Privacy Policy
This Privacy Policy describes how Shain Wai Yan, operating under the professional brand name "Shain Studio" ("Shain Studio", "we", "us", or "our"), collects, uses, discloses, and protects personal information when you visit or interact with the website located at www.shainwaiyan.com and any associated subdomains (collectively, the "Site"). This Site is a personal professional studio and is not an e-commerce, subscription, or software-as-a-service platform. By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Privacy Policy, you should discontinue use of the Site immediately.
Data Controller and Contact Information
For the purposes of applicable data protection laws (including, where applicable, the General Data Protection Regulation ("GDPR")), the data controller responsible for the processing of personal information through the Site is Shain Wai Yan, operating as "Shain Studio". If you have any questions, requests, or concerns about this Privacy Policy or our handling of your personal information, you may contact us via email at: contact@shainwaiyan.com.
Information We Collect
We collect only limited personal information that is necessary to operate a professional portfolio Site and to respond to inquiries. (a) Information you provide directly: When you choose to contact us via the contact form on the Site, we may collect the following personal information: your name, email address, and the contents of your message (including any personal information you choose to include in that message). You are not required by law to provide this information; however, if you do not provide it, we may be unable to respond to your inquiry. (b) Automatically collected information: When you visit or interact with the Site, certain technical information may be collected automatically through cookies and similar technologies. This may include your IP address (which may be anonymized where supported by our analytics tools), browser type and version, device identifiers, operating system, referring URLs, pages viewed, links clicked, date and time of visits, and other usage data. This information is primarily collected through Google Analytics and infrastructure logs from our hosting and network providers (such as Vercel and Cloudflare) for the purposes described in this Privacy Policy.
Legal Basis for Processing (GDPR Where Applicable)
Where the GDPR or similar laws apply, we rely on one or more of the following legal bases for processing your personal information: (a) Consent: When you voluntarily submit personal information through the contact form or consent to the use of non-essential cookies (such as analytics cookies) via a cookie banner or similar mechanism, we process that information based on your consent for the specific purposes described at the point of collection. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. (b) Legitimate Interests: We may process certain technical and usage data, and retain correspondence, where necessary for our legitimate interests in operating, securing, maintaining, and improving the Site, responding to your inquiries, and protecting the integrity of our systems and content, provided that such interests are not overridden by your rights and freedoms. (c) Compliance with Legal Obligations: We may process and retain certain personal information where necessary to comply with legal obligations, regulatory requirements, or lawful requests from competent authorities. We do not rely on automated decision-making or profiling that produces legal or similarly significant effects concerning you.
How We Use Your Information
We use the personal information we collect for limited and specific purposes connected to the operation of a personal portfolio Site. These purposes include: (a) Responding to inquiries: To read, review, and respond to messages you send via the contact form, and to communicate with you regarding your request or inquiry. (b) Operating and improving the Site: To operate, maintain, monitor, and improve the performance, content, security, and user experience of the Site, including through aggregated analytics. (c) Security and misuse prevention: To detect, prevent, and respond to actual or suspected fraud, abuse, security incidents, or other harmful or unlawful activity involving the Site or our infrastructure. (d) Legal and regulatory purposes: To comply with applicable laws, regulations, and legal processes, and to establish, exercise, or defend legal claims. We do not use your personal information for direct marketing, behavioral advertising, or profiling unrelated to the operation and security of the Site.
Cookies and Similar Technologies
The Site uses cookies and similar technologies to operate effectively and to understand how visitors use it. (a) Types of cookies: We may use (i) strictly necessary cookies that are essential for the functioning of the Site (for example, to manage security features, routing, and language or locale preferences); and (ii) analytics cookies, such as those provided by Google Analytics, which help us understand how visitors interact with the Site in an aggregated manner (for example, page views, session duration, and general geographic region). (b) Consent for non-essential cookies: Where required by law (for example, for visitors from the European Economic Area, the United Kingdom, or other jurisdictions with similar requirements), non-essential cookies, including analytics cookies, will only be set with your prior consent, obtained through a cookie banner or similar consent mechanism. You may withdraw or modify your cookie consent at any time via the mechanisms provided on the Site or by adjusting your browser settings. (c) Managing cookies: Most browsers allow you to refuse or delete cookies via their settings. If you choose to block or delete cookies, some features of the Site may not function properly or may become unavailable. Additional information about how we use cookies, including specific categories and durations, may be provided in a separate cookie notice or banner on the Site, which should be read together with this Privacy Policy.
Use of Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (and, where applicable, its affiliates), to help us understand how visitors interact with the Site. Google Analytics collects information such as pages visited, time spent on the Site, and general geographic location (based on IP address), which is aggregated and does not directly identify you to us. We have configured Google Analytics to use IP anonymization or similar privacy-enhancing settings where available, so that your full IP address is not stored or is truncated before further processing. Google may process this information on our behalf for the purpose of evaluating your use of the Site, compiling reports on Site activity, and providing other services relating to website activity and internet usage. For more information on how Google processes data, you can review Google's privacy policies and settings. You can opt out of certain Google Analytics features by using browser add-ons or device settings made available by Google or by adjusting your cookie preferences where a consent mechanism is provided. We do not currently respond to "Do Not Track" (DNT) signals from your browser.
Third-Party Service Providers and Disclosures
We do not sell your personal information and we do not share it with third parties for their independent marketing purposes. However, we may disclose personal information to carefully selected third-party service providers solely to the extent necessary to operate, host, and secure the Site. These providers may include: (a) Hosting and edge network providers, such as Vercel and Cloudflare, which provide hosting, content delivery, security (including DDoS protection and firewall services), and performance optimization for the Site. (b) Content management and storage providers, such as Strapi (Headless CMS) and Cloudinary, which facilitate the storage, management, and delivery of content and media assets. (c) Analytics providers, such as Google Analytics, which help us understand aggregated usage of the Site. These third parties process personal information only on our instructions and are subject to appropriate contractual obligations, including confidentiality and data protection commitments, where required by applicable law. We may also disclose personal information when we believe in good faith that such disclosure is necessary to comply with a legal obligation, respond to lawful requests by public authorities, protect our rights or property, or protect the safety of any person.
International and Cross-Border Data Transfers
Because we use globally distributed infrastructure and third-party service providers, your personal information may be transferred to and processed in countries other than the country in which you are physically located. These countries may have data protection laws that differ from those in your jurisdiction and may, in some cases, provide a lower level of protection. When such transfers involve personal information originating from the European Economic Area, the United Kingdom, or other regions with similar data transfer restrictions, we seek to implement appropriate safeguards as required by applicable law, which may include standard contractual clauses or equivalent legal mechanisms, or reliance on other lawful bases for international transfers. By using the Site and providing personal information, you acknowledge that your information may be processed in countries outside your country of residence, as described in this Privacy Policy.
Data Retention
We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to respond to your inquiries, maintain records of our communications, operate and secure the Site, and comply with our legal obligations and legitimate interests. The specific retention period may vary depending on the nature of the information and the context in which it is collected. Contact form submissions are generally retained for as long as needed to manage the corresponding inquiry and for a reasonable period thereafter for record-keeping and legal purposes, unless a longer retention period is required or permitted by law. Analytics data may be retained in aggregated or pseudonymized form for a period consistent with the settings available in our analytics tools and our operational needs. When personal information is no longer needed for these purposes, we will take reasonable steps to delete or anonymize it.
Data Security
We take reasonable and proportionate technical and organizational measures to protect personal information processed through the Site against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include the use of secure hosting environments, access controls, encryption in transit where appropriate, and regular monitoring of our infrastructure. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security of your personal information. You are responsible for taking reasonable precautions when communicating with us and for using up-to-date security software and devices when accessing the Site.
Your Rights and Choices
Depending on your place of residence and applicable law, you may have certain rights in relation to your personal information. These may include, where applicable: (a) the right to request access to the personal information we hold about you; (b) the right to request correction of inaccurate or incomplete personal information; (c) the right to request deletion of your personal information, subject to legal or legitimate retention grounds; (d) the right to object to or request restriction of certain processing activities; and (e) the right to data portability, where technically feasible and required by law. If we process your personal information based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To exercise your rights, you may contact us at the email address provided in this Privacy Policy. We will respond to your request in accordance with applicable data protection laws and may need to verify your identity before acting on your request.
Additional Information for Residents of California (CCPA/CPRA)
If you are a resident of California, you may have certain additional rights with respect to your personal information under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), to the extent these laws apply to our personal portfolio Site. For purposes of the CCPA/CPRA, "personal information" generally includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household. The categories of personal information we collect are limited to identifiers (such as name and email address) and any information you choose to include in your message, as well as internet or other electronic network activity information (such as usage data collected through analytics tools). We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. Subject to certain exceptions, California residents may have the right to request to know the categories and specific pieces of personal information we have collected about them, to request deletion of personal information, and to request correction of inaccurate personal information. You may also have the right to be free from discrimination for exercising your rights. To exercise these rights, please contact us using the email provided in Section 1, and we will respond in accordance with applicable law.
Children’s Privacy
The Site is intended for use by adults and is not directed to children under the age of 13 or the applicable minimum age in your jurisdiction, whichever is higher. We do not knowingly collect personal information from children under 13 or the applicable minimum age in their jurisdiction. If you are under this age threshold, please do not use the contact form or otherwise provide any personal information on or through the Site. If we become aware that we have collected personal information from a child under 13 or the applicable minimum age in their jurisdiction without verifiable parental consent where such consent is required, we will take reasonable steps to delete that information as soon as reasonably practicable. If you believe that we may have collected personal information from a child under this age threshold, please contact us using the email address provided in this Privacy Policy.
Data Breach and Incident Handling
In the event of a security incident that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal information, we will assess the risk to your rights and freedoms and take appropriate steps to mitigate any potential harm. Where required by applicable law, we will notify the relevant supervisory authorities and, when necessary, inform affected individuals without undue delay, taking into account the nature of the data, the potential risks, and the technical and organizational measures we have in place. Our response may include investigating the incident, cooperating with law enforcement or regulators, and implementing measures designed to prevent a recurrence.
Third-Party Links
The Site may contain links to third-party websites, services, or social media platforms that are not operated or controlled by us. This Privacy Policy does not apply to such third-party properties, and we are not responsible for their privacy or data protection practices. If you choose to access any third-party links, you do so at your own risk, and you should review the privacy policies and terms applicable to those third-party sites or services.
Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this Privacy Policy and, where required by applicable law, provide additional notice or obtain your consent. The updated Privacy Policy will be effective as of the date it is posted on the Site, unless otherwise specified. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal information. Your continued use of the Site after any changes to this Privacy Policy constitutes your acknowledgment of the updated Privacy Policy.