Privacy Policy

Estimated reading time: 9 minutes

Last modified time:

June 22, 2024

This privacy policy applies to the website https://csts.dev (the “Website”), which is owned and operated by Charlie Stevens (the "Owner"), the creator of Charlie’s Tech Sphere, a personal tech blog. This policy explains how the Owner collects, uses, and discloses personal information from visitors and users of the Website (the “Users”).

Personal Information Collection and Use

The Owner may collect and use personal information from Users in the following ways:

• When Users visit the Website, the Owner may automatically collect certain information, such as the User’s IP address, browser type, device type, operating system, referral source, pages visited, time spent, and other statistical data. The Owner uses this information to analyze the Website’s performance, improve its functionality, and enhance the User’s experience.
• When Users subscribe to the Owner’s newsletter, comment on the Website’s posts, or contact the Owner via email or other means, the Owner may collect the User’s name, email address, and any other information that the User voluntarily provides. The Owner uses this information to communicate with the User, respond to their inquiries, provide them with updates and offers, and solicit their feedback.
• When Users make a purchase or donation through the Website, the Owner may collect the User’s name, email address, billing address, payment method, and other transaction-related information. The Owner uses this information to process the User’s payment, deliver the purchased or donated products or services, and comply with tax and legal obligations.

The Owner does not sell, rent, or share personal information with third parties for their own marketing purposes. The Owner may disclose personal information to third parties only in the following cases:

• When the User has given their consent to do so.
• When it is necessary to provide a service or product that the User has requested or authorized.
• When it is required by law or a valid legal process.
• When it is necessary to protect the rights, property, or safety of the Owner, the Users, or the public.

Cookies and Similar Technologies

The Owner may use cookies and similar technologies to store and retrieve information from the User’s browser. Cookies are small files that are stored on the User’s device and contain data that can be read by the Website. The Owner uses cookies for various purposes, such as:

• To remember the User’s preferences and settings.
• To authenticate the User and prevent unauthorized access.
• To measure and analyze the Website’s traffic and usage.
• To deliver relevant ads and content to the User.

The User can control and manage cookies through their browser settings. The User can choose to block, delete, or disable cookies at any time. However, some cookies are essential for the Website’s functionality and disabling them may affect the User’s experience.

The Website may also use other technologies, such as web beacons, pixels, scripts, or tags, to collect and track information about the User’s behavior and interactions with the Website. These technologies may be used in conjunction with cookies or independently.

The Website may also use third-party services, such as Microsoft Clarity, Google Analytics, Google AdSense, or others, that may use cookies and similar technologies to collect and process information about the User’s activity on the Website. These services have their own privacy policies and practices that are not covered by this policy. The User can learn more about these services and how they handle personal information by visiting their respective websites.

Data Security

The Owner takes reasonable measures to protect personal information from unauthorized access, use, modification, or disclosure. However, no method of transmission or storage is completely secure and the Owner cannot guarantee the absolute security of personal information. The User is responsible for maintaining the confidentiality of their account credentials and should notify the Owner immediately if they suspect any unauthorized access or activity on their account.

Data Retention

The Owner retains personal information for as long as necessary to fulfill the purposes for which it was collected or as required by law. The Owner may delete or anonymize personal information when it is no longer needed or when requested by the User, subject to applicable legal obligations and limitations.

Data Rights

The User may have certain rights regarding their personal information, depending on their location and the applicable laws. These rights may include:

• The right to access, copy, or download their personal data that we hold.
• The right to correct, update, or modify their personal data that we hold.
• The right to delete, erase, or restrict the processing of their personal data that we hold.
• The right to object to or opt out of certain uses of their personal data that we hold.
• The right to withdraw their consent to any processing of their personal data that is based on their consent.
• The right to port their personal data that we hold to another service provider.
• The right to lodge a complaint with a supervisory authority if they are unhappy with how we handle their personal data.

The User can exercise their rights by contacting the Owner at the email address provided below. The Owner may ask the User to verify their identity before responding to their request. The Owner may also charge a reasonable fee or refuse to comply with the request if it is manifestly unfounded, excessive, or repetitive.

Changes to This Policy

The Owner may update this policy from time to time to reflect changes in the Website’s practices, features, or services, or to comply with new laws or regulations. The Owner will notify the Users of any material changes by posting a notice on the Website or by sending an email to the Users who have subscribed to the newsletter. The User’s continued use of the Website after the effective date of the changes constitutes their acceptance of the revised policy.

Contact Information

If the User has any questions, comments, or concerns about this policy or the Website’s privacy practices, they can contact the Owner at cstevens@expcs.net.

GDPR Compliance Statement

This GDPR compliance statement applies to the personal data of users in the European Union (EU) that we collect and process through our website https://csts.dev (the “Website”). We are committed to complying with the EU General Data Protection Regulation (GDPR) and respecting the rights and freedoms of our users.

Data Controller

The data controller of the personal data collected and processed through the Website is the Owner Stevens, who can be contacted at cstevens@expcs.net.

Purpose and Legal Basis for Processing

We collect and process personal data from users in the EU for the following purposes and legal bases:

• To provide our services and products to users who purchase or donate through our Website. The legal basis for this processing is the performance of a contract or pre-contractual measures with the user.
• To communicate with users who subscribe to our newsletter, comment on our posts, or contact us via email or other means. The legal basis for this processing is the consent of the user or our legitimate interest in responding to user inquiries and feedback.
• To analyze and improve our Website’s performance, functionality, and user experience. The legal basis for this processing is our legitimate interest in monitoring and enhancing our Website.
• To generate revenue by displaying relevant ads to users through Google AdSense. The legal basis for this processing is the consent of the user or our legitimate interest in monetizing our Website.

Categories and Sources of Personal Data

We collect and process the following categories and sources of personal data from users in the EU:

• Personal data that users provide directly to us when they purchase or donate through our Website, such as name, email address, billing address, payment method, and transaction-related information.
• Personal data that users provide directly to us when they subscribe to our newsletter, comment on our posts, or contact us via email or other means, such as name, email address, and any other information that they voluntarily provide.
• Personal data that we automatically collect from users when they visit our Website, such as IP address, browser type, device type, operating system, referral source, pages visited, time spent, and other statistical data.
• Personal data that we collect from third-party services that we use on our Website, such as Microsoft Clarity, Google Analytics, Google AdSense, or others, such as IP address, device type, browser type, operating system, location, interests, preferences, browsing history, and other behavioral data.

Recipients or Categories of Recipients

We share personal data from users in the EU with the following recipients or categories of recipients:

• Third-party services that we use on our Website to provide functionality, performance, or monetization, the services used currently is listed below:
  • Microsoft Clarity | Microsoft Privacy Statement
  • Google Analytics & AdSense | Google Privacy Policy
• Third-party service providers that we use to process payments or deliver products or services to users who purchase or donate through our Website, find the privacy policy of Stripe here. These service providers may have access to or process personal data from users in accordance with their own privacy policies and practices.
• Law enforcement or regulatory authorities, if we are required by law or a valid legal process to disclose personal data from users in the EU.

Retention Period or Criteria

We retain personal data from users in the EU for as long as necessary to fulfill the purposes for which we collected it or as required by law. We may delete or anonymize personal data from users in the EU when it is no longer needed or when requested by the user, subject to applicable legal obligations and limitations.

Rights of Users in the EU

Users in the EU have the following rights regarding their personal data, subject to certain conditions and exceptions:

• The right to access, copy, or download their personal data that we hold.
• The right to correct, update, or modify their personal data that we hold.
• The right to delete, erase, or restrict the processing of their personal data that we hold.
• The right to object to or opt out of certain uses of their personal data that we hold.
• The right to withdraw their consent to any processing of their personal data that is based on their consent.
• The right to port their personal data that we hold to another service provider.
• The right to lodge a complaint with a supervisory authority if they are unhappy with how we handle their personal data.

Users in the EU can exercise their rights by contacting us at cstevens@expcs.net. We may ask users to verify their identity before responding to their request. We may also charge a reasonable fee or refuse to comply with the request if it is manifestly unfounded, excessive, or repetitive.

Withdrawal of Consent

Users in the EU can withdraw their consent to any processing of their personal data that is based on their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Users in the EU can withdraw their consent by contacting us at cstevens@expcs.net or by using the opt-out mechanisms provided by the third-party services that we use on our Website.

Complaints

Users in the EU have the right to lodge a complaint with a supervisory authority if they are unhappy with how we handle their personal data. The supervisory authority for users in the EU is the data protection authority of the country where they live, work, or where the alleged infringement occurred. Users in the EU can find the contact details of their data protection authority here: https://edpb.europa.eu/about-edpb/board/members_en.

Automated Decision-Making and Profiling

We do not use any automated decision-making or profiling with personal data from users in the EU.

Safeguards for Transferring Personal Data Outside the EU

We are based in Japan and United States of America and we may transfer personal data from users in the EU to countries outside the EU that may not have adequate data protection laws. We ensure that we provide appropriate safeguards for transferring personal data outside the EU by using one of the following mechanisms:

• Standard contractual clauses approved by the European Commission
• Binding corporate rules approved by a competent supervisory authority
• Adequacy decisions issued by the European Commission
• Certifications under approved codes of conduct or certification mechanisms
• Derogations for specific situations, such as explicit consent, contractual necessity, public interest, or legal claims