Privacy Policy

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Jialiang Lai

Norikerstr. 25

90402 Nürnberg

Germany

E-Mail: leo@jialianglai.com

Phone: +49 152 59480439

Website: jialianglai.com

This privacy policy informs you in detail about which personal data is processed when you visit and use this website, the purposes for which this is done, and the rights you have as a data subject.

This website is a personal portfolio and brand website. It does not contain a user account, online shop, newsletter system, or payment function. You can contact me via email or via the integrated Tally contact form (see Section 9).

The processing of your personal data is carried out strictly in accordance with the GDPR, in particular based on the following legal grounds:

• Art. 6(1)(a) GDPR: If you have given us explicit consent.
• Art. 6(1)(b) GDPR: If processing is necessary for the performance of a contract or for pre-contractual measures.
• Art. 6(1)(c) GDPR: If there is a legal obligation to process the data.
• Art. 6(1)(f) GDPR: If processing is necessary for the purposes of our legitimate interests (e.g., technical provision, security, error analysis, optimization, and processing of contact requests).

When you access this website, technically necessary data is automatically transmitted by your browser and processed to display the website, operate it stably, and protect it against misuse. This includes in particular:

• Requested page or file
• Date and time of access
• Amount of data transferred and access success status
• Browser type and version
• Operating system used
• Referrer URL (the previously visited page)
• Your IP address and the requesting provider

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in secure and error-free provision). Log files are deleted or anonymized as soon as they are no longer needed for these purposes.

This website is hosted by Vercel (Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA). Vercel processes technical access data (such as IP address, time, device info) which are strictly necessary for the delivery and security of the website (Art. 6(1)(f) GDPR). Processing on our behalf is carried out in accordance with Art. 28 GDPR (Data Processing Agreement). Data transfers to the USA are legally safeguarded by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. Further info: https://vercel.com/legal/privacy-policy

The source code is managed via GitHub (GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA). Merely visiting this website does not trigger any direct data transmission to GitHub, as no content is directly embedded from there. GitHub is used exclusively for source code management and deployment (Art. 6(1)(f) GDPR). Further info: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

The domain is managed via Squarespace (Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland). When visiting the website, Squarespace is primarily relevant for DNS-related functions. It is used for reliable domain management based on Art. 6(1)(f) GDPR. Further info: https://www.squarespace.com/privacy

If you contact me by email, the data you provide (e.g., name, email address, message content, time) will be processed exclusively to handle your request. The legal basis is Art. 6(1)(f) GDPR (or Art. 6(1)(b) GDPR for pre-contractual measures). The data will be deleted once the matter is conclusively resolved. Please note that unencrypted emails may pose security risks.

This website offers a contact form provided by Tally.

• Provider: Tally BV, August Van Lokerenstraat 71, 9050 Ghent, Belgium (Enterprise Number: 0776.979.007).
• Data Processing Agreement: I am the data controller. Tally processes the data strictly on my behalf and instructions (Art. 28 GDPR). A Data Processing Agreement (DPA) has been concluded.
• Processed Data: Name (optional), email address, message text, IP address (technically necessary), date and time.
• Purpose & Legal Basis: Solely for processing your request (Art. 6(1)(f) or (b) GDPR). No profiling or marketing takes place.
• Storage & Security: Tally stores data exclusively on servers within the European Union. No third-country transfers are made by Tally. Transmission is SSL/TLS encrypted (HTTPS). No tracking cookies are set, which is why a checkbox consent is legally not required.
• Further info: https://tally.so/help/privacy-policy

This website does not use tracking or marketing cookies. Only technically necessary local storage technologies are used (e.g., for language and theme settings). The legal basis is Sec. 25(2) TDDDG and Art. 6(1)(f) GDPR.

Local settings (language, light/dark mode) are stored locally in the user's browser to keep the presentation user-friendly and consistent (Art. 6(1)(f) GDPR).

This website does not use web analytics services, advertising networks, or tracking technologies (such as Google Analytics or Meta Pixel). No profiling takes place.

This website contains links to external platforms (e.g., LinkedIn, GitHub). If you click on them, you leave the website. The respective provider is solely responsible for data processing there.

This website does not use embedded third-party content (such as YouTube, Google Maps, Spotify), with the exception of the Tally contact form, which is embedded as an iframe.

Data is only shared with third parties when strictly necessary. Recipients are: Vercel (Hosting), Squarespace (Domain), GitHub (Deployment), Tally B.V. (Forms), and authorities if legally obliged.

Transfers to non-EU countries occur with Vercel, GitHub, and Squarespace (USA). This transfer is secured by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. Tally stores data exclusively in the EU.

Data is only stored as long as necessary for the purpose. Email and form inquiries are deleted after conclusive resolution, provided no statutory retention obligations exist.

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)). To exercise these, contact me using the details in Section 1.

If data is processed based on Art. 6(1)(f) GDPR, you may object at any time on grounds relating to your particular situation.

Given consents can be withdrawn at any time with future effect. The lawfulness of processing up to the withdrawal remains unaffected.

You have the right to lodge a complaint with a supervisory authority. The competent authority is:

Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18

91522 Ansbach

Germany.

For security reasons, this website uses SSL/TLS encryption ("https://" in the address bar).

This policy may be updated in the event of legal or technical changes. The currently published version applies.