Privacy Policy - Nice China Tours

Last Updated: March 26, 2026

This Privacy Policy (hereinafter referred to as “this Policy”) is formulated and published by[nicechinatour.com] (hereinafter referred to as “we”) and is intended to detai lall processing activities related to your personal data-including collection, use, storage, sharing, transfer, and deletion-as well as the data rights and protective measures available to you, during your access, browsing, and use of this website(hereinafter referred to as “this Website”) and related services (including but notlimited to account registration, content browsing, transaction payments, andinformation exchange, collectively referred to as “this Service”).

We strictly comply with internationally recognized data protection laws and regulations, including but not limited to the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA),Japan’s Act on the Protection of Personal Information (APPI), Brazil’s General Data Protection Law (LGPD), and Singapore’s Personal Data Protection Act (PDPA), among others. We adhere to the principles of lawfulness, fairness, transparency, data minimization, purpose limitation, security, and accountability, and are fully committed to protecting the privacy and security of your personal data, while preventing any unlawful collection, misuse, or disclosure of personal data.

By accessing, browsing, or using this website and our services, you are deemed to have carefully read, fully understood, and voluntarily agreed to all terms of this Policy, including our methods of processing personal data and the relevant rights you possess. If you do not agree to any term of this Policy, please immediately cease accessing and using this website and our services.

I. Key Definitionse

To facilitate your understanding of this Policy, we provide clear definitions for the following key terms, which are consistent with the relevant provisions of the aforementioned international laws and regulationse:

1.1 Personal Data: Refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”), who can be identified, directly or indirectly, by reference to an identifier such as a name, ID number, passport number, location data, or online identifiers (e.g., IP address, Cookie ID), or by reference to one or more factors specific to the Data Subject’s physical, genetic, mental, economic, cultural, or social identity. This includes, but is not limited to, names, email addresses, phone numbers, addresses, IP addresses, browsing history, payment information, device information, and user-generated content. In accordance with CCPA (CPRA) requirements, personal information also includes any information that can be used to identify, associate with, or describe a specific natural person, regardless of whether it is directly identifiable.

1.2 Sensitive Personal Data: Refers to data that, if disclosed, could have a significant impact on the data subject’s dignity, personal safety, or property security, including but not limited to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used to uniquely identify a natural person (such as fingerprints or facial information), healthrelated data, data related to a natural person’s sex life or sexual orientation, and personal data of minors under the age of 16. The processing of such data is subjectto stricter protection standards.

1.3 Data Processing: Any operation performed on personal data (whether or not by automated means), including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, anonymization, de-identification, erasure, or destruction.

1.4 Data Controller: A natural person, legal entity, public body, or other organization that, alone or jointly with others, determines the purposes and means of the processing of personal data. As the data controller for the personal data collected through this website and these services, we bear primary responsibility for personal data processing activities in accordance with the law. In compliance with PIPEDA requirements, we will explicitly designate a Data Protection Officer to oversee and manage the compliance of personal data processing activities.

1.5 Data Processor: Refers to a natural person, legal entity, public body, or other organization entrusted by us to process personal data on our behalf (such as third-party payment service providers, server providers, data analytics firms, etc.). We will strictly supervise the processing activities of data processors to ensure they comply with this Policy and relevant laws and regulations.

1.6 Non-Personal Data: Refers to information that cannot directly or indirectly identify a specific natural person, including but not limited to anonymized statistical data, website traffic data, and service usage trend data. Such data is not subject to laws and regulations regarding the protection of personal data, and we may freely use, share, and process it.

II. Personal Data We Collect

We strictly adhere to the “data minimization” principle, collecting only the personal data necessary to achieve the purposes of this service and refraining from collecting information unrelated to the service. Collection methods are divided into the following three categories. All collection activities comply with international laws and regulations; we clearly inform you of the collection purpose and obtain your consent (except where consent is not required by law). In particular, in accordance with the ten Fair Information Principles of PIPEDA, we will clearly inform you of the specific purpose for collecting personal data, and such purpose must be lawful and specific; data may not be collected beyond the scope of that purpose.

2.1 Personal Data You Voluntarily Provide
When you actively use the features of this service, you may be required to provide us with the following personal data. You have the right to choose whether to provide this information; however, failure to provide certain data may result in your inability to use the corresponding services:
—-Account-Related Information: When you create an account or register for this service, you are required to provide information such as your name, email address, mobile phone number, username, and password. This information is used for identity verification, account login, password recovery, and service notifications, in compliance with the GDPR and CCPA requirements for the collection of account information.
—-Contact Information: Information such as mailing address, email address, and phone number provided when you contact us with inquiries or feedback, or when you subscribe to newsletters, participate in surveys, or join events. This information is used to promptly respond to your needs and send relevant notifications.
—-Payment Information: Payment details such as credit card information, bank account information, and third-party payment account information provided when you make purchases, conduct transactions, or top up your account through this website. We do not store complete credit card or other sensitive payment information; such information is processed by third-party payment processors compliant with PCI DSS standards to ensure payment data security.
—-U ser-Generated Content: Comments, reviews, posts, photos, videos, audio, and other content you upload, submit, or share through this website, as well as information you actively provide regarding your personal preferences, interests, and feedback, are used to enhance the service experience, display content, and optimize our services.
—-Other voluntarily provided information: Other personal data you voluntarily choose to provide to us while using this service, such as preference information for personalized recommendations or identity information for participating in activities.

2.2 Personal Data We Collect Automatically
When you visit, browse, or use this website and our services, we automatically collect relevant data about you through cookies, web beacons, server logs, device identification technologies, and other means. This data is used to optimize your service experience, ensure service security, and analyze service usage. Specifically, this includes:
—-Device Information: Technical details such as the type of device you use,operating system version, browser type and version, screen resolution, deviceidentifiers (e.g., IMEI, MAC address, device serial number), network type, and device operating status. This information is used to adapt to different devices and ensure thenormal operation of our services.
—-Usage Information: Your IP address, access time, browsing path, pages visited,time spent on each page, links clicked, search queries, and operation records. This information is used to analyze user behavior, optimize website layout, and improveservice quality, in compliance with the GDPR’s transparency requirements for datacollection
—-Location Information: If you have enabled location services on your device andconsent to our collection of location information, we will collect your approximate orprecise location data (such as latitude and longitude) to provide location-basedservices (such as recommendations for nearby services). You may disable locationservices at any time through your device settings to stop our collection of locationinformation.
—-Cookies and Tracking Data: We use cookies (small text files stored on yourdevice) and web beacons (small graphic images) to remember your login status,preferences, and browsing history, thereby avoiding the need to re-enter information. We also use them to analyze service usage and optimize personalizedrecommendations. You may disable cookies through your browser settings, but thismay result in certain service features not functioning properly (see Section 8 of thisPolicy for details).

2.3 Personal Data Obtained from Third Parties
In compliance with relevant laws and regulations, we may obtain your personal datfrom legitimate and compliant third parties (such as third-party login providers,payment service providers, and data verification agencies), specifically including:
—-Third-Party Login Data: If you log in to this service via a third-party platform(such as Google, Apple, Facebook, etc.), we will obtain basic information such as your nickname, profile picture, and email address from that third party to facilitatequick account registration and login. The collection of such data has been authorizeby you on the third-party platform.
—-Payment-Related Data: We obtain data such as your payment status andtransaction records from third-party payment service providers to confirm transaction completion, process refunds, and ensure transaction security.
—-Verification-related data: We obtain your identity verification information from legitimate data verification agencies to verify your identity, prevent fraudulentactivities, and protect the security of your account.
We only obtain personal data from third parties that they lawfully hold and are authorized to provide, and we conduct strict reviews of the obtained data to ensure the legality of the data sources and the compliance of their intended uses. We will also inform you of the data sources (except where disclosure is not required by law). In accordance with PIPEDA requirements, if we obtain personal data from a third party, we will confirm that the third party has obtained your lawful consent and that the data collection methods comply with relevant regulatory requirements.

III. Purposes of Use of Personal Data

The personal data we collect is used solely for the following specific purposes and will not be used beyond the scope of these purposes. If we need to change thepurpose of use, we will obtain your separate consent (except where consent is notrequired by law), and all usage practices comply with internationally recognized lawsand regulations:
—-Providing and Maintaining the Service: To enable core service functions such as account login, content display, transaction payments, and information exchange, ensuring the normal operation and stability of the service.
—-Optimizing the Service Experience: Based on your usage habits and preference information, we provide personalized recommendations and customized services. We also analyze service usage to optimize website layout and functional design, thereby enhancing service quality and user experience.
—-Ensuring Service Security: To identify and prevent illegal activities such as fraud, account theft, and abuse; to detect and address abnormal operations; and to protect the security of your personal data and assets, in compliance with GDPR requirements for data security protection.
—-Sending Relevant Notifications: To send you account login notifications, transaction alerts, service update notifications, event announcements, policy change notifications, and more, ensuring you are promptly informed of relevant information regarding this service.
—-Responding to Your Requests: To process your inquiries, feedback, complaints, and requests for assistance, and to provide you with timely service support.
—-Compliance and Legal Purposes: To comply with relevant laws, regulations, and regulatory requirements; to respond to legal proceedings such as audits, investigations, and litigation; and to safeguard our legitimate rights and interests. In particular, in accordance with CCPA (CPRA) requirements, if personal data of California consumers is involved, we will cooperate with regulatory authorities’ investigations and truthfully provide relevant data processing records.
—-Anonymized Analysis and Research: After anonymizing and de-identifying personal data, we use it for data analysis, market research, service optimization, and similar activities. Such processed information does not contain any content that can identify you and may be freely used and shared.

IV. Storage of Personal Data

We strictly adhere to international data protection laws and regulations to securely store your personal data, implementing both technical and organizational safeguardsto prevent risks such as data leakage, loss, tampering, and unauthorized access:
—-Storage Locations: Our servers may be located in multiple regions worldwide that comply with data protection regulations (including but not limited to the EU, the United States, Canada, and Japan). If personal data is stored across borders, we will strictly comply with the requirements for cross-border data transfers underregulations such as the GDPR and CCPA. We will implement compliance measures, such as entering into standard contractual clauses and obtaining regulatory approvals, to ensure the lawful storage of data. In particular, in accordance with PIPEDA requirements, if personal data is transferred outside of Canada, we will ensure that the recipient maintains a level of data protection equivalent to thatprovided by PIPEDA, or implement other compliance safeguards.
—-R etention Period: We will store your personal data only for the period necessary to fulfill the purposes specified in this policy. After this period expires, we will promptly delete or anonymize your personal data in accordance with legal requirements (except where long-term retention is required by law, such as for compliance, audit, or litigation purposes). In particular, in compliance with PIPEDA requirements, we will clearly define the retention period for personal data, which shall not exceed the time necessary to fulfill the purpose of collection, and will promptly purge the data uponexpiration.
—-Security Measures: We employ technical measures such as encryption (e.g., SSL/TLS encryption, encrypted data storage), access controls, firewalls, andintrusion detection to restrict access to personal data, ensuring that only authorized personnel may access it. Additionally, we have established comprehensive security management systems and conduct regular security audits, risk assessments, and employee training to enhance our data security capabilities. In accordance with the GDPR’s “data protection by design” and “Privacy by Default” mechanisms, as well as PIPEDA’s requirements for data security safeguards. We implement reasonable technical and organizational measures to protect personal data from risks such as unauthorized access, disclosure, and tampering.

V. Sharing and Disclosure of Personal Data

We strictly limit the sharing and disclosure of personal data. Except in the following circumstances, we will not share or disclose your personal data to any third party, ensuring the security and compliance of data processing:
—-Obtaining Your Express Consent: We will share your personal data with third parties you designate only with your express consent, and the scope and purpose of such sharing will be strictly limited to the terms of your consent. In accordance with CCPA (CPRA) requirements, if the sharing or sale of California consumers’ personal data to third parties is involved, we will explicitly notify you, obtain your separate consent, and provide you with the option to “opt out of the sale of my personal information.”
—-Engaging Data Processors: To fulfill the purposes of this service, we may engage third parties (such as server providers, payment service providers, data analytics firms, and customer service agencies) as data processors to assist in processing your personal data. We will enter into strict service agreements and data protection agreements with data processors, clearly defining their processing rights and obligations. We will strictly supervise and audit their processing activities to ensure compliance with this Policy and relevant laws and regulations. If a data processor breaches the agreement, we will hold them legally liable. In accordance with PIPEDA requirements, we will continuously monitor the conduct of data processors to ensure they process personal data in accordance with our requirements and possess the necessary data protection capabilities.
—-Compliance and Legal Requirements: We may disclose your personal data to the extent necessary to comply with relevant laws, regulations, and regulatory requirements; to respond to legal proceedings such as audits, investigations, litigation, and arbitration; or to protect the legitimate rights and interests, personal safety, or property security of us, you, or other third parties (e.g., to prevent fraud or combat illegal activities).
—-Sharing of Anonymized Data: After anonymizing and de-identifying personal data, we may share such data with third parties for purposes such as data analysis, market research, and service optimization. This data cannot be used to identify you and is not subject to personal data protection regulations.
We will not sell, rent, or exchange your personal data with any third party, nor will we use your personal data for purposes other than those specified in this Policy, unless we obtain your explicit consent. In particular, in compliance with CCPA (CPRA) requirements, we will not sell your personal data without your explicit consent, and we will provide clear instructions on how to exercise your right to opt-out in a prominent location on this website.

VI. Your Data Subject Rights

In accordance with internationally recognized data protection laws and regulations such as the GDPR, CCPA, and PIPEDA, you, as a data subject, are legally entitled to the following rights. We will facilitate the exercise of these rights without imposing unreasonable restrictions:
—-Right to Information: You have the right to know all details regarding our collection, use, storage, and sharing of your personal data, including the purpose, scope, and methods of data collection; the location and duration of data storage; and the third parties with whom data is shared and the purposes thereof. We will promptly provide you with relevant information through this policy, customer service responses, and other means. In accordance with PIPEDA requirements, we will inform you of the processing of your personal data in a clear and understandable manner to ensure you fully understand the relevant information.
—-Right of Access: You have the right to access your personal data at any time, including viewing and obtaining the personal data you have provided, the relevantdata we have collected automatically, and records of the processing of your personal data. In accordance with CCPA (CPRA) requirements, you have the right to request that we provide you with a copy of your personal data free of charge; we will provide it in a machine-readable format for your convenience. In accordance with PIPEDA requirements, you have the right to access the personal data we hold about you and to understand the relevant details of the data processing.
—-Right to Rectification: If you discover that your personal data is incorrect or incomplete, you have the right to request that we promptly correct or supplement it, and we will complete the correction as soon as possible after verification. In accordance with PIPEDA requirements, we will ensure the accuracy and completeness of personal data and promptly correct any errors upon your request.
—-Right to Erasure (Right to Be Forgotten): Subject to applicable laws and regulations, you have the right to request that we delete your personal data, including but not limited to situations where you no longer use this service, our processing activities violate laws, regulations, or the terms of this policy, or the retention period has expired. We will delete the relevant data promptly after verification (except whereretention is required by law). In particular, in accordance with CCPA (CPRA) requirements, you have the right to request that we delete your personal data. We will complete the deletion within one month after verification; in specialcircumstances, this period may be extended, but not exceeding three months, and we will notify you of the reasons in advance.
—-Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, including suspending data processing or limiting the scope of data use. We will comply with your request upon verification until the grounds for restriction are eliminated.
—-Right to Data Portability: You have the right to request that we provide your personal data to you in a machine-readable format, or directly transfer it to another data controller of your choice (provided that this complies with legal requirements and is technically feasible).
—-Right to Object: You have the right to object to our non-essential processing of your personal data, such as for personalized recommendations or marketing promotions, and you also have the right to object to our entrusting third parties to process your personal data (without affecting the use of core services).Specifically, in accordance with CCPA (CPRA) requirements, you have the right to object to the sale of your personal data, and we will not discriminate against you for exercising this right, nor will we reduce service quality or increase service prices; in accordance with PIPEDA requirements, you have the right to object to the use of your personal data for marketing purposes, and we will promptly cease such processing activities.
—-Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time (except where consent is not required by law). Upon withdrawal of consent, we will cease the relevant data processing activities; however, this will not affect the lawfulness of processing activities already completed based on your consent prior to withdrawal.
—-How to Exercise Your Rights: You may submit a request to exercise your rights through the “Personal Center” or “Privacy Settings” on this website, or by contacting our customer service (contact ; see Section 10 of this Policy for details). We will verify your identity and respond to your request within the timeframes prescribed by
applicable laws and regulations (e.g., within one month under the GDPR or within 45 days under the CCPA, with possible extensions in special circumstances). If we need to extend the response period, we will notify you in advance. In accordance with PIPEDA requirements, we will respond to your request to exercise your rights in a timely manner, ensure you can exercise your relevant rights smoothly, and maintain a record of the processing.

VII. Special Protection of Sensitive Personal Data

With regard to sensitive personal data, we will implement stricter protection measures than those applied to ordinary personal data and strictly adhere to the processing requirements for sensitive personal data set forth in international laws and regulations:
—-Collection Restrictions: We will collect sensitive personal data only when it is necessary to achieve specific legitimate purposes. Prior to collection, we will clearly inform you of the purpose, scope, method of use, and protective measures, and obtain your explicit consent (except where consent is not required by law).
—-Restrictions on Use: Sensitive personal data will be used solely for the specific purposes previously disclosed to you. It will not be used beyond the specified scope or for purposes unrelated to the service.
—-Storage and Security: We employ advanced encryption technologies for the storage of sensitive personal data, strictly restrict access permissions so that only authorized key personnel may access it, and conduct regular security audits of sensitive data to prevent the risk of leaks.
—-Sharing Restrictions: As a general rule, we do not share sensitive personal dat with third parties. If sharing is absolutely necessary, we will obtain your written consent and enter into a strict data protection agreement with the third party to ensure they possess the appropriate safeguards.
—-Protection of Minors’ Data: Regarding personal data of minors under the age of 16 (which constitutes sensitive personal data), we will strictly comply with therequirements of regulations such as the GDPR and CCPA. We must obtain explicit consent from the minor’s guardian prior to collection. The guardian has the right to view, correct, and delete the minor’s personal data. We will implement specific protective measures to prevent the leakage or misuse of minors’ personal data.

VIII. Use of Cookies and Tracking Technologies

To optimize the service experience, ensure service security, and analyze user behavior, we use tracking technologies such as cookies, web beacons, and pixel tags. Specific usage details are as follows:
—-Types and Purposes of Cookies: Cookies are categorized into essential cookies and non-essential cookies. Essential Cookies are used to ensure core functions such as the proper operation of the website, account login, and transaction security; they cannot be disabled, and disabling them will result in the unavailability of certain services. Non-essential Cookies are used for personalized recommendations, user behavior analysis, and advertising; you may disable them through your browser settings. In accordance with CCPA (CPRA) requirements, we will clearly inform you of the purpose of using non-essential Cookies, use them only after obtaining your consent, and provide a convenient method for disabling them.
—-Managing Cookies: You can view, delete, or disable cookies through your browser settings (e.g., Chrome, Safari, Firefox, etc.). For specific instructions, please refer to your browser’s help documentation. Disabling non-essential cookies will not affect the use of core services but may impact features such as personalized recommendations.
—-Other Tracking Technologies: Technologies such as web beacons and pixel tags are used to track your browsing behavior and confirm whether you have viewed relevant notifications or advertisements. Their usage is consistent with that of cookies; you can indirectly restrict the use of such technologies on by disabling cookies.
Our use of cookies and tracking technologies complies with the informed consent requirements of regulations such as the GDPR and CCPA. When you visit this website, we will inform you of our cookie usage via pop-ups or similar methods and will only use non-essential cookies after obtaining your consent.

IX. Handling of Data Breachese

We have established a comprehensive data breach emergency response mechanism and strictly adhere to the requirements for handling data breaches under regulations such as the GDPR. In the event of a personal data breach, we will take the following measures:
—-Prompt Response: Upon discovering a data breach, we will immediately activate our emergency response plan, implement technical measures to prevent the breach from spreading, investigate the cause of the breach, and assess the associated risks.
—-Notification Obligations: If the data breach poses a high risk to your rights and freedoms, we will notify you and relevant regulatory authorities (such as the European Data Protection Board, the California Attorney General’s Office, and the Office of the Privacy Commissioner of Canada) within 72 hours of discovering the breach. We will inform you of the scope of the breach, its impact, the corrective actions taken, and the protective measures you can take. In accordance with PIPEDA requirements, if the data breach is likely to cause significant harm to you, we will promptly notify you and the Office of the Privacy Commissioner of Canada, and take remedial measures to mitigate the harm.
—-Investigation and Remediation: We will conduct a comprehensive investigation into the data breach, determine responsibility, implement remedial measures, and improve our data security protection system to prevent similar incidents from occurring again.

X. Policy Updates and Notifications

As international data protection laws and regulations evolve and our services are upgraded, we may revise this policy. The revised policy will be posted in a prominent location on this website, and the update date will be updated accordingly. In accordance with CCPA (CPRA) requirements, if the revisions affect the core rights of California consumers, we will notify you at least 7 days in advance; in accordance with PIPEDA requirements, policy revisions will be promptly disclosed to ensure you are aware of the latest terms [2].
If the revisions affect your core rights (such as the scope of data collection, purposes of use, or methods of sharing), we will notify you in advance via website pop-ups, account notifications, email, or other means to ensure you are fully informed of the revised content.
The revised policies will take effect upon publication. Your continued access to and use of this website and the Services shall be deemed as your acceptance of the revised policies; if you do not agree to the revised policies, please immediately cease using the Services.

XI. Disclaimere

1. We shall not be liable for any leakage, loss, or misuse of personal data caused by reasons not attributable to us, such as your own improper actions (e.g., disclosure of account passwords, or voluntarily providing personal data to third parties) or thirdparty infringements (e.g., hacker attacks, or data leaks from third-party platforms).
2. We are solely responsible for the processing of personal data within the scope of this website and these services. We assume no responsibility for the processing of your personal data on third-party platforms (such as third-party login platforms or payment platforms). We recommend that you review the privacy policies of such third-party platforms. Where such processing complies with PIPEDA requirements, if a third-party platform processes your personal data in violation of relevant laws and regulations, we will assist you in holding the third party accountable but will not bear direct liability.
3.We shall not be liable for any abnormalities in the processing of personal data resulting from legal and regulatory requirements, force majeure (such as natural disasters or network outages), or other causes not attributable to us; however, we will make every effort to minimize the impact on you.

[nicechinatour.com] reserves the right to the final interpretation of this Privacy Policy. In the event of any conflict between the terms of this Policy and applicable international data protection laws and regulations, such laws and regulations shall prevail.