I’m Luis Bruno, and https://blog.lbruno.org (the website you’re now visiting) is one of my personal websites.
I can be contacted via:
- Email at: firstname.lastname@example.org
This website is hosted by a 3rd party:
- Hetzner Online GmbH, https://hetzner.com
They process your data in Germany and Finland. The privacy implications are described below.
What data is collected
Visiting this website necessarily discloses the following kinds of data:
- Unique personal identifiers:
- Your device’s IP address.
- The date and time at which you’ve visited.
- Network usage and activity:
- The kind of web browser you’re using, on which operating system, and their respective versions.
- Which part of this website you visited.
- Whether said visit was successful or not.
This website doesn’t set or collect any cookies.
How your data is processed
Visiting any website inherently discloses at a minimum the data indicated above, ephemerally for the duration of the visit.
I also collect a record of visits to this website, and this record is kept for 3 hours. Contrary to the above, this record doesn’t include IP addresses at all, and is kept for my legitimate interest of ensuring that the website is functioning and to aid in troubleshooting if it’s not.
Which 3rd parties process your data
I do not share the recorded data with any 3rd party.
However, the unique personal identifiers – specifically, your device’s IP address and date/time at which you’ve visited – are visible to Hetzner, the company that hosts this website.
TBD: link to Hetzner’s data processing agreeement.
Data protection rationale
By not keeping your IP address, the data recorded in the visitors’ log can’t be linked to you anymore, neither at the time of your visit nor later.
As such, I consider the rest of the data recorded to not be personal information.
If hypothetically you communicate to me (through another medium) that you are visiting or have visited this website, then I am able to link that visit with the record described above.
Note that communication itself includes most (if not all) of the information already indicated, and I’m otherwise unable to do such linking on my own.
I chose not to record any IP address so that I am unable to correlate separate visits to this website by the same person. Two visits close together by the same person are indistinguishable from visits by multiple people.
In all of the above I’ve assumed that you use a popular combination of browser and operating system.
If not, their combined versions can serve as a partial identifier of sorts. Another example of similar partial identification would be a unique pattern of visits. Either of these would weaken point #3.
Hence the 3-hour limit: prevents and/or limits further linking of that data in such a situation.