Privacy Policy

Who I am

This website is owned and operated by Andy Heathershaw – a UK-based software developer. My website address is: https://andysh.uk.

What personal data I collect and why I collect it

Comments

When visitors leave comments on the site I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Any details you enter on the contact form will be sent by plain-text e-mail to me. This includes your name and e-mail address.

My e-mail is provided by Microsoft’s Office 365 service.

I delete e-mails sent through the contact form as soon as I have replied to them, however they are also stored indefinitely in my website’s database so I can refer back to them.

Cookies

If you leave a comment on my site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, I will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, I will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

I use a third-party tool called Matamo to analyse visitor traffic to my website to understand who my visitors are and how you interact with the site.

Matamo stores a cookie in your browser to identify repeat visitors, however this does contain any personal data. Your IP address is stored in an anonymised format in Matamo.

The system and data for Matamo is held on the same server running my website, so this data is never sent to a third-party company other than the company that provide my infrastructure. See “Who I share your data with”, below.

To opt-out of this analysis (or opt-in if you’ve previously opted out) please use the option below.

Who I share your data with

I do not explicitly share your data with any third party.

Memset Ltd. provide the infrastructure – servers and backup storage systems – that power my website, and your data is physically stored on systems managed by Memset. This website is hosted entirely within their UK-based Dunsfold data-centre.

Memset Ltd. are accredited to provide Government-related services and are certified to a significantly higher level than most hosting providers.

How long I retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on my website (if any), I also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

To send an access, or erasure request, please use the contact form on this website.

Where I send your data

Visitor comments may be checked through an automated spam detection service called Akismet.

My contact information

You can contact me using the contact form on this website, or on Twitter using the handle @andysh_uk.

Additional information

How I protect your data

All data is held on secure servers provided by Memset Ltd. The servers have an IP whitelist in place for access to management services like SSH, which restricts access to Memset and my home/office IP addresses.

All data is encrypted at rest using the MariaDB database engine. Backups are uploaded to Memset’s Cloud Storage service.

What data breach procedures I have in place

If Memset Ltd. discover a breach that affects the service I receive from them, and they believe my data has been compromised, they will notify me by e-mail.

I will take steps to understand the effect the breach has had, what data has been breached and contact the necessary individuals concerned.

What third parties I receive data from

I do not receive any data from third parties. All data is obtained directly from users visiting this website.

What automated decision making and/or profiling I do with user data

I do not make any automated decision making or profiling with user data.

Industry regulatory disclosure requirements

I will co-operate with any legal requirements enforced under UK or EU law. This may be necessary for me to provide personal data entered into this website to law enforcement authorities.