TL;DR: Your computer is sending my server data. I promise I won’t abuse that data. I’m also doing my best to make sure that any 3rd parties won’t abuse you either.
Last updated: 2018-05-21
The website available under the address https://www.bjornjohansen.com is the personal blog of Bjørn Johansen (hereafter “I”). I am the data controller responsible for taking care of the personal data you may send my way. This document describes how those data are protected, and your rights regarding them.
Your privacy matters
I am not tracking you or your behavior. I am not actively collecting any data about you through any scripts. All data collected and processed, is the minimum to provide the obvious public services on this website.
Personal data collected and processed
By just visiting this website, some personal data about you is collected:
- Your IP address
- Your browser version string (“User-Agent”)
This is data you are sending me when you request to view a page, and I’m storing it with a timestamp in my server logs for up to 14 days. Actually, your browser will usually send me much more info than that, but I have no need for it, and won’t store it.
Usually, I won’t do anything with these server logs. They will just sit put on my server – and only be accessible by me. I need to keep them around and in case I suspect something illegal has happened or is about to happen. With the exception of an authority (that I recognize) with a court order, I will under no circumstance share those logs with anyone else.
From time to time, I will look at these server logs to identify and fix issues with the server setup. I will not perform any analytics or forensics to identify an individual or an individual’s behavior.
Comments
If you choose to leave a comment on a post, I will in addition to the info you provide, store the time and date of your submission and your IP address. The collected data is used to help spam detection.
When a user submits a comment to this website, the following information is collected:
- User-provided comment author’s name.
- User-provided comment author’s website URL.
- Comment date and time.
- User-provided comment content.
- User-provided comment author’s email address.
- Comment author’s IP address.
- Comment author’s user agent (web browser version) string.
- The comment author’s user ID if the user is logged in to the website.
Data point 1–4 will be published on the website. 5–7 may be used for spam prevention purposes. 8 will link the comment with a registered web site user. A hash of the data in 5 may be used to show an avatar representing the comment author.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Comment data shared with 3rd parties
A pseudonymized string (hash) created from your email address is provided to the Gravatar service, operated by the USA based company Automattic Inc, to see if you are using it. Automattic’s privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.
All the information collected on comment submission together with information identifying the website (website home URL, website language, website charset, URL to page commented on) will be shared with the service on akismet.com operated by the USA based company Automattic Inc. with their privacy policy published here. This is an anti-spam service for automatically detecting and filtering out spam comments.
Where personal data is collected and processed.
I am based in Norway, and are thus under Norwegian jurisdiction, part of the EEA (not exactly EU, but kind of).
This website is accessible from a server located in Germany, an EU member state. The server is rented from a USA based company, DigitalOcean, LLC with their privacy policy published here.
All traffic between you and my server is filtered through a service hosted by the USA based company Cloudflare, Inc. Cloudflare has servers spread throughout the world, trying to provide a node as close to you as possible. All traffic between Cloudflare and my server is encrypted. Cloudflare’s privacy policy is available here.
Cloudflare will set the cookie __cfduid
used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. The cookie have a lifetime of 1 year. More info about the __cfduid cookie is available here.
Embedded content from third parties
Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Embedded content from GitHub
Articles on this website may include embedded content in form of code samples from GitHub, Inc. (gist.github.com). GitHub’s Privacy Statement is available here.
Embedded content from YouTube
Articles on this website may include embedded content in form of videos from YouTube, LLC (youtube.com) a USA based Google company. YouTube share their privacy policy with Google, which is available here.
Your rights to your personal data
You can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.
Contact info for privacy matters
If you have any requests regarding privacy matters, you may contact me on the email address [email protected]. Please do not use this email address for any other purposes.
A final warning
Just let it be clear that I probably can harvest some behavioral and identifying information about you, but I have no intention of doing so. If I did, I would be a much lesser human being than I’m aiming for.