The Privacy policy for the Planet Macneil website and the Planet Macneil blog.
Who we are
Our website addresses are: https://planetmacneil.org and the blog is https://planetmacneil.org/blog.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.
After approval of your comment, your profile picture is visible to the public in the context of your comment. By default a Gravatar profile will be used if you have an account with that service and a public avatar.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Owing to the nature of web pages and the developer tools integrated into browsers, visitors to the website with minimal technical know-how will be able to download and extract any location data from images on the website.
Contact forms
The contact form is under construction and this section will be updated as soon as it is completed.
Any contact forms employed by this site will route through a SSL/TLS encrypted server.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
If formal login is provided for a feature, when you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Google Analytics is employed by the website and will deposit its own cookies unless you have a global opt-out of that service as implemented by Google or have cookie-blocking turned on.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
To help you protect your data, content hosted outside of the EU will be flagged. However, the author, as a rule, will only permit linked content from reputable websites to be included.
Analytics
Who we share your data with
Data is shared anonymously with Google Analytics and with any proprietary analytics the web-hosting company may use unless you have opted out from those services independently of this website. The latter are not under the control of the website author and queries should be addressed to the service providers. This website is hosted on https://www.webhosting.uk.com/.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All registered users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Note that a “registered user” is not someone who has just left a comment on the site. A “registered user”, if that feature is made available, will be able to author posts and other content, or have some administrative role as permitted and authorised by the website owner.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
This will be provided within 5 working days or a reason provided as to why it has not been possible to provide that data.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Anonymised data will be provided to Analytics services for security audit purposes.
Your contact information
Do not enter information in the comment forms that you wish to remain private. Private or confidential information you wish the website authors to view should be submitted through the site contact forms and preferably using a third-party encryption service that generates a link to access that content outside of the website to mitigate any possible data breach that might occur.
Websites can be compromised for all sorts of reasons, often outside of the control of the website owners.
Additional information
The website is protected by a Spam filter, uses HSTS (no HTTP access), two separate firewalls as well as any security protocols implemented by the ISP.
How we protect your data
There is no intentional harvesting or use of any user entered data on the part of the website author. The ISP is bound by GDPR and DPA privacy restrictions. The author is a resident of the UK and as such is committed to the spirit of the GDPR/DPA legislation. He values his online privacy and extends the same courtesy to you.
At present, only the Comments section allows the transmission of user data and the website only accepts secure connections, leveraging the HSTS protocol (HTTPS only).
The website author will proactively monitor the blog via the WordFence security system for any possible attempts to compromise the blog and will ennhance security if required.
Any payment services used by the website, e.g. Stripe, Paypal will employ the official third party APIs from those providers and all payment information will be transmitted in a secure manner according to the governing legislation. Under no circumstances will payment details be stored or cached on the website.
What data breach procedures we have in place
On notification of a possible compromise of the website, the website will be taken down and the author will work with the ISP to mitigate any breach and to prevent future breaches.
If notified by a third party that links have been compromised because of a breach elsewhere, those links will be removed.
What third parties we receive data from
There are no third party services used on the site beyond the WordPress.org/WordPress.com APIs that allow notifications of posts to be broadcasted and received when there is linked content from other blog authors.
Where payment services are employed, the processing of the payment will be deferred to the provider systems.
What automated decision making and/or profiling we do with user data
The website does not harvest or sell user data. No automated decisions are made.
Industry regulatory disclosure requirements
This is a personal blog hosted as a sub-domain of a personal website. There are no possible conflicts of interest. The author is a resident of the UK and as such is committed to the spirit of the GDPR/DPA legislation.