Privacy notice

Who I am

I am Duncan Stephen.

My website address is: https://duncanstephen.net.

You can email me at: contact@duncanstephen.net.

What personal data this website collects and why

Comments

When visitors leave comments on this website, I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Gravatar service privacy policy

Cookies

If you leave a comment on this website you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit the login page, it will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

Embedded content from other websites

Articles on this site may include embedded content (for example: videos, images, tweets). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Such other websites include Google (Google Maps, YouTube), Speaker Deck and Twitter.

Analytics

This website gathers analytics through two services: Google (Google Analytics) and Automattic (Jetpack).

Security

A cookie is placed by the Wordfence service for security purposes (to determine if the user is logged in).

Wordfence privacy policy

Spam detection

Visitor comments are checked through an automated spam detection service, Akismet, provided by Automattic.

We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

Jetpack features

This website uses features from the Jetpack service provided by Automattic.

Activity

This feature only records activities of a website’s registered users.

Data used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.

Activity tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information). This website uses the free plan.

Data synced: Successful and failed login attempts, which will include the actor’s IP address and user agent.

Notifications

This feature is only accessible to registered users of the site who are logged in to WordPress.com.

Data used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.

Activity tracked: Sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.

Protect

Data used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data synced: Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

Repeat visitor block

Data used: The repeat visitor block records page views by setting a cookie named jp-visit-counter in the visitor’s browser, which is incremented on each visit. This cookie is stored only in the browser and not recorded in our databases.

Subscriptions

Data used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

WordPress.com stats

Data used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but they cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Activity tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the JavaScript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, JavaScript files, CSS files, etc.). The do not track settings of visitors are honoured.

How long this website retains your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where we send your data

This website is hosted in the UK by Krystal.

Contact information

If you need to contact me, email: contact@duncanstephen.net.

Duncan Stephen

Photo of Duncan Stephen

I lead teams and organisations to make human-centred decisions. I am a lead content designer and information architect at the Scottish Government.

Email — contact@duncanstephen.net