Calvin Chiu Partner
Beijing
010-58137621
zhongxing.zhao@dentons.cn
  • Compliance and Risk Management
  • Cross-Border Investment and Trade
  • IP and Technology Innovation
  • Working Language:
  • Chinese
  • English

Introduction

Calvin is a partner with the firm's Beijing office. He focuses on advising clients in sectors of auto, TMT and manufacturing with respect to a wide array of issues: business strategy, corporate, data compliance and regulatory issues. .

Calvin has a broad experience of advising innovative and new technologies companies on corporate financing and M&As, both in China and cross-border. He is particularly well versed in assisting foreign companies in the sector in entering or expanding into China’s market – whether by green field investment, acquiring targets, or forming joint ventures. He is recognized by taking a holistic perspective on offering pragmatic legal solutions that fit in the commercial reality. Calvin has hands-on experience of assisting clients in coordination and management of legal services in multiple jurisdictions.

In addition, Calvin counsels clients in various industry sectors on data compliance and privacy protection, ranging from  establishing data compliance programs, to  cross-border transfer of data, from cybersecurity review to data breach incidents handling.

Calvin writes regularly on topics of data protection, foreign direct investment and outbound investment. He is one of the contributors of practice notes published by Thomson Reuters Practical Law.

Calvin obtained his B.A. (Hons), M.A. and LL.B. (Hons) from City University of Hong Kong, the Chinese University of Hong Kong and University of London, respectively.

Education

  • University of LondonLL.B. (Hons)(2016)
  • the Chinese University of Hong KongM.A.(2009)
  • City University of Hong KongB.A. (Hons)(2007)

Admissions and Qualifications

  • PRC Licensed Lawyer

Honors and Awards

  • (2021)Leading Practitioner in Cybersecurity and Data Protection in China Legal Band
  • (2020)Top 15 Cybersecurity and Data Protection Lawyer in China Legal Band
  • (2020)Top 15 Versatile Compliance Lawyer in China Legal Band
  • (2019)Leading Practitioner in TMT Legal Band

Representative Projects/Matters

Data Security and Personal Information Protection

Data exchanges: advised the client on the establishment, daily operations, data asset registration and trading, as well as data transaction processes and systems of data exchanges.

Financial holding group: advised the client on the establishment and data governance of financial public data zones, including providing recommendations on the structure, operational models, and compliance framework setup.

Financial big data company: designing and drafting data security and personal information protection questionnaires for suppliers/service providers, as well as personal information protection policies for business processes for a financial big data company.

E-commerce platform: providing legal opinions to different business divisions across multiple jurisdictions, covering data compliance, consumer protection, marketing and promotions, platform policies and rules, and livestreaming.

Airport management company: conducting due diligence and gap analysis for the deployment of facial recognition technology and business scenarios by a critical information infrastructure operator, and provided compliance recommendations.

Airport operation management company: compliance analysis and recommendations for App compliance rectification and facial recognition technology deployment scenarios for an airport operation management company.

Foreign-funded insurance company: advised the client on data and online insurance sales compliance in a joint venture project with a Chinese partner.

Gaming company: personal information protection compliance analysis and provided recommendations for client’s advertising push model with partners.

Payment company: compliance analysis and feasibility recommendations for regulatory issues related to a multinational payment company’s expansion of instant messaging services in China.

European energy consulting firm: analyzing cross-border data transfer issues arising from a client’s provision of services to Chinese infrastructure and energy operators.

Online medical education platform: advised the client on the collection, processing, and use of personal information to facilitate online medical education.

Data analytics company: advised the client on data compliance projects and formulated relevant policies and procedures for big data analytics products developed and marketed by the company.

Cross-Border Data Transfers

Hong Kong real estate enterprise: advised the client on client’s data export security assessment and filing. The project has been accepted by the national cyberspace authority and is currently implementing compliance measures based on feedback.

Hong Kong jewelry and gold retail group: conducted assessment on outbound data transfer for the client, including due diligence, gap analysis, compliance recommendations, and assisting with rectification implementation.

European machinery manufacturer: advised the client on data compliance (including data export) legal services, including due diligence, gap analysis, providing and assisting with compliance recommendations, and fully supporting the completion of the filing for the Standard Contract for Personal Information Export. The company was the first in Zhejiang Province to achieve compliant personal information export through the Standard Contract.

German medical device manufacturer: advised the client on the filing of the Standard Contract for Outbound Transfer of Personal Information, covering expert, questionnaire completion, and report feedback. The filing was processed in Beijing.

French fashion retail enterprise: conducting due diligence, gap analysis, and assisting with compliance recommendations for a client’s employee personal information protection project in its Chinese subsidiary, supporting the completion of the filing of the Standard Contract for Outbound Transfer of Personal Information in Shanghai.

European refractory product supplier: provided data compliance legal services, including due diligence, gap analysis, providing compliance recommendations, and assisting with the filing for the Standard Contract for Outbound Transfer of Personal Information in Shanghai.

U.S. environmental science company: advised the client on data export assessment, including legal due diligence, assisting with self-assessment and report preparation, and supporting the completion of the filing for the Standard Contract for Outbound Transfer of Personal Information in Shanghai.

Chemical production joint venture: provided data compliance legal services, including due diligence, gap analysis, providing and assisting with compliance recommendations, and fully supporting the Standard Contract for Personal Information Export filing in Jiangsu Province.

U.S. electronics distribution company: conducted gap analysis and compliance recommendations for a U.S. electronics distributor’s employee personal information protection system, as well as compliance analysis and recommendations for its personal information export.

Global business communication platform: advised the client on the client’s service model, qualifications, and personal information protection issues in the Chinese market, as well as risk assessment for data exports by its Chinese subsidiary.

U.S. real estate management company: advised the client on data export security assessment and filing. The project has been submitted to the Shanghai cyberspace authority and is awaiting feedback.

Autonomous Driving and Automotive Industry

Autonomous driving technology company: conducted due diligence for a client’s financing transaction regarding cybersecurity and data security, covering Class-A surveying and mapping qualifications, confidentiality systems, data classification, and data collected during autonomous driving road tests.

Chinese automotive producer: advised the client on data compliance for the client’s vehicle exports to multiple countries outside China and provided suggestions on cross-border data transfer architecture.

Chinese automobile manufacturer: advised the client on compliance solutions and assisted in implementation for a client’s establishment of a sales website in the UK, including gap analysis, drafting user agreements and privacy policies, and updating cross-border user data transfer agreements.

Automotive group: advised the client on automotive data security matters in China, including annual automotive data security reports and personal information impact assessments; provided legal services for data exports, including due diligence, gap analysis, assisting with compliance recommendations, and supporting the Standard Contract for Personal Information Export filing in Shanghai.

Automotive sales company: serving as the client’s retained legal counsel, providing legal advice for daily operations.

New energy vehicle manufacturer: serving as the client’s retained legal counsel, providing consulting services on data compliance issues during operations.

Car rental platform: advised the client on the client’s franchise agreement arrangements.

Data Compliance for Corporate Listings (Including Cybersecurity Reviews)

Ride-hailing platform: conducted due diligence and provided cybersecurity review services for the client’s merger and listing project on the Nasdaq Stock Exchange.

Video cloud technology service provider: provided due diligence, data compliance, and cybersecurity review services for a client’s merger and listing project on the Nasdaq Stock Exchange, assisting with responses to exchange inquiries and successfully passing the cybersecurity review.

Vertical lifestyle e-commerce platform: provided data security and personal information protection legal services for the client’s Hong Kong listing project, conducting due diligence on the company’s data compliance system, providing assessments and compliance recommendations, drafting legal opinions, and reviewing the corresponding sections of the prospectus. Assisted in confirming that no cybersecurity review declaration was required.

Medical imaging technology company: provided data compliance services for the client’s Hong Kong listing, including combing product data processing lifecycles, assisting with updates to data compliance regulations, revising agreements, and issuing legal opinions.

Digital city scenario application provider: provided data security and personal information protection legal services for a client’s listing on the Nasdaq Stock Exchange, conducting due diligence on the client’s data compliance and personal information protection system and providing recommendations; issued specialized legal opinions on data security and personal information protection for the listing; assisted in confirming that no cybersecurity review declaration was required.

Commercial cleaning robot manufacturer: provided data compliance and personal information protection services for a client’s Nasdaq listing, including combing product data processing activities and the company’s personal information handling processes, assisting with updates to data compliance and personal information protection policies, revising user agreements and personal information protection policies, and issuing legal opinions.

Data Security Incident Investigation and Response

Online medical continuing education platform inspection response: advised the client on compliance issues regarding personal information collection by a Chinese online medical continuing education platform’s App and assisted in responding to regulatory inspections.

E-commerce platform user data breach incident: analyzing the client’s user data breach incident and provided recommendations on whether it constituted a reportable data security incident.

Multinational company employee personal information breach incident: analyzing reporting obligations for a client’s unauthorized access and download incident involving employee and other data in an online HR management system middleware.

Fintech company citizen personal information infringement incident: analyzing the compliance of a client’s online lending business, focusing on criminal risks in credit inquiry, risk control, and entrusted debt collection.

Smart risk control company criminal risk investigation: combing and analyzing the lifecycle of personal information in a client’s credit assessment product, focusing on criminal risks in data sources and exports.

Regulatory and Compliance

European direct sales company: analysis and recommendations for a European direct sales company’s direct sales license application, product imports, product filings, trademark protection, and e-commerce operation compliance.

U.S. direct sales company: analysis and recommendations for a U.S. direct sales company’s direct sales license application, product imports, product filings, trademark protection, and e-commerce operation compliance.

European equipment manufacturer: analysis and recommendations regarding Chinese laws on the export control of goods and technologies for a European equipment manufacturer.

Smart device and IoT company: serving as the global legal counsel for a Chinese smart device and IoT company, providing legal services for overseas company establishment, product sales, data compliance, and dispute resolution.

What can we do for you ?

Contact Us +