blog/gdpr_notice.html at master · hellerve/blog · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<!DOCTYPE html>
<html>
  <head>
    <title>GDPR Notice | Veit's Blog</title>
    <meta charset="utf-8">
    <style>
    @font-face {
      font-family: 'charterregular';
      src: url('charter_regular-webfont.eot');
      src: url('charter_regular-webfont.woff') format('woff');
      font-weight: normal;
      font-style: normal;
      font-display: swap;
    }
    .content {
      max-width: 500px;
      margin-left: 10vw;
      font-size: 20px;
      font-family: 'charterregular';
      hyphens: auto;
      text-align: justify;
    }
    h1 {
      font-weight: 500;
      font-size: 30px;
    }
    a {
      color: #222;
      text-decoration: none;
      border-bottom: 2px solid #d6dde3;
    }
    </style>
  </head>
  <body>
    <div class="content">
      <h1>GDPR Notice</h1>
      <p>
        This is the personal blog of Veit Heller. As such, I am not required to
        have a GDPR notice. Nonetheless, I will provide a notice that helps you
        find out what this blog stores and knows about you. I don’t expect it to
        be legally airtight.
      </p>
      <p>
        This website does not store any personally identifiable information.
        It collects the requesting party’s IP address and user agent from the
        HTTP request, but does not store them.
      </p>
      <p>
        One external snippet is loaded from the
        <a href="https://www.recurse.com/">Recurse Center</a>. It will record
        your IP address and, when clicked, redirect you to an external website
        that I have no control over. It also loads an asset from Cloudfront,
        which is an AWS service. Information about GDPR compliance of AWS
        services can be found
        <a href="https://aws.amazon.com/compliance/gdpr-center/?nc1=h_ls">
          here
        </a>.
      </p>
<h2 id="analytics">Web analytics (Plausible)</h2>
<p>
  This site uses <a href="https://plausible.io">Plausible Analytics</a>. Plausible works without cookies
  and without cross-site tracking. No personal data is stored.
</p>
<ul>
  <li><strong>Per pageview captured:</strong> page URL (without query params except common campaign tags),
      referrer, and derived browser/OS/device type; city-level location is inferred from the IP.</li>
  <li><strong>No raw identifiers stored:</strong> Plausible does not store IP addresses or full user-agents.
      For daily unique counts it uses a hash of a rotating salt + domain + IP + UA; the salt is deleted
      every 24 hours.</li>
  <li><strong>Legal basis:</strong> Art. 6(1)(f) GDPR (legitimate interest) in lightweight, privacy-preserving
      reach measurement and site improvement.</li>
  <li><strong>Processor & hosting:</strong> Plausible Insights OÜ (Estonia, EU). Data are processed and stored
      in the EU on servers in Germany (Hetzner). No transfers outside the EU.</li>
  <li><strong>Retention:</strong> Only aggregated statistics are kept for as long as the site is active.
      You can contact me if you have questions regarding this processing.</li>
  <li><strong>Public stats:</strong> For transparency, I made the statistics publicly available <a href="https://plausible.io/blog.veitheller.de">here</a>.</li>
</ul>
      <p>For any questions or concerns contact:<br/>
      Veit Heller<br/>
      Goethestr. 17<br/>
      90154 Erlangen<br/>
      Germany
      </p>
      <p>Don't know what this is? This is a necessity dictated by European law.</p>
      <hr/>
      <a href="mailto:veit@veitheller.de">Shoot me a mail</a><br/>
      <a href="/">Head back home</a>
    </div>
  </body>
</html>