Privacy promise

Sebastian Greger

By default, no personal data is collected as you visit this website - no tracking, no cookies, no third party content. Certain actions may however lead to the processing of your personal data, which you are always made aware of in advance.

This page is designed to quickly answer all questions you may have regarding the processing of any personal data:

As you browse around this website (without explicitly activating embedded third-party content or filling in any forms) personal information is neither collected, nor is it made available to any third parties.

The way the internet works requires the server to deliver content to your device. Therefore, ephemeral processing of your IP address is technically inevitable; once the data package has been sent out, the data is not kept.

  • IP address, processed on-the-fly, but not stored

As a technical necessity, dictated by the architecture of the internet, the delivery of data packages to your IP address is based on the legitimate interest to operate a website on the World Wide Web (Art. 6(1) lit. f GDPR).

The internet is based on data packages being sent between machines. The IP address is the only way to route the content requested to your device. Momentarily processing it in the matter described is technically absolutely inevitable for operating a website.

This website does not set any cookies by default and does not engage in fingerprinting or similar methods to identify you. If any interactions you may engage in could set a cookie, you will be notified beforehand.

  • No cookies, no personal data

Most websites store small pieces of data in your browser. Sometimes it is just a simple variable to ensure the pages work well in your browser or remembers some preference you set, but often these contain IDs that enable the website owner or a third party to recognise you again later. Some sites store a “fingerprint” of your browser in their servers that does not even require a cookie. While settings cookies are harmless, cookies containing identifying IDs or server-side fingerprinting may enable some party to track you around the web.

By default, this website does not load any resources from other servers. Should any interaction you may engage in make use of external resources, you will be asked first and informed about the implications.

  • No personal data is transferred by just browsing

Websites are often assembled from files that may be loaded from various third parties, e.g. scripts for interactive features, media files (images/videos) or fonts. This is commonly invisible to the user by default, unless using specialised means to look “under the hood”. This potentially enables the parties hosting such files to protocol your file requests, and log your IP address, which could (with great effort, but nonetheless) be traced back to you. At least in theory, they could even track you around the web, if other websites load resources from the same servers.

The server this site is hosted on does not write any log files.

  • No personal data is written to log files

Whenever you load a file from a web server, that server may write a so called log file, containing information about the files requested, along with some more or less identifiable data on who retrieved it. This leaves a trail of your browsing habits on such website and, unless the IP address is anonymized, could help identify you afterwards.

This website uses no “analytics” tracking, as rich user information is - at the time being - not required for the operation of this website.

  • No personal data is captured for analytics

Websites often use third-party services (such as Google Analytics) or self-hosted alternatives (e.g. Matomo) to analyse their traffic, commonly setting a cookie with a pseudonymous identifier, in order to identify returning readers.

This website transmits all data using HTTPS, encrypting all data between the browser and the server. Your network provider may still be able to see that you are loading files from, but not their content.

  • No personal data is transmitted unencrypted

Data transferred unencrypted over the internet can be intercepted by others (it is particularly easy on public WiFi networks; this may expose your browsing behaviour (what pages do you open, what content is transmitted, what do you fill in a form).

This website instructs your browser - through a machine-readable policy statement - not to tell other websites that you browsed there via a link on this website.

  • Referrer data is not personal data, but this site still keeps it private as it might help third parties profiling you

This feature is not related to personal data, but is an additional protection of your privacy. Since other websites may track you (in contrast to this site), a third party could otherwise learn that you visited this website from a “referrer” fields as you load their page. (This feature works in almost all current browsers).

Videos are never loaded from external sources without your explicit action. You are given options how to watch them (except if the “Do Not Track” preference is set in your browser, in which case embedding is always disabled).

If you decide to watch the video on the original website (YouTube or Vimeo), this works like any other hyperlink on the web. You move away from this website and land on another.

  • Referrer data is not personal data, but this site still keeps it private as it might help third parties profiling you

All these services will track you once you arrive on their site, but as this website is set to disable referrers they won’t know that you visited this website (unless you use a really old browser or Opera Mini).

If you decide to activate an embedded video within this website, that video is loaded into a small frame wihin the web page. At that time, YouTube/Vimeo receive information about what web page it is being loaded into. All content within that frame is provided by Vimeo or YouTube and contains trackers, resources loaded from third parties etc.

  • Please refer to the applicable privacy notice of YouTube/Google or Vimeo for details on the data collected

The display of embedded video is based on your explicit consent (Art. 6(1) lit. a GDPR) as you choose to load the video instead of visiting the originating website; it is valid for one video embed at a time.

It is common practice on the web to “embed” content (e.g. videos, but also slide shows, Twitter messages etc.) from the service they originate from. For this purpose, files have to be loaded from third-party servers. This potentially enables the provider of the embedded content to register what content you accessed and on what website you found it. Furthermore, if you have previously interacted with that service, its provider could connect this information with a profile (which may be pseudonymous or even personally identifiable, especially if you are a registered user of that service).

This website does not require you to enter any personal information when leaving a comment. Your IP address, however, will be processed for spam detection, but not stored. You can at any time request the removal of one or all comments associated with your personal data.

If you decide to voluntarily enter any personal information with your comment, that data is stored, with name and website URL displayed publicly (subject to approval). Entered e-mail addresses will only be used to get in touch with you, and deleted within 30 days.

  • Your name
  • Your e-mail address
  • The URL of your website
  • Personal information you include in your comment

The processing of voluntarily provided personal information in comments is based on the legitimate interest to enable interaction with the readers of this website (Art. 6(1) lit. f GDPR).

On many websites, you have the possibility to leave a comment related to a published piece of content, which will then be displayed publicly. Many websites require you to enter a name (which can be a pseudonym) and e-mail address.
As you submit your comment, some data is inevitably being processed. Privacy issues arise if your comment can be traced back to you as an individual, either based on your name/e-mail or the IP address of your computer, in case of a technical malfunction even publicly.

As you submit a comment, a spam protection mechanism checks the likelyhood of your message being genuine - based, among other factors, on the IP address of your computer. This happens in an instant, and no personal data is being transmitted to a third party or saved. Your IP address is only stored in anonymised form (the last two octets removed) for technical reasons.

  • The IP address of your computer

The momentary, local processing of your IP address for spam detection purposes is based on the legitimate interest to manage the operations of this website (Art. 6(1) lit. f GDPR).

Spam in comment forms is a real problem for website owners, leading to a lot of work overhead. Hence, software can be used to detect spammy submissions. Many sites rely on using external services for that (Akismet, most prominently, as it comes bundled with Wordpress), transfering your personal data to a third party. This website uses a local solution (called AntispamBee) to protect your personal data.

By supporting Webmentions on your website, you explicitly signal your wish for linked websites to process and publish your public replies to their content. You can at any time request the removal of one or all webmentions originating from your website.

Incoming Webmentions are handled as a request to process personal data that you make available by explicitly providing metadata in your website’s markup. As an additional measure, all incoming Webmentions on this website undergo a manual assessment that the sender is actively processing Webmentions themselves; all other Webmentions are permanently deleted within 90 days.

  • Your name
  • The profile picture from your website
  • The URL of your website
  • Personal information you include in your post

The processing of incoming Webmentions is based on the legitimate interest to enable interaction with the readers of this website (Art. 6(1) lit. f GDPR), following the design intention of the Webmention protocol.

Webmentions are a mechanism used to notify other websites when you refer to them on your own website. Your server sends a signal to this server, which then verifies that your content indeed links back. It is, however, possible to send Webmentions on another person’s behalf; this creates an edge case where it could not be the intention of the site owner to have their content processed.

An incoming Webmention request is by design a request for publishing a comment from elsewhere on the web; this is what the protocol was designed for and why it is active on your website.

  • Your name
  • The profile picture from your website
  • The URL of your website
  • Personal information you include in your post

The publishing of incoming Webmentions is based on the legitimate interest to enable interaction with the readers of this website (Art. 6(1) lit. f GDPR), following the design intention of the Webmention protocol.

Commonly, received webmentions are displayed as comments on a web page. This means that a copy of your content is displayed on the website you link to in your own post.

As described above, this website collects a very limited amount of personal data, and you are notified about that in advance. Still, under EU law it has to be explicitly stated here that you may at any time demand information on, or deletion and correction of that data.

To request information about all data stored about your person, please get in touch.

To request deletion of all personal data stored about you (except where legal obligations limit your right to deletion, e.g. in the case of business e-mails), please get in touch.

If there is any personal data about you that you believe needs to be corrected, please get in touch.

As an ultimate means to exercise your control over your personal data, in the EU you may always file a complaint with a data protection authority (I would still prefer to first hear from you personally, but including this sentence here is a legal obligation to ensure you know your rights).

The responsible data controller for and all related services is Sebastian Greger: contact information.

Version 2018-06-01