Privacy Statement

According to my (highly unprofessional) understanding of GDPR Article 13, if you are "in the European Union", whatever that means, then I am required to show you a privacy notice.

Who I am

I am the data controller, and you can visit my homepage to learn more about me. Any complaints can be sent to me by email.

This website is hosted by the SRCF, who is my data processor.

Data I process

The SRCF collects web server logs on my behalf. Amongst many other things, the web server log contains the following information:

See the Apache documentation for a better description of what information is collected.

Both the SRCF sysadmins and I are able to access the web server logs, which may be used to investigate security incidents if necessary. The period for which the personal data is stored is determined by the SRCF. At the time of writing, this is 24 months. The legal basis for doing so is legitimate interest, because we want to be able to figure out what happened if a website is hacked.

Data other people process

The website uses Google Fonts. Whenever you visit the page, your browser may request the font from Google, and they will know about it. I have no idea what they do with the knowledge. Note that your browser might be telling Google the page that is requesting the font, and they will know that you are visiting my page (see the discussion of "referrer" above). Again, you can tell your browser to not do that.

Your rights

You have the right to request that your personal data is erased (but not necessarily the right to have your personal data erased). You also have the right to complain to the Information Commissioner's Office if you are unhappy with the way your personal data is handled.

Do I actually need to write this privacy notice?

According to GDPR Article 2,

  1. This Regulation does not apply to the processing of personal data:
    1. by a natural person in the course of a purely personal or household activity;

I am certainly a natural person, but it is not clear if the purpose of this website is "purely personal or household activities". GDPR Recital 18 fails to clarify this.