Privacy Policy
Last updated: 2026-05-10
Privacy Policy
Welcome to anny-chen.com (“the Site”), operated by Anny Chen (“I”, “we”, “our”). We value your privacy and are committed to handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your data, and the rights you have under applicable laws including the EU General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and Taiwan’s Personal Data Protection Act (PDPA).
1. Data Controller
The data controller for this Site is:
- Name: Anny Chen
- Email: annychen0501@gmail.com
- Data Protection Contact: Anny Chen If you have questions about this policy or your data, please use the email above.
2. Data We Collect
We may collect personal data in the following circumstances: 2.1 Data you provide to us:
- Consultation booking form: name, email, brand name, current market, target market, brand challenge description, service interest, diagnostic tool completion status
- Free brand diagnostic tools (Archetype Quiz + Health Check): your quiz answers, the email you provide to receive your report
- Content you share with us via email, social media, or other channels 2.2 Data we collect automatically:
- IP address (for security and form spam prevention)
- Browser type, device type, operating system (for site improvement)
- Visit timestamp, pages visited, referring URL (for traffic understanding)
- Cookies (see Section 8) 2.3 Data we do NOT collect:
- We do not collect special category data (health, sexuality, religion, political views, biometrics, etc.) unless you actively share it during consultation.
- We do not knowingly process personal data of children under 13 without explicit consent.
3. How We Use Your Data (Purposes & Legal Basis)
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Reply to your consultation request, assess fit | Consent + Pre-contractual necessity |
| Send your diagnostic report results | Consent |
| Send booking confirmations and meeting notices | Contract performance |
| Improve site features and content | Legitimate interest |
| Prevent spam and malicious attacks | Legitimate interest + Legal obligation |
| Comply with legal/accounting record-keeping (e.g. invoicing) | Legal obligation |
| We do NOT use your data for: |
- Marketing emails (unless you explicitly subscribe to a newsletter — currently this Site does not offer newsletter signup)
- Selling data to third parties
- Behavioral advertising (the Site does not serve third-party ads)
4. Data Retention
| Data Type | Retention Period | What Happens After |
|---|---|---|
| Consultation form submissions (incl. IP) | 90 days if not converted to client | Permanent deletion |
| Confirmed client consultation data | Engagement + 5 years (accounting) | Encrypted archive, billing-only access |
| Diagnostic tool answers (personal version) | 90 days active / 365 days anonymized | PII removed, retained as aggregate stats |
| Sent email content | 365 days | Permanent deletion from mail server |
| Website access logs | 30 days | Auto-overwritten |
| Cookies | Per cookie type, max 1 year | Auto-expire |
5. Data Sharing & Third Parties
We share data only with the following types of third parties, each with their own privacy policy:
- Hosting providers (SiteGround / Kinsta or similar): provide server and database services; may process data on European, North American, or Asian servers
- Email services (WordPress wp_mail / Postmark or similar): used to send consultation confirmations and reports
- Analytics tools (if used): only activated after cookie consent; use anonymized IP
- Security plugins (Wordfence or similar): prevent malicious access
- Multilingual plugin (Polylang): processes locally only; no external transfer
- Cookie consent management (CookieYes or similar): records your cookie preferences We will never sell or rent your personal data to third parties. For cross-border data transfers (e.g. if you’re in the EU but our server is in Canada), we rely on one of:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions (Canada has an adequacy decision from the EU)
- Your explicit consent
6. Your Rights
Under applicable data protection laws, you have the following rights: All users (common):
- ✅ Right of access: request a copy of your personal data
- ✅ Right to rectification: correct inaccurate or outdated data
- ✅ Right to erasure (GDPR “right to be forgotten”): request deletion (with limited exceptions for legal retention)
- ✅ Right to withdraw consent: at any time Additional rights for EU residents (GDPR Art. 15–22):
- ✅ Right to restrict processing: pause processing of your data
- ✅ Right to data portability: receive your data in a structured, machine-readable format
- ✅ Right to object: object to processing based on legitimate interest
- ✅ Right to refuse automated decision-making: this Site does not currently use automated decision-makingCanadian residents (PIPEDA):
- ✅ Right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) Taiwanese residents (PDPA):
- ✅ Rights to inquire, request copies, correct, suspend processing, or delete your data How to exercise these rights:Email annychen0501@gmail.com. We will respond within 30 days (GDPR requirement). We may ask for additional information to verify your identity. If you’re unhappy with how we handle your data:
- EU residents can complain to your local Data Protection Authority (DPA)
- Canadian residents can complain to the OPC (www.priv.gc.ca)
- Taiwanese residents can complain to the local competent authority
7. Data Security
We use reasonable technical and organizational measures:
- Site-wide HTTPS/TLS encryption
- Encrypted database password storage
- Two-factor authentication (2FA) on admin
- Firewall and malware scanning
- Regular backups No system is 100% breach-proof. In the event of a personal data breach, we will notify the relevant authority within 72 hours of discovery (GDPR requirement) and notify affected users when there is a high risk.
8. Cookies & Similar Technologies
This Site uses the following categories of cookies: Essential cookies (no consent needed):
- WordPress login state (admin only)
- Language preference (
acn_lang) - Cookie consent state Functional cookies (consent required):
- Form input memory Analytics cookies (consent required, may not be active):
- If Google Analytics or similar is enabled in the future, it will run with anonymized IP and non-identifiable settings You can update your choices at any time through the cookie settings panel at the bottom of the page, or by clearing cookies in your browser.
9. Children’s Privacy
This Site does not target children under 13. We do not knowingly collect personal data from children under 13. If you become aware of such a case, please notify us and we will delete the data immediately.
10. International Data Transfers
Because I operate across Taiwan, Germany, and Canada, your data may be transferred between these regions. We ensure all transfers comply with GDPR Chapter 5 (for EU residents), PIPEDA (for Canadians), and PDPA (for Taiwanese residents).
11. Policy Changes
We may update this policy from time to time. Material changes will be announced on this page 30 days before they take effect, and existing users (e.g. those who have booked a consultation) will be notified by email. Please check the “Last updated” date regularly.
12. Contact
For questions about this policy or to exercise any of your rights, please contact:
- Email: annychen0501@gmail.com