Last Updated: 25 Aug. 2023 (Effective since 1 Sep. 2023)
Most recent updated items are shown in blue.
Privacy & Cookies Policy | Terms of Service
Hello there! I am Ken and welcome to Ken's Study Journey!
I care about your privacy and your privacy safety is my responsibility.
In order to protect your privacy and comply with major privacy regulations around the world, I made this policy to let everyone know about my privacy usage.
This Privacy & Cookies Policy will describe:
- What information and data I will and will not collect and share;
- Why I collect your information and data;
- Your rights to your information and data, including viewing, editing and deleting;
- Where your data is stored;
- How long will I keep your information and data.
You may read the Simplified Version to briefly understand the content. However, please read the full text for full legal requirements.
1. The Service Owner and Data Controller
This is a contract between Ken Deng and Ken’s Study Journey (‘I’, ‘me’, and ‘my’) and the user (‘you’).
Ken's Study Journey is the brand name of my (Ken Deng’s) public resources of my study tips and tutorials.
This website is my personal website, which does not belong to any companies or organisations.
My emails are shown on the contact page (hidden here to prevent spam).
If you have any questions, need to withdraw your privacy consent or delete your data, or you found that I violated this policy, please contact me.
2. Information I Collect
By using my services, you agree that I will collect some necessary information listed below for analytics, statistics, improving my services, and preventing spam and misbehaviours.
To better protect your privacy and personal information, I only collect the information strictly necessary for my services.
Information entered by yourself
- Your name/nickname;
- Your comment content;
- Your email address;
- Your account password;
- Article vote/like information;
- Your content stored on Ken’s Study Planner, including but not limited to study plan, goals, schedule, books;
- Your devices and display information on Ken’s Study IoT.
Information automatically sent by your browser, device or app
- Your Internet Protocol (IP) address and its approximate location (see Section 7 below) and port number;
- Your browser’s “User-Agent” information (including but not limited to browser and OS types and versions, browser language);
- Cookies and other identifiers (see Section 4 below).
Information I collect in each feature/service
- When you click the “Like” button or vote on my articles, I will collect your IP address, port number and browser’s “User-Agent” information for analytics and statistics.
- When you post a comment on my website, I will collect your name/nickname, email address, comment content, IP address, port number and browser’s “User-agent” information for analytics, statistics, public displaying your comment, replying to your comment and anti-spam requirements.
- When you subscribe to my email newsletter, I will collect your email address, IP address, port number and browser’s “User-agent” information for your email subscription.
- When you sign up for an account, I will collect your email address, password, IP address, port number, browser’s “User-agent” information and name/nickname for analytics, statistics, and for providing you with such services.
- When you log in to your account, I will collect your email address, password, IP address, port number and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
- When you add, edit and/or remove content on Ken’s Study Planner and/or Ken’s Study IoT, I will collect your entered content, IP address, port number, activity logs and browser’s “User-agent” information for providing you with such services and anti-spam requirements (e.g. to trace hacking).
- When you add and use a device on Ken’s Study IoT, I will collect your device’s IP address, including IPv4 and IPv6 addresses, and your browser’s “User-agent” information for providing you with such services, determine whether your device is online or offline, and anti-spam requirements (e.g. to trace hacking).
All information above except for the last one has been collected within the last 12 months.
Only your name, nickname, comments and IP address approximate locations “State/Province, Country” will be displayed publicly. I do not publicly display your other information without your permission.
My websites and apps may send anonymous bug and crash reports automatically at any time without your knowledge to let me pinpoint and fix bugs and technical difficulties quickly and easily, and enhance user experience. This only contains URLs and relevant code file locations for reproducing the errors and does not contain any personal information.
3. Information I Do Not Collect and Share
I shall not collect and share your private information without your explicit permission except for the requirements of laws, including but not limited to:
- Your ID card number;
- Your physical address or GPS locations;
- Your credit/debit card information;
- Your browser's favourites bar;
- Your screen;
- Your device password;
I shall never share your Cookies. Your Cookies are stored in your browser securely, and on my servers only for encrypted unique login identifiers.
You have the right to choose to delete or block any Cookies. However, please note that disabling and/or blocking certain Cookies may cause an interruption in my services which will not function normally.
All Cookies with sensitive information (e.g. login identifier) are with Secure mode enabled, which will be transmitted from your browser only when using HTTPS.
The following table illustrates the Cookies used on my services for different purposes. All Cookies used on my services are categorised as strictly necessary and there are no functional, analytics/statistics and marketing cookies.
|eucookie-banner-closed||Necessary||180 days||Indicate you have closed the Cookies banner.|
|apple-dark-mode||Necessary||180 days||Set the dark mode on the website.|
|vote_user_id||Necessary||180 days||The unique user ID for votes and post likes.
Avoid repeated votes and spam.
|pm_login_secret||Necessary||180 days||Store the unique device identifier when logging in to your Ken’s Study Journey account.|
|iot_device_secret||Necessary||1800 days||Store the unique device identifier when adding a device on Ken’s Study IoT.|
5. Privacy Safety and Encryption
My services use HTTPS, SSL Certificates, TLS >= 1.2, HSTS policy, Content Security Policy and some strong encryption algorithms (e.g. AES-256) to encrypt and secure your data. For your safety, you should add https:// as the prefix of the web address (e.g. https://www.kenstudyjourney.cn).
The HSTS header of my website will be stored on your browser and is valid for 365 days (31,536,000 seconds) upon your first visit.
If you see security/privacy errors, including but not limited to 'Not (Fully) Secure’, 'Certificate Error', 'Invalid Certificate' or 'Privacy Error’, on your browser while using my website, please contact me to fix the problem and ensure data and personal information security.
All collected private information will be encrypted and stored on China Mainland core servers.
All IDC (Internet Data Centre) providers used have passed the European General Data Protection Regulation (GDPR) compliance process, plus Internet Information Security Hierarchical Protection for China (CN) server datacentres.
I use my maximum effort to enhance data security and privacy. However, despite adequate and modern security measures, there is no warranty that all information transmitted and stored can be 100% secure.
In the event of server hacking and disclosure of data (also known as Data Breach), I shall notify affected users within 3 days (72 hours), report to authorities, handle the leaked data securely using my maximum effort as soon as possible and prevent making the incident worse. In the occurrence of this case, the server(s) will perform an emergency Internet disconnection to protect your privacy according to my Terms of Service (Section 18).
6. What Data will I Read and Process (by Humans)?
I read all public comments for moderation, replying and anti-spam requirements.
When I reply to your email messages, I will read your message, real name and email address for sending replies.
I read anonymous error logs to track outages, identify and fix bugs and errors.
I read activity logs only in case of misbehaviours (e.g. attacks such as (D)DoS, CC, etc. and hacking), service outages or orders by authorities for evidence investigation.
I may view the statistical data at any time to make statistics on the number of visitors and users.
I shall never read your private data and personal information stored on my services, including but not limited to Ken’s Study Planner and Ken’s Study IoT, without your permission.
7. Third-party Services, APIs and Platforms
Without your permission, I shall never share your data collected by me and my server with third-party services and platforms except for some data that are necessary for the provision of my services.
To ensure the full functionality of my services, my services are currently using the following third-party APIs:
Aiwen Technology (埃文科技) paid IP address locations big data
- Website: ipplus360.com
- Information to Share: IP address (including IPv4 and IPv6 addresses);
- API Location (Data will be Sent to): China (CN);
- Purpose: Obtain approximate location information of an IP address;
- Method: Server-side API;
- Website: qiye.aliyun.com
- Information to Share: Email address and content;
- API Location (Data will be Sent to): China (CN);
- Purpose: Send and receive emails using website domain name;
- Method: IMAP and SMTP protocols;
The API platforms may collect some information while using my services, including but not limited to:
- Your IP address (may be sent to Aiwen Technology, for obtaining IP address approximate locations);
- Your email address (may be sent to Alibaba Mail, for sending emails).
When you enter and associate Ken’s Study Planner calendar subscription URLs (ICS/iCalendar format) with your third-party calendar applications (e.g. Ken’s Study IoT, your system calendar, iCloud Calendar, Google Calendar), your events stored on Ken’s Study Planner may be sent to the corresponding platforms subscribed to these URLs.
In principle, your data will not be sent outside my servers in case you associate multiple Ken’s Study Journey products (e.g. associating Ken’s Study IoT with your Ken’s Study Planner calendar events).
I shall never transfer your information and/or data to a third party without notice and your consent.
My servers may keep some activity logs including the times, URLs, IP addresses and port numbers. This is only used by myself for tracing outages and misbehaviours such as circumvention of security controls (also known as Hacking).
Ken’s Study Planner and Ken’s Study IoT may also record activity logs under your account. Such logs are encrypted, only visible by you, valid for 7 days, and used for trace and report hacking.
They also keep logs in case of an error or fault on client-side and server-side codes as references for debugging.
My email system may record and log an encrypted version of sent emails to trace hacking and HTML code errors.
9. How Long do I Keep your Data?
I may keep some data on my servers for anti-spam requirements, for my analytics, and for subscriptions.
I will keep the following data on my servers until you request to delete them:
- Your subscription email address;
- Your comments (waiting for moderation or approved);
- Your data stored on Ken’s Study Planner and Ken’s Study IoT;
- Your account.
Apart from the data listed above, all other data will be saved for the shortest time that I need to provide my services to you.
- When you use Ken’s Study Planner app without an account or without Internet access, your data will be stored on your device, and will not be automatically exported or uploaded to my servers;
- When you click the “Delete” button under your content on Ken’s Study Planner or Ken’s Study IoT, or when you remove a device on Ken’s Study IoT, your corresponding data is to be permanently removed immediately from all my core servers;
- Your email address is to be permanently removed immediately from all my core servers after you unsubscribe from my email newsletter;
- Your email address and data are to be permanently removed from all my core servers after 7 days upon your account deletion request;
- In accordance with China Internet Security Law (Section 21 (c)), activity logs are saved on my servers for at least 6 months (180 days);
- Anonymised error logs will be stored until the corresponding bugs will be successfully fixed;
- The rejected comments will be stored in 30 days on my servers in case of making references and processing your appeals.
In case of service termination, I shall notify you and the collected personal information and data shall be permanently deleted or pseudonymised within a reasonable period (no more than 7 days).
10. Viewing, Correcting, Deleting Information and Opt-out
According to CCPA (California Consumer Privacy Act), “sell”, “selling”, “sale”, or “sold” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration.
According to CCPA and China Personal Information Protection Law, you have the right to send a request email to me, using my contacts in Section 1 above, to view and/or edit your information, withdraw your consent, stop me from disclosing your personal information, and delete or edit your comments on my website, especially if you are a resident in California (United States) or China.
Your request email should include:
- subject: ‘Website Privacy Consent Withdraw / Website Information Correction’;
- type of your request: correcting/deleting your data, stopping me to sell your personal information, etc.;
- your full name*;
- your email address*;
- the country and/or city/province/state you live in*;
- details of your request.
Once I received your request, I shall respond within 7 days, or within 45 days in case of the busyness of my study tasks. This request is completely free of charge and I will use understandable language to respond to you.
According to my Terms of Service, CCPA and China Personal Information Protection Law (Section 16), I shall not maltreat you even if you choose to reject me from collecting your data or using Cookies, or you have sent me the requests mentioned above, unless they are required for the provision of my services, including necessary Cookies.
You may unsubscribe from my Email Newsletter and permanently delete your email address by clicking the “Unsubscribe” button/link at the bottom of any of my emails.
You have the right to view, modify, correct, and delete the data on your account in the corresponding sections and in Settings at any time. You can also delete your account in Settings by following the on-screen instructions.
You may choose to delete all Cookies from your browser, withdraw your Cookies consent, and send a request on this page:
In case of the death of a Ken’s Study Journey (including Ken’s Study Planner and Ken’s Study IoT) user, his/her parents have the right to view, modify and delete his/her information and data by sending such request to me for their legitimate interests.
My services shall not collect and use sensitive information on your device or browser without your permission, or use sensitive permissions without your consent, including but not limited to:
- Non-essential Cookies;
- Camera and Photos;
- Location services and GPS;
- Files and Folders on your devices.
My websites and apps only use permissions strictly necessary for my services and only at the times when necessary. They shall not ask for permissions in advance, overuse unnecessary permissions, or refuse to provide services after rejecting unnecessary permissions.
You have the right to choose either to allow or reject them on your device and/or browser settings.
On new iOS and iPadOS, you have the right to opt to allow access to only certain photos, and/or choose “Ask App Not to Track”.
On new iOS, iPadOS and macOS, you also have the right to trace Microphone, Camera or Location Services misuse on the orange, green or blue dots on the status bar at the top-right corner of your screen.
12. Your rights to your data
You have the right to control my data usage.
You may block or disable Cookies in your browser settings. Also, you may enable sending 'Do Not Track' in your browser.
You also have the right to send me a request to view, edit, correct and/or delete your data (see Section 10 above).
13. Privacy Protection and Rights for Children and Parents
According to China Personal Information Protection Law (Section 31), my services have special privacy protection for children under 14 years old. Their parents have the right to consent, control and withdraw my usage of their information at any time.
Parents have the right to make requests to view, edit, correct and delete children's information and data according to Section 10 of this policy.
14. Data Storage and Overseas, Cross-countries Data Transmission
The headquarters, main server node and core servers of Ken’s Study Journey are in Guangzhou City, Guangdong Province, People’s Republic of China.
In normal circumstances, you are directed to your nearest edge server by the DNS and/or load-balancer. You may view the edge server number (e.g. CN-CAN-01) you have been allocated to at the website footer or HTTP header.
Server: Ken's Server
In rare circumstances where all edge servers in a region are overloaded or malfunctioning, you may be temporarily redirected to another edge server in another country/region for at least an hour and up to 3 days / 72 hours.
In principle, to ensure data security, users in China Mainland shall not be redirected to server nodes outside China. In case of all China Mainland servers malfunction, domestic backup server nodes will be used.
Ken’s Study Journey may add, remove and modify additional server nodes and/or their locations to expand the services in different locations, study overseas and improve service liability.
In principle, to ensure data security and according to some privacy regulations, all private user data and information are stored in China Mainland.
Publicly-displayed information, including but not limited to articles, videos, photos, and comments (not including email and IP addresses) will be distributed to all edge servers worldwide after moderation and approval.
When users in other countries/regions are visiting my website and using my services, only some strictly necessary data and Cookies will be transmitted to corresponding locations where the edge server and the user nestle.
For users outside China Mainland having doubts or objections related to the places or methods of data transfer or storage, or if they are not complying with the laws or regulations of your places of residence, please contact me, using the contacts shown in Section 1, to process your data properly.
During the overseas and cross-countries data transmission, some level of protection methods shall be used, including but not limited to HTTPS, SSL Certificates, TLS 1.3 and some strong encryption algorithms (e.g. AES-256), to avoid interception and leakage by hackers. They will comply with the most relevant privacy regulations around the world.
All server backups shall take place in China Mainland (e.g. Guangzhou, China headquarters and other China Mainland branches). The private user backup data shall not leave China Mainland in principle.
15. Data Backup
Server Data Backup may be implemented on a regular basis to protect against data loss and for recovery after such event.
Data backup may take place:
- among different core servers;
- between core servers and headquarters/branch buildings.
In case of data deletion, such deleted data may take a few days and up to a few weeks to validate IDs against and delete from the backups.
I have made this policy in accordance with the privacy regulations, including but not limited to the Personal Information Protection Law in the People’s Republic of China.
In accordance with China Personal Information Protection Law (Section 13) and European Union GDPR (Article 2, Section 9), I may collect and process your personal information without your consent, but with a notice as soon as possible, in the following circumstances:
- When necessary to conclude and perform the contract to which an individual is a party;
- When necessary to implement human resources management in accordance with the labour rules and regulations formulated according to law and the collective contract signed according to law;
- When necessary for the performance of legal duties or obligations;
- When necessary to respond to public health emergencies or to protect the life, health and property safety of natural persons in emergencies;
- When necessary to implement news reporting, public opinion supervision and other acts for the public interest, and handle personal information within a reasonable range;
- Dispose of personal information disclosed by individuals or other legally disclosed personal information within a reasonable scope;
- Other circumstances listed in laws and regulations.
The data collected by law, regulation and authority requirements shall be collected, stored and encrypted on my servers accordingly. Please note that this may override the information declared in Sections 2 and 3.
The location of the signature of this agreement is in Zengcheng District, Guangzhou City, Guangdong Province, People’s Republic of China.
I reserve the right to change the Privacy & Cookies Policy to comply with the latest amendments of privacy-related laws and regulations, improve the declarations of my privacy usage, and adapt to the latest privacy protection technology developments.
In the event of a new version of this policy, I shall notify you, including but not limited to using email newsletter and website notice area (orange blocks).
After updating rules and policies, you agree with the new version by continuing to use my services. If you do not agree with my new rules and policies, please unsubscribe from my content and stop using my services before the new effective date.
18. About This Policy
I will protect your privacy by following this policy.
I periodically re-read this policy to ensure adequate privacy protection from time to time.
Please supervise together. If you found I violate the policy and infringe your privacy, or if you have any doubts or concerns, please contact me using the contacts in Section 1 above to understand them, make a correction and remove collected data without your consent, if any, as soon as possible.
I reserve the right to interpret this policy.
19. Definitions of Proper Nouns
From China Personal Information Protection Law (Section 4):
Any information that has identified or can identify a natural person and is recorded using electronic and other forms.
This does not include pseudonymised information.
Internet Protocol Address to identify a place and/or device on the Internet.
This may be IPv4 (e.g. 18.104.22.168) and IPv6 (e.g. 2401:1234:5678:90ab::cd:ef)
Small text files (often encrypted) stored on browsers and apps.
They may contain login information, your preferences, activity records, etc.
A string sent automatically by web browsers and mobile apps to identify the browser and operating system (OS) type, version and language.
Uniform Resources Locator that identifies each page on a website.
For example: https://www.kenstudyjourney.cn/en/about/
Text files stored on web servers containing code file locations, access times, IP addresses, port numbers, domain names, etc.
This is used for future investigation in the event of misuse or code/server crash.
Control by the user whether a website or an app can gain access to sensors and personal information on the browser or device.
This can be Camera, Microphone, Contacts, Photos, Location (GPS) Services, etc. and can be changed on device/browser settings.
Application Program Interface that can be used to integrate with other third-party services by entering and returning necessary data to provide extended functionality of services.
For example, my services use Aiwen Technology API and send the user’s IP address to obtain its approximate location.
From China Personal Information Protection Law (Section 73 (d)):
The process of personal information after which a specific natural person cannot be identified and restored.
A measure of protection from data loss by storing copies of data among different media, including but not limited to backup servers, external backup disks (HDD or SSD) and local computers.
The server(s) that are only responsible for files and public data cache and distribution and private data forwarding between nearby visitors and Core Servers, where internal networks are used for Core Servers. Connection to the Internet is necessary.
The server(s) are responsible for core services, including but not limited to data storage, encryption and decryption, and calculation.
Old Version Archives
1 Sep. 2023 (current)