This page serves as the GDPR Privacy Notice for projects.bentasker.co.uk.
The controller of the (extremely limited) data collected is Ben Tasker.
You have the right to object to processing, either by objecting to a specific mechanism as described below, or by Contacting Me. If you feel your objection has not been appropriately handled, or that the processing does not have a lawful basis, you also have the right to complain to a supervisory authority.
The following data is processed/retained based upon the Lawful Basis of GDPR Section 6(1)(f) - Legitimate Interests. In accordance with GDPR, all have been subjected to a Legitimate Interest Assessment (LIA) in order to balance your rights with the legitimate needs.
All requests and connections to my network services are written to access logs for the necessary purposes of Network & Information Systems Security, Billing and Account Management Purposes and Network Systems scaling and management.
The data stored which may be considered to contain Personal Data is
The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).
Access logs are retained for 90 days from the date of their creation, after which they are automatically removed. However, where log lines are considered potentially relevant to a network incident, they may be retained until the investigation has completed. Those which are assessed to relate directly to the incident will be retained as part of the incident report, but will be anonymised as appropriate to the context in which they are being reported.
Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation).
A limited amount of automated processing is used in order to identify "bad actor" IPs and limit their ability to cause harm to my systems. The data is not passed to any third party in order to perform this processing.
The processing of this data is not only essential to the services I provide, but is necessary to help ensure that any other data I may hold on you remains protected. Logs form an essential component of investigations into any suspected breach, and without them it may not be possible to identify (and fix) the method used to achieve a compromise. Ultimately, this limited processing benefits both you and my entire user-base.
I use an analytics program in order to record site and user behaviour on my sites for the purposes of identifying how sites are behaving and where (and how) improvements can be made (for example if a regularly visited URL results in a 404 Not Found). The data is used in order to rectify issues, track site performance and to aid in troubleshooting when issues are reported. It is also utilised in order to help make scaling and deployment decisions within my Content Distribution Network (CDN), as well as identifying cases where a user has been routed to an incorrect server (for example, a US user being sent to an Asian distribution node).
The following personal data is collected and stored
This granularity of data is retained for 31 days. The data is then used to generate an aggregated data-set (so records are grouped by items they have in common - like geographic location) which is retained for 4 month
The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).
If you wish to object to this processing there are three means of doing so
The former will have full effect on all my sites/services. However, it will not protect you from similar processing on other people's sites, so it's strongly recommended that you consider the other options too (particularly the final one)
The data is protected by a variety of strong mechanisms, and access to the data is very tightly restricted.