Chinaoffbeat.com Privacy Policy
Last modified: September 22, 2025
At Fora Travel, Inc. ("Company" or "We") we respect your privacy and are committed to protecting it through our compliance with this policy. We understand that you care about how information about you is collected, used, and shared. Keeping you informed about the data we collect and the choices you may have regarding your information is our top priority. This policy describes the types of information we may collect from you or that you may provide when you visit the website www.foratravel.com or any other sites or services hosted at the foratravel.com or fora.travel domain names (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information. Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. - What we collect: Your account details (email, name, Google login), payment info (processed by Stripe/PayPal only), your travel preferences, your reviews/photos, and website usage (cookies & logs). - How we use it: To provide travel consulting services, process payments, improve your experience, and send occasional marketing emails (you can unsubscribe). - Who we share with: Payment providers (Stripe/PayPal), cloud/database providers (Supabase, Vercel), our vetted consultants (limited info only), and legal authorities if required. - Where we store it: Our secure servers in the United States. Data may be transferred internationally, but we protect it with encryption and legal safeguards. - How long we keep it: We delete personal data within 6 months of account closure. Reviews and ratings may be anonymized and kept longer. - Your rights: If you’re in the EU or California, you have rights to access, correct, delete, restrict, or transfer your data. Contact us anytime at support@chinaoffbeat.com. - Sensitive info: We never ask for passports, full bank card numbers, or other sensitive details. Please do not share them. By using Chinaoffbeat.com, you agree to this Privacy Policy. The legal version follows. Chinaoffbeat.com (“we,” “us,” or “our”) is committed to respecting your privacy and protecting your personal information. This Privacy Policy explains what information we collect from you, how we use and share it, and your rights regarding that information. By using Chinaoffbeat.com (the “Site” or “Service”), you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Service.
Information We Collect We collect various types of personal information (“Personal Information”) when you use our Service, including: - Account Information: When you register for an account (either directly with an email and password or by using your Google account), we collect your name and contact details such as email address. If you sign up via Google, we receive information from your Google profile (like your name and email) to create your account. You may also choose to provide additional profile details. - Travel Preferences: We collect information you provide about your travel interests and preferences (for example, preferred destinations, activities, budget, etc.) to help tailor trip planning and recommendations to you. Providing this information is optional but enables a more personalized experience. - User-Generated Content: Our Service allows you to contribute content, such as attraction reviews, ratings, photos, and feedback on our travel consultants. When you post such content, we collect it and associate it with your account. Please note: content you post is publicly visible to other users of the Site, along with your display name or username. Do not include information in your reviews or posts that you are not comfortable sharing publicly. - Payment and Booking Information: If you make a purchase or booking through our Service (for example, paying for a trip consultation or other services), we will collect information about the transaction. This includes details like the service or product purchased, the date and amount, and limited billing information. Importantly, we do not collect or store your sensitive payment card details. Payments are processed securely by third-party payment providers (Stripe and PayPal), so your credit card or bank information is handled directly by them, not by us. We only receive confirmation of payment and basic transaction identifiers from these providers. - Device and Usage Data: When you use the Site, we automatically collect certain technical data about your visit. This includes your IP address, browser type, device type, operating system, referring website, and pages viewed on our Site. We also use cookies and similar tracking technologies to understand how you navigate our Site (see Cookies and Tracking below). We use this information to help administer and secure the website and to analyze and improve our services. This usage data is generally collected in aggregate form and is not used to directly identify you in our systems (we do not link raw log data like IP addresses to your name or email). We may also collect any other information you choose to provide when you contact us (for example, if you send us an email or fill out a form, we will receive the information you include in those communications). All Personal Information you provide should be truthful, and it is your responsibility to ensure its accuracy and completeness.
How We Use Your Information We use the collected information for the following purposes: - Providing and Improving Services: To operate the Chinaoffbeat.com platform and provide you with the services and features you request. For example, we use your account and preference information to generate travel itinerary suggestions, match you with suitable travel consultants, and tailor the content you see on our Site. We also use your information to maintain and improve our services, such as debugging issues, performing data analysis, and developing new features. - Facilitating Bookings and Transactions: To process any orders or bookings you make through the Site. For instance, if you book a consultation or tour, we use your provided details to arrange that service and process payments (via Stripe or PayPal). We also send you confirmations, receipts, invoices, and related updates about your transactions. - Communication: To communicate with you about your account or use of the Service. This includes sending administrative or service-related messages (e.g. booking confirmations, updates to our terms or policies, or customer support responses). We may also send you marketing and promotional emails about new attractions, travel tips, services, or offers that we think may interest you. You can opt out of marketing emails at any time (see Your Choices below), and we will only send you such communications in accordance with applicable law (for example, with your consent where required). Note that even if you opt out of marketing, we may still send essential service communications (such as an email to reset your password or an important notice about your account or booking). - User Content and Community Features: To display the reviews, ratings, or other content you post on our platform. For example, if you submit a review of an attraction or rate a travel consultant, we will publish your feedback along with your username or other profile info you have allowed to be public. We may also feature user testimonials or ratings (with attribution to you) on our Site or in our marketing, but we will not disclose your contact information in doing so. - Personalization: To customize your experience on our Site. This can include showing you tailored recommendations for destinations or activities based on your past trips or stated interests, or prioritizing consultant matches that align with your profile. - Analytics and Performance: To analyze usage of our Site and understand user behaviors and preferences. This helps us improve our content and services – for example, by determining which destinations are popular or how users navigate our pages, we can enhance the user experience. We may use third-party analytics tools (such as Google Analytics) that employ cookies or similar technologies to help us gather this information (these tools only receive pseudonymous data, not your name or email). - Security and Fraud Prevention: To keep our platform safe and secure. Information (like IP addresses and log data) may be used to monitor for suspicious activity, enforce our terms of service, prevent abuse, and protect the rights and safety of our users, consultants, and business. - Legal Compliance: To comply with our legal obligations and enforce our rights. For example, we may retain and use certain information to handle tax and accounting requirements, to respond to lawful requests by public authorities, or to establish or defend against legal claims. We will only use your personal data for the purposes described above or as otherwise disclosed at the time of collection. If we need to use your data for an unrelated purpose, we will notify you and, if required, obtain your consent. Under the EU General Data Protection Regulation (GDPR), we rely on one or more of the following legal bases for processing your data: your consent (for example, for marketing emails or certain cookies), performance of a contract (providing you the travel services you requested), our legitimate interests (improving our services, securing our Site) as balanced against your data protection rights, and compliance with legal obligations.
How We Share Your Information We value your privacy and handle your Personal Information with care. We do not sell your personal data to third parties for profit or share it with third parties for their own direct marketing purposes. However, we do share certain information with third parties in the following circumstances, to run our Service and fulfill the uses described above: - Service Providers: We share your information with trusted third-party service providers who perform services on our behalf. These include our cloud hosting and database provider (Supabase, which stores our application and user data on its servers), email service providers (to send out newsletters or notifications), analytics providers (to help us analyze usage of our Site), and customer support tools. These service providers are only authorized to use your information as necessary to provide their services to us and are contractually obligated to protect your data and keep it confidential. Please note that some of our service providers may be located in jurisdictions different from yours; for example, our primary servers are in the United States, so if you are outside the US, your data will be transferred to the US (see Data Transfers below). - Payment Processors: As noted, we use third-party payment processors (currently Stripe and PayPal) to handle any payments on Chinaoffbeat.com. When you make a payment, the information you provide at checkout (such as your credit card number, billing address, etc.) is transmitted directly to the payment processor via a secure, encrypted connection. We do not see or store your full financial account details (like full credit card numbers) on our servers. Stripe and PayPal process your payment data in compliance with the Payment Card Industry
Data Security Standards (PCI-DSS) for your protection. They may only use your data for the purposes of processing the transaction and are bound by their own privacy policies to protect your information. We may receive from them a confirmation that payment was completed and basic information necessary for record-keeping (such as the last four digits of your card, card type, or a transaction ID). - Travel Consultants: A core feature of Chinaoffbeat.com is connecting users with local travel consultants. If you decide to book a consultation or otherwise engage a travel planner through our Service, we will share with the selected consultant the information about you that is necessary to provide you with advice. This typically includes your first name, the details of your travel plans or inquiries, and relevant preference information (e.g., “User is interested in history museums and local cuisine in Beijing”). We limit the personal data shared to what is needed for the consultation. Our consultants are bound by confidentiality agreements and are only allowed to use your information to serve you in the context of the Chinaoffbeat service. Local Travel Suppliers If you choose services that involve third-party travel providers (e.g., local cultural or activity suppliers), we may share relevant booking information to facilitate your reservation. These providers operate independently, and their use of your information is subject to their own privacy practices. - Public Content: As mentioned, if you post content like reviews or photos on public areas of our Site, those postings will be visible to others. Any information you choose to include in such public content (including personal information you might reveal in a review or photo description) will be accessible to other site users and potentially indexed by search engines. We may also promote or feature user reviews on our website or social media (for example, showcasing a positive trip review), but we will include your name or username with such content only as you have provided it for public display. - Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction. We would ensure any successor entity honors the commitments in this Privacy Policy or notify you if changes to your personal data handling will occur. - Legal Disclosures: We may disclose your personal information when required to do so by law or in response to valid legal process (for example, a subpoena, warrant, or court order). We may also disclose data if we believe it is necessary to investigate, prevent, or take action regarding suspected illegal activities, fraud, or situations involving potential threats to the safety or legal rights of any person or the security of our Site, or as evidence in litigation in which we are involved. This includes sharing information with law enforcement or government agencies if we, in good faith, believe that such disclosure is legally required or necessary to protect our rights, property, or users. - We may use cookies and analytics tools to improve functionality and understand usage patterns. Where required by law, we will obtain your consent before placing cookies on your device. No Selling of Personal Data: In accordance with the California Consumer Privacy Act (CCPA) and other applicable laws, we confirm that we do not “sell” personal information (as defined by the CCPA) to third parties. We also do not share your personal information with third parties for cross-context behavioral advertising. If this ever changes, we will update this Privacy Policy and provide appropriate opt-out mechanisms.
Cookies and Tracking Technologies Like most websites, Chinaoffbeat.com uses cookies and similar tracking technologies to provide and improve our Service. Cookies are small text files placed on your device that help the site remember your preferences and activity. We use cookies for several reasons: - Essential Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. For example, they may keep you logged in during your session or remember your settings and preferences (such as language or currency). - Analytics Cookies: We use these to collect information about how visitors use our Site. For instance, analytics cookies allow us to recognize and count the number of visitors and see how they move around the Site when they are using it. This helps us improve how our website works, for example by ensuring users easily find what they are looking for. The information collected via analytics cookies is aggregated and not directly identifiable to you. - Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering the details of a trip itinerary you planned or a consultant you viewed, so we can offer suggestions relevant to your interests. They may also enable certain features like interactive chat support if we offer it. We may also use similar technologies like web beacons (small graphic images) or local storage objects for the purposes mentioned above. Any third-party content or integrations on our Site (for example, an embedded map or a social media “share” button) may set their own cookies; while we aim to minimize this, such third-party cookies are controlled by the providers of those features and subject to their own privacy policies. Your Choices for Cookies: When you first visit Chinaoffbeat.com from certain jurisdictions, you will be presented with a cookie notice and given the option to manage your cookie preferences. You can choose to accept all cookies or reject non-essential ones. Even after consenting, you can adjust your preferences at any time by using the cookie settings tool available on our Site (e.g., a “Cookie Settings” link) or by clearing cookies in your browser. In addition, most web browsers allow you to control cookies through their settings preferences. You may set your browser to refuse some or all cookies or to prompt you before accepting a cookie. However, please note that if you disable or reject certain cookies, parts of our Site might become inaccessible or not function properly (for example, you might not be able to use certain features that rely on cookies). We do not currently respond to “Do Not Track” signals, but we honor any legal requirements such as the Global Privacy Control (GPC) for California residents’ opt-out requests with respect to the sale or sharing of personal information (since we do not sell or share data for behavioral advertising, this has limited applicability on our Site). For more detailed information about our use of cookies, you can refer to our Cookie Policy (if provided separately) or contact us with any questions.
Data Storage and International Transfers All personal data collected through Chinaoffbeat.com is currently stored on servers located in the United States. We use Supabase (a U.S.-based cloud database and hosting provider) to host our application and data. This means that if you are using our Service from outside the U.S., your personal information will be transmitted to and stored on servers in the United States. Cross-Border Data Transfers: If you are a resident of a country outside the U.S. (for example, in the European Economic Area or the United Kingdom), please be aware that the data protection laws of the United States may be considered not as comprehensive as those in your region. The U.S. has not been granted an “adequacy” decision by the European Commission, which means it is not deemed to automatically provide an equivalent level of data protection as EU law requires. However, we value our international users and take steps to ensure your privacy is protected. For transfers of personal data from the EEA/UK to the U.S., we rely on appropriate safeguards as required by GDPR Article 46. In practice, this means that our contracts with service providers (like Supabase) include Standard Contractual Clauses (SCCs) or other approved mechanisms to legitimize the transfer of data and protect your information. We also implement additional measures as needed, such as data encryption in transit and at rest, to help secure your data during transfer and storage. By using our Site or providing us with information, you consent to the transfer of your personal information to the United States (and to other jurisdictions as necessary for our service providers) for the purposes described in this policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. If you have questions about international data transfers or require more information about the safeguards we have in place, you can contact us at the email provided in the Contact Us section. Data Security We employ a range of technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, for example: - Encryption: We use encryption protocols (such as TLS/SSL) to secure data in transit between your browser or device and our servers, so that sensitive information is transmitted safely. We also ensure that passwords are stored in hashed form, and we rely on our providers to encrypt data at rest. - Access Controls: We restrict access to personal data to only those employees, contractors, and service providers who have a need to know such data for their job responsibilities. All such personnel are subject to strict confidentiality obligations. We also use authentication measures (like requiring unique IDs and passwords) to prevent unauthorized access to user accounts. - Network Security: Our servers are protected by firewalls and monitored for potential vulnerabilities or attacks. We keep our software and infrastructure updated with security patches and best practices. - Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks, and we periodically review our information collection, storage, and processing practices. Where feasible, we implement anonymization or pseudonymization of data, especially for analytics purposes. While we strive to protect your information and take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. You should also play a role in protecting your account by using a strong, unique password and keeping your account credentials confidential. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect your account has been compromised), please contact us immediately. We will notify you and the appropriate authorities of any data breach where we are legally required to do so. Data Retention We retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, this means: - Account Information: If you have an account with Chinaoffbeat.com, we will keep your account data on file while your account is active. If you decide to delete your account or if it remains inactive for an extended period, we will either delete or anonymize your personal information associated with the account, unless we are required to keep it longer for legal reasons. - Transaction Data: We retain records of the services you have purchased or used (such as consultations or subscriptions) for as long as needed for operational purposes and to comply with legal and financial obligations. For instance, we might retain invoicing or payment records for a certain number of years as required by tax law or accounting rules. - User-Generated Content: Content that you have posted (like reviews or photos) may remain visible on our Site until you remove it or request its removal, and even after removal we may keep backups or copies for a limited time. If you delete your account, we may either remove your public posts or anonymize them (for example, the review might show from “Deleted User” without your personal details). - Marketing Data: If you have signed up for our newsletter or other marketing communications, we will keep your contact details for that purpose until you opt out or unsubscribe. Once you opt out, we may keep your email on a suppression list to ensure we honor your opt-out going forward. - Log and Analytics Data: We typically retain site usage data (logs, analytics) for a shorter period needed for analysis and security (for example, raw web server logs might be kept for a few months). Aggregated data that no longer identifies individuals may be retained longer for statistical purposes. In all cases, when we no longer have a legitimate need or legal obligation to retain your personal data, we will securely delete or anonymize it. We define retention periods based on the nature of the data and the purposes for which it is processed. For example, we will generally keep personal data for as long as you maintain an account with us, plus a reasonable period (for instance, to deal with any post-closure inquiries or to satisfy legal retention requirements). What constitutes a “reasonable period” may vary by context and will be in accordance with applicable law and regulations. We continually review our retention practices to avoid keeping data longer than necessary.
User-Generated Content and Privacy As noted earlier, any personal information you choose to include in content you submit publicly on our Site (such as reviews, comments, or photos) can be read, collected, or used by anyone who views that content. We do not control how other visitors of the Site may use your publicly posted information. For your privacy, we strongly encourage you not to include personal details like your full name, contact information, or other sensitive data in any content you make public on Chinaoffbeat.com. We are not responsible for protecting personal data you publish in this way, and this Privacy Policy does not cover information you make public through the Service. If you want to remove a piece of content you have posted, you can do so through your account settings (if that functionality is available) or by contacting us to request removal. Please be aware that even after removal, copies of your content might remain viewable in cached or archived pages, or might have been saved by other users. We will do our best to assist you with removals you request, in line with our legal obligations and the features of our Service.
Your Privacy Rights Depending on your jurisdiction and residency, you have certain rights regarding your personal information. Chinaoffbeat.com is committed to upholding these rights and provides the means for you to exercise them. The rights available to you may differ if you are a resident of the European Economic Area (EEA) or United Kingdom under the GDPR, or a resident of California under the CCPA/CPRA, for example. We extend many of these core rights to all users, even if not required by law, and will respond to any pertinent privacy request to the best of our ability. Below, we outline specific rights for EEA and California residents:
Rights of EEA (European Union/UK) Users under GDPR If you are located in the EEA, UK, or a similar jurisdiction with GDPR-equivalent data protection laws, you have the following rights with respect to your personal data: - Right to Be Informed: You have the right to be given clear, transparent information about how we collect and use your personal data (this Privacy Policy is part of fulfilling that right). - Right of Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. This is sometimes called a “Data Subject Access Request.” - Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to have it corrected or updated. - Right to Erasure: You have the right to request that we delete your personal data, which is also known as the “right to be forgotten.” We will honor such requests to the extent required by law; for example, if you withdraw consent or the data is no longer necessary for the purposes it was collected, we will erase it, unless an exception applies (such as needing to keep certain data for legal compliance). - Right to Restrict Processing: You can ask us to suspend or limit the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data or object to us processing it, we will review your request and inform you of the outcome. - Right to Data Portability: You have the right to obtain your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you can request that we transmit that data to another data controller where technically feasible. This right applies to data processed by us by automated means, where the processing is based on your consent or on a contract with you. - Right to Object: You have the right to object to certain types of processing. For example, you may object to processing based on our legitimate interests if you believe it impacts your fundamental rights and freedoms. You also have the absolute right to object to your personal data being used for direct marketing purposes at any time. - Right not to be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, unless it is necessary for a contract, authorized by law, or you have given your explicit consent. (Currently, Chinaoffbeat.com does not make any such purely automated decisions without human involvement that would have a significant effect on you; any personalized suggestions we provide do not have legal or serious impacts on you.) In addition to the above rights, you have the right to withdraw consent at any time when we have processed your data based on your consent. For example, you can withdraw consent to marketing emails by unsubscribing, or withdraw consent to optional cookies via our cookie settings. Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. You also have the right to lodge a complaint with a Data Protection Supervisory Authority, particularly in the EU country where you reside, work, or where you feel the infringement occurred. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please consider contacting us first.
California Privacy Rights (CCPA/CPRA) If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA) of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020. These laws provide California consumers with specific rights regarding their personal information. In summary, California residents have the following rights****: - Right to Know: You have the right to know what personal information we collect, use, disclose, and share or sell about you. This includes the right to request that we disclose the following to you (for the 12-month period preceding your request): (1) the categories of personal information we have collected about you; (2) the specific pieces of personal information we have collected about you; (3) the categories of sources from which the personal information was collected; (4) the business or commercial purpose for collecting (and if applicable, selling or sharing) your personal information; and (5) the categories of third parties with whom we have disclosed your personal information. You may submit a request to know this information up to two times per year, free of charge. - Right to Delete: You have the right to request deletion of personal information that we have collected from you (and direct our service providers to do the same), subject to certain exceptions. Once we receive and confirm a verifiable consumer deletion request, we will delete (and notify our service providers to delete) your personal information from our records, unless an exception applies. Exceptions may include, for example, if we need to retain information to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, or other reasons allowed by law. If we deny a deletion request, we will inform you of the reason. - Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information with third parties. “Sale” in CCPA is broadly defined to include most transfers of personal information to a third party for valuable consideration, and “sharing” includes disclosing data for cross-context behavioral advertising. As noted, we do not sell personal information and do not share it for targeted advertising, so this right is more about our obligation to inform you and provide an opt-out mechanism if we ever were to engage in such activity. We honor the Global Privacy Control (GPC) signal as a valid opt-out request for the sale/sharing of personal info, as required by CCPA regulations. If you have enabled GPC or a similar signal in your browser, we will treat it as an opt-out of sale/sharing request. In any case, you may also contact us to explicitly instruct us not to sell or share your data, and we will record that preference. - Right to Non-Discrimination: You have the right not to receive discriminatory treatment from us for exercising any of your CCPA rights. This means we will not deny you services, charge you a different price, or provide a different level of quality of service just because you exercised your privacy rights. The CCPA allows businesses to offer certain financial incentives (such as loyalty programs or discounts) in exchange for personal information, but if we ever offer such programs, we will provide you with terms and request your opt-in consent. At this time, we do not offer any such incentives. - Right to Correct: Effective January 1, 2023, California residents also have the right to request correction of inaccurate personal information that we maintain about you. If you find that any of your information is incorrect, you can request that we correct it. Upon a verifiable request, we will use commercially reasonable efforts to correct your personal information as directed, taking into account the nature of the information and purpose of processing. - Right to Limit Use of Sensitive Personal Information: Also effective under the CPRA, if we collect “sensitive personal information” (as defined by law) about you, you have the right to direct us to limit the use or disclosure of that sensitive information to certain purposes. Sensitive personal information under California law includes things like precise geolocation, social security number, driver’s license, financial account login credentials, racial or ethnic origin, contents of private communications, etc.. Chinaoffbeat.com generally does not collect highly sensitive personal information of this nature from users. In the event we did, we would only use it for necessary purposes (such as providing the service requested by you) unless you consent to other uses, and we would honor any request to limit its use. Exercising Your California Rights: If you are a California resident and wish to exercise any of the above rights, you (or your authorized agent) may submit a request to us through the contact methods listed in the Contact Us section below. Your request should clearly indicate which right you seek to exercise (e.g., “CCPA Access Request – categories and specific pieces of info” or “CCPA Deletion Request”). We will need to verify your identity before processing certain requests to ensure that we are providing information to the correct individual. This verification may involve asking you to confirm personal details we already have on file (such as sending the request from your email on record or providing other identifying information). You may also designate an authorized agent to make a request on your behalf. If you do so, we will require proof that the agent is authorized (for example, a signed letter by you or power of attorney, and we may still verify your identity directly). Once we receive your request, we will acknowledge it and respond within the timeframes required by law. For CCPA requests, we typically have up to 45 days to respond, with the possibility of a 45-day extension (total 90 days) if reasonably necessary. If an extension is needed, we will inform you of the reason and extension period. Requests to delete or correct will be handled in accordance with the law, and we will confirm with you once we have completed your request (or explain if we must deny the request due to an applicable exception). We do not charge a fee for processing your CCPA requests unless they are excessive, repetitive, or manifestly unfounded, in which case we will inform you of the fee and reasoning. For a full description of your rights under California law, you may refer to the California Attorney General’s website or the text of the CCPA/CPRA. We aim to comply with these laws and to make it easy for you to exercise your rights and make informed decisions about your personal information.
Other Jurisdictions If you reside in a region that offers additional privacy rights not explicitly listed above, please know that we strive to respect all users’ privacy to the extent required by applicable law. For example, residents of some U.S. states (such as Colorado, Virginia, Connecticut, and Utah) have enacted privacy laws providing rights similar to the CCPA or GDPR. If you are a resident of one of these states (or any other jurisdiction with privacy statutes) and you would like to exercise any rights provided under those laws (such as the right to access, delete, or correct your data, or opt out of certain data processing), please contact us. We will consider and process all valid requests in accordance with the applicable legislation.
Children’s Privacy Chinaoffbeat.com is not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18 years old. Our services (travel planning and international travel consultations) are intended for adults who are at least 18 and using the service with parental consent and supervision. If you are under 18, do not use this Site or provide any information about yourself. In the event that we learn, we have collected personal data from a person under 18 without verified parental consent, we will promptly delete that information from our records. If you are a parent or guardian and you believe that we might have received information from your child under 18, please contact us immediately so that we can investigate and delete the information as necessary. For teens under 18 or 18 years old (or the age of majority in your jurisdiction), we advise that you use our Service only with a parent or guardian’s permission. Some features (such as making payments) may require the involvement of an adult. We do not knowingly “sell” the personal information of minors under 18 years of age without affirmative authorization as per the CCPA. In fact, as stated, we do not sell personal data at all. If a user under 18 and uses our Service, we will treat any opt-in to cookies or marketing as subject to parental approval where required by law.
Changes to This Privacy Policy We may update or modify this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make changes, we will post the updated policy on this page and update the “Last Updated” date at the top. Material changes will be communicated to you through appropriate channels – for example, by posting a prominent notice on our website or, if appropriate, by emailing you (if you have provided an email address) to inform you of the update. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Chinaoffbeat.com after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with any updates or modifications, you should stop using the Site and services.
Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at: Email: support@chinaoffbeat.com (Attn: Privacy Officer) We will do our best to respond promptly to your inquiry. This includes handling any privacy rights requests (as detailed above) or resolving complaints. Your trust is important to us, and we welcome your feedback on any privacy-related issues. --- Thank you for taking the time to read our Privacy Policy. We hope this has clarified how your information is handled at Chinaoffbeat.com. Safe travels!
Information We Collect We collect various types of personal information (“Personal Information”) when you use our Service, including: - Account Information: When you register for an account (either directly with an email and password or by using your Google account), we collect your name and contact details such as email address. If you sign up via Google, we receive information from your Google profile (like your name and email) to create your account. You may also choose to provide additional profile details. - Travel Preferences: We collect information you provide about your travel interests and preferences (for example, preferred destinations, activities, budget, etc.) to help tailor trip planning and recommendations to you. Providing this information is optional but enables a more personalized experience. - User-Generated Content: Our Service allows you to contribute content, such as attraction reviews, ratings, photos, and feedback on our travel consultants. When you post such content, we collect it and associate it with your account. Please note: content you post is publicly visible to other users of the Site, along with your display name or username. Do not include information in your reviews or posts that you are not comfortable sharing publicly. - Payment and Booking Information: If you make a purchase or booking through our Service (for example, paying for a trip consultation or other services), we will collect information about the transaction. This includes details like the service or product purchased, the date and amount, and limited billing information. Importantly, we do not collect or store your sensitive payment card details. Payments are processed securely by third-party payment providers (Stripe and PayPal), so your credit card or bank information is handled directly by them, not by us. We only receive confirmation of payment and basic transaction identifiers from these providers. - Device and Usage Data: When you use the Site, we automatically collect certain technical data about your visit. This includes your IP address, browser type, device type, operating system, referring website, and pages viewed on our Site. We also use cookies and similar tracking technologies to understand how you navigate our Site (see Cookies and Tracking below). We use this information to help administer and secure the website and to analyze and improve our services. This usage data is generally collected in aggregate form and is not used to directly identify you in our systems (we do not link raw log data like IP addresses to your name or email). We may also collect any other information you choose to provide when you contact us (for example, if you send us an email or fill out a form, we will receive the information you include in those communications). All Personal Information you provide should be truthful, and it is your responsibility to ensure its accuracy and completeness.
How We Use Your Information We use the collected information for the following purposes: - Providing and Improving Services: To operate the Chinaoffbeat.com platform and provide you with the services and features you request. For example, we use your account and preference information to generate travel itinerary suggestions, match you with suitable travel consultants, and tailor the content you see on our Site. We also use your information to maintain and improve our services, such as debugging issues, performing data analysis, and developing new features. - Facilitating Bookings and Transactions: To process any orders or bookings you make through the Site. For instance, if you book a consultation or tour, we use your provided details to arrange that service and process payments (via Stripe or PayPal). We also send you confirmations, receipts, invoices, and related updates about your transactions. - Communication: To communicate with you about your account or use of the Service. This includes sending administrative or service-related messages (e.g. booking confirmations, updates to our terms or policies, or customer support responses). We may also send you marketing and promotional emails about new attractions, travel tips, services, or offers that we think may interest you. You can opt out of marketing emails at any time (see Your Choices below), and we will only send you such communications in accordance with applicable law (for example, with your consent where required). Note that even if you opt out of marketing, we may still send essential service communications (such as an email to reset your password or an important notice about your account or booking). - User Content and Community Features: To display the reviews, ratings, or other content you post on our platform. For example, if you submit a review of an attraction or rate a travel consultant, we will publish your feedback along with your username or other profile info you have allowed to be public. We may also feature user testimonials or ratings (with attribution to you) on our Site or in our marketing, but we will not disclose your contact information in doing so. - Personalization: To customize your experience on our Site. This can include showing you tailored recommendations for destinations or activities based on your past trips or stated interests, or prioritizing consultant matches that align with your profile. - Analytics and Performance: To analyze usage of our Site and understand user behaviors and preferences. This helps us improve our content and services – for example, by determining which destinations are popular or how users navigate our pages, we can enhance the user experience. We may use third-party analytics tools (such as Google Analytics) that employ cookies or similar technologies to help us gather this information (these tools only receive pseudonymous data, not your name or email). - Security and Fraud Prevention: To keep our platform safe and secure. Information (like IP addresses and log data) may be used to monitor for suspicious activity, enforce our terms of service, prevent abuse, and protect the rights and safety of our users, consultants, and business. - Legal Compliance: To comply with our legal obligations and enforce our rights. For example, we may retain and use certain information to handle tax and accounting requirements, to respond to lawful requests by public authorities, or to establish or defend against legal claims. We will only use your personal data for the purposes described above or as otherwise disclosed at the time of collection. If we need to use your data for an unrelated purpose, we will notify you and, if required, obtain your consent. Under the EU General Data Protection Regulation (GDPR), we rely on one or more of the following legal bases for processing your data: your consent (for example, for marketing emails or certain cookies), performance of a contract (providing you the travel services you requested), our legitimate interests (improving our services, securing our Site) as balanced against your data protection rights, and compliance with legal obligations.
How We Share Your Information We value your privacy and handle your Personal Information with care. We do not sell your personal data to third parties for profit or share it with third parties for their own direct marketing purposes. However, we do share certain information with third parties in the following circumstances, to run our Service and fulfill the uses described above: - Service Providers: We share your information with trusted third-party service providers who perform services on our behalf. These include our cloud hosting and database provider (Supabase, which stores our application and user data on its servers), email service providers (to send out newsletters or notifications), analytics providers (to help us analyze usage of our Site), and customer support tools. These service providers are only authorized to use your information as necessary to provide their services to us and are contractually obligated to protect your data and keep it confidential. Please note that some of our service providers may be located in jurisdictions different from yours; for example, our primary servers are in the United States, so if you are outside the US, your data will be transferred to the US (see Data Transfers below). - Payment Processors: As noted, we use third-party payment processors (currently Stripe and PayPal) to handle any payments on Chinaoffbeat.com. When you make a payment, the information you provide at checkout (such as your credit card number, billing address, etc.) is transmitted directly to the payment processor via a secure, encrypted connection. We do not see or store your full financial account details (like full credit card numbers) on our servers. Stripe and PayPal process your payment data in compliance with the Payment Card Industry
Data Security Standards (PCI-DSS) for your protection. They may only use your data for the purposes of processing the transaction and are bound by their own privacy policies to protect your information. We may receive from them a confirmation that payment was completed and basic information necessary for record-keeping (such as the last four digits of your card, card type, or a transaction ID). - Travel Consultants: A core feature of Chinaoffbeat.com is connecting users with local travel consultants. If you decide to book a consultation or otherwise engage a travel planner through our Service, we will share with the selected consultant the information about you that is necessary to provide you with advice. This typically includes your first name, the details of your travel plans or inquiries, and relevant preference information (e.g., “User is interested in history museums and local cuisine in Beijing”). We limit the personal data shared to what is needed for the consultation. Our consultants are bound by confidentiality agreements and are only allowed to use your information to serve you in the context of the Chinaoffbeat service. Local Travel Suppliers If you choose services that involve third-party travel providers (e.g., local cultural or activity suppliers), we may share relevant booking information to facilitate your reservation. These providers operate independently, and their use of your information is subject to their own privacy practices. - Public Content: As mentioned, if you post content like reviews or photos on public areas of our Site, those postings will be visible to others. Any information you choose to include in such public content (including personal information you might reveal in a review or photo description) will be accessible to other site users and potentially indexed by search engines. We may also promote or feature user reviews on our website or social media (for example, showcasing a positive trip review), but we will include your name or username with such content only as you have provided it for public display. - Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction. We would ensure any successor entity honors the commitments in this Privacy Policy or notify you if changes to your personal data handling will occur. - Legal Disclosures: We may disclose your personal information when required to do so by law or in response to valid legal process (for example, a subpoena, warrant, or court order). We may also disclose data if we believe it is necessary to investigate, prevent, or take action regarding suspected illegal activities, fraud, or situations involving potential threats to the safety or legal rights of any person or the security of our Site, or as evidence in litigation in which we are involved. This includes sharing information with law enforcement or government agencies if we, in good faith, believe that such disclosure is legally required or necessary to protect our rights, property, or users. - We may use cookies and analytics tools to improve functionality and understand usage patterns. Where required by law, we will obtain your consent before placing cookies on your device. No Selling of Personal Data: In accordance with the California Consumer Privacy Act (CCPA) and other applicable laws, we confirm that we do not “sell” personal information (as defined by the CCPA) to third parties. We also do not share your personal information with third parties for cross-context behavioral advertising. If this ever changes, we will update this Privacy Policy and provide appropriate opt-out mechanisms.
Cookies and Tracking Technologies Like most websites, Chinaoffbeat.com uses cookies and similar tracking technologies to provide and improve our Service. Cookies are small text files placed on your device that help the site remember your preferences and activity. We use cookies for several reasons: - Essential Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. For example, they may keep you logged in during your session or remember your settings and preferences (such as language or currency). - Analytics Cookies: We use these to collect information about how visitors use our Site. For instance, analytics cookies allow us to recognize and count the number of visitors and see how they move around the Site when they are using it. This helps us improve how our website works, for example by ensuring users easily find what they are looking for. The information collected via analytics cookies is aggregated and not directly identifiable to you. - Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering the details of a trip itinerary you planned or a consultant you viewed, so we can offer suggestions relevant to your interests. They may also enable certain features like interactive chat support if we offer it. We may also use similar technologies like web beacons (small graphic images) or local storage objects for the purposes mentioned above. Any third-party content or integrations on our Site (for example, an embedded map or a social media “share” button) may set their own cookies; while we aim to minimize this, such third-party cookies are controlled by the providers of those features and subject to their own privacy policies. Your Choices for Cookies: When you first visit Chinaoffbeat.com from certain jurisdictions, you will be presented with a cookie notice and given the option to manage your cookie preferences. You can choose to accept all cookies or reject non-essential ones. Even after consenting, you can adjust your preferences at any time by using the cookie settings tool available on our Site (e.g., a “Cookie Settings” link) or by clearing cookies in your browser. In addition, most web browsers allow you to control cookies through their settings preferences. You may set your browser to refuse some or all cookies or to prompt you before accepting a cookie. However, please note that if you disable or reject certain cookies, parts of our Site might become inaccessible or not function properly (for example, you might not be able to use certain features that rely on cookies). We do not currently respond to “Do Not Track” signals, but we honor any legal requirements such as the Global Privacy Control (GPC) for California residents’ opt-out requests with respect to the sale or sharing of personal information (since we do not sell or share data for behavioral advertising, this has limited applicability on our Site). For more detailed information about our use of cookies, you can refer to our Cookie Policy (if provided separately) or contact us with any questions.
Data Storage and International Transfers All personal data collected through Chinaoffbeat.com is currently stored on servers located in the United States. We use Supabase (a U.S.-based cloud database and hosting provider) to host our application and data. This means that if you are using our Service from outside the U.S., your personal information will be transmitted to and stored on servers in the United States. Cross-Border Data Transfers: If you are a resident of a country outside the U.S. (for example, in the European Economic Area or the United Kingdom), please be aware that the data protection laws of the United States may be considered not as comprehensive as those in your region. The U.S. has not been granted an “adequacy” decision by the European Commission, which means it is not deemed to automatically provide an equivalent level of data protection as EU law requires. However, we value our international users and take steps to ensure your privacy is protected. For transfers of personal data from the EEA/UK to the U.S., we rely on appropriate safeguards as required by GDPR Article 46. In practice, this means that our contracts with service providers (like Supabase) include Standard Contractual Clauses (SCCs) or other approved mechanisms to legitimize the transfer of data and protect your information. We also implement additional measures as needed, such as data encryption in transit and at rest, to help secure your data during transfer and storage. By using our Site or providing us with information, you consent to the transfer of your personal information to the United States (and to other jurisdictions as necessary for our service providers) for the purposes described in this policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. If you have questions about international data transfers or require more information about the safeguards we have in place, you can contact us at the email provided in the Contact Us section. Data Security We employ a range of technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, for example: - Encryption: We use encryption protocols (such as TLS/SSL) to secure data in transit between your browser or device and our servers, so that sensitive information is transmitted safely. We also ensure that passwords are stored in hashed form, and we rely on our providers to encrypt data at rest. - Access Controls: We restrict access to personal data to only those employees, contractors, and service providers who have a need to know such data for their job responsibilities. All such personnel are subject to strict confidentiality obligations. We also use authentication measures (like requiring unique IDs and passwords) to prevent unauthorized access to user accounts. - Network Security: Our servers are protected by firewalls and monitored for potential vulnerabilities or attacks. We keep our software and infrastructure updated with security patches and best practices. - Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks, and we periodically review our information collection, storage, and processing practices. Where feasible, we implement anonymization or pseudonymization of data, especially for analytics purposes. While we strive to protect your information and take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. You should also play a role in protecting your account by using a strong, unique password and keeping your account credentials confidential. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect your account has been compromised), please contact us immediately. We will notify you and the appropriate authorities of any data breach where we are legally required to do so. Data Retention We retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, this means: - Account Information: If you have an account with Chinaoffbeat.com, we will keep your account data on file while your account is active. If you decide to delete your account or if it remains inactive for an extended period, we will either delete or anonymize your personal information associated with the account, unless we are required to keep it longer for legal reasons. - Transaction Data: We retain records of the services you have purchased or used (such as consultations or subscriptions) for as long as needed for operational purposes and to comply with legal and financial obligations. For instance, we might retain invoicing or payment records for a certain number of years as required by tax law or accounting rules. - User-Generated Content: Content that you have posted (like reviews or photos) may remain visible on our Site until you remove it or request its removal, and even after removal we may keep backups or copies for a limited time. If you delete your account, we may either remove your public posts or anonymize them (for example, the review might show from “Deleted User” without your personal details). - Marketing Data: If you have signed up for our newsletter or other marketing communications, we will keep your contact details for that purpose until you opt out or unsubscribe. Once you opt out, we may keep your email on a suppression list to ensure we honor your opt-out going forward. - Log and Analytics Data: We typically retain site usage data (logs, analytics) for a shorter period needed for analysis and security (for example, raw web server logs might be kept for a few months). Aggregated data that no longer identifies individuals may be retained longer for statistical purposes. In all cases, when we no longer have a legitimate need or legal obligation to retain your personal data, we will securely delete or anonymize it. We define retention periods based on the nature of the data and the purposes for which it is processed. For example, we will generally keep personal data for as long as you maintain an account with us, plus a reasonable period (for instance, to deal with any post-closure inquiries or to satisfy legal retention requirements). What constitutes a “reasonable period” may vary by context and will be in accordance with applicable law and regulations. We continually review our retention practices to avoid keeping data longer than necessary.
User-Generated Content and Privacy As noted earlier, any personal information you choose to include in content you submit publicly on our Site (such as reviews, comments, or photos) can be read, collected, or used by anyone who views that content. We do not control how other visitors of the Site may use your publicly posted information. For your privacy, we strongly encourage you not to include personal details like your full name, contact information, or other sensitive data in any content you make public on Chinaoffbeat.com. We are not responsible for protecting personal data you publish in this way, and this Privacy Policy does not cover information you make public through the Service. If you want to remove a piece of content you have posted, you can do so through your account settings (if that functionality is available) or by contacting us to request removal. Please be aware that even after removal, copies of your content might remain viewable in cached or archived pages, or might have been saved by other users. We will do our best to assist you with removals you request, in line with our legal obligations and the features of our Service.
Your Privacy Rights Depending on your jurisdiction and residency, you have certain rights regarding your personal information. Chinaoffbeat.com is committed to upholding these rights and provides the means for you to exercise them. The rights available to you may differ if you are a resident of the European Economic Area (EEA) or United Kingdom under the GDPR, or a resident of California under the CCPA/CPRA, for example. We extend many of these core rights to all users, even if not required by law, and will respond to any pertinent privacy request to the best of our ability. Below, we outline specific rights for EEA and California residents:
Rights of EEA (European Union/UK) Users under GDPR If you are located in the EEA, UK, or a similar jurisdiction with GDPR-equivalent data protection laws, you have the following rights with respect to your personal data: - Right to Be Informed: You have the right to be given clear, transparent information about how we collect and use your personal data (this Privacy Policy is part of fulfilling that right). - Right of Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. This is sometimes called a “Data Subject Access Request.” - Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to have it corrected or updated. - Right to Erasure: You have the right to request that we delete your personal data, which is also known as the “right to be forgotten.” We will honor such requests to the extent required by law; for example, if you withdraw consent or the data is no longer necessary for the purposes it was collected, we will erase it, unless an exception applies (such as needing to keep certain data for legal compliance). - Right to Restrict Processing: You can ask us to suspend or limit the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data or object to us processing it, we will review your request and inform you of the outcome. - Right to Data Portability: You have the right to obtain your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you can request that we transmit that data to another data controller where technically feasible. This right applies to data processed by us by automated means, where the processing is based on your consent or on a contract with you. - Right to Object: You have the right to object to certain types of processing. For example, you may object to processing based on our legitimate interests if you believe it impacts your fundamental rights and freedoms. You also have the absolute right to object to your personal data being used for direct marketing purposes at any time. - Right not to be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, unless it is necessary for a contract, authorized by law, or you have given your explicit consent. (Currently, Chinaoffbeat.com does not make any such purely automated decisions without human involvement that would have a significant effect on you; any personalized suggestions we provide do not have legal or serious impacts on you.) In addition to the above rights, you have the right to withdraw consent at any time when we have processed your data based on your consent. For example, you can withdraw consent to marketing emails by unsubscribing, or withdraw consent to optional cookies via our cookie settings. Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. You also have the right to lodge a complaint with a Data Protection Supervisory Authority, particularly in the EU country where you reside, work, or where you feel the infringement occurred. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please consider contacting us first.
California Privacy Rights (CCPA/CPRA) If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA) of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020. These laws provide California consumers with specific rights regarding their personal information. In summary, California residents have the following rights****: - Right to Know: You have the right to know what personal information we collect, use, disclose, and share or sell about you. This includes the right to request that we disclose the following to you (for the 12-month period preceding your request): (1) the categories of personal information we have collected about you; (2) the specific pieces of personal information we have collected about you; (3) the categories of sources from which the personal information was collected; (4) the business or commercial purpose for collecting (and if applicable, selling or sharing) your personal information; and (5) the categories of third parties with whom we have disclosed your personal information. You may submit a request to know this information up to two times per year, free of charge. - Right to Delete: You have the right to request deletion of personal information that we have collected from you (and direct our service providers to do the same), subject to certain exceptions. Once we receive and confirm a verifiable consumer deletion request, we will delete (and notify our service providers to delete) your personal information from our records, unless an exception applies. Exceptions may include, for example, if we need to retain information to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, or other reasons allowed by law. If we deny a deletion request, we will inform you of the reason. - Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information with third parties. “Sale” in CCPA is broadly defined to include most transfers of personal information to a third party for valuable consideration, and “sharing” includes disclosing data for cross-context behavioral advertising. As noted, we do not sell personal information and do not share it for targeted advertising, so this right is more about our obligation to inform you and provide an opt-out mechanism if we ever were to engage in such activity. We honor the Global Privacy Control (GPC) signal as a valid opt-out request for the sale/sharing of personal info, as required by CCPA regulations. If you have enabled GPC or a similar signal in your browser, we will treat it as an opt-out of sale/sharing request. In any case, you may also contact us to explicitly instruct us not to sell or share your data, and we will record that preference. - Right to Non-Discrimination: You have the right not to receive discriminatory treatment from us for exercising any of your CCPA rights. This means we will not deny you services, charge you a different price, or provide a different level of quality of service just because you exercised your privacy rights. The CCPA allows businesses to offer certain financial incentives (such as loyalty programs or discounts) in exchange for personal information, but if we ever offer such programs, we will provide you with terms and request your opt-in consent. At this time, we do not offer any such incentives. - Right to Correct: Effective January 1, 2023, California residents also have the right to request correction of inaccurate personal information that we maintain about you. If you find that any of your information is incorrect, you can request that we correct it. Upon a verifiable request, we will use commercially reasonable efforts to correct your personal information as directed, taking into account the nature of the information and purpose of processing. - Right to Limit Use of Sensitive Personal Information: Also effective under the CPRA, if we collect “sensitive personal information” (as defined by law) about you, you have the right to direct us to limit the use or disclosure of that sensitive information to certain purposes. Sensitive personal information under California law includes things like precise geolocation, social security number, driver’s license, financial account login credentials, racial or ethnic origin, contents of private communications, etc.. Chinaoffbeat.com generally does not collect highly sensitive personal information of this nature from users. In the event we did, we would only use it for necessary purposes (such as providing the service requested by you) unless you consent to other uses, and we would honor any request to limit its use. Exercising Your California Rights: If you are a California resident and wish to exercise any of the above rights, you (or your authorized agent) may submit a request to us through the contact methods listed in the Contact Us section below. Your request should clearly indicate which right you seek to exercise (e.g., “CCPA Access Request – categories and specific pieces of info” or “CCPA Deletion Request”). We will need to verify your identity before processing certain requests to ensure that we are providing information to the correct individual. This verification may involve asking you to confirm personal details we already have on file (such as sending the request from your email on record or providing other identifying information). You may also designate an authorized agent to make a request on your behalf. If you do so, we will require proof that the agent is authorized (for example, a signed letter by you or power of attorney, and we may still verify your identity directly). Once we receive your request, we will acknowledge it and respond within the timeframes required by law. For CCPA requests, we typically have up to 45 days to respond, with the possibility of a 45-day extension (total 90 days) if reasonably necessary. If an extension is needed, we will inform you of the reason and extension period. Requests to delete or correct will be handled in accordance with the law, and we will confirm with you once we have completed your request (or explain if we must deny the request due to an applicable exception). We do not charge a fee for processing your CCPA requests unless they are excessive, repetitive, or manifestly unfounded, in which case we will inform you of the fee and reasoning. For a full description of your rights under California law, you may refer to the California Attorney General’s website or the text of the CCPA/CPRA. We aim to comply with these laws and to make it easy for you to exercise your rights and make informed decisions about your personal information.
Other Jurisdictions If you reside in a region that offers additional privacy rights not explicitly listed above, please know that we strive to respect all users’ privacy to the extent required by applicable law. For example, residents of some U.S. states (such as Colorado, Virginia, Connecticut, and Utah) have enacted privacy laws providing rights similar to the CCPA or GDPR. If you are a resident of one of these states (or any other jurisdiction with privacy statutes) and you would like to exercise any rights provided under those laws (such as the right to access, delete, or correct your data, or opt out of certain data processing), please contact us. We will consider and process all valid requests in accordance with the applicable legislation.
Children’s Privacy Chinaoffbeat.com is not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18 years old. Our services (travel planning and international travel consultations) are intended for adults who are at least 18 and using the service with parental consent and supervision. If you are under 18, do not use this Site or provide any information about yourself. In the event that we learn, we have collected personal data from a person under 18 without verified parental consent, we will promptly delete that information from our records. If you are a parent or guardian and you believe that we might have received information from your child under 18, please contact us immediately so that we can investigate and delete the information as necessary. For teens under 18 or 18 years old (or the age of majority in your jurisdiction), we advise that you use our Service only with a parent or guardian’s permission. Some features (such as making payments) may require the involvement of an adult. We do not knowingly “sell” the personal information of minors under 18 years of age without affirmative authorization as per the CCPA. In fact, as stated, we do not sell personal data at all. If a user under 18 and uses our Service, we will treat any opt-in to cookies or marketing as subject to parental approval where required by law.
Changes to This Privacy Policy We may update or modify this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make changes, we will post the updated policy on this page and update the “Last Updated” date at the top. Material changes will be communicated to you through appropriate channels – for example, by posting a prominent notice on our website or, if appropriate, by emailing you (if you have provided an email address) to inform you of the update. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Chinaoffbeat.com after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with any updates or modifications, you should stop using the Site and services.
Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at: Email: support@chinaoffbeat.com (Attn: Privacy Officer) We will do our best to respond promptly to your inquiry. This includes handling any privacy rights requests (as detailed above) or resolving complaints. Your trust is important to us, and we welcome your feedback on any privacy-related issues. --- Thank you for taking the time to read our Privacy Policy. We hope this has clarified how your information is handled at Chinaoffbeat.com. Safe travels!