Last updated: 29 June 2019
What personal data is collected and why
Personal data is also known as personal information, personally identifying information (PII), or sensitive personal information (SPI). It refers to any information that may be used to identify a person. I only collect personal data related to the basic functionality of this website and optional analytics, as outlined below.
Web Hosting & Server Logs
My web hosting provider is NFSN, Inc., located at 1540 International Pkwy Ste 2000, Lake Mary, FL 32746-5096, USA. As with most web hosting providers, NFSN offers access logging, error logging, and rewrite logging. I have deliberately disabled access logging since it can contain personal data such as IP addresses and the host name of the accessing computer.
Comments are disabled by default on this website. If comments are open on a post and you do leave a comment, the content management system collects the data shown in the comments form and also your IP address and browser user agent string to help spam detection. Visitor comments may be checked through an automated spam detection service.
Logged-in editors may upload media to this website. If you upload images to this website, you should avoid uploading images with embedded location data (EXIF GPS) included since website visitors can extract this location data from any images that they download.
Embedded content from other websites
Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
I try to avoid using embedded content where possible.
I use Wordfence to configure a firewall, block malicious traffic, give me immediate alerts in the event of malicious activity, and enforce strong passwords. These features are essential in maintaining the security of this website and in protecting personal data. In order to maintain and provide these services, Wordfence collects selected personal data including IP addresses, accessed URLs, and cookies. For further information, please see Wordfence’s GDPR policies and their Data Processing Agreement.
I use Google Analytics to better understand and contextualise my notes’ relevance. Visitors may opt out from analytics by using the UI present when they visit the site. I have deliberately disabled Data Collection for Advertising Features, Demographics and Interest Reports, User-ID, and all data-sharing settings. I have also configured Google Analytics to anonymise IP addresses.
Cookies are used on this website to support essential functionality and to gather some insight on how the website is used.
When you visit the site
When you visit the site, a script related to Google Analytics sets up several cookies. Two of these are used to distinguish users;
_ga expires in two years and
_gid expires in one day. Another cookie,
_gat, is used to throttle the request rate and expires in one minute.
If you change any analytics settings
If you change any analytics settings, the content management system will set cookies to remember your preferences. These cookies are discarded when you close your browser.
If you leave a comment on the site
If you leave a comment on our site, you may opt in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit the login page
If you visit our login page, the content management system will set a temporary cookie
wordpress_test_cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
If you log in to the site
If you log in, the content management system will set up several cookies to save your WordPress login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
The security plugin Wordfence will also set up cookies related to the firewall. These cookies check the capability of the current user before WordPress has been loaded so that logged in users are given increased access, and non-logged in users are restricted from secured areas. The cookies also let the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block. These cookies persist for 2 weeks.
If the logged in user is an administrator (the top access level), Wordfence will also set cookie
wfwaf-authcookie-[hash] that is used to let site owners know when there is an admin login from a new device or location (a security risk). This cookie persists for 12 hours.
If you edit the site
If you edit or create a post or page on this site, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
About your data and how we use it
What rights you have over your data
- The right of access: Get in touch and we will provide you with an exported file of any data we hold about you, including data you have provided to us. If you have an account, you can log in and access your account data at any time.
- The right to rectification: If there’s any personal data about you that should be corrected by us, please let us know.
- The right to erasure, a.k.a. the “right to be forgotten”: Let us know and we will delete all your personal data that we store. If you have an account on this site, you can delete your account at any time. If you have commented on the site or we hold your data for any other reason, you can request that we erase any personal data we hold about you. Please note that we cannot remove or erase data that we are obliged to keep for administrative, legal, or security purposes.
- The right to restrict processing: If you would like to restrict or suppress the processing of any data we hold about you, get in touch and we will work with you to accommodate this.
- The right to data portability: We will give you an exported copy of your data so that you can provide it to another service.
- The right to object: You have the right to file a complaint regarding our collection and use of your data. Please tell us first so that we have a chance to address your concerns. If we fail in this, you can address any complaint to your national data protection authorities.
Who we share your data with
Your data will only ever be shared with the services outlined in this document, the majority of which are essential for the basic functionality of this website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Users cannot change their username but are welcome to get in touch with a website administrator if they wish to do so. Website administrators may also see and edit users’ personal information.
The data that is sent to Google Analytics is stored for 26 months.
Please see the Cookies section of this document for information about what cookies we set and when they expire.
How we protect your data
We use SSL encryption to protect our website traffic. Our SSL certificate is issued by Let’s Encrypt. Our website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection if the URL reads
https:// instead of
http://. A green lock icon may also be displayed in your browser’s address bar. If you see the green lock icon, try clicking it. In many browsers, clicking the lock icon will give you further information about the website related to your privacy.
We never store or transmit passwords in plain text formats such as spreadsheets, text files, or emails.
Data breach procedures
If there is a data breach where personal data may have been compromised, we will report the breach to the relevant supervisory authority. We will do so within 72 hours of becoming aware of the breach, where feasible. We will also get in touch with the affected users as soon as possible to let them know the nature of the breach and what data may have been involved.
Questions & Feedback