1. Introduction
Hertz Biotechnology (Chengdu) Co., Ltd. and its affiliates (collectively, “CLAREO,” “we,” “us,” or “our”) respect and protect the personal information of users. This Privacy Policy (the “Policy”) explains how we collect, use, store, and share personal information when you visit the CLAREO brand website (the “Site”), and the rights you have under applicable law.
This Policy is designed to comply with the Personal Information Protection Law of the People’s Republic of China (PIPL), the Data Security Law, the Cybersecurity Law, and the EU General Data Protection Regulation (GDPR).
This Policy applies only to the Site (including all pages under this domain). It does not apply to services operated independently by third-party platforms (e.g., WeChat Official Accounts, e-commerce flagship stores, authorized retailers). Those activities are governed by the respective platform’s own privacy policy.
2. Information We Collect
The Site is a static brand and information showcase. It does not offer registration, login, ordering, or online form submission. When you visit the Site, we automatically collect only the following two categories of information:
2.1 Technical Access Logs
- IP address (for security audit and abuse prevention; truncated to a non-identifiable format within 7 days)
- Browser type and version, operating system, device type
- Referrer (HTTP Referer), access time, request path
- Screen resolution and language preference
2.2 Web Analytics Data
We use cookies and similar technologies (such as localStorage and first-party analytics pixels) to collect aggregated metrics: page views, dwell time, bounce rate, click heatmaps. This data is processed in anonymized or pseudonymized form and is not linked to your real identity.
We do not collect your name, phone number, email, ID number, biometric information, precise geolocation, health information, or any other sensitive personal information through the Site.
3. Purposes and Legal Basis
| Purpose | GDPR Legal Basis | PIPL Legal Basis |
|---|---|---|
| Site operation and security audit | Legitimate interest (Art. 6(1)(f)) | Compliance with legal obligation |
| Performance and content optimization | Consent (Art. 6(1)(a)) | Separate consent |
| Defense against automated attacks and abuse | Legitimate interest (Art. 6(1)(f)) | Compliance with legal obligation |
We do not use this information for automated decision-making, profiling, or targeted advertising without your separate consent.
4. Cookies and Similar Technologies
We use three categories of cookies:
- Strictly necessary cookies: enable core site functionality (e.g., language preference). No consent required.
- Analytics cookies: collect access metrics. You may decline these via your browser settings or via the cookie preference banner shown on first visit.
- Third-party cookies: the Site currently embeds no third-party tracking cookies (ad networks, social plugins). If we later introduce any, we will update this Policy and notify users.
You may delete stored cookies at any time via your browser settings. Declining analytics cookies does not affect normal browsing of the Site.
5. Sharing, Transfer, and Disclosure
We do not sell your personal information to any third party. We may share information with:
- Hosting and CDN providers: only the access logs necessary to deliver the Site, bound by contract for that limited purpose.
- Web analytics providers: only anonymized or pseudonymized aggregate statistics.
- Legal authorities: where required by the laws of the People’s Republic of China, regulatory bodies, or judicial orders.
In the event of a merger, acquisition, or asset transfer, we will require the successor to honor the obligations under this Policy and will give you advance notice via the Site.
6. Storage and Cross-Border Transfer
6.1 Storage Location
Access logs and analytics data for the Site are stored in data centers located in the People’s Republic of China.
6.2 Retention Period
- IP addresses: truncated, then deleted within 30 days
- Analytics data: 26 months from collection
- Where law requires a different retention period, that requirement controls
6.3 Cross-Border Transfers
If you visit the Site from outside mainland China, your request may first reach an overseas CDN edge node for acceleration before returning to the origin server in China. We perform this transfer only to the minimum extent necessary for site availability and protect it with appropriate technical measures (e.g., TLS in transit).
Should we introduce any third-party service in the future that requires cross-border personal information transfer, we will comply with Article 38 of the PIPL and Chapter V of the GDPR by providing separate notice, obtaining consent, and executing standard contractual clauses before such transfer takes place.
7. Your Rights
Under PIPL and GDPR, you have the following rights regarding your personal information:
- Right to be informed and to decide — understand how we process your information (this Policy)
- Right of access — request a copy of data relating to you
- Right to rectification — request correction of inaccurate or incomplete information
- Right to erasure (“right to be forgotten”) — request deletion under Article 47 of the PIPL / Art. 17 of the GDPR
- Right to restrict processing — limit specific processing activities
- Right to data portability — receive and transfer your data in a commonly used format
- Right to withdraw consent — withdraw consent previously given (does not affect the lawfulness of prior processing)
- Right to object to automated decision-making — we do not engage in such decision-making
- Right to lodge a complaint — with the Cyberspace Administration of China or your EU member state’s data protection authority
To exercise these rights, contact us using the details in Section 11. We will respond within 15 working days (PIPL) or 1 month (GDPR), extendable by up to 30 days where necessary with prior notice. We will verify your identity before fulfilling a request.
8. Data Security
We protect your personal information through the following measures:
- Site-wide HTTPS with TLS 1.2 or higher
- Physical and network security at data centers (DDoS protection, WAF)
- Data minimization principle
- Tiered internal access — only necessary personnel may access logs
- Regular security audits and vulnerability scans
Despite our efforts, no method of internet transmission is 100% secure. In the event of a data security incident, we will notify regulators and affected users in accordance with Article 57 of the PIPL and Arts. 33–34 of the GDPR.
9. Children’s Privacy
The Site is intended for adults. We do not knowingly collect personal information from children under 14 (or under 16 in jurisdictions where the GDPR applies). If you are under that age, please visit the Site only with the supervision of a guardian. If a guardian believes we have inadvertently collected such information, please contact us at the address in Section 11 so we can delete it.
10. Changes to This Policy
We may revise this Policy in response to legal or operational changes. Material changes (such as new categories of information, new recipients, or extended retention) will be announced on the Site or via a banner, and we will re-obtain consent where required. The “Last updated” date at the top of this page will be updated accordingly.
Prior versions are available on request.
11. Contact Us
For any questions about this Policy, how we process your personal information, or to exercise your rights:
- Data controller: Hertz Biotechnology (Chengdu) Co., Ltd.
- Email: clareo@hertzbio.com
- Address: Suite 2502, Tower 11, Meinian Plaza Phase II, Hi-Tech Zone, Chengdu, Sichuan, China
- Hotline: 400-968-8068 (Mon–Fri, 9:00 — 18:00 CST)
For GDPR-specific requests, please email the address above and include “GDPR Request” in the subject line.