Privacy Policy | Beijing Kanghejian Technology Co., Ltd

1. Introduction

Beijing Kanghejian Technology Co., Ltd ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This comprehensive Privacy Policy explains how we collect, use, disclose, transfer, and safeguard your information when you:

Visit our website at bjkanghejian.com
Download and use our mobile applications
Purchase or use our products and services
Interact with our customer support
Subscribe to our newsletters or communications
Participate in our promotions or surveys

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the site or use our applications.

Controller Information

Data Controller: Beijing Kanghejian Technology Co., Ltd

Registered Address: House 115, East Side, No. 22 Hongguang Village, Shilibao Town, Miyun District, Beijing, 100000, CN

Contact Email: privacy@bjkanghejian.com

Data Protection Officer: dpo@bjkanghejian.com

2. Information We Collect

2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide to us, including:

Account Information: Name, email address, postal address, phone number, date of birth, gender, profile picture
Authentication Data: Usernames, passwords, password hints, and similar security information
Payment Information: Credit/debit card numbers, bank account details, billing address, transaction history
Health Information: Health data collected through our health monitoring applications, including vital signs, activity data, sleep patterns, and other health-related metrics
Communications: Messages, inquiries, feedback, and correspondence you send to us
Survey Data: Information provided in surveys, contests, or promotional offers
Employment Data: If you apply for employment, CV, resume, cover letter, references

2.2 Automatically Collected Information

When you access our website or use our applications, we automatically collect:

Device Information: Device type, model, manufacturer, operating system, browser type and version
Unique Identifiers: IDFA (Identifier for Advertisers), GAID (Google Advertising ID), device fingerprint
Network Information: IP address, ISP, connection type, signal strength
Location Data: GPS coordinates, Wi-Fi access points, cell tower information (with consent)
Usage Data: Pages visited, time spent, click patterns, scroll depth, search queries
Performance Data: App crashes, error logs, response times, feature usage
Referral Data: Referring URL, exit pages, search queries

2.3 Information from Third Parties

We may receive information about you from third parties, including:

Business partners and affiliates
Advertising networks and analytics providers
Social media platforms (when you connect via social login)
Public databases and data providers
Fraud detection and prevention services

2.4 Sensitive Information

We may collect and process certain categories of sensitive information with your explicit consent, including:

Biometric data (fingerprints, facial recognition) for authentication
Health and medical information from health monitoring apps
Genetic data (if applicable to health services)
Precise geolocation data

3. Mobile Device Permissions

Our mobile applications may request certain permissions to provide full functionality. Below is a comprehensive list of permissions we may request:

Camera

Required for: Taking photos, scanning QR codes, video calls, augmented reality features

Data Handling: Photos are processed locally or stored securely on our servers with encryption

Location

Required for: GPS tracking, local services, personalized content, health monitoring

Data Handling: Location data is used to provide location-based services and may be stored with appropriate encryption

Microphone

Required for: Voice commands, audio recording, video calls, voice notes

Data Handling: Audio data is processed in real-time or stored securely with user consent

Storage

Required for: Saving files, caching data offline, app backups

Data Handling: Files are stored locally or synced to secure cloud servers

Notifications

Required for: Push notifications, reminders, updates, marketing communications

Data Handling: Notification preferences can be managed in app settings

Contacts

Required for: Social features, referral programs, invite friends

Data Handling: Contact information is used only for specified purposes with consent

Sensors

Required for: Health tracking, fitness monitoring, activity detection

Data Handling: Sensor data is processed locally and synced securely

Phone State

Required for: Device identification, call handling, battery optimization

Data Handling: Used for device security and analytics purposes

You can manage permissions at any time through your device settings or within the app settings menu.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Provision: To provide, maintain, operate, and improve our services
Account Management: To create and manage your account, process registrations
Transaction Processing: To process payments, fulfill orders, send order confirmations
Communication: To send transactional emails, respond to inquiries, provide customer support
Marketing: To send promotional communications (with your consent)
Personalization: To personalize your experience and deliver relevant content
Analytics: To monitor usage patterns, analyze performance, optimize services
Security: To detect, prevent, and address fraud, security threats, technical issues
Legal Compliance: To comply with applicable laws, regulations, legal processes
Health Services: To provide health monitoring, track fitness goals, generate health reports
Advertising: To display targeted advertisements based on your preferences and behavior

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

Consent: You have given clear consent for us to process your personal data
Contract: Processing is necessary for a contract we have with you
Legal Obligation: Processing is necessary for us to comply with the law
Vital Interests: Processing is necessary to protect someone's life
Public Task: Processing is necessary for the performance of a public task
Legitimate Interests: Processing is necessary for our legitimate interests (balanced against your rights)

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our business:

Cloud Infrastructure Providers

Amazon Web Services (AWS): Cloud hosting, storage, and computing services
Google Cloud Platform: Cloud infrastructure and data analytics
Microsoft Azure: Cloud services and enterprise solutions
Alibaba Cloud: Regional cloud services for Asian markets

Analytics and Performance

Google Analytics: Website traffic and user behavior analysis
Firebase (Google): App analytics, crash reporting, performance monitoring
Mixpanel: User behavior analytics and engagement tracking
Adjust: Mobile app attribution and analytics
AppsFlyer: Mobile marketing analytics and attribution

Payment Processing

Stripe: Secure payment processing
PayPal: Alternative payment processing
Apple Pay / Google Pay: Integrated payment solutions
Alipay / WeChat Pay: Regional payment options

Customer Support and Communication

Zendesk: Customer support ticketing system
Intercom: Real-time customer messaging
Freshdesk: Help desk and support automation

Email and Marketing

SendGrid (Twilio): Transactional and marketing emails
Mailchimp: Email campaign management
Braze: Cross-channel marketing automation

5.2 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of the transaction. We will notify you via email or prominent notice on our website of any such change in ownership or use of your personal information.

5.3 Legal Requirements

We may disclose your information when required by law, court order, or governmental regulation, including:

To comply with legal obligations
To protect and defend our rights, privacy, safety, or property
To prevent or investigate possible wrongdoing
To protect against legal liability
In response to valid requests by public authorities (including national security)

5.4 We Do Not Sell Personal Information

We do not sell, trade, or rent your personal information to third parties for their marketing purposes without your explicit consent. Any data sharing for advertising purposes is conducted under strict data protection agreements.

6. Data Security

We implement comprehensive technical and organizational measures to protect your personal information:

6.1 Technical Security Measures

Encryption: AES-256 encryption for data at rest; TLS 1.2/1.3 for data in transit
Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA)
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS)
Endpoint Protection: Antivirus, anti-malware, device encryption
Secure Development: Code reviews, security testing, vulnerability assessments

6.2 Organizational Security Measures

Regular security audits and penetration testing
Employee background checks and security training
Incident response procedures and team
Vendor security assessments
Data minimization and anonymization practices
Regular security policy reviews

6.3 Security Certifications

We maintain the following security certifications and compliance standards:

ISO 27001 Information Security Management
SOC 2 Type II Compliance
GDPR Compliance Framework
HIPAA Security Requirements (for health data)
PCI DSS Level 1 (for payment processing)

Important Notice: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuously improving our security measures.

7. Data Breach Response

In the event of a data breach that affects your personal information, we have established the following response procedures:

Step 1: Detection and Assessment (0-24 hours)

Our security team identifies the breach, assesses the scope, and determines the type of data affected. Internal incident response team is activated.

Step 2: Containment (24-72 hours)

Immediate actions are taken to contain the breach, secure affected systems, and prevent further unauthorized access.

Step 3: Notification (72 hours)

In accordance with GDPR Article 33, we notify the relevant supervisory authority within 72 hours. Affected individuals are notified without undue delay if the breach is likely to result in high risk to their rights and freedoms.

Step 4: Remediation

Root cause analysis is conducted, affected systems are remediated, and measures are implemented to prevent future incidents.

Step 5: Communication and Follow-up

Detailed breach notifications are sent to affected users with specific information about the breach and recommended protective actions. Regulatory bodies are updated as needed.

Breach Notification Contents

Our breach notifications will include:

Description of the nature of the breach
Categories and approximate number of data subjects affected
Categories and approximate number of personal data records affected
Contact details of the Data Protection Officer
Likely consequences of the breach
Measures taken or proposed to address the breach

8. Cookie Policy

We use cookies and similar tracking technologies to enhance your browsing experience and provide personalized services.

8.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for basic site functionality, security, session management	Session / Persistent
Performance Cookies	Analytics, error tracking, usage patterns	13 months
Functional Cookies	Remember preferences, language settings, personalization	12 months
Advertising Cookies	Targeted ads, ad frequency capping, conversion tracking	13 months
Social Media Cookies	Social sharing, social login, embedded content	Varies

8.2 Managing Cookie Preferences

You can control cookie preferences through:

Browser Settings: Most browsers allow you to block or delete cookies
Cookie Consent Banner: You can modify your preferences when first visiting our site
Our Cookie Settings: Access our cookie management tool in the website footer
Third-Party Opt-Outs: Visit network advertising initiative opt-out pages

Note: Disabling certain cookies may affect website functionality and user experience.

8.3 Do Not Track

We respect "Do Not Track" signals from browsers. When we detect such a signal, we do not track or collect any additional data. However, some third-party services may continue to track as described in their privacy policies.

9. Advertising and Third-Party Ad Platforms

Our mobile applications include advertising provided by third-party ad networks. This advertising revenue helps support our services and allows us to provide free content.

Device identifiers (IDFA, GAID, Android ID)
Device specifications (type, manufacturer, model)
Operating system and version (iOS, Android)
Network information (carrier, connection type)
Location data (country, region, city, GPS coordinates)
App usage and behavioral data
Ad interaction history (views, clicks, conversions)
Contextual information (app content, current screen)

9.4 Personalized Advertising

We may display personalized ads based on:

Your device and app usage patterns
Demographic information
Location data
Previously shown ads and interactions
Contextual app content

You can opt out of personalized advertising through:

iOS: Settings > Privacy > Advertising > Limit Ad Tracking
Android: Settings > Google > Ads > Opt out of personalized advertising
Device Settings: Reset Advertising ID

10. Health Data and Medical Information

Our health monitoring applications collect and process health-related data. We take the protection of this sensitive information seriously.

10.1 Types of Health Data We Collect

Vital Signs: Heart rate, blood pressure, blood oxygen levels
Activity Data: Steps, distance, calories burned, active minutes
Sleep Data: Sleep duration, sleep stages, sleep quality
Health Metrics: Weight, BMI, body composition (where supported)
Exercise Data: Workout types, duration, intensity
Symptom Tracking: User-reported symptoms and conditions

10.2 HIPAA Compliance (United States)

For users in the United States, we comply with the Health Insurance Portability and Accountability Act (HIPAA) where applicable. This includes:

Implementation of appropriate administrative, physical, and technical safeguards
Limited disclosure of protected health information
Compliance with the HIPAA Privacy Rule and Security Rule
Business Associate Agreements with third-party service providers

10.3 Health Data Protection Measures

End-to-end encryption for all health data
Secure data storage with regular backups
Access controls and authentication requirements
Anonymization of data for analytics purposes
Regular security audits specific to health data
Employee training on handling sensitive health information

10.4 Your Rights Over Health Data

You have the right to:

Access your health data at any time
Export your data in machine-readable format
Request deletion of your health data
Correct inaccurate health information
Restrict processing of your health data
Withdraw consent for health data processing

To exercise these rights, contact us at healthprivacy@bjkanghejian.com.

Important: Our health applications are not intended to diagnose, treat, cure, or prevent any disease or medical condition. Consult healthcare professionals for medical advice.

11. Automated Decision-Making and Profiling

We may use automated systems and algorithms to make decisions about you and create user profiles.

11.1 Automated Decision-Making

Automated decisions may be made in the following scenarios:

Fraud Detection: Identifying suspicious activities and protecting accounts
Credit Risk Assessment: Evaluating payment reliability for certain services
Content Moderation: Automated filtering of user-generated content
Advertising Targeting: Delivering personalized ads based on user profiles
Recommendation Systems: Suggesting content, products, or services
User Segmentation: Grouping users for marketing purposes

11.2 Your Rights Regarding Automated Decisions

Under GDPR Article 22, you have the right to:

Not be subject to solely automated decisions that significantly affect you
Request human intervention in automated decision-making
Express your point of view and contest decisions
Obtain explanation of automated decisions

To exercise these rights, contact us at privacy@bjkanghejian.com.

11.3 Profiling

We create user profiles based on:

Demographic information (age, gender, location)
Behavioral data (app usage, preferences, interactions)
Purchase history and transaction data
Device and connection information
Health and fitness data (with consent)

Profiling is used to:

Personalize your experience and content
Improve our products and services
Deliver relevant advertising
Make product recommendations
Conduct market research and analytics

12. Children's Privacy (COPPA and International)

We take children's privacy seriously and comply with applicable regulations worldwide.

12.1 Age Requirements by Region

Region	Minimum Age	Regulation
United States	13 years	COPPA (Children's Online Privacy Protection Act)
European Union	16 years (varies by country: 13-16)	GDPR Article 8
United Kingdom	13 years	UK GDPR / Data Protection Act 2018
Canada	13 years	PIPEDA / Provincial laws
Australia	13 years	Privacy Act 1988
South Korea	14 years	PIPA (Personal Information Protection Act)
Japan	13 years	APPI (Act on Protection of Personal Information)
China	14 years	PIPL (Personal Information Protection Law)
Brazil	18 years (13-18 with parental consent)	LGPD (Lei Geral de Proteção de Dados)
India	18 years	DPDP Act 2023

12.2 Our Commitments for Children's Privacy

Our services are not directed to children under the applicable minimum age
We do not knowingly collect personal information from children below the minimum age
If we discover we have collected data from a child below the minimum age, we will delete it promptly
Parents or guardians can contact us to review, delete, or stop collection of their child's data
We implement age verification measures where appropriate
For apps potentially used by children, we implement additional protections and obtain parental consent

12.3 Parental Rights

Parents or guardians have the right to:

Review their child's personal information
Request deletion of their child's data
Refuse further collection or use of their child's data
Consent to collection without consenting to third-party disclosure

Contact us at familyprivacy@bjkanghejian.com for parental inquiries.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including countries that may have different data protection laws.

13.1 Regions Where We Process Data

Primary Processing: China (Beijing) - Main data center
Secondary Processing: United States, European Union, Singapore
Regional Services: Local processing nodes for performance optimization

13.2 Safeguards for International Transfers

When transferring data internationally, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs): EU-approved contract templates for data transfers
Binding Corporate Rules (BCRs): Internal policies for multinational data transfers
Adequacy Decisions: Relying on EU adequacy decisions for certain countries
Data Processing Agreements: Contracts with all processors ensuring data protection
Certification Mechanisms: Approved certification schemes where available

13.3 Transfer Impact Assessments

We conduct transfer impact assessments (TIAs) for data transfers to ensure appropriate protection levels are maintained.

14. Regional Privacy Compliance

14.1 GDPR Compliance (European Union)

If you are located in the European Economic Area (EEA), you have comprehensive rights under the General Data Protection Regulation:

Right of Access (Art. 15): Obtain copies of your personal data
Right to Rectification (Art. 16): Correct inaccurate personal data
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
Right to Restriction (Art. 18): Limit processing of your personal data
Right to Portability (Art. 20): Receive your data in structured, machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
Rights Related to Automated Decision-Making (Art. 22): Not be subject to solely automated decisions
Right to Withdraw Consent (Art. 7): Withdraw consent at any time
Right to Lodge Complaint (Art. 77): File a complaint with supervisory authority

Supervisory Authority: You have the right to lodge a complaint with your local Data Protection Authority (DPA).

14.2 CCPA/CPRA Compliance (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: Know what personal information is collected about you
Right to Delete: Request deletion of your personal information
Right to Correct: Correct inaccurate personal information
Right to Opt-Out: Opt out of the sale or sharing of personal information
Right to Limit Use: Limit use of sensitive personal information
Right to Access: Access your personal information
Right to Non-Discrimination: Not be discriminated against for exercising your rights

Sale of Data: We do not sell personal information as defined under CCPA. We share data with advertising partners, which may constitute "sharing" under CPRA.

Categories of Information: In the preceding 12 months, we may have collected: identifiers, commercial information, internet activity, geolocation, health information, and inferences.

14.3 PIPEDA Compliance (Canada)

If you are located in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA):

Accountability for personal information
Identifying purposes for data collection
Obtaining consent for collection, use, and disclosure
Limiting collection to necessary purposes
Ensuring accuracy of personal information
Implementing appropriate safeguards
Providing access to personal information
Addressing inquiries and complaints

14.4 LGPD Compliance (Brazil)

If you are located in Brazil, we comply with the Lei Geral de Proteção de Dados (LGPD):

Legal bases for processing (consent, legitimate interest, contractual necessity, etc.)
Rights of data subjects (access, correction, deletion, portability)
Data protection officer requirements
Privacy by design principles
Data breach notification requirements

14.5 PDPA Compliance (Thailand, Singapore)

We comply with personal data protection laws in applicable Asian jurisdictions, including Thailand's PDPA and Singapore's PDPA:

Consent and notice requirements
Purpose limitation
Data minimization
Retention limitation
Security safeguards
Data subject rights

14.6 POPIA Compliance (South Africa)

For users in South Africa, we comply with the Protection of Personal Information Act (POPIA):

Lawful processing conditions
Purpose specification and limitation
Information quality and integrity
Openness principle
Security safeguards
Data subject participation

14.7 PIPL Compliance (China)

We comply with the Personal Information Protection Law (PIPL) for data processing activities in China:

Legal bases for processing
Rules for sensitive personal information
Cross-border transfer rules
Data localization requirements where applicable
Individual rights
Data protection impact assessments

14.8 DPDP Act Compliance (India)

For users in India, we comply with the Digital Personal Data Protection Act (DPDP) 2023:

Consent requirements and management
Purpose limitation
Data accuracy
Storage limitation
Security safeguards
Data principal rights
Cross-border transfer provisions

15. Social Media and Third-Party Links

15.1 Social Media Features

Our services may include social media features and widgets, such as:

Facebook Like button and sharing
Twitter/X sharing functionality
LinkedIn professional networking
Instagram media integration
YouTube video embedding

These features may collect information about your visit to our website and may set cookies to enable their functionality. Your interactions with social media features are governed by the privacy policies of the respective social media platforms.

15.2 Third-Party Website Links

Our services may contain links to third-party websites, applications, or services, including:

Partner websites and services
App store links (Apple App Store, Google Play)
External payment processors
News articles and external resources

Disclaimer: We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

15.3 Embedded Content

Our website may include embedded content from third-party sources, such as:

YouTube videos
Google Maps
Social media posts
External articles and blogs

This embedded content may set cookies and collect data according to the third-party provider's privacy policy.

16. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

16.1 Retention Periods

Data Category	Retention Period	Basis
Account Information	Duration of account + 3 years	Service provision, legal compliance
Transaction Records	7 years	Legal (tax/commercial) requirements
Customer Support Records	5 years	Customer service, dispute resolution
Marketing Preferences	Until consent withdrawn + 2 years	Marketing communications
Health Data	Duration of service + 3 years	Service provision, health regulations
Analytics Data (anonymized)	5 years	Service improvement, research
Security Logs	1 year	Security, compliance
Cookie Data	13 months maximum	Cookie policy

16.2 Deletion Requests

When you request deletion of your data, we will:

Delete your data from our active systems within 30 days
Remove data from backups within 90 days
Retain anonymized data for aggregate analytics (where legally permitted)
Retain data as required by law for specified periods

17. Your Rights and Choices

Depending on your location, you have various rights regarding your personal information.

17.1 General Rights

Access: Request access to your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data
Portability: Receive your data in portable format
Objection: Object to certain processing activities
Restriction: Request limitation of processing
Withdraw Consent: Withdraw consent at any time

17.2 How to Exercise Your Rights

To exercise any of your privacy rights, you can:

Email: privacy@bjkanghejian.com
Online Form: Visit our Data Subject Access Request portal
Mail: Send written request to our address (see Contact section)
In-App: Use privacy settings within our mobile applications

17.3 Identity Verification

To protect your information, we may need to verify your identity before processing your request. We will respond to verified requests within the timeframes required by applicable law (typically 30 days, extendable to 60 days for complex requests).

17.4 Data Subject Access Request (DSAR) Process

Submit Request: Complete our DSAR form or send written request
Verification: We verify your identity within 3 business days
Processing: We fulfill your request within 30 days
Delivery: Data provided in commonly used electronic format
Extension: Complex requests may take up to 60 days (we'll notify you)

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

18.1 Types of Changes

Minor Changes: Clarifications, corrections, formatting updates (effective immediately)
Moderate Changes: New features, expanded explanations (30 days notice)
Material Changes: Significant changes to data practices (60 days notice)

18.2 Notification Methods

Email notification to registered users
Push notification through mobile apps
Notice on website homepage and policy page
In-app notification or alert

18.3 Your Acceptance

By continuing to use our services after any changes become effective, you accept the updated Privacy Policy. If you do not agree to the changes, you should stop using our services and request deletion of your data.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries

Email: privacy@bjkanghejian.com

Response Time: Within 30 days

Data Protection Officer (DPO)

Email: dpo@bjkanghejian.com

Purpose: GDPR compliance, privacy consultations

Children's Privacy (COPPA)

Email: familyprivacy@bjkanghejian.com

Purpose: Parental concerns, children's data

Health Data Privacy

Email: healthprivacy@bjkanghejian.com

Purpose: HIPAA inquiries, health data rights

General Correspondence

Company: Beijing Kanghejian Technology Co., Ltd

Address: House 115, East Side, No. 22 Hongguang Village, Shilibao Town, Miyun District, Beijing, 100000, CN

Business Inquiries: zhangchunqiao@bjkanghejian.com

Support: support@bjkanghejian.com

Website: bjkanghejian.com

Supervisory Authorities

If you are located in the EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).