Privacy Policy 🙈🙊🙉

Last updated: 7 November 2019

Overview

This privacy policy relates to the primary website for Piper Haywood (“me”, “I”, “we”, and “us” hereafter) which can be found at the following URL:

https://piperhaywood.com

I am a UK-based individual and am the responsible data controller for this website. I use my website to share information about myself and my work. You can contact me if you have questions about this privacy policy by sending me an email at mail@piperhaywood.com.

This privacy policy is based primarily on guidance kindly provided by the creators of WordPress. It also draws inspiration from the genuine and clearly-worded documentation provided by the developers of Kirby CMS. Outbound links on this page are provided for greater context or guidance on specific concepts.

What personal data is collected and why

Personal data is also known as personal information, personally identifying information (PII), or sensitive personal information (SPI). It refers to any information that may be used to identify a person. I only collect personal data related to the basic functionality of this website and optional analytics, as outlined below.

Web Hosting & Server Logs 💾

My web hosting provider is NFSN, Inc., located at 1540 International Pkwy Ste 2000, Lake Mary, FL 32746-5096, USA. As with most web hosting providers, NFSN offers access logging, error logging, and rewrite logging. I have deliberately disabled access logging since it can contain personal data such as IP addresses and the host name of the accessing computer.

Comments 💬

If comments are open on a post and you leave a comment, the content management system collects the data shown in the comments form and also your IP address and browser user agent string to help spam detection. Visitor comments may be checked through an automated spam detection service.

An anonymised string (also called a hash) created from your email address may be provided to the Gravatar service to see if you use their service. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture may be visible to the public in the context of your comment.

Webmentions 💭

Webmention is a standard for mentions and conversations across the web. Webmentions can include your name, the profile picture from your website, the URL of your website, and personal information you include in your post.

If your website supports webmentions, you may send a webmention to the endpoint of this website. By doing so, you are explicitly requesting the server to take notice of that referral and process it. As long as public content is concerned (i.e. you are not sending a private webmention), your use of this website’s webmention endpoint implies that you are aware that your webmention may be published and that you are aware of its contents.

Pending moderation for security purposes, incoming public webmentions will be published on this website. You can request the removal of one or all webmentions originating from your website at any time.

Media 🎞

Logged-in editors may upload media to this website. If you upload images to this website, you should avoid uploading images with embedded location data (EXIF GPS) included since website visitors can extract this location data from any images that they download.

Embedded content from other websites 🎥

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. I avoid using embedded content when possible.

Newsletter ✉️

If you sign up to our newsletter via MailChimp, we will collect your email address and your permission to contact you. You may also submit preferences regarding email frequency and can submit your name. You may edit your preferences or unsubscribe at any time by clicking the relevant link in one of our email newsletters. I do not enable click tracking or open tracking. For further information about MailChimp’s policies, please see their privacy policy and data processing addendum.

Security 🔒

I use Wordfence to configure a firewall, block malicious traffic, give me immediate alerts in the event of malicious activity, and enforce strong passwords. These features are essential in maintaining the security of this website and in protecting personal data. In order to maintain and provide these services, Wordfence collects selected personal data including IP addresses and accessed URLs. For further information, please see Wordfence’s GDPR policies and their Data Processing Agreement.

Analytics 👀

I use Google Analytics to better understand and contextualise my notes’ relevance. I have configured Google Analytics to anonymise IP addresses, and I have deliberately disabled Data Collection for Advertising Features, Demographics and Interest Reports, User-ID, and all data-sharing settings.

Analytics measurement is disabled for visitors with Do Not Track enabled via their browser. Visitors may also opt out from analytics by using the UI present when they visit this website.

Cookies 🍪

Cookies are used on this website to support essential functionality and to gather some insight on how the website is used.

When you visit the site

When you visit the site, a script related to Google Analytics sets up several cookies. Two of these are used to distinguish users; _ga expires in two years and _gid expires in one day. Another cookie, _gat, is used to throttle the request rate and expires in one minute.

If you change any analytics settings

If you change any analytics settings, the content management system will set cookies to remember your preferences. These cookies are discarded when you close your browser.

If you leave a comment on the site

If you leave a comment on our site, you may opt in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit the login page

If you visit our login page, the content management system will set a temporary cookie wordpress_test_cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

If you log in to the site

If you log in, the content management system will set up several cookies to save your WordPress login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

The security plugin Wordfence will also set up cookies related to the firewall. These cookies check the capability of the current user before WordPress has been loaded so that logged in users are given increased access, and non-logged in users are restricted from secured areas. The cookies also let the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block. These cookies persist for 2 weeks.

If the logged in user is an administrator (the top access level), Wordfence will also set cookie wfwaf-authcookie-[hash] that is used to let site owners know when there is an admin login from a new device or location (a security risk). This cookie persists for 12 hours.

If you edit the site

If you edit or create a post or page on this site, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

About your data and how we use it

What rights you have over your data

  1. The right to be informed: We inform our users about what data is being collected and how we use it by placing a link to this privacy policy prominently in the menu. We have tried to make this information clear and readily available, yet unobtrusive to our users’ browsing experience.
  2. The right of access: Get in touch and we will provide you with an exported file of any data we hold about you, including data you have provided to us. If you have an account, you can log in and access your account data at any time.
  3. The right to rectification: If there’s any personal data about you that should be corrected by us, please let us know.
  4. The right to erasure, a.k.a. the “right to be forgotten”: Let us know and we will delete all your personal data that we store. If you have an account on this site, you can delete your account at any time. If you have commented on the site or we hold your data for any other reason, you can request that we erase any personal data we hold about you. Please note that we cannot remove or erase data that we are obliged to keep for administrative, legal, or security purposes.
  5. The right to restrict processing: If you would like to restrict or suppress the processing of any data we hold about you, get in touch and we will work with you to accommodate this.
  6. The right to data portability: We will give you an exported copy of your data so that you can provide it to another service.
  7. The right to object: You have the right to file a complaint regarding our collection and use of your data. Please tell us first so that we have a chance to address your concerns. If we fail in this, you can address any complaint to your national data protection authorities.

Who we share your data with

Your data is only shared with the services outlined in this document, the majority of which are essential for the basic functionality of this website.

How long we retain your data

If you leave a comment or webmention, the comment / webmention and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you sign up to our newsletter, we will retain the information you provide indefinitely. If you unsubscribe, you will no longer receive newsletters from us but we will retain your contact details. If you would like your contact details to be deleted, please get in touch so that we can do this for you.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Users cannot change their username but are welcome to get in touch with a website administrator if they wish to do so. Website administrators may also see and edit users’ personal information.

The data that is sent to Google Analytics is stored for 26 months.

Please see the Cookies section of this document for information about what cookies we set and when they expire.

Additional information

How we protect your data

We use SSL encryption to protect our website traffic. Our SSL certificate is issued by Let’s Encrypt. Our website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection if the URL reads https:// instead of http://. A green lock icon may also be displayed in your browser’s address bar. If you see the green lock icon, try clicking it. In many browsers, clicking the lock icon will give you further information about the website related to your privacy.

Wherever possible, we follow WordPress’s guidance regarding security and complete all CMS and plugin updates as soon as is feasible. We also use Wordfence for more advanced security features.

We do not store or transmit passwords in plain text formats such as spreadsheets, text files, or emails.

Data breach procedures

If there is a data breach where personal data may have been compromised, we will report the breach to the relevant supervisory authority. We will do so within 72 hours of becoming aware of the breach, where feasible. We will also get in touch with the affected users as soon as possible to let them know the nature of the breach and what data may have been involved.

Other websites

Though we are occasionally involved in the development and maintenance of others’ websites and we take care to consider data privacy when offering development services, we are not responsible for the data privacy or privacy policy of other websites since we are not their data controller.

Questions & Feedback

We try to keep our privacy policy as transparent and easy to understand as possible. Please let us know if we can improve it further or if you have any other questions by emailing us.