First, an obligatory disclaimer: I am not a lawyer (and I can not afford one). But I have spent an enormous amount of time reading through the GDPR (General Data Protection Regulation), as well as other regulations such as the Swiss Privacy Shield and the Mexican LFPDPPP (Ley Federal de Protección de Datos Personales en Posesión de Particulares), trying my best to understand them, reading articles, and modifying my systems. But at this point what I seek to accomplish is compliance with the GDPR. If you find something that is not clear enough you are very welcome to contact me at firstname.lastname@example.org
- What data I collect
- How can I see it
- How can I change it
- How can I get it deleted
Currently, I am not collecting personal information.
While I have Google AdSense on this site, if you are visiting from a country covered by the GDPR the advertising displayed to you is not personalized. You receive a cookie, which is necessary for the functionality of the Ads and in order to prevent fraud, but no information about you is being collected.
How can you see it, change it and/or delete the information
Whenever you visit my pages or use my services or tools, I aim to provide you with access to your personal information (see Personal Information) if any is collected. If that information is wrong, I will provide you ways to update it quickly or to delete it, unless I need to keep that information of yours for legitimate business or for legal purposes.
If you desire to see if I have collected any information of you, you can write me at email@example.com. Then I will search in my records any information related to the e-mail address, and if found, I will send you what it is that I have. Then you can request a change on it or the deletion of it.
I aim to maintain my pages, services or tools in a way that protect the information from accidental or malicious modification or destruction. Because of this, once you delete information from my pages, services or tools, that information may remain in residual copies from the active services or systems or it may remain in backup systems.
The fact that the information may remain in such situations does not mean that it is purposefully used, seen or modified in any way, only that it remains there because of the nature of the systems.
In the case of backups for example, they are done in an automated way. This is done to preserve the reliability and accessibility of the information in the case of technical errors that may result in data loss. If such a thing occurs, the data gets restored from one of these backups, not selectively, but the whole system gets restored.
There is also a log of things happening to the servers, so once a backup is restored, the same instructions that were previously performed (such as deleting your information) get executed again on the restored backup. This seldom happens, our objective is that there are no technical errors, and the backups are just a safety net.
Information that is shared
As of now, no information is shared. But there may be a need to share it with the purpose of external processing or legal reasons.
For external processing
For legal reasons
The information will be shared with authorities if I have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
Meet any applicable law, regulation, legal process or enforceable governmental request.
Enforce applicable Terms of Service, including investigation of potential violations.
Detect, prevent, or otherwise address fraud, security or technical issues.
Protect against harm to the rights, property or safety of myself, my family and the people working with me, as well as the public in general as required or permitted by law.
In order to protect the information collected from unauthorized access or from unauthorized alteration, disclosure or destruction, the following measures are in place:
Encryption of all data
between your computer and these sites and/or systems utilizing TSL.
Review of the information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
Restrict access to personal information from anyone who doesn’t need to use it.
Anyone accessing personal information in order to process it are subject to strict contractual confidentiality obligations, and may be terminated if they fail to meet these obligations.
Compliance and cooperation with regulatory authorities
It has never happened but if there comes a situation where something significant has to be changed, and you no longer desire the new terms, you will have the time to prepare and search a new service, and your information will not be withhold or restricted in any way, prior to the termination of your account.
Hopefully something can always be worked out with you, but I clarify this so you know that you will not be hold hostage shall you ever want to go.
Application data cache
“Application data cache” is a data repository (where data is stored) on a device. This device may be your computer, or any of the computers in the way between where our data is stored and your computer. Given that we are utilizing encryption between our computer and yours, then the device is very likely just your computer.
Having part of this data stored in your computer allows a web application to run even if your Internet goes down. Additionally, because some of this data is already stored in your computer, the web application runs faster as it doesn’t not have to connect to our server and get again data that you already have.
Browser web storage
Thanks to the availability of storage inside of your web browser, some web applications can continue to perform between sessions. This means, that you can close the Tab, the Window, or completely shut down the computer, and when you open the web browser again, you can continue what you were doing. You can do it even if you open the browser not having access to Internet, if the web application uses the browser web storage properly.
Cookies and similar technologies
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. The string of characters is very unique, so when you visit the website again, the cookie allows the website to know that your browser is the exact same browser that visited before.
A cookie can also store your preferences, some personal information about you, and more information. This is with the intention that, when you visit the same website again, you are not treated as a person who has never been there.
It is possible to delete the cookie or cookies, and you can also be notified when you are receiving a cooking from a website. If you decide to delete or block the cookies of a website, some features may not work as they are utilized for some basic functionality.
For example, when you login to a website, it is thanks to the cookie that, when you open the website again or switch to a different section of the website, the site and/or system knows that it is you and that you are already connected to it.
This is a computer that is used to access an online service. It may be a desktop computer, a laptop, a tablet, a smartphone or anything capable of processing data and show you information.
When you click on a link on a website, and you go from there to a different website, the website that you arrived to receives an HTTP Referrer. This is information about where were you before you went to the new website. It contains the URL (Universal Resource Locator, or simply, a web address) of that page you were in.
When you have a website, sometimes you want to see where are the people coming from. It is thanks to this HTTP Referrer information that we can see that you came from Google to this website. Or maybe somebody sent you the link via e-mail, and we see that you came from an E-mail, or maybe from a message in Google+ or Facebook.
If we are receiving a considerable amount of visitors from one particular source, this enable us to better prepare for our visitors.
Every device that is connected to the Internet is assigned a number, it is know as Internet Protocol Address, or simply IP Address.
This numbers are usually assigned in geographical blocks, so they can be used to find out where a the traffic and/or the user is coming from in the world.
If you visit a web site, then the website sends you the data that you request, but in order to do this, it needs to know where to send it. It sends the packages with the data to your IP address, and he infrastructure on the Internet has a system to route that data through it so it reaches you.
This is why the IP Addresses are very associated with your geographical location, in the end they reach your Internet provider, and your Internet provider knows who is the person with this Address and does the last part to hand you the data.
Non-personally identifiable information
This information is recoded about an user in a way that doesn’t allow the user to be identified. For example, if you are visiting a website you may give the information:
- IP Address: 123.456.789.135
- Browser: Google Chrome version 34.123
- Operating System: Windows 10 patch 534
Based on that data, most likely you are the only person on that very specific IP Address who has that very specific version of Google Chrome and that very specific version of Windows. Therefore, it is easy to identify you.
But if this information is store instead:
- IP Address: 123.456.789.
- Browser: Google Chrome
- Operating System: Windows 10
Based on this information is hard to say that you were the visitor. The information is to vague to point to a single person, but for the website is good to see which country you came from, to find out which is the most used Browser of their visitors, and which is the most used Operating System of their visitors.
This is the information that you provide about yourself. It is possible to identify who you are based on this information, but for many things this is desired.
For instance, if you fill a contact form, you will likely provide your name, your e-mail address, and maybe you telephone number in some cases. This, of course, has the purpose of being contacted by us, so if we call for example, we can ask your you and call you by your name.
Sensitive Personal Information
This is information such as confidential medical facts, political preferences, religious beliefs or sexuality. This is information that has to be highly protected, and that you should not give away unless it is for a reason and to an organization or person that you trust with your data.
When you visit any website, you are sending a lot of technical information to it. For example:
- Your IP Address
- The date and time of when you asked to see the content
- The specific URL that you are visiting
- The Web Browser that you are using
- The Operating System that you are using
- Your language preferences
- Cookie information
The server logs are necessary to ensure the availability of services online. If there is a problem or a failure, it is thanks to this server logs that we can correlate features of the visitors to the failure and work out a fix for the problem.
They are not kept longer than 50 months.
Unique device identifier (UUID)
This is a string of characters incorporated into devices by the manufacturers. It can be used to uniquely identify that device. One single device, for example a mobile phone or a computer, can have several UUIDs. A hard disk has a UUID and a computer can have more than one storage device.
Transport Layer Security (TSL)
This a cryptographic protocol which provide communications security over a computer network.
What is allows is that the information that travels between your computer and the site or service that you are seeing online is private.
Without TLS, if you submit a contact form, even a username and password, they travel in a way that can be seen and read by any computers through which the data travels.
With TLS however, the information that you send is first encrypted in a way that only your destination can decrypt, and the information that the site sends is also encrypted in a way that only your computer can decrypt.
For more on this, you can look into Public-key cryptography. That is what TLS is based on.