Privacy Policy for matthewlimdesign.com

We maintain an unwavering dedication to protecting and preserving all personal data provided by our website visitors and service users, implementing robust and comprehensive security measures throughout our services and operations.

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. In this role, we are responsible for ensuring the proper handling, processing, and protection of all personal data submitted through our website.

We may process usage data (“usage data”), which comprehensively includes browser type, operating system, page views, navigation paths, timing and duration of visits, click patterns, scroll depth, and interaction metrics. This information is collected through server logs, cookies, and analytics tools and may include referral sources, exit pages, and feature utilization patterns. The source of this data is our analytics software and server monitoring systems. We process this information for several important purposes, including improving website performance, enhancing user experience, identifying technical issues, and analyzing user behavior patterns, which enables us to optimize our services, detect anomalies, and provide better content delivery. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.

We may process account data (“account data”), which comprehensively includes email address, username, password hash, account preferences, security settings, and authentication details. This information is collected through registration forms, account updates, and security protocols and may include billing information, communication preferences, and account status. The source of this data is direct user input during account creation and management. We process this information for account administration, security maintenance, service provision, and communication purposes, which enables us to authenticate users, maintain account security, and provide personalized services. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

We may process profile data (“profile data”), which comprehensively includes name, professional title, company affiliation, profile picture, biographical information, and professional interests. This information is collected through profile creation forms, updates, and linked professional accounts and may include work history, skills, and professional certifications. The source of this data is your direct input and optional third-party professional network connections. We process this information for networking purposes, service personalization, professional collaboration, and community features, which enables us to facilitate professional connections, provide relevant content, and enhance user experience. The legal basis for this processing is our legitimate interests in operating and improving our professional platform.

Your Rights

Right to Access
You have the right to access your personal data, which means you can request and receive a comprehensive copy of all personal information we hold about you. This includes the ability to verify the data we process, understand how we use it, and confirm its accuracy. To exercise this right, you can submit a formal data access request through our website or contact our data protection officer directly. We will respond within 30 days and may require government-issued identification, proof of address, and account verification to verify your identity.

Right to Rectification
You have the right to rectification, which means you can request corrections or updates to any inaccurate or incomplete personal data we hold about you. This includes the ability to update contact information, correct profile details, and modify account preferences. To exercise this right, you can either use our account settings interface or submit a formal correction request. We will process your request within 15 days and may require account verification, supporting documentation, and specific details about the information to be corrected.

Right to Erasure
You have the right to erasure (also known as the right to be forgotten), which means you can request the deletion of your personal data from our systems when there is no compelling reason for continued processing. This includes the ability to delete your account, remove specific data points, and withdraw processing consent. To exercise this right, you can submit an erasure request through our dedicated data privacy portal. We will respond within 30 days and may require password confirmation, identity verification, and formal request documentation.

Right to Restrict Processing
You have the right to restrict processing, which means you can limit the ways we use your personal data while retaining it in our systems. This includes the ability to pause processing activities, limit data usage to specific purposes, and temporarily suspend certain data operations. To exercise this right, you can submit a processing restriction request through our privacy settings. We will implement restrictions within 7 days and may require account ownership verification, specific processing details, and restriction scope documentation.

Right to Data Portability
You have the right to data portability, which means you can receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller. This includes the ability to download your data, transfer information between services, and receive data copies. To exercise this right, you can initiate a data export request through our account settings. We will provide your data within 30 days and may require two-factor authentication, account verification, and format preference specification.Data Processing and Security Measures

We process Service Data which includes account credentials, user preferences, service selections, and usage patterns. This processing involves automated collection, analysis, and storage, enabling us to provide personalized design services and portfolio management. For example, in the context of web design services, this includes project specifications, revision histories, and client feedback. The legal basis for this processing is legitimate business interests and contractual necessity, specifically to fulfill our service obligations and improve user experience.

We process Technical Data which includes device information, IP addresses, browser types, and system configurations. This processing involves automated logging, analysis, and storage, enabling us to optimize website performance and ensure security. The legal basis for this processing is legitimate interests, specifically to maintain service functionality and prevent unauthorized access.

We process Communication Data which includes email correspondence, chat logs, and support tickets. This processing involves storage, analysis, and retrieval of communications, enabling us to provide effective customer support and maintain service quality. The legal basis for this processing is legitimate interests and contractual necessity, specifically to address user inquiries and maintain service records.

We process Transaction Data which includes payment details, service subscriptions, and billing records. This processing involves secure payment processing, record-keeping, and financial analysis, enabling us to manage payments and maintain accurate financial records. The legal basis for this processing is contractual necessity and legal obligations, specifically to process payments and comply with tax regulations.

We process Preference Data which includes design preferences, notification settings, and customization choices. This processing involves storage and analysis of user preferences, enabling us to provide personalized services and improve user experience. The legal basis for this processing is legitimate interests and user consent, specifically to deliver customized design solutions.

Security Measures

Our comprehensive encryption protocols ensure end-to-end protection of your data, incorporating industry-standard algorithms and regular security updates to maintain data integrity. This includes regular security assessments and penetration testing by qualified professionals.

We implement multi-layered security infrastructure, including advanced firewalls and intrusion detection systems that continuously monitor for and prevent unauthorized access attempts. This infrastructure undergoes regular updates and enhancements.

Access to personal data is strictly controlled through role-based permissions, multi-factor authentication, and detailed access logs. We maintain comprehensive audit trails of all data access and modifications.

Our continuous monitoring systems provide real-time threat detection and automated response protocols, ensuring immediate action against potential security threats.

We maintain comprehensive backup procedures with encrypted offsite storage and regular recovery testing, ensuring data availability and integrity.

All staff undergo regular security awareness training and must comply with detailed data protection protocols, including specific training for handling sensitive data.

International Data Transfers

We may transfer your personal data to countries outside your jurisdiction. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses, Privacy Shield certification, and binding corporate rules. Each international transfer is conducted under strict protocols that ensure:
– Adequate data protection standards
– Compliant processing procedures
– Enforceable data subject rights
– Effective legal remedies

International transfers are protected by ISO 27001 standards, GDPR requirements, and regional data protection laws, ensuring compliance with international regulations. We implement additional measures including:
– Regular compliance audits
– Data protection impact assessments
– Documented transfer mechanisms
– Continuous monitoring procedures

Regarding international transfers, you maintain specific rights including:
– Right to information about transfers
– Right to object to transfers
– Right to withdraw consent
– Right to data protection guarantees

Data Retention

We maintain specific retention periods for different data categories:

Account Information: Retained for the duration of active account plus 2 years for business continuity and legal compliance
Usage Data: Retained for 12 months to analyze usage patterns and improve services
Transaction Records: Retained for 7 years to comply with tax and financial regulations
Communication History: Retained for 3 years to maintain service quality and handle disputes
Technical Logs: Retained for 6 months for security and performance monitoring

These retention periods are determined by:
– Legal requirements
– Business purposes
– Technical necessities
– User preferences

Special circumstances affecting retention:
– Legal obligations
– Dispute resolution
– Security investigationsCookie Policy for matthewlimdesign.com

Essential cookies serve fundamental functions for our website’s core operations. These cookies process authentication tokens, security identifiers, and session data to enable basic website functionality. They handle user logins, maintain secure browsing sessions, and ensure technical stability across our platform.

Essential cookies are strictly necessary for:
– Maintaining secure user authentication
– Implementing critical security measures
– Managing basic site operations
– Coordinating user sessions
– Ensuring technical stability and performance

Functional cookies enhance your browsing experience by storing your preferences and customization choices. These cookies process user-selected options to provide personalized functionality. They enable:
– Your preferred language settings
– Location-specific content delivery
– Interface customization options
– Feature optimization based on usage
– Saved personal preferences

Analytics cookies help us understand how visitors interact with our website. These cookies collect anonymized data about:
– How you navigate through pages
– Which features you use most frequently
– How long you spend on different sections
– Your interaction patterns
– Content preferences and engagement

Performance cookies monitor and improve our website’s technical operation. These cookies track:
– Website loading speeds
– Technical performance metrics
– Content delivery efficiency
– User experience factors
– System stability indicators

Cookie Management

You maintain full control over your cookie preferences through:
– Your browser’s cookie settings
– Our site’s consent management tool
– Privacy preference center
– Account settings panel

GDPR Compliance

For EU residents, we implement:
– Clear consent mechanisms
– Strict data minimization practices
– Specific purpose limitations
– Defined storage timeframes
– Transparent processing procedures

CCPA Compliance

California residents are entitled to:
– Know what personal information we collect
– Request deletion of their personal data
– Opt out of data sales
– Receive equal service regardless of privacy choices
– Access their collected information

COPPA Compliance

For users under 13, we maintain:
– Strict age verification processes
– Required parental consent mechanisms
– Minimal data collection practices
– Enhanced protection measures
– Complete parental access rights

Updates and Changes

Our policy maintenance includes:
– Regular policy reviews
– Prompt user notifications
– Consent renewal requirements
– Detailed change logs
– Ongoing compliance monitoring

For privacy-related inquiries:
– Primary Contact: [email protected]
– Response Time: Within 48 hours
– Verification Required: For data-related requests
– Available Support: Privacy concerns, data requests, rights exercise

This policy was created specifically for matthewlimdesign.com and covers all associated services within the design industry.