The short version
If you manually submit data to my website, for example by leaving a comment, then this data will be recorded, screened for spam and it may be published, or you may receive a reply via email.
Browsing this website should not result in any cookies being set, unles you comment and agree to them, attempt to log in or pick them up from embedded content from other websites.
As general advice, if you are concerned about cookies, please configure your browser to block cookies. The AboutCookies.org website for example explains how to accomplish this.
The long version
Who we are
I’m Michiel, an individual living in the EU. https://me.m01.eu is my personal blog.
How and what personal data we collect and why we collect it
Information voluntarily submitted by visitors
Comments
If you write a comment, the information requested in the form is recorded:
- Comment text
- Your name (you may choose to use a pseudonym)
- Email address
- A link to your website (optional)
In addition, your IP address and browser type (HTTP user agent) are also recorded.
This information will be used:
- For automatically screening comments for spam (this may also take into account the HTTP referrer and this site’s URL, in addition to the recorded data mentioned above)
- Manual moderation
- If published, to display the comment text, your name and (if provided), the link to your website on the website.
- Sometimes we will use your email address to reply to your comment directly
An anonymized string created from your email address (also called a hash) will be provided to the Gravatar service to see if you are using it. After approval of your comment, your Gravatar profile picture is visible to the public in the context of your comment.
The data submitted as part of comments will be kept indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Media uploads
If you upload images to the website, this may be published. You may wish to remove embedded (EXIF) metadata, especially location data (EXIF GPS), if you are at all concerned about this being published.
These will be stored indefinitely to allow website viewers to see them.
Information gathered incidentally from visitors
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
We don’t normally provide accounts to visitors. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, captcha-protected email addresses etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
Server logs
The following information is logged when you visit websites on this server:
- Non-personally identifiable information about the visit, e.g. date/time, any errors that ocurred, the website visited, information about code performance, etc.
- Personal information: your IP address
These are stored for 14 days and used for security and maintenance reasons, e.g. to troubleshoot issues or detect suspicious activity.
Anonymised or aggregated copies may be used to better understand visitors (e.g. which blog posts are popular) and stored for as long as necessary.
Analytics
Currently, we only use anonymised server logs for analytics as described above
We do NOT:
- Actively engage in cookie-based user tracking
- Use third party analytics services
Who we share your data with
We don’t sell personal information.
We use the following third party provided services:
- Akismet (Automattic) for spam detection purposes, see “Comments” section. Their privacy policy can be found here: https://akismet.com/privacy/
- Gravatar (Automattic) for checking for and displaying avatars, see “Comments” section. Their privacy policy is available here: https://automattic.com/privacy/
- Scaleway (a division of online.net) for hosting. They will be able to access the data due to it being physically hosted in their infrastructure, but we expect them to only do this if absolutely required and in line with their terms, conditions and policies.
We don’t otherwise send personal data to any third party unless we are legally required to do so.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we need to keep for administrative, legal, or security purposes.
To exercise any of these rights, please contact us via email (see below).
Where we send your data
As part of automated spam detection, the data you submit when leaving a comment (see comment section above) may be sent outside of the European Union (EU).
Otherwise, data is stored and processed in the EU.
Contact
For any privacy-related questions, contact privacy at m zero one dot eu (see browser address bar).
For any security-related questions, contact security at m zero one dot eu (see browser address bar).
How we protect your data
Most data submitted to this site is designed to be public (e.g. comment text), and we do not knowingly store private sensitve personal information.
Access to the server is restricted to authorized individuals and secured using public key authentication. Automated updates are in place to reduce the exposure to software security vulnerabilities. The administration UI is protected with 2 Factor Authentication (2FA), which means that anyone wishing to log in must prove that they know something (a password) and have something (e.g. an email address, an authenticator app on a phone, a security key, etc).
What data breach procedures we have in place
If you notice a data breach or any other security related issue, please get in touch.
If a data breach is detected, we will evaluate the impact, take reasonable steps to understand what happened and what steps can be taken to avoid it happening again, and evaluate what further action is required (e.g. notify affected users or authorities).
Thanks to minimising the non-public data we collect about visitors (see rest of this policy), we hope the impact of any data breach to be minimal.
What third parties we receive data from
None.
What automated decision making and/or profiling we do with user data
We use a third party service for classifying data provided as part of comments as spam or not spam.
Revisions
This privacy policy can be updated any time as required.
2019/11/01: formatting, clarified section about sharing data with third parties