Matthew Oyan - Privacy Policy

Last updated: Mar 26, 2025

Quick Overview

Before reading the full Privacy Policy, here's a quick overview of what happens when you submit a message through the contact form on this site:

Step 1: Your form input (name, email, message, etc.) is sent securely to a Netlify serverless function, which processes the submission. The site does not use Netlify Forms to store or display form submissions in the Netlify dashboard.
Step 2: hCaptcha helps verify that the submission is not spam or automated abuse. This may involve processing technical and interaction data through hCaptcha / Intuition Machines, including in Europe and, where applicable, the United States.
Step 3: The serverless function forwards the message through Maileroo (servers in Germany).
Step 4: Maileroo relays the message as an email to the site owner's Gmail account (Google servers, typically located in the US or nearest available data center).
Step 5: The site owner accesses the message in Gmail and may reply directly.

At every stage, data is transmitted over secure, encrypted channels (TLS/SSL).

1. Who We Are

This website (matthewoyan.com and associated subdomains) is operated by Matthew Oyan, based in the Philippines. For the purposes of the Philippines Data Privacy Act of 2012 (RA 10173), EU General Data Protection Regulation (GDPR), UK GDPR, and other applicable privacy laws, I am the data controller for personal data collected via this site.

2. What Data We Collect

When you use the contact form, I may collect:

First and last name
Email address
Organization (optional)
Phone number (optional)
Topic and message content

No sensitive personal information (such as financial or medical data) is requested or required.

3. How Your Data Is Used

Your information is used solely to:

Receive and respond to inquiries
Maintain records of correspondence
Improve the communication process

I do not and will not sell or share your personal data with third parties for marketing.

4. Where and How Your Data Is Processed

Netlify (United States): hosts the website and runs the serverless function that processes contact form submissions. The site does not use Netlify Forms to store form submissions in the Netlify dashboard.
hCaptcha / Intuition Machines: provides bot and spam protection for the contact form. hCaptcha may process technical and interaction data, such as IP address, browser/device information, and CAPTCHA interaction data, in data centers in Europe and, where applicable, the United States or other locations where it or its service providers operate.
Maileroo (Germany): relays the message via email.
Google Gmail (United States or nearest available data center): receives and stores the message.

Third-Party Privacy Policies

For more details on how these services handle data, you may review their respective privacy policies:

Netlify: Privacy Policy
hCaptcha / Intuition Machines: Privacy Policy
Maileroo: Privacy Policy
Google: Privacy Policy

Note: These links open in new windows and will show the most current version of each company's privacy policy.

5. Legal Basis for Processing

Philippines (RA 10173): Processing is based on your consent when you voluntarily submit the form, and on legitimate business purposes such as responding to your inquiry.
EU/UK (GDPR/UK GDPR): Processing is based primarily on legitimate interests (Article 6(1)(f)) for receiving and responding to inquiries, and consent (Article 6(1)(a)) where consent is specifically requested.
Other regions: Processing is based on your voluntary submission and applicable local privacy law.

6. Data Retention

Contact form submissions are not intentionally stored in Netlify Forms. Messages are relayed by email and may be retained in Gmail as correspondence records for as long as reasonably necessary to maintain professional communications.
You may request deletion at any time (see Section 8).

7. Security

Data is encrypted in transit (HTTPS/TLS). Netlify, hCaptcha, Maileroo, and Google provide their own security measures for the services they operate. However, no system is 100% secure, and I cannot guarantee absolute protection.

8. Your Rights

Depending on your jurisdiction, you may have rights to:

Access the personal data I hold about you
Correct inaccurate information
Request deletion of your data
Withdraw consent to processing
File a complaint with a relevant data protection authority

To exercise these rights, please send an email to dataprivacy[at]matthewoyan.com.

9. Cross-Border Data Transfers

Because this site uses service providers that may process data in the Philippines, United States, Germany, Europe, and other locations where their service providers operate, your data may be transferred internationally. By submitting the contact form, you acknowledge that these transfers may occur. Safeguards such as HTTPS/TLS, reputable service providers, and contractual/privacy commitments from those providers are used to help protect your information.

10. Updates

This Privacy Policy may be updated from time to time. The "last updated" date at the top will reflect any changes.

11. Contact

If you have questions about this Privacy Policy, to exercise your data rights, or how your data is handled, please contact me at dataprivacy[at]matthewoyan.com and I will get back to you as soon as I can.