Who I am
My name is Alex, and my website address is https://escapingoxford.blog. You can contact me if you have any questions about this policy by filling in the contact form on this website.
What this is
Wow, GDPR is complicated, isn’t it? I’m just a guy, and in particular not an information rights lawyer guy. If you’re reading this, you may well know more than me (and if anything here is wrong, please do get in touch to let me know). On this page I’ve done my best to explain what this site does with your personal data. As a general principle, it does as little with it as possible for this website to function in the way you’d expect.
How I use your data
It’s very tempting at this point to quote xkcd’s parody of this sort of page: “Please don’t send us your personal information. We do not want your personal information. We have a hard enough time keeping track of our own personal information, let alone yours.”
That’s not quite true, though: I’d love you to engage with this blog by commenting, contacting me, or subscribing to the newsletter. And if you do that it necessarily involves some of your personal data, if only because quite a lot of things count as “personal data”.
Comments
When visitors leave comments on the site, the site collects (and shows me) the data you type into the comments form, and also your IP address and browser user agent string to help spam detection.
Contact form
If you submit the contact form on this website, the site collects (and shows me) the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Like with my comments sections, my contact form uses Akismet to reduce spam. Again, the information you enter and information about your browsing session will be sent. See above for more details.
Newsletter
I use Noptin, a WordPress email marketing plugin, to manage email subscriptions to this blog. If you subscribe, I collect your email address so that I can send you that newsletter.
Embedded content from other websites
Posts on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
If this blog contains such embedded content, when you load the page it will be hidden at first and those cookies will be blocked until you click to show the content. By clicking, you consent to that use of your data and to those cookies being saved to your browser, as applicable.
In particular, if the content is a crossword from Amuse Labs, the following data is collected and passed to them (taken from their online privacy information):
The PuzzleMe server database collects information on complete and incomplete plays by each user who visits a picker and/or a puzzle. The primary user tables in this database are: (a) A picker-loads table containing information on each load of a picker, including the uid of the user who visited the page, the user’s browser, the time of load, the state in the picker load cycle that they reached (such as whether an ad was shown and for how long), etc. (b) A plays table containing information on each puzzle play. A puzzle play is identified by a unique combination of a puzzle and a uid. For each puzzle play, this table stores information on the uid, the puzzle played, how many times the user has loaded this specific puzzle, the time of last update, the user’s browser, the number of times the puzzle was printed, and the state of the puzzle, such as the state of the user’s grid, the user’s timer value, and other metrics of user interaction. (c) A user preferences table that stores sticky user play preferences (set in the settings dialog), e.g., whether to skip to the next word when the user finishes typing in a word. Rows in this table are identified by the uid.
In addition to the database, the PuzzleMe server logs incoming requests (along with the client IP address). These logs are collected for two purposes: tracking any malicious attacks on the servers or to debug problems at a low level.
The user ID is randomly generated and stored as a cookie in your browser. Your browser also stores a snapshot of the state of the puzzle in play.
My lawful basis for processing your personal data
In all cases, the relevant lawful basis is your consent.
Who I share your data with
If you leave a comment, it will be visible publicly on this website.
If you submitted an idea for a blog post, I may use that idea (and quote from it) as part of the text of a blog post. I will do so without disclosing your name or any details that may identify you; once I have done so, it falls outwith the scope of this policy as it is no longer personal data. The exception would be if you gave me your consent to use any details that may identify you in the blog post, in which case those details will be visible publicly on this website.
An anonymised string created from your email address (also called a “hash”) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
I also use a service called Akismet to reduce the amount of spam I get to my web form and comments. When you submit a comment, the information you enter, your IP address, and your user agent string will be submitted to this service. This may involve transferring your data outwith the UK and EU, although if so this will be done under Standard Contractual Clauses (or their UK equivalent) which aim to protect your rights under (UK) GDPR. For more on how Akismet uses your data, see: https://akismet.com/gdpr/.
See also the “Embedded content from other websites” section.
If you request a password reset—please stop trying to log in to this website, because only I can do that. But, if you do anyway, your IP address will be included in the reset email.
How long I retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue, and so that your comment is shown to future readers of the post.
If you submit the contact form, I will retain your submission only as long as I need to in order to address it, and in any case for no longer than one year. That excludes any personal data that I incorporated into the blog with your consent, which I will retain indefinitely.
If you subscribe to the newsletter, I will retain your email address until you unsubscribe.
If you do a crossword, data sent to Amuse Labs is kept for no longer than six months.
Data sent to Automattic for the Gravatar and Akismet services described above is kept for no longer than necessary to achieve that purpose.
What rights you have over your data
This section is copied directly from the UK’s Information Commissioner’s Office (ICO), so hopefully this bit is right…
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
- Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
- Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
- Your right to erasure – You have the right to ask us to delete your personal information. Read more about the right to erasure.
- Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
- Your right to object to processing – You have the right to object to the processing of your personal data. Read more about the right to object to processing.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
- Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Cookies
This website does not automatically add any cookies to your browser. (If it does, please let me know, because it means something in my WordPress setup is not acting as it should.) It does, though, add cookies to your browser in certain circumstances. In every case this is either because they are necessary to the site to function, or because you have specifically agreed to have them (sometimes both).
You have the right to delete or block any cookies this site has set through your browser settings.
Comments
If you leave a comment on this site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Newsletter
When you subscribe to the newsletter, the website may store a cookie in your browser to prevent duplicate subscriptions and improve user experience. Specifically, this cookie helps to:
- prevent the subscription form from displaying repeatedly if you have already subscribed, and
- ensure a smooth user experience by remembering your subscription status.
This cookie does not store any personally identifiable information (PII) and is used solely to enhance your interaction with the site.
Embedded content from other websites
See the section under “How I use your data” above.
Further, if you choose to tick the box when revealing embedded content that means it will automatically appear in future, a cookie will be stored in your browser to remember that preference.
Site backend
If you visit the site’s login page—again, why? Like I said, you can’t log into this site unless you’re me. It’s my site. Please leave it alone. But, if you persist in trying to hack into this website, it will set cookies to make your life easier. Specifically:
- It will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, the site will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
How to complain
I hope you don’t want to complain, but if you have any concerns you can contact me using the contact details above. And if you’re still unhappy, you can contact the ICO.
- Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF - Helpline number: 0303 123 1113
- Website: https://www.ico.org.uk/make-a-complaint
That’s it
Wasn’t that fun? Hey, at least, if you’ve read all of it, I can guarantee that everything else you read here will be more interesting. Although that’s a low bar that I fully intend to make use of.