These days, almost every organization starts its privacy statement with something like “We value your privacy…”, only to present an incomplete list of hard-to-understand privacy violations. That’s not how it works on here. To answer key questions in advance:
- Yes, on this site personal data (IP address, browser) is processed and stored for about a month.
- No, this personal data is in no way shared with third parties, except when embedded content is accepted by you (the user).
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. If possible I try to only load the embedded content only after the user (you) accepts the privacy policy for the specific content.
Principles
It is good to start with the basic principles of my privacy policy:
- I do not collect and process personal data when it is not strictly necessary.
- I will never use personal data for purposes other than those for which the data was obtained.
- I will never share personal data obtained through this website with third parties, unless you accept the terms on third party embedded content or I’m is forced to do so through a proper demand from a competent authority.
- I’m transparent about the processing of personal data.
- If personal data is processed, more than adequate security is ensured.
These principles actually speak for themselves, and are to a greater or lesser extent also part of the General Data Protection Regulation.
Personal data
As mentioned, this site processes personal data. The web server stores visitors’ IP address and browser engine for about a month. This data is necessary for the availability and security (firewall, DoS protection) of the infrastructure and troubleshooting. The basis for these processing operations is legitimate interest.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.The basis for these processing operations is consent.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
This site does not use privacy-restricting cookies and tracking. Want to be better protected from cookies, trackers and ads on the internet? Then check out the three open source browser plugins below:
- https://www.eff.org/privacybadger
- https://github.com/gorhill/uBlock
- https://noscript.net/ (for advanced users)
Rights
As a visitor to a website (the ‘data subject’) where your personal data is processed (such as blog.joeyboon.nl), you have rights that you can use. You have the following rights:
- Right of access
- Right to rectification
- Right to restriction
- Right to be forgotten
- Right to object
- Right to data portability
For more information on these rights, please visit the website of the Dutch Data Protection Agency. This is the independent Dutch regulator for the processing and protection of personal data. You can send a request or objection to joey@joeyboon.nl. You will then be contacted to discuss the follow-up. Even if you do not wish to exercise a right, but have a question or concern about the processing of personal data, you can contact us at that e-mail address.
Security
- Much effort is put into ensuring adequate security for this website. The list below briefly describes the security measures taken. It is somewhat technical here and there, with questions about this you can contact the e-mail address joey@joeyboon.nl.
- All servers/operating systems use a restrictive firewall for incoming traffic.
- The website can only be connected via https (the well-known lock in front of a browser’s address bar).
- Strong TLS certificates and hardened configuration are used. At https://www.ssllabs.com/ssltest, blog.joeyboon.nl scores at least an A+ (maximum).
- Security headers (conforming to OWASP and Mozilla best practices) are used on the web server. On https://securityheaders.io/, blog.joeyboon.nl scores an A.
- The SSH server configuration is hardened (in accordance with best practices) and uses public/private key authentication.
- Any security updates are installed at least once a day.
Contact
Please feel free to contact me if there are any questions, suggestions, comments or requests.