Privacy Policy

Last updated: 01 January 2026

1. Who We Are

This website is operated by Josephine Ho.
Website URL: https://josephineho.com

Contact for privacy-related matters:
Email: aloha@josephineho.com

2. Scope of This Policy

This Privacy Policy explains how personal data is collected, used, stored, shared, and protected when you visit or interact with this website, in compliance with:

• EU General Data Protection Regulation (GDPR)
• Hong Kong Personal Data (Privacy) Ordinance (PDPO)
• Japan Act on the Protection of Personal Information (APPI)
• Applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA)

3. Personal Data We Collect

3.1 Comments

When visitors leave comments on the site, we collect:

• Information submitted in the comments form
• IP address
• Browser user agent string

This information is collected for spam detection, security monitoring, and content moderation.

An anonymised string (hash) created from your email address may be provided to the Gravatar service to determine if you use it. Gravatar’s privacy policy is available at: https://automattic.com/privacy/.
Once approved, your profile picture (if applicable) becomes publicly visible alongside your comment.

Legal bases (where applicable):

• Consent
• Legitimate interests (site security and spam prevention)

3.2 Media Uploads

If you upload images to the website, please avoid including embedded location data (EXIF GPS). Visitors may download and extract such data from images displayed on the site.

4. Cookies

This website uses cookies to support basic functionality and user convenience.

4.1 Comment Cookies

If you leave a comment, you may opt in to saving your name, email address, and website in cookies. These cookies last for one year.

Legal basis: Consent

4.2 Login Cookies

A temporary cookie is set on the login page to check browser compatibility. This cookie contains no personal data and is deleted when you close your browser.

When logged in:

• Login cookies last two days
• Screen preference cookies last one year
• “Remember Me” extends login persistence to two weeks

Logging out removes login cookies.

4.3 Editing Cookies

If you edit or publish an article, a cookie storing the post ID is saved. It contains no personal data and expires after one day.

5. Embedded Content from Other Websites

Articles may include embedded content (e.g. videos, images, articles).

Embedded content behaves as if you visited the third-party website directly. These websites may:

• Collect personal data
• Use cookies
• Employ third-party tracking
• Monitor your interaction with their content

We do not control or assume responsibility for third-party privacy practices.

6. How We Use Your Personal Data

Personal data is used strictly for:

• Website operation and functionality
• Comment moderation and spam prevention
• Site security
• Responding to enquiries or requests

We do not sell, rent, or trade personal data.

7. Sharing of Personal Data

Personal data may be shared only when necessary, including with:

• Automated spam detection services
• Technical service providers supporting website operations

If you request a password reset, your IP address will be included in the reset email.

8. International Data Transfers

Personal data may be processed or stored outside your country of residence (including by third-party service providers). Where required by law, appropriate safeguards are applied to protect your data.

9. Data Retention

• Comments and related metadata are retained indefinitely to facilitate moderation of follow-up comments.
• Registered user data (if applicable) is retained for the duration of account activity or as required for legal, administrative, or security purposes.

Data is not retained longer than necessary for its stated purpose.

10. Your Rights

10.1 EU, Hong Kong, and Japan

You may have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data
• Request a copy of your data
• Restrict or object to certain processing
• Withdraw consent where processing is based on consent

10.2 United States (including California Residents)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, or disclosed
• Request access to your personal information
• Request deletion of personal information
• Request correction of inaccurate personal information
• Not be discriminated against for exercising your privacy rights

We do not sell or share personal data for cross-context behavioural advertising, as defined under CCPA/CPRA.

Requests can be made via the contact details above and will be verified as required by law.

11. Security

Reasonable technical and organisational measures are implemented to protect personal data against unauthorised access, misuse, or loss. However, no method of transmission over the internet is entirely secure.

12. Children’s Privacy

This website is not directed at children under the age of 13, and we do not knowingly collect personal data from children.

13. Changes to This Policy

This Privacy Policy may be updated from time to time. Updates will be posted on this page with a revised effective date.