Privacy & Cookies Policy (Full Version)

Font Size:

Default Large Extra

Last Updated: 25 Aug. 2023 (Effective since 1 Sep. 2023)
Most recent updated items are shown in blue.

Privacy & Cookies Policy | Terms of Service

Hello there! I am Ken and welcome to Ken's Study Journey!

I care about your privacy and your privacy safety is my responsibility.

In order to protect your privacy and comply with major privacy regulations around the world, I made this policy to let everyone know about my privacy usage.

This Privacy & Cookies Policy will describe:

What information and data I will and will not collect and share;
Why I collect your information and data;
Your rights to your information and data, including viewing, editing and deleting;
Where your data is stored;
How long will I keep your information and data.

You may read the Simplified Version to briefly understand the content. However, please read the full text for full legal requirements.

1. The Service Owner and Data Controller

This is a contract between Ken Deng and Ken’s Study Journey (‘I’, ‘me’, and ‘my’) and the user (‘you’).

Ken's Study Journey is the brand name of my (Ken Deng’s) public resources of my study tips and tutorials.

This website is my personal website, which does not belong to any companies or organisations.

My emails are shown on the contact page (hidden here to prevent spam).

If you have any questions, need to withdraw your privacy consent or delete your data, or you found that I violated this policy, please contact me.

2. Information I Collect

By using my services, you agree that I will collect some necessary information listed below for analytics, statistics, improving my services, and preventing spam and misbehaviours.

To better protect your privacy and personal information, I only collect the information strictly necessary for my services.

Information entered by yourself

Your name/nickname;
Your comment content;
Your email address;
Your account password;
Article vote/like information;
Your content stored on Ken’s Study Planner, including but not limited to study plan, goals, schedule, books;
Your devices and display information on Ken’s Study IoT.

Information automatically sent by your browser, device or app

Your Internet Protocol (IP) address and its approximate location (see Section 7 below) and port number;
Your browser’s “User-Agent” information (including but not limited to browser and OS types and versions, browser language);
Cookies and other identifiers (see Section 4 below).

Information I collect in each feature/service

When you click the “Like” button or vote on my articles, I will collect your IP address, port number and browser’s “User-Agent” information for analytics and statistics.
When you post a comment on my website, I will collect your name/nickname, email address, comment content, IP address, port number and browser’s “User-agent” information for analytics, statistics, public displaying your comment, replying to your comment and anti-spam requirements.
When you subscribe to my email newsletter, I will collect your email address, IP address, port number and browser’s “User-agent” information for your email subscription.
When you sign up for an account, I will collect your email address, password, IP address, port number, browser’s “User-agent” information and name/nickname for analytics, statistics, and for providing you with such services.
When you log in to your account, I will collect your email address, password, IP address, port number and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
When you add, edit and/or remove content on Ken’s Study Planner and/or Ken’s Study IoT, I will collect your entered content, IP address, port number, activity logs and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
When you add and use a device on Ken’s Study IoT, I will collect your device’s IP address, including IPv4 and IPv6 addresses, and your browser’s “User-agent” information for providing you with such services, determine whether your device is online or offline, and anti-spam requirements (e.g. to trace hacking).

All information above except for the last one has been collected within the last 12 months.

Only your name, nickname, comments and IP address approximate locations “State/Province, Country” will be displayed publicly. I do not publicly display your other information without your permission.

My websites and apps may send anonymous bug and crash reports automatically at any time without your knowledge to let me pinpoint and fix bugs and technical difficulties quickly and easily, and enhance user experience. This only contains URLs and relevant code file locations for reproducing the errors and does not contain any personal information.

3. Information I Do Not Collect and Share

I shall not collect and share your private information without your explicit permission except for the requirements of laws, including but not limited to:

Your ID card number;
Your physical address or GPS locations;
Your credit/debit card information;
Your browser's favourites bar;
Your screen;
Your device password;

If I collect or share such information without your permission, except for the requirements of laws, regulations or authorities, it indicates that I violated the Privacy Policy and please contact me.

4. Cookies

My website uses Cookies to improve my services, enhance your user experience, enhance security, for personalisation including your preferences like dark mode, and for anti-spam and anti-abuse requirements.

I shall never share your Cookies. Your Cookies are stored in your browser securely, and on my servers only for encrypted unique login identifiers.

You have the right to choose to delete or block any Cookies. However, please note that disabling and/or blocking certain Cookies may cause an interruption in my services which will not function normally.

All Cookies with sensitive information (e.g. login identifier) are with Secure mode enabled, which will be transmitted from your browser only when using HTTPS.

Cookies Details

The following table illustrates the Cookies used on my services for different purposes. All Cookies used on my services are categorised as strictly necessary and there are no functional, analytics/statistics and marketing cookies.

Cookie Name	Category	Duration	Purpose
eucookie-banner-closed	Necessary	180 days	Indicate you have closed the Cookies banner.
apple-dark-mode	Necessary	180 days	Set the dark mode on the website.
vote_user_id	Necessary	180 days	The unique user ID for votes and post likes. Avoid repeated votes and spam.
pm_login_secret	Necessary	180 days	Store the unique device identifier when logging in to your Ken’s Study Journey account.
iot_device_secret	Necessary	1800 days	Store the unique device identifier when adding a device on Ken’s Study IoT.

5. Privacy Safety and Encryption

My services use HTTPS, SSL Certificates, TLS >= 1.2, HSTS policy, Content Security Policy and some strong encryption algorithms (e.g. AES-256) to encrypt and secure your data. For your safety, you should add https:// as the prefix of the web address (e.g. https://www.kenstudyjourney.cn).

The HSTS header of my website will be stored on your browser and is valid for 365 days (31,536,000 seconds) upon your first visit.

If you see security/privacy errors, including but not limited to 'Not (Fully) Secure’, 'Certificate Error', 'Invalid Certificate' or 'Privacy Error’, on your browser while using my website, please contact me to fix the problem and ensure data and personal information security.

All collected private information will be encrypted and stored on China Mainland core servers.

All IDC (Internet Data Centre) providers used have passed the European General Data Protection Regulation (GDPR) compliance process, plus Internet Information Security Hierarchical Protection for China (CN) server datacentres.

I use my maximum effort to enhance data security and privacy. However, despite adequate and modern security measures, there is no warranty that all information transmitted and stored can be 100% secure.

In the event of server hacking and disclosure of data (also known as Data Breach), I shall notify affected users within 3 days (72 hours), report to authorities, handle the leaked data securely using my maximum effort as soon as possible and prevent making the incident worse. In the occurrence of this case, the server(s) will perform an emergency Internet disconnection to protect your privacy according to my Terms of Service (Section 18).

6. What Data will I Read and Process (by Humans)?

I read all public comments for moderation, replying and anti-spam requirements.

When I reply to your email messages, I will read your message, real name and email address for sending replies.

I read anonymous error logs to track outages, identify and fix bugs and errors.

I read activity logs only in case of misbehaviours (e.g. attacks such as (D)DoS, CC, etc. and hacking), service outages or orders by authorities for evidence investigation.

I may view the statistical data at any time to make statistics on the number of visitors and users.

I shall never read your private data and personal information stored on my services, including but not limited to Ken’s Study Planner and Ken’s Study IoT, without your permission.

7. Third-party Services, APIs and Platforms

Without your permission, I shall never share your data collected by me and my server with third-party services and platforms except for some data that are necessary for the provision of my services.

To ensure the full functionality of my services, my services are currently using the following third-party APIs:

Aiwen Technology (埃文科技) paid IP address locations big data
- Website: ipplus360.com
- Information to Share: IP address (including IPv4 and IPv6 addresses);
- API Location (Data will be Sent to): China (CN);
- Purpose: Obtain approximate location information of an IP address;
- Method: Server-side API;
- Privacy Policy (Chinese-Simplified): https://ipplus360.com/privacy-policy
Alibaba Mail
- Website: qiye.aliyun.com
- Information to Share: Email address and content;
- API Location (Data will be Sent to): China (CN);
- Purpose: Send and receive emails using website domain name;
- Method: IMAP and SMTP protocols;
- Privacy Policy (Chinese-Simplified): https://help.aliyun.com/document_detail/466827.html

The API platforms may collect some information while using my services, including but not limited to:

Your IP address (may be sent to Aiwen Technology, for obtaining IP address approximate locations);
Your email address (may be sent to Alibaba Mail, for sending emails).

When you enter and associate Ken’s Study Planner calendar subscription URLs (ICS/iCalendar format) with your third-party calendar applications (e.g. Ken’s Study IoT, your system calendar, iCloud Calendar, Google Calendar), your events stored on Ken’s Study Planner may be sent to the corresponding platforms subscribed to these URLs.

In principle, your data will not be sent outside my servers in case you associate multiple Ken’s Study Journey products (e.g. associating Ken’s Study IoT with your Ken’s Study Planner calendar events).

I shall never transfer your information and/or data to a third party without notice and your consent.

In case of the acquisition or merging of my services by a third party, I shall post a notice to you about the receiver of your information and data. I shall also notify the receiver to continue complying with this Privacy Policy. Such information and data will be transferred 7 days after the notice. During this period, you have the right to reject the data transfer, delete your data and account, and stop using my services.

8. Logs

My servers may keep some activity logs including the times, URLs, IP addresses and port numbers. This is only used by myself for tracing outages and misbehaviours such as circumvention of security controls (also known as Hacking).

Ken’s Study Planner and Ken’s Study IoT may also record activity logs under your account. Such logs are encrypted, only visible by you, valid for 7 days, and used for trace and report hacking.

They also keep logs in case of an error or fault on client-side and server-side codes as references for debugging.

My email system may record and log an encrypted version of sent emails to trace hacking and HTML code errors.

9. How Long do I Keep your Data?

I may keep some data on my servers for anti-spam requirements, for my analytics, and for subscriptions.

I will keep the following data on my servers until you request to delete them:

Your subscription email address;
Your comments (waiting for moderation or approved);
Your data stored on Ken’s Study Planner and Ken’s Study IoT;
Your account.

Apart from the data listed above, all other data will be saved for the shortest time that I need to provide my services to you.

When you use Ken’s Study Planner app without an account or without Internet access, your data will be stored on your device, and will not be automatically exported or uploaded to my servers;
When you click the “Delete” button under your content on Ken’s Study Planner or Ken’s Study IoT, or when you remove a device on Ken’s Study IoT, your corresponding data is to be permanently removed immediately from all my core servers;
Your email address is to be permanently removed immediately from all my core servers after you unsubscribe from my email newsletter;
Your email address and data are to be permanently removed from all my core servers after 7 days upon your account deletion request;
In accordance with China Internet Security Law (Section 21 (c)), activity logs are saved on my servers for at least 6 months (180 days);
Anonymised error logs will be stored until the corresponding bugs will be successfully fixed;
The rejected comments will be stored in 30 days on my servers in case of making references and processing your appeals.

In case of service termination, I shall notify you and the collected personal information and data shall be permanently deleted or pseudonymised within a reasonable period (no more than 7 days).

10. Viewing, Correcting, Deleting Information and Opt-out

According to CCPA (California Consumer Privacy Act), “sell”, “selling”, “sale”, or “sold” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration.

According to CCPA and China Personal Information Protection Law, you have the right to send a request email to me, using my contacts in Section 1 above, to view and/or edit your information, withdraw your consent, stop me from disclosing your personal information, and delete or edit your comments on my website, especially if you are a resident in California (United States) or China.

Your request email should include:

subject: ‘Website Privacy Consent Withdraw / Website Information Correction’;
type of your request: correcting/deleting your data, stopping me to sell your personal information, etc.;
your full name*;
your email address*;
the country and/or city/province/state you live in*;
details of your request.

* The details of your request shall be collected and processed according to your request details and this privacy policy.

Once I received your request, I shall respond within 7 days, or within 45 days in case of the busyness of my study tasks. This request is completely free of charge and I will use understandable language to respond to you.

If you found that I infringed your privacy and violated this Privacy Policy, please contact me immediately. I shall delete relevant data within 7 days, or within 45 days in case of the busyness of my study tasks.

According to my Terms of Service, CCPA and China Personal Information Protection Law (Section 16), I shall not maltreat you even if you choose to reject me from collecting your data or using Cookies, or you have sent me the requests mentioned above, unless they are required for the provision of my services, including necessary Cookies.

You may unsubscribe from my Email Newsletter and permanently delete your email address by clicking the “Unsubscribe” button/link at the bottom of any of my emails.

You have the right to view, modify, correct, and delete the data on your account in the corresponding sections and in Settings at any time. You can also delete your account in Settings by following the on-screen instructions.

You may choose to delete all Cookies from your browser, withdraw your Cookies consent, and send a request on this page:

Do Not Sell my Personal Information

In case of the death of a Ken’s Study Journey (including Ken’s Study Planner and Ken’s Study IoT) user, his/her parents have the right to view, modify and delete his/her information and data by sending such request to me for their legitimate interests.

11. Permissions

My services shall not collect and use sensitive information on your device or browser without your permission, or use sensitive permissions without your consent, including but not limited to:

Non-essential Cookies;
Microphone;
Camera and Photos;
Location services and GPS;
Contacts;
Files and Folders on your devices.

My websites and apps only use permissions strictly necessary for my services and only at the times when necessary. They shall not ask for permissions in advance, overuse unnecessary permissions, or refuse to provide services after rejecting unnecessary permissions.

You have the right to choose either to allow or reject them on your device and/or browser settings.

On new iOS and iPadOS, you have the right to opt to allow access to only certain photos, and/or choose “Ask App Not to Track”.

On new iOS, iPadOS and macOS, you also have the right to trace Microphone, Camera or Location Services misuse on the orange, green or blue dots on the status bar at the top-right corner of your screen.

12. Your rights to your data

You have the right to control my data usage.

You may block or disable Cookies in your browser settings. Also, you may enable sending 'Do Not Track' in your browser.

You also have the right to send me a request to view, edit, correct and/or delete your data (see Section 10 above).

13. Privacy Protection and Rights for Children and Parents

According to China Personal Information Protection Law (Section 31), my services have special privacy protection for children under 14 years old. Their parents have the right to consent, control and withdraw my usage of their information at any time.

Parents have the right to make requests to view, edit, correct and delete children's information and data according to Section 10 of this policy.

14. Data Storage and Overseas, Cross-countries Data Transmission

The headquarters, main server node and core servers of Ken’s Study Journey are in Guangzhou City, Guangdong Province, People’s Republic of China.

In normal circumstances, you are directed to your nearest edge server by the DNS and/or load-balancer. You may view the edge server number (e.g. CN-CAN-01) you have been allocated to at the website footer or HTTP header.

Server: Ken's Server
Server-Node: CN-HKG-E-01

In rare circumstances where all edge servers in a region are overloaded or malfunctioning, you may be temporarily redirected to another edge server in another country/region for at least an hour and up to 3 days / 72 hours.

In principle, to ensure data security, users in China Mainland shall not be redirected to server nodes outside China. In case of all China Mainland servers malfunction, domestic backup server nodes will be used.

Ken’s Study Journey may add, remove and modify additional server nodes and/or their locations to expand the services in different locations, study overseas and improve service liability.

In principle, to ensure data security and according to some privacy regulations, all private user data and information are stored in China Mainland.

Publicly-displayed information, including but not limited to articles, videos, photos, and comments (not including email and IP addresses) will be distributed to all edge servers worldwide after moderation and approval.

When users in other countries/regions are visiting my website and using my services, only some strictly necessary data and Cookies will be transmitted to corresponding locations where the edge server and the user nestle.

For users outside China Mainland having doubts or objections related to the places or methods of data transfer or storage, or if they are not complying with the laws or regulations of your places of residence, please contact me, using the contacts shown in Section 1, to process your data properly.

During the overseas and cross-countries data transmission, some level of protection methods shall be used, including but not limited to HTTPS, SSL Certificates, TLS 1.3 and some strong encryption algorithms (e.g. AES-256), to avoid interception and leakage by hackers. They will comply with the most relevant privacy regulations around the world.

All server backups shall take place in China Mainland (e.g. Guangzhou, China headquarters and other China Mainland branches). The private user backup data shall not leave China Mainland in principle.

15. Data Backup

Server Data Backup may be implemented on a regular basis to protect against data loss and for recovery after such event.

Data backup may take place:

among different core servers;
between core servers and headquarters/branch buildings.

In case of data deletion, such deleted data may take a few days and up to a few weeks to validate IDs against and delete from the backups.

16. Legal

I have made this policy in accordance with the privacy regulations, including but not limited to the Personal Information Protection Law in the People’s Republic of China.

This Privacy Policy is subject to change at any time to comply with the latest amendments of regulations.

In accordance with China Personal Information Protection Law (Section 13) and European Union GDPR (Article 2, Section 9), I may collect and process your personal information without your consent, but with a notice as soon as possible, in the following circumstances:

When necessary to conclude and perform the contract to which an individual is a party;
When necessary to implement human resources management in accordance with the labour rules and regulations formulated according to law and the collective contract signed according to law;
When necessary for the performance of legal duties or obligations;
When necessary to respond to public health emergencies or to protect the life, health and property safety of natural persons in emergencies;
When necessary to implement news reporting, public opinion supervision and other acts for the public interest, and handle personal information within a reasonable range;
Dispose of personal information disclosed by individuals or other legally disclosed personal information within a reasonable scope;
Other circumstances listed in laws and regulations.

The data collected by law, regulation and authority requirements shall be collected, stored and encrypted on my servers accordingly. Please note that this may override the information declared in Sections 2 and 3.

The location of the signature of this agreement is in Zengcheng District, Guangzhou City, Guangdong Province, People’s Republic of China.

17. Change

I reserve the right to change the Privacy & Cookies Policy to comply with the latest amendments of privacy-related laws and regulations, improve the declarations of my privacy usage, and adapt to the latest privacy protection technology developments.

In the event of a new version of this policy, I shall notify you, including but not limited to using email newsletter and website notice area (orange blocks).

After updating rules and policies, you agree with the new version by continuing to use my services. If you do not agree with my new rules and policies, please unsubscribe from my content and stop using my services before the new effective date.

18. About This Policy

I will protect your privacy by following this policy.

I periodically re-read this policy to ensure adequate privacy protection from time to time.

Please supervise together. If you found I violate the policy and infringe your privacy, or if you have any doubts or concerns, please contact me using the contacts in Section 1 above to understand them, make a correction and remove collected data without your consent, if any, as soon as possible.

I reserve the right to interpret this policy.

19. Definitions of Proper Nouns

Personal Information

From China Personal Information Protection Law (Section 4):

Any information that has identified or can identify a natural person and is recorded using electronic and other forms.

This does not include pseudonymised information.

IP Address

Internet Protocol Address to identify a place and/or device on the Internet.

This may be IPv4 (e.g. 123.45.67.89) and IPv6 (e.g. 2401:1234:5678:90ab::cd:ef)

Cookies

Small text files (often encrypted) stored on browsers and apps.

They may contain login information, your preferences, activity records, etc.

User-agent String

A string sent automatically by web browsers and mobile apps to identify the browser and operating system (OS) type, version and language.

URL

Uniform Resources Locator that identifies each page on a website.

For example: https://www.kenstudyjourney.cn/en/about/

Logs

Text files stored on web servers containing code file locations, access times, IP addresses, port numbers, domain names, etc.

This is used for future investigation in the event of misuse or code/server crash.

Permissions

Control by the user whether a website or an app can gain access to sensors and personal information on the browser or device.

This can be Camera, Microphone, Contacts, Photos, Location (GPS) Services, etc. and can be changed on device/browser settings.

API

Application Program Interface that can be used to integrate with other third-party services by entering and returning necessary data to provide extended functionality of services.

For example, my services use Aiwen Technology API and send the user’s IP address to obtain its approximate location.

Pseudonymisation

From China Personal Information Protection Law (Section 73 (d)):

The process of personal information after which a specific natural person cannot be identified and restored.

Data Backup

A measure of protection from data loss by storing copies of data among different media, including but not limited to backup servers, external backup disks (HDD or SSD) and local computers.

Edge Server

The server(s) that are only responsible for files and public data cache and distribution and private data forwarding between nearby visitors and Core Servers, where internal networks are used for Core Servers. Connection to the Internet is necessary.

Core Server

The server(s) are responsible for core services, including but not limited to data storage, encryption and decryption, and calculation.

Old Version Archives

1 Sep. 2023 (current)

1 May 2023