Effective date: 15 April 2026
This Privacy Policy sets out how chefjameswon.com (“the website”, “we”, “our”) collects, uses, retains, and protects personal information when you visit the site, contact us through it, or otherwise interact with the work of Chef James Won online.
The website is a personal portfolio. It does not sell products, take payments, or run advertising. It is operated from Kuala Lumpur, Malaysia, with an international readership, and is therefore aligned to two principal frameworks: Malaysia’s Personal Data Protection Act 2010 (PDPA) and, where visitors are located in the European Union, the General Data Protection Regulation (GDPR).
We have written this policy to be read, not merely to be filed. If anything within it is unclear, the contact details in the closing section are open to you.
Section 1
Who is Responsible for Your Information
The data controller — the entity responsible for decisions about how your personal information is handled — is Chef James Won, operating from Kuala Lumpur, Malaysia. For privacy enquiries, please contact us at the address provided in Section 12.
Where the GDPR applies to your interaction with the site, the controller is the same person, acting in personal capacity in respect of his published work.
Section 2
Information We Collect
We collect only the information that is reasonably necessary to operate the website, respond to genuine enquiries, and maintain basic security and diagnostic records.
A. Information you give us directly
- Your name, email address, and the contents of any message you send through a contact form or by email.
- Any information you choose to volunteer in the body of that message — for example, an organisation name, a project brief, or scheduling preferences.
B. Information collected automatically
- Standard server log information, including your internet protocol (IP) address, browser type and version, the page you requested, the page that referred you, and the date and time of access. These logs are generated by the underlying web server (Hostinger) for security and diagnostic purposes.
- Functional cookies set by the WordPress platform that are necessary for the site to operate as intended. These do not identify you.
C. Information we do not collect
- Payment card information. The site does not process payments.
- Sensitive personal data such as health, religious belief, or political opinion. We do not solicit or store such information.
- Third-party advertising identifiers. We do not run advertising on the site.
Section 3
How We Use Your Information
Your personal information is used only for the purposes for which you provided it, or for closely related purposes that you would reasonably expect.
| Purpose | Lawful basis (GDPR) |
|---|---|
| Responding to your enquiry sent via the contact form or by email. | Legitimate interest in conducting and replying to professional correspondence. |
| Following up on a media or partnership request. | Legitimate interest in maintaining professional and editorial relationships. |
| Maintaining the security, integrity, and stability of the website. | Legitimate interest in the secure operation of our online presence. |
| Complying with a legal obligation — for example, responding to a lawful request from a competent authority. | Legal obligation. |
We do not use your information to send you marketing material unless you have separately and explicitly opted in to receive it.
Section 4
Cookies and Similar Technologies
A cookie is a small text file placed on your device by a website. Cookies allow a site to recognise your device on a return visit, to remember a preference you have set, or to maintain a session.
At the date of this policy, the website uses only those cookies that are strictly necessary for it to function. We do not currently use analytics, tracking, or advertising cookies. Should that change in future — for example, if we introduce visitor analytics — we will surface a cookie consent banner that gives you a clear choice before any non-essential cookie is set, and we will update this policy accordingly.
You can configure your browser to refuse all cookies, or to alert you when a cookie is being placed. If you choose to refuse all cookies, certain parts of the website may not function as intended.
Section 5
Third-Party Services
The website is hosted by Hostinger, which processes server log information on our behalf in the course of providing hosting and security services. Hostinger acts as a data processor under our instruction and is bound by its own published terms and privacy commitments.
Where the website embeds content from external platforms — for example, a video, an Instagram preview, or a LinkedIn post — that platform may set its own cookies and collect its own information when the embedded content loads. Such collection is governed by the privacy policy of the platform in question.
We do not sell, rent, or otherwise transfer your personal information to any third party for marketing purposes.
Section 6
Your Rights
Whether you are located in Malaysia, in the European Union, or elsewhere, you have a set of meaningful rights in respect of your personal information.
Under the Malaysian PDPA
- The right to access the personal data we hold about you.
- The right to correct personal data that is inaccurate, incomplete, or out of date.
- The right to withdraw your consent, where the processing rests on consent.
- The right to limit the processing of your personal data for direct marketing purposes.
- The right to bring a complaint to the Personal Data Protection Commissioner of Malaysia.
Under the GDPR (where it applies)
- The right of access to your personal data.
- The right to rectification of inaccurate or incomplete data.
- The right to erasure (the “right to be forgotten”), in defined circumstances.
- The right to restrict processing, in defined circumstances.
- The right to data portability for data you have provided to us.
- The right to object to processing based on legitimate interest.
- The right to lodge a complaint with the supervisory authority of your country of residence.
To exercise any of these rights, please contact us using the details set out in Section 12. We will respond within the timeframe required by the applicable framework — and in any event without undue delay.
Section 7
Data Retention
We hold personal information only for as long as is necessary for the purpose for which it was collected, or for as long as required by law.
| Category | Retention period |
|---|---|
| Contact form and email correspondence. | Up to 24 months from the date of last meaningful exchange, after which the correspondence is reviewed and either archived for editorial record or deleted. |
| Server log information. | Up to 12 months for security and diagnostic purposes, then automatically rotated and deleted by the hosting provider. |
| Records held for legal or regulatory reasons. | For the period required by the relevant law. |
Section 8
Security
We take reasonable and appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. Measures include encrypted transmission of the website over HTTPS, restricted access to the WordPress administration area, strong authentication for the controller and any operator, and reliance on a reputable hosting platform.
No method of transmission over the internet, however, is entirely secure. While we apply commercial best practice and exercise considered care, we cannot guarantee absolute security.
Section 9
International Transfers
The website is hosted on infrastructure that may be located outside Malaysia and outside the European Economic Area. Where personal information is transferred internationally in the course of providing the service, we rely on the safeguards offered by reputable hosting and service providers, including, where applicable, the standard contractual clauses approved by the European Commission and equivalent commitments under the Malaysian PDPA.
Section 10
Children’s Privacy
The website is not directed at children, and we do not knowingly collect personal information from any individual under the age of 13. If you believe that a child has provided us with personal information, please contact us and we will take prompt steps to remove it.
Section 11
Changes to This Policy
We may update this Privacy Policy from time to time, for example to reflect a change in the way the website operates or in the law. The most current version is always published at chefjameswon.com/privacy-policy and bears its effective date at the top of the page. Where a change is material, we will surface a notice on the website for a reasonable period.
Section 12
How to Contact Us
For any matter arising from this Privacy Policy — to make an enquiry, to exercise a right, or to register a concern — please contact us:
| Channel | Detail |
|---|---|
| Controller | Chef James Won |
| Registered location | Kuala Lumpur, Malaysia |
| Email for privacy enquiries | connect@chefjameswon.com |
| General enquiries | connect@chefjameswon.com |
| Website | chefjameswon.com |
We will acknowledge receipt of any privacy enquiry promptly, and respond substantively within the timeframe required by the applicable framework.
— End of Policy —