GDPR is coming near, and we really don’t want to get sued by someone who likes to take us down for GDPR “noncompliance”.
So we’d like to share with you how we deal with the data of our readers.
Recently I (Condor) have acquired access to the servers on which the hackingvision.com website is hosted. Using that access, I’ve done an audit to see how we deal with data that visitors provide us with.
There’s 2 types of data, some data that we don’t ask explicit consent for, and some that we do ask explicit consent for. Let’s go over both.
- Data provided without explicit consent
This sort of data mostly covers server logs. On the server, we have access to webserver logs, which include user agent (whatever your browser identifies itself as), and partial IP address information (the logs seem to be hiding the last octet of it, meaning that we can derive the internetwork that you’ve requested the website from, but not the exact IP), the page that has been requested, and the date and time when it’s been requested. These are pretty standard logs and are only used for security reasons, as well as in-house analytics. We’d like to stress that these logs are never shared with anyone, and that we haven’t got any requests from law enforcement to disclose these either.
We also keep logs from our mail server. This mostly covers the newsletter, as well as other mail that has been sent back and forth from and to the hackingvision.com email domain. Most, if not all of this is private mail, so most likely this won’t hold your particular email address – unless you actively send an email to us.
- Data provided with explicit consent
This sort of data mostly covers our notification systems, which involve our newsletter (which we’re working to get the subject heading right on), and the browser notifications which can be activated with the bell icon in the bottom right of our website. The newsletter causes our systems to register your email address in our mailing list, and is used to email you our daily newsletter. The browser notification system on the other hand doesn’t provide us with any meaningful data other than the fact that your browser would like to be notified about updates to our website.
You can unsubscribe to either of these by clicking the “Unsubscribe” button in our newsletters, and/or by disabling notifications for our site in your web browser.
As far as I can tell, we aren’t providing any of our data to anyone other than the services that we use to provide you with new content on our site. We’re currently using WordPress, Jetpack, Mailerlite (though we’re currently considering to migrate from this one to something else for financial reasons), and OneSignal – and are sharing the appropriate data with their software/systems. In case of WordPress and Jetpack this all happens locally, probably through IPC calls. In case of Mailerlite and OneSignal, we are sharing this data (mailing list and browsers that we’re permitted to push notifications to respectively) with. Of course all of this happens to provide you with the service of showing our articles. We are not selling or otherwise redistributing this data for any other means than serving you.
We hope that with this we are GDPR-compliant. Even though that under GDPR we aren’t required to assign one, I (Condor) will be assuming the role as Data Protection Officer (DPO). Please submit any requests/claims regarding GDPR to email@example.com. Do keep in mind however that any financial claims should be made to the organization HackingVision as a whole, and that you should please try to resolve any conflicts privately with us first. Nobody likes to pay the GDPR fee, and neither do we – especially so as we are a small organization of just 3 security enthusiasts. Please do get in touch with us first with any concerns, and we’ll do our best to try and resolve them with you.
Please do get in touch with me at firstname.lastname@example.org if you have any questions.