Last Updated: 15 Feb. 2023 (Taken Effect on 1 Mar. 2023)
Privacy & Cookies Policy | Terms of Service
Simplified Version | Download PDF
Hello there! I am Ken and welcome to Ken's Study Journey!
I care about your privacy and your privacy safety is my responsibility.
In order to protect your privacy and comply with major privacy regulations around the world, I made this policy to let everyone know about my privacy usage.
- What information and data I will and will not collect and share;
- Why I collect your information and data;
- Your rights to your information and data, including viewing, editing and deleting;
- How long will I keep your information and data.
You may read the Simplified Version to briefly understand the content. However, please read the full text for full legal requirements.
1. The service owner and data controller
This is a contract between Ken Deng (‘I’, ‘me’, and ‘my’) and the user (‘you’).
Ken's Study Journey is the brand name of my (Ken Deng’s) public resources of my study tips and tutorials.
This website is my personal website, which does not belong to any companies or organisations.
My emails are shown on the contact page (hidden here to prevent spam).
2. Information I collect and share. When, why, and how do I collect them
By using my services, you agree that I will collect some necessary information listed below for analytics, statistics, improving my services, and preventing spam and misbehaviours.
To better protect your privacy and personal information, I only collect the information strictly necessary for my services.
Information entered by yourself
- Your name/nickname;
- Your comments;
- Your email address;
- Your account password;
- Your content stored on Ken’s Study Planner, including but not limiting to study plan, goals, schedule, books;
- Your devices and display information on Ken’s Study IoT.
Information automatically sent by your browser, device or app
- Your Internet Protocol (IP) address and its approximate location (see Article 7 below);
- Your browser’s “User-Agent” information (including but not limited to browser and OS types and versions, browser language);
- Cookies and other identifiers (see Article 4 below).
Information I collect in each feature/service
- When you click the “Like” button in my articles, I will collect your IP address for analytics and statistics.
- When you post a comment on my website, I will collect your name/nickname, email address, comment, IP address and browser’s “User-agent” information for analytics, statistics, public displaying your comment, replying to your comment and anti-spam requirements.
- When you subscribe to my email newsletter, I will collect your email address, which may be sent to GoDaddy email subscription service/system, for your email subscription.
- When you sign up for an account on Ken’s Study Planner and/or Ken’s Study IoT, I will collect your email address, password and name/nickname for analytics, statistics, and for providing you with such services.
- When you log in to your Ken’s Study Planner and/or Ken’s Study IoT account, I will collect your email address, password, IP address and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
- When you add, edit and/or remove content on Ken’s Study Planner and/or Ken’s Study IoT, I will collect your entered content, IP address, activity logs and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
- When you add and use a device on Ken’s Study IoT, I will collect your device’s IP address, including IPv4 and IPv6 addresses, and browser’s “User-agent” information for providing you with such services, determine whether your device is online or offline, and anti-spam requirements (e.g. to trace hacking).
All information above has been collected within the last 12 months.
Only your name, nickname, comments and IP address approximate locations “State/Province, Country” will be displayed publicly. I do not publicly display your other information without your permission.
My websites and apps may send anonymous bug and crash reports automatically at any time without your knowledge to let me pinpoint and fix bugs and technical difficulties quickly and easily, and enhance user experience. This only contains URLs and relevant code file locations for reproducing the errors and does not contain any personal information including IP addresses.
3. Information I do not collect and share
I shall not collect and share your private information without your explicit permission except for the requirements of laws, including but not limited to:
- Your ID card number;
- Your physical address or GPS locations;
- Your credit/debit card information;
- Your browser's favourites bar;
- Your screen;
- Your device password;
- Your device's MAC address.
I shall never share your Cookies. Your Cookies are stored in your browser securely, and on my servers only for encrypted unique login identifiers.
You have the right to choose to delete or block any Cookies. However, please note that disabling and/or blocking certain Cookies may cause an interruption in my services which will not function normally.
All Cookies with sensitive information (e.g. login identifier) are with Secure mode enabled, which will be transmitted from your browser only when using HTTPS.
The following table illustrates the Cookies used on my services for different purposes. All Cookies used on my services are categorised as strictly necessary and there are no functional, analytics/statistics and marketing cookies.
|eucookie-banner-closed||Necessary||180 days||Indicate you have closed the Cookies banner.|
|apple-dark-mode||Necessary||180 days||Set the dark mode on the website.|
|articles_liked_<artice ID>||Necessary||24 hours||Indicate you have liked an article.
Avoid repeated votes and spam.
|pm_login_secret||Necessary||180 days||Store the unique device identifier when logging in to your Ken’s Study Planner account.|
|iot_login_secret||Necessary||180 days||Store the unique device identifier when logging in to your Ken’s Study IoT account.|
|iot_device_secret||Necessary||1800 days||Store the unique device identifier when adding a device on Ken’s Study IoT.|
5. Privacy safety and encryption
My services use HTTPS, SSL Certificates, TLS >= 1.2, HSTS policy, Content Security Policy and some strong encryption algorithms (e.g. AES-256) to encrypt and secure your data. For your safety, you should add https:// as the prefix of the web address (e.g. https://www.kenstudyjourney.com).
The HSTS header of my website will be stored on your browser and is valid for 365 days (31,536,000 seconds) upon your first visit.
If you see security/privacy errors, including but not limited to 'Not (Fully) Secure’, 'Certificate Error', 'Invalid Certificate' or 'Privacy Error’, on your browser while using my website, please contact me to fix the problem and ensure data and personal information security.
All of my collected information will be stored and encrypted on my server.
I use my maximum effort to enhance data security and privacy. However, despite adequate and modern security measures, there is no warranty that all information transmitted and stored can be 100% secure.
In the event of server hacking and disclosure of data (also known as Data Breach), I shall notify affected users within 3 days (72 hours), handle the leaked data securely using my maximum effort as soon as possible and prevent making the incident worse. In the occurrence of this case, the server(s) will perform an emergency Internet disconnection to protect your privacy according to my Terms of Service Article 16.
6. What data will I read and process (by humans)?
I will read all public comments for moderation, replying and anti-spam requirements.
When I reply to your messages, I will read your message, real name and email address for sending replies.
I will read anonymous error logs to track outages, identify and fix bugs and errors.
I will read activity logs only in case of misbehaviours (e.g. (D)DoS attack and hacking) or service outages for evidence investigation.
I shall never read your private data and personal information stored on my services, including but not limited to Ken’s Study Planner and Ken’s Study IoT.
7. Third party services, APIs and platforms
Without your permission, I shall never share your data collected by me and my server with third-party services and platforms except for some data that are necessary for the provision of my services.
To ensure the full functionality of my services, my services are currently using the following third-party APIs:
Google reCAPTCHA anti-spam system;
- Website: www.google.com/recaptcha
- Information to Share: browser’s “User-Agent” information, keyboard/mouse behaviours;
- Purpose: Prevent robots and crawlers from crawling private information and carrying out sensitive activities;
- Method: Server-side API
IPinfo.io IP address locations big data;
- Website: ipinfo.io
- Information to Share: IP address;
- Purpose: Obtain approximate location information of an IP address;
- Method: Server-side API
ZX IP address locations big data;
- Website: ip.zxinc.org
- Information to Share: IP address;
- Purpose: Obtain approximate location information of an IP address;
- Method: Server-side API
GoDaddy email subscription and domain professional email system.
- Website: gem.godaddy.com
- Information to Share: Email address;
- Purpose: Send my subscription emails to subscribers;
- Method: Server-side API
The API platforms may collect some information while using my services, including but not limited to:
- Your email address (may be sent to GoDaddy (Email Marketing) for my email newsletter);
- Your IP address and browser “User-agent” information (may be sent to Google (reCAPTCHA), IPinfo.io and ZX, for anti-spam requirements).
Part of my services and systems are powered by the following third-party hosting providers:
- Alibaba Cloud
The hosting providers will never collect and share any personal and private information.
When you enter and associate Ken’s Study Planner calendar subscription URLs (ICS/iCalendar format) with your third-party calendar applications (e.g. Ken’s Study IoT, your system calendar, iCloud Calendar, Google Calendar), your events stored on Ken’s Study Planner may be sent to the corresponding platforms subscribed to these URLs.
Note: Your data will not be sent outside my servers in case you associate multiple Ken’s Study Journey products (e.g. associating Ken’s Study IoT with your Ken’s Study Planner calendar events).
I shall never transfer your information and/or data to a third-party without notice and your consent.
My servers may keep some activity logs including the times, URLs and IP addresses. This is only used by myself for tracing outages and misbehaviours such as circumvention of security controls (also known as Hacking).
Ken’s Study Planner and Ken’s Study IoT may also record activity logs under your account. Such logs are encrypted, only visible by you, valid for 7 days, and used for trace and report hacking.
They also keep logs in case of an error or fault on client-side and server-side codes as references for debugging.
9. How long do I keep your data?
I may keep some data on my servers for anti-spam requirements, for my analytics, or for subscriptions.
I will keep the following data on my server until you request to delete them:
- Your subscription email address;
- Your comments (waiting for moderation or approved);
- Your data stored on Ken's Study Planner and Ken’s Study IoT;
- Your account.
Apart from the data listed above, all other data will be saved for the shortest time that I need to provide my services to you.
- When you use Ken’s Study Planner app without an account or without Internet access, your data will be stored on your device, and will not be automatically exported or uploaded to my servers;
- When you click the “Delete” button under your content on Ken’s Study Planner or Ken’s Study IoT, or when you remove a device on Ken’s Study IoT, your corresponding data is to be permanently removed immediately from all my server nodes after I reply to your comments or you delete your account;
- Your email address is to be permanently removed immediately from all my server nodes after I reply to your comments or you unsubscribe from my email newsletter;
- Your email address and data are to be permanently removed from all my server nodes after 7 days upon your account deletion request;
- In accordance with China Internet Security Act (Section 21 (c)), activity logs are saved on my servers for at least 6 months (180 days);
- Anonymised error logs will be stored until the corresponding bugs will be successfully fixed;
- The rejected comments will be stored within 30 days on my servers in case of making references and processing your appeals.
In case of service termination, I shall notify you and the collected personal information and data shall be permanently deleted or pseudonymised within a reasonable period (no more than 7 days).
10. Viewing, Correcting, Deleting Information and Opt-out
According to CCPA (California Consumer Privacy Act), “sell”, “selling”, “sale”, or “sold” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration.
According to CCPA and China Personal Information Protection Act, you have the right to send a request email to me to view and/or edit your information, withdraw your consent, stop me from disclosing your personal information, and delete or edit your comments on my website, especially if you are a resident in California (United States) or China.
Your request email should include:
- subject: ‘Website Privacy Consent Withdraw / Website Information Correction’;
- type of your request: correcting/deleting your data, stopping me to sell your personal information, etc.;
- your full name*;
- your email address*;
- the country and/or city/province/state you live in*;
- details of your request.
Once I received your request, I shall respond within 7 days, or within 45 days in case of the busyness of my study tasks. This request is completely free of charge and I will use understandable language to respond to you.
According to my Terms of Service, CCPA and China Personal Information Protection Act (Section 16), I shall not maltreat you even if you choose to reject me from collecting your data or using Cookies, or you have sent me the requests mentioned above, unless they are required for the provision of my services, including necessary Cookies.
You may unsubscribe from my Email Newsletter and permanently delete your email address by clicking the “Unsubscribe” button/link at the bottom of any of my emails.
On Ken’s Study Planner and Ken’s Study IoT, you have the right to view, modify, correct, and delete your data in the corresponding sections and in Settings at any time. You can also delete your account in Settings by following the on-screen instructions.
You may choose to delete all Cookies from your browser, withdraw your Cookies consent, and send a request on this page:
Do Not Sell my Personal Information
In case of the death of a Ken’s Study Journey (including Ken’s Study Planner and Ken’s Study IoT) user, his/her parents have the right to view, modify and delete his/her information and data by sending such request to me for their legitimate interests.
My services shall not collect and use sensitive information on your device or browser without your permission, or use sensitive permissions without your consent, including but not limited to:
- Non-essential Cookies;
- Camera and Photos;
- Adobe Flash (now stopped service);
- Location services and GPS;
- Files and Folders.
My websites and apps only use permissions strictly necessary for my services and only at the times when necessary. They shall not ask for permissions in advance, overuse unnecessary permissions, or refuse to provide services after rejecting unnecessary permissions.
You have the right to choose either to allow or reject them on your device and/or browser settings.
On new iOS and iPadOS, you have the right to opt to allow access to only certain photos, and/or choose “Ask App Not to Track”.
On new iOS, iPadOS and macOS, you also have the right to trace Microphone and Camera misuse on the orange/green dots on the status bar at the top-right corner of your screen.
12. Your rights to your data
You have the right to control my data usage, and view, edit, correct and delete your data.
You can block or disable Cookies in your browser settings. Also, you can enable sending 'Do Not Track' in your browser.
You also can send a request to me to view, edit, correct and delete your data from my server.
13. Privacy Protection and Rights for Children and Parents
According to China Personal Information Protection Act (Section 31), my services have special privacy protection for children who are under 14 years old. Their parents have the right to consent, control and withdraw my usage of their information at any time.
Parents have the right to make requests to view, edit, correct and delete children's information and data according to Article 10 of this policy.
14. Overseas and Cross-countries Data Transmission
My servers are situated in the countries of my branches, the People’s Republic of China (CN) and the United Kingdom (UK), where the former (China (CN) server) shall be the main server.
My servers are connected, using Border Gateway Protocol (BGP) technology, with the following Internet Service Providers (ISPs):
- China Telecom (AS4134, AS4809, AS23764)
- China Mobile (AS9808, AS58453)
- China Unicom (AS4837, AS9929, AS10099)
- Hong Kong Internet Exchange (HKIX)
- Equinix (AS9498)
- NTT Communications (AS2914)
- PCCW Global (AS3491)
- HGC Global Communications (AS9304)
- London Internet Exchange (LINX) (AS34984)
- NTT Communications (AS2914)
- Cogent Communications (AS174)
- Telia Company (AS1299)
- Level 3 Communications (AS3356)
Based on the traceroute results on all server sides, inter-server data transmission is processed with NTT Communications (AS2914) ISP international backbone network.
In normal circumstances, you are directed to your nearest branch/server by the DNS and/or load-balancer. You may view the server number (e.g. CN01) you have been allocated to at the website footer or HTTP header.
Server: Ken Deng's Server
In rare circumstances where all servers in a region are overloaded or malfunctioning, you may be temporarily redirected to another server in another country/region and you agree that your data may be transferred overseas (usually for at least an hour, but for no more than 3 days / 72 hours). I shall notify you, on the Service Status Page of such an event and this is completely temporary.
To prevent counterfeit web servers, PTR reverse DNS records are added to all server’s IPv4 addresses “uk01.server.kenstudyjourney.com” and some server’s IPv6 addresses wherever possible. All server’s IPv6 addresses contain “1603” in the seventh part.
I may increase the number of my server nodes in the future to further enhance user experience. Users with close distances may be allocated to the newly-added server nodes after adding them which may nestle in a different country/region. I shall notify you at least 7 days before the new server nodes will take effect.
In principle, to ensure data security and according to some privacy regulations, the data from users in China will be stored in the PRC, and the data from users in European countries will be stored in the UK (Europe).
Only some strictly necessary data and Cookies will be transmitted to corresponding places when users in other countries/regions are visiting my website and using my services.
During the overseas and cross-countries data transmission, some level of protection methods shall be used, including but not limited to HTTPS, SSL Certificates, TLS 1.3 and some strong encryption algorithms (e.g. AES-256), to avoid interception and leakage by hackers. They will comply with the most relevant privacy regulations around the world.
I have made this policy in accordance with the privacy regulations, including but not limited to Personal Information Protection Act in China, General Data Protection Regulation (GDPR) in European Union and California Consumer Privacy Act (CCPA) in California, the United States.
In accordance of China Personal Information Protection Act (Section 13) and European Union GDPR (Article 2, Section 9), I may collect and process your personal information without your consent, but with a notice as soon as possible, in the following circumstances:
- When necessary to conclude and perform the contract to which an individual is a party;
- When necessary to implement human resources management in accordance with the labour rules and regulations formulated according to law and the collective contract signed according to law;
- When necessary for the performance of legal duties or obligations;
- When necessary to respond to public health emergencies or to protect the life, health and property safety of natural persons in emergencies;
- When necessary to implement news reporting, public opinion supervision and other acts for the public interest, and handle personal information within a reasonable range;
- Dispose of personal information disclosed by individuals or other legally disclosed personal information within a reasonable scope;
- Other circumstances listed in laws and regulations.
The data collected by law requirements shall be collected, stored and encrypted on my servers accordingly. Please note that this may override the information declared in Articles 2 and 3.
The locations of the signature of this agreement are in the cities of my branch, Guangzhou, Guangdong, China and London, England, United Kingdom.
After updating rules and policies, you agree with the new version by continuing to use my services. If you do not agree with my new rules and policies, please unsubscribe from my content and stop using my services before the new effective date.
17. About This Policy
I will protect your privacy by following this policy.
Please supervise together. If you found I violate the policy and infringe your privacy, or if you have any doubts or concerns, please contact me using the contacts in Article 1 in this policy and I will help you understand them, make a correction and remove collected data without your consent, if any, as soon as possible.
I reserve the right to interpret this policy.
18. Explanations of Proper Nouns
Internet Protocol Address to identify a place and/or device on the Internet.
This may be IPv4 (e.g. 220.127.116.11) and IPv6 (e.g. 2401:1234:5678:90ab::cd:ef)
Small text files (often encrypted) stored on browsers and apps.
They usually contain login information, your preferences, and activity records.
A string sent automatically by web browsers and mobile apps to identify the browser and operating system (OS) type, version and language.
Uniform Resources Locator that identifies each page on a website.
For example: https://www.kenstudyjourney.com/about/
Text files stored on web servers. It usually contains code file locations, access times, IP addresses, port numbers and domain names.
This is used for future investigation in the event of misuse or code/server crash.
Control by the user whether a website or an app can gain access to sensors and personal information on the browser or device.
This can be Camera, Microphone, Contacts, Photos, Location (GPS) Services, etc. and can be changed on device/browser settings.
Application Program Interface that can be used to integrate with other third-party services by entering and returning necessary data to provide extended functionality of services.
For example, my services use IPinfo.io API and send the user’s IP address to obtain its approximate location.
From China Personal Information Protection Act (Section 73 (d)):
The process of personal information after which a specific natural person cannot be identified and restored.
Your comment has been posted successfully, but it needs to be audited by myself artificially to prevent spam and negative comments.
Please wait for a few days. You will receive an email once your comment has been replied.