8).

​​8. Policy Updates​​

8.1 Material changes announced ​​30 days in advance​​ (Article 21 of Online Content Ecological Governance Rules).
8.2 Historical versions available via [Legal Email].

​​9. Contact Us​​

​​Data Protection Officer (DPO):​​ [Name]
​​Complaint Channels:​​

  • China users: Report to PIPL regulatory authorities (PIPL Article 60).

  • EU users: Submit via [EU Representative].

bottom of page