Privacy & Cookies Policy (Full Version)

Last Updated: 15 Feb. 2023 (Taken Effect on 1 Mar. 2023)

Privacy & Cookies Policy | Terms of Service

Hello there! I am Ken and welcome to Ken's Study Journey!

I care about your privacy and your privacy safety is my responsibility.

In order to protect your privacy and comply with major privacy regulations around the world, I made this policy to let everyone know about my privacy usage.

This Privacy Policy will describe:

What information and data I will and will not collect and share;
Why I collect your information and data;
Your rights to your information and data, including viewing, editing and deleting;
How long will I keep your information and data.

You may read the Simplified Version to briefly understand the content. However, please read the full text for full legal requirements.

1. The service owner and data controller

This is a contract between Ken Deng (‘I’, ‘me’, and ‘my’) and the user (‘you’).

Ken's Study Journey is the brand name of my (Ken Deng’s) public resources of my study tips and tutorials.

This website is my personal website, which does not belong to any companies or organisations.

My emails are shown on the contact page (hidden here to prevent spam).

If you have any questions, need to withdraw your privacy consent or delete your data, or you found that I violated my privacy policy, please contact me.

2. Information I collect and share. When, why, and how do I collect them

By using my services, you agree that I will collect some necessary information listed below for analytics, statistics, improving my services, and preventing spam and misbehaviours.

To better protect your privacy and personal information, I only collect the information strictly necessary for my services.

Information entered by yourself

Your name/nickname;
Your comments;
Your email address;
Your account password;
Your content stored on Ken’s Study Planner, including but not limiting to study plan, goals, schedule, books;
Your devices and display information on Ken’s Study IoT.

Information automatically sent by your browser, device or app

Your Internet Protocol (IP) address and its approximate location (see Article 7 below);
Your browser’s “User-Agent” information (including but not limited to browser and OS types and versions, browser language);
Cookies and other identifiers (see Article 4 below).

Information I collect in each feature/service

When you click the “Like” button in my articles, I will collect your IP address for analytics and statistics.
When you post a comment on my website, I will collect your name/nickname, email address, comment, IP address and browser’s “User-agent” information for analytics, statistics, public displaying your comment, replying to your comment and anti-spam requirements.
When you subscribe to my email newsletter, I will collect your email address, which may be sent to GoDaddy email subscription service/system, for your email subscription.
When you sign up for an account on Ken’s Study Planner and/or Ken’s Study IoT, I will collect your email address, password and name/nickname for analytics, statistics, and for providing you with such services.
When you log in to your Ken’s Study Planner and/or Ken’s Study IoT account, I will collect your email address, password, IP address and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
When you add, edit and/or remove content on Ken’s Study Planner and/or Ken’s Study IoT, I will collect your entered content, IP address, activity logs and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
When you add and use a device on Ken’s Study IoT, I will collect your device’s IP address, including IPv4 and IPv6 addresses, and browser’s “User-agent” information for providing you with such services, determine whether your device is online or offline, and anti-spam requirements (e.g. to trace hacking).

All information above has been collected within the last 12 months.

Only your name, nickname, comments and IP address approximate locations “State/Province, Country” will be displayed publicly. I do not publicly display your other information without your permission.

My websites and apps may send anonymous bug and crash reports automatically at any time without your knowledge to let me pinpoint and fix bugs and technical difficulties quickly and easily, and enhance user experience. This only contains URLs and relevant code file locations for reproducing the errors and does not contain any personal information including IP addresses.

3. Information I do not collect and share

I shall not collect and share your private information without your explicit permission except for the requirements of laws, including but not limited to:

Your ID card number;
Your physical address or GPS locations;
Your credit/debit card information;
Your browser's favourites bar;
Your screen;
Your device password;
Your device's MAC address.

If I collect or share such information without your permission, except for the requirements of laws and regulations, it indicates that I violated the privacy policy and please let me know.

4. Cookies

My website uses Cookies to improve my services, enhance your user experience, enhance security, for personalisation including your preferences like dark mode, and for anti-spam and anti-abuse requirements.

I shall never share your Cookies. Your Cookies are stored in your browser securely, and on my servers only for encrypted unique login identifiers.

You have the right to choose to delete or block any Cookies. However, please note that disabling and/or blocking certain Cookies may cause an interruption in my services which will not function normally.

All Cookies with sensitive information (e.g. login identifier) are with Secure mode enabled, which will be transmitted from your browser only when using HTTPS.

Cookies Details

The following table illustrates the Cookies used on my services for different purposes. All Cookies used on my services are categorised as strictly necessary and there are no functional, analytics/statistics and marketing cookies.

Cookie Name	Category	Duration	Purpose
eucookie-banner-closed	Necessary	180 days	Indicate you have closed the Cookies banner.
apple-dark-mode	Necessary	180 days	Set the dark mode on the website.
articles_liked_<artice ID>	Necessary	24 hours	Indicate you have liked an article. Avoid repeated votes and spam.
pm_login_secret	Necessary	180 days	Store the unique device identifier when logging in to your Ken’s Study Planner account.
iot_login_secret	Necessary	180 days	Store the unique device identifier when logging in to your Ken’s Study IoT account.
iot_device_secret	Necessary	1800 days	Store the unique device identifier when adding a device on Ken’s Study IoT.

5. Privacy safety and encryption

My services use HTTPS, SSL Certificates, TLS >= 1.2, HSTS policy, Content Security Policy and some strong encryption algorithms (e.g. AES-256) to encrypt and secure your data. For your safety, you should add https:// as the prefix of the web address (e.g. https://www.kenstudyjourney.com).

The HSTS header of my website will be stored on your browser and is valid for 365 days (31,536,000 seconds) upon your first visit.

If you see security/privacy errors, including but not limited to 'Not (Fully) Secure’, 'Certificate Error', 'Invalid Certificate' or 'Privacy Error’, on your browser while using my website, please contact me to fix the problem and ensure data and personal information security.

All of my collected information will be stored and encrypted on my server.

I use my maximum effort to enhance data security and privacy. However, despite adequate and modern security measures, there is no warranty that all information transmitted and stored can be 100% secure.

In the event of server hacking and disclosure of data (also known as Data Breach), I shall notify affected users within 3 days (72 hours), handle the leaked data securely using my maximum effort as soon as possible and prevent making the incident worse. In the occurrence of this case, the server(s) will perform an emergency Internet disconnection to protect your privacy according to my Terms of Service Article 16.

6. What data will I read and process (by humans)?

I will read all public comments for moderation, replying and anti-spam requirements.

When I reply to your messages, I will read your message, real name and email address for sending replies.

I will read anonymous error logs to track outages, identify and fix bugs and errors.

I will read activity logs only in case of misbehaviours (e.g. (D)DoS attack and hacking) or service outages for evidence investigation.

I shall never read your private data and personal information stored on my services, including but not limited to Ken’s Study Planner and Ken’s Study IoT.

7. Third party services, APIs and platforms

Without your permission, I shall never share your data collected by me and my server with third-party services and platforms except for some data that are necessary for the provision of my services.

To ensure the full functionality of my services, my services are currently using the following third-party APIs:

Google reCAPTCHA anti-spam system;
- Website: www.google.com/recaptcha
- Information to Share: browser’s “User-Agent” information, keyboard/mouse behaviours;
- Purpose: Prevent robots and crawlers from crawling private information and carrying out sensitive activities;
- Method: Server-side API
IPinfo.io IP address locations big data;
- Website: ipinfo.io
- Information to Share: IP address;
- Purpose: Obtain approximate location information of an IP address;
- Method: Server-side API
ZX IP address locations big data;
- Website: ip.zxinc.org
- Information to Share: IP address;
- Purpose: Obtain approximate location information of an IP address;
- Method: Server-side API
GoDaddy email subscription and domain professional email system.
- Website: gem.godaddy.com
- Information to Share: Email address;
- Purpose: Send my subscription emails to subscribers;
- Method: Server-side API

The API platforms may collect some information while using my services, including but not limited to:

Your email address (may be sent to GoDaddy (Email Marketing) for my email newsletter);
Your IP address and browser “User-agent” information (may be sent to Google (reCAPTCHA), IPinfo.io and ZX, for anti-spam requirements).

Part of my services and systems are powered by the following third-party hosting providers:

Alibaba Cloud
Vultr
GoDaddy

The hosting providers will never collect and share any personal and private information.

For more information, please refer to their Privacy Policy.

When you enter and associate Ken’s Study Planner calendar subscription URLs (ICS/iCalendar format) with your third-party calendar applications (e.g. Ken’s Study IoT, your system calendar, iCloud Calendar, Google Calendar), your events stored on Ken’s Study Planner may be sent to the corresponding platforms subscribed to these URLs.

Note: Your data will not be sent outside my servers in case you associate multiple Ken’s Study Journey products (e.g. associating Ken’s Study IoT with your Ken’s Study Planner calendar events).

I shall never transfer your information and/or data to a third-party without notice and your consent.

In case of acquisition or merging of my services by a third-party, I shall post a notice to you about the receiver of your information and data. I shall also notify the receiver to continue complying with this Privacy Policy. Such information and data will be transferred 7 days after the notice. During this period, you have the right to refuse the data transfer, delete your data and account, and stop using my services.

8. Logs

My servers may keep some activity logs including the times, URLs and IP addresses. This is only used by myself for tracing outages and misbehaviours such as circumvention of security controls (also known as Hacking).

Ken’s Study Planner and Ken’s Study IoT may also record activity logs under your account. Such logs are encrypted, only visible by you, valid for 7 days, and used for trace and report hacking.

They also keep logs in case of an error or fault on client-side and server-side codes as references for debugging.

9. How long do I keep your data?

I may keep some data on my servers for anti-spam requirements, for my analytics, or for subscriptions.

I will keep the following data on my server until you request to delete them:

Your subscription email address;
Your comments (waiting for moderation or approved);
Your data stored on Ken's Study Planner and Ken’s Study IoT;
Your account.

Apart from the data listed above, all other data will be saved for the shortest time that I need to provide my services to you.

When you use Ken’s Study Planner app without an account or without Internet access, your data will be stored on your device, and will not be automatically exported or uploaded to my servers;
When you click the “Delete” button under your content on Ken’s Study Planner or Ken’s Study IoT, or when you remove a device on Ken’s Study IoT, your corresponding data is to be permanently removed immediately from all my server nodes after I reply to your comments or you delete your account;
Your email address is to be permanently removed immediately from all my server nodes after I reply to your comments or you unsubscribe from my email newsletter;
Your email address and data are to be permanently removed from all my server nodes after 7 days upon your account deletion request;
In accordance with China Internet Security Act (Section 21 (c)), activity logs are saved on my servers for at least 6 months (180 days);
Anonymised error logs will be stored until the corresponding bugs will be successfully fixed;
The rejected comments will be stored within 30 days on my servers in case of making references and processing your appeals.

In case of service termination, I shall notify you and the collected personal information and data shall be permanently deleted or pseudonymised within a reasonable period (no more than 7 days).

10. Viewing, Correcting, Deleting Information and Opt-out

According to CCPA (California Consumer Privacy Act), “sell”, “selling”, “sale”, or “sold” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration.

According to CCPA and China Personal Information Protection Act, you have the right to send a request email to me to view and/or edit your information, withdraw your consent, stop me from disclosing your personal information, and delete or edit your comments on my website, especially if you are a resident in California (United States) or China.

Your request email should include:

subject: ‘Website Privacy Consent Withdraw / Website Information Correction’;
type of your request: correcting/deleting your data, stopping me to sell your personal information, etc.;
your full name*;
your email address*;
the country and/or city/province/state you live in*;
details of your request.

* The details of your request shall be collected and processed according to your request details and this privacy policy.

Once I received your request, I shall respond within 7 days, or within 45 days in case of the busyness of my study tasks. This request is completely free of charge and I will use understandable language to respond to you.

If you found that I infringed your privacy and violated my privacy policy, please contact me immediately. I shall delete relevant data within 7 days, or within 45 days in case of the busyness of my study tasks.

According to my Terms of Service, CCPA and China Personal Information Protection Act (Section 16), I shall not maltreat you even if you choose to reject me from collecting your data or using Cookies, or you have sent me the requests mentioned above, unless they are required for the provision of my services, including necessary Cookies.

You may unsubscribe from my Email Newsletter and permanently delete your email address by clicking the “Unsubscribe” button/link at the bottom of any of my emails.

On Ken’s Study Planner and Ken’s Study IoT, you have the right to view, modify, correct, and delete your data in the corresponding sections and in Settings at any time. You can also delete your account in Settings by following the on-screen instructions.

You may choose to delete all Cookies from your browser, withdraw your Cookies consent, and send a request on this page:

Do Not Sell my Personal Information

In case of the death of a Ken’s Study Journey (including Ken’s Study Planner and Ken’s Study IoT) user, his/her parents have the right to view, modify and delete his/her information and data by sending such request to me for their legitimate interests.

11. Permissions

My services shall not collect and use sensitive information on your device or browser without your permission, or use sensitive permissions without your consent, including but not limited to:

Non-essential Cookies;
Microphone;
Camera and Photos;
Adobe Flash (now stopped service);
Location services and GPS;
Contacts;
Files and Folders.

My websites and apps only use permissions strictly necessary for my services and only at the times when necessary. They shall not ask for permissions in advance, overuse unnecessary permissions, or refuse to provide services after rejecting unnecessary permissions.

You have the right to choose either to allow or reject them on your device and/or browser settings.

On new iOS and iPadOS, you have the right to opt to allow access to only certain photos, and/or choose “Ask App Not to Track”.

On new iOS, iPadOS and macOS, you also have the right to trace Microphone and Camera misuse on the orange/green dots on the status bar at the top-right corner of your screen.

12. Your rights to your data

You have the right to control my data usage, and view, edit, correct and delete your data.

You can block or disable Cookies in your browser settings. Also, you can enable sending 'Do Not Track' in your browser.

You also can send a request to me to view, edit, correct and delete your data from my server.

13. Privacy Protection and Rights for Children and Parents

According to China Personal Information Protection Act (Section 31), my services have special privacy protection for children who are under 14 years old. Their parents have the right to consent, control and withdraw my usage of their information at any time.

Parents have the right to make requests to view, edit, correct and delete children's information and data according to Article 10 of this policy.

14. Overseas and Cross-countries Data Transmission

My servers are situated in the countries of my branches, the People’s Republic of China (CN) and the United Kingdom (UK), where the former (China (CN) server) shall be the main server.

My servers are connected, using Border Gateway Protocol (BGP) technology, with the following Internet Service Providers (ISPs):

CN01

China Telecom (AS4134, AS4809, AS23764)
China Mobile (AS9808, AS58453)
China Unicom (AS4837, AS9929, AS10099)
Hong Kong Internet Exchange (HKIX)
BBIX
Equinix (AS9498)
NTT Communications (AS2914)
PCCW Global (AS3491)
HGC Global Communications (AS9304)

UK01

London Internet Exchange (LINX) (AS34984)
NTT Communications (AS2914)
Cogent Communications (AS174)
Telia Company (AS1299)
Level 3 Communications (AS3356)

Based on the traceroute results on all server sides, inter-server data transmission is processed with NTT Communications (AS2914) ISP international backbone network.

In normal circumstances, you are directed to your nearest branch/server by the DNS and/or load-balancer. You may view the server number (e.g. CN01) you have been allocated to at the website footer or HTTP header.

Server: Ken Deng's Server
Server-Node: UK01

In rare circumstances where all servers in a region are overloaded or malfunctioning, you may be temporarily redirected to another server in another country/region and you agree that your data may be transferred overseas (usually for at least an hour, but for no more than 3 days / 72 hours). I shall notify you, on the Service Status Page of such an event and this is completely temporary.

To prevent counterfeit web servers, PTR reverse DNS records are added to all server’s IPv4 addresses “uk01.server.kenstudyjourney.com” and some server’s IPv6 addresses wherever possible. All server’s IPv6 addresses contain “1603” in the seventh part.

I may increase the number of my server nodes in the future to further enhance user experience. Users with close distances may be allocated to the newly-added server nodes after adding them which may nestle in a different country/region. I shall notify you at least 7 days before the new server nodes will take effect.

In principle, to ensure data security and according to some privacy regulations, the data from users in China will be stored in the PRC, and the data from users in European countries will be stored in the UK (Europe).

Only some strictly necessary data and Cookies will be transmitted to corresponding places when users in other countries/regions are visiting my website and using my services.

During the overseas and cross-countries data transmission, some level of protection methods shall be used, including but not limited to HTTPS, SSL Certificates, TLS 1.3 and some strong encryption algorithms (e.g. AES-256), to avoid interception and leakage by hackers. They will comply with the most relevant privacy regulations around the world.

15. Legal

I have made this policy in accordance with the privacy regulations, including but not limited to Personal Information Protection Act in China, General Data Protection Regulation (GDPR) in European Union and California Consumer Privacy Act (CCPA) in California, the United States.

This Privacy Policy is subject to change at any time to comply with the latest amendments of regulations mentioned above.

In accordance of China Personal Information Protection Act (Section 13) and European Union GDPR (Article 2, Section 9), I may collect and process your personal information without your consent, but with a notice as soon as possible, in the following circumstances:

When necessary to conclude and perform the contract to which an individual is a party;
When necessary to implement human resources management in accordance with the labour rules and regulations formulated according to law and the collective contract signed according to law;
When necessary for the performance of legal duties or obligations;
When necessary to respond to public health emergencies or to protect the life, health and property safety of natural persons in emergencies;
When necessary to implement news reporting, public opinion supervision and other acts for the public interest, and handle personal information within a reasonable range;
Dispose of personal information disclosed by individuals or other legally disclosed personal information within a reasonable scope;
Other circumstances listed in laws and regulations.

The data collected by law requirements shall be collected, stored and encrypted on my servers accordingly. Please note that this may override the information declared in Articles 2 and 3.

The locations of the signature of this agreement are in the cities of my branch, Guangzhou, Guangdong, China and London, England, United Kingdom.

16. Change

This Privacy Policy is subject to change at any time to comply with the latest amendments of regulations, improve the declarations of my privacy usage, and adapt to the latest privacy protection technology development with a notice on email newsletter and website reminder banners. The notice will include the date updated, content modified, and new effective date.

After updating rules and policies, you agree with the new version by continuing to use my services. If you do not agree with my new rules and policies, please unsubscribe from my content and stop using my services before the new effective date.

17. About This Policy

I will protect your privacy by following this policy.

Please supervise together. If you found I violate the policy and infringe your privacy, or if you have any doubts or concerns, please contact me using the contacts in Article 1 in this policy and I will help you understand them, make a correction and remove collected data without your consent, if any, as soon as possible.

I reserve the right to interpret this policy.

18. Explanations of Proper Nouns

IP Address

Internet Protocol Address to identify a place and/or device on the Internet.

This may be IPv4 (e.g. 123.45.67.89) and IPv6 (e.g. 2401:1234:5678:90ab::cd:ef)

Cookies

Small text files (often encrypted) stored on browsers and apps.

They usually contain login information, your preferences, and activity records.

User-agent String

A string sent automatically by web browsers and mobile apps to identify the browser and operating system (OS) type, version and language.

URL

Uniform Resources Locator that identifies each page on a website.

For example: https://www.kenstudyjourney.com/about/

Logs

Text files stored on web servers. It usually contains code file locations, access times, IP addresses, port numbers and domain names.

This is used for future investigation in the event of misuse or code/server crash.

Permissions

Control by the user whether a website or an app can gain access to sensors and personal information on the browser or device.

This can be Camera, Microphone, Contacts, Photos, Location (GPS) Services, etc. and can be changed on device/browser settings.

API

Application Program Interface that can be used to integrate with other third-party services by entering and returning necessary data to provide extended functionality of services.

For example, my services use IPinfo.io API and send the user’s IP address to obtain its approximate location.

Pseudonymisation:

From China Personal Information Protection Act (Section 73 (d)):

The process of personal information after which a specific natural person cannot be identified and restored.