Last updated: 7 November 2019
Personal data is also known as personal information, personally identifying information (PII), or sensitive personal information (SPI). It refers to any information that may be used to identify a person. I only collect personal data related to the basic functionality of this website and optional analytics, as outlined below.
My web hosting provider is NFSN, Inc., located at 1540 International Pkwy Ste 2000, Lake Mary, FL 32746-5096, USA. As with most web hosting providers, NFSN offers access logging, error logging, and rewrite logging. I have deliberately disabled access logging since it can contain personal data such as IP addresses and the host name of the accessing computer.
If comments are open on a post and you leave a comment, the content management system collects the data shown in the comments form and also your IP address and browser user agent string to help spam detection. Visitor comments may be checked through an automated spam detection service.
Webmention is a standard for mentions and conversations across the web. Webmentions can include your name, the profile picture from your website, the URL of your website, and personal information you include in your post.
If your website supports webmentions, you may send a webmention to the endpoint of this website. By doing so, you are explicitly requesting the server to take notice of that referral and process it. As long as public content is concerned (i.e. you are not sending a private webmention), your use of this website’s webmention endpoint implies that you are aware that your webmention may be published and that you are aware of its contents.
Pending moderation for security purposes, incoming public webmentions will be published on this website. You can request the removal of one or all webmentions originating from your website at any time.
Logged-in editors may upload media to this website. If you upload images to this website, you should avoid uploading images with embedded location data (EXIF GPS) included since website visitors can extract this location data from any images that they download.
I use Wordfence to configure a firewall, block malicious traffic, give me immediate alerts in the event of malicious activity, and enforce strong passwords. These features are essential in maintaining the security of this website and in protecting personal data. In order to maintain and provide these services, Wordfence collects selected personal data including IP addresses and accessed URLs. For further information, please see Wordfence’s GDPR policies and their Data Processing Agreement.
I use Google Analytics to better understand and contextualise my notes’ relevance. I have configured Google Analytics to anonymise IP addresses, and I have deliberately disabled Data Collection for Advertising Features, Demographics and Interest Reports, User-ID, and all data-sharing settings.
Cookies are used on this website to support essential functionality and to gather some insight on how the website is used.
When you visit the site
When you visit the site, a script related to Google Analytics sets up several cookies. Two of these are used to distinguish users;
_ga expires in two years and
_gid expires in one day. Another cookie,
_gat, is used to throttle the request rate and expires in one minute.
If you change any analytics settings
If you change any analytics settings, the content management system will set cookies to remember your preferences. These cookies are discarded when you close your browser.
If you leave a comment on the site
If you leave a comment on our site, you may opt in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit the login page
If you visit our login page, the content management system will set a temporary cookie
wordpress_test_cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
If you log in to the site
If you log in, the content management system will set up several cookies to save your WordPress login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
The security plugin Wordfence will also set up cookies related to the firewall. These cookies check the capability of the current user before WordPress has been loaded so that logged in users are given increased access, and non-logged in users are restricted from secured areas. The cookies also let the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block. These cookies persist for 2 weeks.
If the logged in user is an administrator (the top access level), Wordfence will also set cookie
wfwaf-authcookie-[hash] that is used to let site owners know when there is an admin login from a new device or location (a security risk). This cookie persists for 12 hours.
If you edit the site
If you edit or create a post or page on this site, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
- The right of access: Get in touch and we will provide you with an exported file of any data we hold about you, including data you have provided to us. If you have an account, you can log in and access your account data at any time.
- The right to rectification: If there’s any personal data about you that should be corrected by us, please let us know.
- The right to erasure, a.k.a. the “right to be forgotten”: Let us know and we will delete all your personal data that we store. If you have an account on this site, you can delete your account at any time. If you have commented on the site or we hold your data for any other reason, you can request that we erase any personal data we hold about you. Please note that we cannot remove or erase data that we are obliged to keep for administrative, legal, or security purposes.
- The right to restrict processing: If you would like to restrict or suppress the processing of any data we hold about you, get in touch and we will work with you to accommodate this.
- The right to data portability: We will give you an exported copy of your data so that you can provide it to another service.
- The right to object: You have the right to file a complaint regarding our collection and use of your data. Please tell us first so that we have a chance to address your concerns. If we fail in this, you can address any complaint to your national data protection authorities.
Your data is only shared with the services outlined in this document, the majority of which are essential for the basic functionality of this website.
If you leave a comment or webmention, the comment / webmention and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
If you sign up to our newsletter, we will retain the information you provide indefinitely. If you unsubscribe, you will no longer receive newsletters from us but we will retain your contact details. If you would like your contact details to be deleted, please get in touch so that we can do this for you.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time. Users cannot change their username but are welcome to get in touch with a website administrator if they wish to do so. Website administrators may also see and edit users’ personal information.
The data that is sent to Google Analytics is stored for 26 months.
Please see the Cookies section of this document for information about what cookies we set and when they expire.
We use SSL encryption to protect our website traffic. Our SSL certificate is issued by Let’s Encrypt. Our website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection if the URL reads
https:// instead of
http://. A green lock icon may also be displayed in your browser’s address bar. If you see the green lock icon, try clicking it. In many browsers, clicking the lock icon will give you further information about the website related to your privacy.
We do not store or transmit passwords in plain text formats such as spreadsheets, text files, or emails.
If there is a data breach where personal data may have been compromised, we will report the breach to the relevant supervisory authority. We will do so within 72 hours of becoming aware of the breach, where feasible. We will also get in touch with the affected users as soon as possible to let them know the nature of the breach and what data may have been involved.