First edition published on 12 August 2018.
1.Introduction
1.1This is the Privacy Policy for the Website (this “Privacy Policy” or “Policy”). It sets out terms on which the Website processes any personal data collected from you, or that you provide to the Website.
1.2This Policy forms part of the User Agreement (which can be found in the “Legal” webpage of the Website) (the “User Agreement”) and is deemed incorporated therein. By Using this Website or any of its Content, you qualify as the User and you confirm that you fully accept, and undertake to comply with, the terms and conditions of this Policy (as well as the terms of conditions of the User Agreement and all other documents referred to in this Policy, the User Agreement and/or the other Legal Documents).
1.3If you do not agree to this Policy, you must immediately cease any Use of the Website.
1.4All capitalised words and expressions used above shall, unless specifically defined or the context otherwise requires, have the meanings given to them in the User Agreement.
2.Definitions and Interpretation
2.1All capitalised words and expressions used in this Policy shall, unless (a) specifically defined below or in any other place herein or (b) the context otherwise requires, have the meanings given to them in the User Agreement:
“Consent” means a freely given, specific, informed and unambiguous consent from the data subject indicating the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;
“Controller” means, unless otherwise expressly defined by Applicable Law, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data;
“Google” means Google Inc. of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together with other companies of the Google group);
“International Transfer” means transfer of Personal Data to a foreign natural or legal person, public authority, agency or other body (including under EU-U.S. Privacy Shield Framework);
“Personal Data” means, unless otherwise expressly defined by Applicable Law, any information relating to an identified or identifiable natural person (data subject);
“Processor” means, unless otherwise expressly defined by Applicable Law, a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller;
“Processing” means, unless otherwise expressly defined by Applicable Law, any action (operation) or set of action (operations) which is performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and “Process”, “Processed” or any other similar derivative word or form of the word “Processing” shall be interpreted and construed accordingly; and
“StackPath” means StackPath LLC of 2021 McKinney Ave, Suite 1100, Dallas TX 75201, USA and NetDNA, LLC of 11684 Ventura Blvd. #825, Studio City, CA 91604, USA (together with other companies of the StackPath group).
2.2References to “include” or “including” are to be construed without limitation.
2.3References to a “person” include any individual, company, partnership, joint venture, firm, association, trust, governmental or regulatory authority or other body or entity (whether or not having separate legal personality).
2.4The table of contents and headings are inserted for convenience only and do not affect the construction of this Policy.
2.5Unless the context otherwise requires, words in the singular include the plural and vice versa and a reference to any gender includes all other genders.
2.6References to Sections and paragraphs are to sections and paragraphs of this Policy.
3.Legal Basis and Nature of Personal Data Processing on the Website
3.1The legal basis for Processing Personal Data of the User of the Website is the User Agreement entered into between the Author and the User.
3.2The Website is a personal website of the Author and is created and intended for personal and non-commercial use by the User. The Website only Processes Personal Data that (a) are strictly necessary for its normal functioning, due maintenance and further advancement (including web analytics); (b) any website, due to the technical nature of Internet, automatically Processes when a person accesses it; and (c) are voluntarily provided by the User when Using the Website.
4.Persons Involved in Personal Data Processing on the Website
4.1The Author is the Controller for the purposes of Processing Personal Data on the Website.
4.2The Host acts as the Processor for all Personal Data that is Processed directly on the Website and stored on the Host Server.
4.3StackPath acts as the Processor for all Personal Data that is Processed directly on the Website and delivered to the User via MaxCDN content delivery network.
4.4Google acts as the Processor for all Personal Data that is Processed through Google Analytics.
5.Summary of Personal Data Processing of the Website
5.1The table below provides a summary of Personal Data Processing that the Website may conduct, with further details and explanations set out in subsequent Sections.
| Trigger | Processor | Personal Data Processed | Types of Processing | Purpose | Lawful basis for Processing |
|---|---|---|---|---|---|
| The User visits the Website | Host; StackPath | IP address of the User. Also the following Personal Data if the User accesses the Website via a URL generated by the URL Shorteners: pseudonymised IP address of the User and HTTP referer data | International Transfer, collection, recording, organisation, structuring, storage, retrieval, use | To utilise the Website security features in “iThemes Security” plugin | Performance of the User Agreement (which is a binding legal contract between the Author and the User). Necessary for the User’s and the Author’s legitimate interests (to ensure the security of the Website and the security of any Personal Data the Website may Process) |
| The User visits the Website | First party cookies, information related to the User’s device and browser, IP address of the User, on-site activities of the User | International Transfer, collection, recording, organisation, structuring, storage, retrieval, use, pseudonymisation | To undertake private and non-commercial analytical research about the Website’s traffic to understand and optimise the Website’s Usage and demographics | Performance of the User Agreement (which is a binding legal contract between the Author and the User) | |
| The User posts a message to the Author using the “Contact” page | Host; StackPath | IP address of the User, first party cookies. The following Personal Data that the User voluntarily provided and submitted: full name, email address, website, any Personal Data that the main content of the submitted message may contain | International Transfer, collection, recording, organisation, structuring, storage, retrieval, use | To obtain the message from the User to the Author and to allow the Author to receive, review and respond to this message | Performance of the User Agreement (which is a binding legal contract between the Author and the User) |
| The User makes a User Contribution | Host; StackPath | IP address of the User, first party cookies. Any Personal Data that the User voluntarily provided and submitted as part of the User Contribution | International Transfer, collection, recording, organisation, structuring, storage, retrieval, use | To receive, store and display the User Contribution on the Website | Performance of the User Agreement (which is a binding legal contract between the Author and the User) |
6.Personal Data and Their Processing on the Website
6.1The following Personal Data of a User may be Processed through the Website:
(a)Personal Data which the Website collects when the User visits the Website:
(i)IP address of the User;
(ii)when using a URL generated by the URL Shorteners: pseudonymised IP address of the User (with the last segment of the IP address being replaced with zero) and HTTP referer data (information regarding the webpage on which such URL was used to access the Website)
(iii)analytical data for Google Analytics, including first party cookies, information related to the User’s device and browser, on-site activities of the User;
(b)Personal Data which the User as the data subject directly provides to the Website:
(i)data provided by the User when submitting a message to the Author using the “Contact” webpage, including full name, email address, website, as well as any Personal Data that the main content of the submitted message may contain; and
(ii)any Personal Data a User Contribution may contain.
7.Technical Details on Processing of Personal Data
7.1The Website is powered by WordPress, a free and open-source content management system that is claimed to be used by 30% of websites in the world. WordPress provides for certain optional functionalities that may Process Personal Data provided and submitted by a user, such as user registration and login functionality (which Processes login, password, email address, full name and other basic information of a user, and sets certain first party cookies) and commenting functionality (which Processes login, password, email address and comments of a user, and sets certain first party cookies), these functionalities may be disabled for the Website at this moment.
7.2Where the functionality of the Website allows, the User may create and submit User Contribution (as this term is defined in the Acceptable Use Policy) to the Website, and such User Contribution may also incorporate Personal Data provided by the User, which will become publicly accessible on the Website.
7.3The Website currently uses several plugins (which add additional functionalities to the Website) and additional services which may Process Personal Data of a User:
(a)“iThemes Security” – a popular security plugin for websites powered by WordPress. Some of its functionalities aimed at filtering IP addresses known for illegal activities and detecting malicious or suspicious user actions (including IP address blacklist filtering, IP address lock out after multiple failed login attempts or generated 404 errors, etc.) require collecting, recording, analysing and storing IP addresses of any User who visits the Website.
(b)“WPForms Lite” – a popular plugin for creating contact forms on websites powered by WordPress. The Website uses this plugin to maintain the “Contact” webpage which contains a contact form that allows a User to fill in and submit a message to the Author. This contact form provides for the User to fill in his or her full name, email address and the subject matter and main text of the message. Upon the User submitting a message, these details will be recorded in the database of the Website and be duplicated in an automatic email sent to the Author’s administrator email address.
(c)URL Shorteners – these services generate shortened URLs which, when accessed by a User, redirect the User’s browser to particular webpages of the Website. The URL Shorteners collects and records pseudonymised IP address of the User (with the last segment of the IP address being replaced with zero) and HTTP referer data (information regarding the webpage on which such URL was used to access the Website) for internal analytical purposes.
7.4The Website uses MaxCDN, a leading content delivery network. MaxCDN duplicates the most used Content (such as CSS and JavaScript files etc.) and large-size Content (such as images, audio, video, archives etc.) from the Host Server and stores them across its servers in different geographical locations, and when a User visits the Website, the User’s browser request and download such Content as stored in the MaxCDN server nearest to the User to minimise Website loading time. Such Content, such as images uploaded by the User as part of the User Contribution, may contain Personal Data.
7.5The Website also utilises Google Analytics, which is the most popular web analytics service. Google Analytics collects statistical and demographic data of all Users of the Website, including their IP addresses, general information about the operating system, device and browser used to access the Website, first party cookies (i.e. cookies designed and utilised by the Website and stored in the User’s device), as well as analyses the Users’ general activities on the Website (including, among others, what webpages of the Website a User visits more frequently).
7.6To the extent possible, Personal Data Processed by Google Analytics are aggregated data, which means that they are derived from the User’s Personal Data but were subject to pseudonymisation prior to their analysis, so one cannot identify a particular User from such data.
7.7The Website does not collect or otherwise Process any Personal Data of special categories, which include information regarding any User’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, as well as health, genetic and biometric data, or information about criminal convictions and offences.
7.8For details about how the Website uses cookies, please refer to the Cookie Statement.
8.Lawful Basis for the Processing of Personal Data
8.1The Personal Data may be Processed on the Website on any one of the following lawful bases:
(a)performing the User Agreement which is a binding legal contract between the User and the Author in relation to the Use of the Website (including when the User accesses the Website, or when the User utilises the contact form on the Website);
(b)where it is necessary for the Author’s or the User’s legitimate interests (or those of a third party) (including to ensure the security of the Website and the security of any Personal Data the Website may Process);
(c)where the Author needs to comply with a legal or regulatory obligation.
9.Third Party Access to Personal Data and International Transfer of Personal Data
9.1The Author involves the Host, StackPath and Google as Processors to Process the Personal Data, and depending on the location of the User, submission and transfer of his or her Personal Data to the Processors may involve cross-border or international transfer.
9.2The Host is a European Union person and has the legal obligation to comply with the Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). The Host Server is located within the European Union.
9.3StackPath and Google are United States persons. They are certified under the EU – U.S. and Swiss – U.S. Privacy Shield frameworks, which are a legal mechanism to enable the transfer of Personal Data from the European Union and Switzerland to the United States, where certified organisations guarantee to provide a level of protection in line with European Union’s personal data legislation.
9.4To comply with “personal data localisation” requirement set out by the Russian law, whereby certain Personal Data Processing regarding Russian citizens should be conducted with the use of databases located in the Russian Federation, the Author maintains an active and synced-up copy of the Website’s database in the Russian Federation. Russian Federation is a party to the Convention of the Council of Europe for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No.108).
10.Retention and Security of Personal Data
10.1The User’s Personal Data processed by the Host are retained in the Website’s database for an indefinite term until and unless deleted by the Author.
10.2The User’s Personal Data processed by StackPath are periodically removed and re-added on the MaxCDN servers depending on the status of the relevant Content on the Host Server.
10.3The User’s Personal Data processed by Google are retained by Google for thirty six (36) months until and unless deleted by Google.
10.4The Author and the Processors have in place appropriate security measures for the Website in line with general practices of other websites of similar nature and designation to counteract accidental lost and unauthorised use, access or disclosure of the Users’ Personal Data. In particular, the Website enforces TLS/SSL cryptographic protocols to encrypt any data and Content transferred between the Host Server, MaxCDN servers and the User.
11.User’s Consent
11.1By default, the Website does not rely on the User’s Consent as a legal basis for Processing his or her Personal Data.
11.2If, under the Applicable Law, the lawful basis for Processing Personal Data indicated in the Sections “Summary of Personal Data Processing of the Website” and “Lawful Basis for Processing Personal Data” above is insufficient to legally justify such Processing of Personal Data, the User by (a) entering into the User Agreement; (b) continuing Use of the Website by visiting more than one webpage of the Website; and/or (c) utilising the contact form to submit a message to the Author, grants the Author the following Consent:
“I, the User of the Website, in consideration for the Author granting me the rights to Use the Website and entering into the User Agreement with me, hereby grants each of the Author this freely given, specific, informed and unambiguous consent to the Processing of my Personal Data, including each of the following:
- My full name;
- My email address(es);
- My website details (if applicable);
- Contents of first party cookies utilised by the Website and stored in my device(s);
- Information related to my device(s) and browser(s) which I use to access the Website;
- My IP address(es);
- HTTP referer data;
- Information related to my on-site activities on the Website;
- All details of any messages I may provide and submit to the Author; and
- Contents and any information related to any User Contribution I may make in the Website (subject to the technical possibility to do so in the Website).
I consent that these Personal Data may be Processed in any or several of the following ways:
- International transfer (including to a European Union member state, the United States, the Russian Federation or any other jurisdictions of the Relevant Laws);
- Collection;
- Recording;
- Organisation;
- Structuring;
- Storage;
- Retrieval;
- Use;
- Pseudonymisation.
I consent that these Personal Data may be Processed for any or several of the following purposes:
- To utilise the Website security features in “iThemes Security” plugin;
- To undertake private and non-commercial analytical research about the Website’s traffic to understand and optimise the Website’s Usage and demographics;
- To obtain the message from me to the Author and to allow the Author to receive, review and respond to my message; and
- To receive, store and display my User Contribution (subject to the technical possibility to do so in the Website).
I hereby further acknowledge and consent that the User may involve the Host, StackPath and Google as the Processors for my Personal Data.
I hereby acknowledge and confirm that I have read the User Agreement, the Privacy Policy and all other Legal Documents, and hereby reassure my consent with the provisions set out in each of these documents.
This consent is issued for an indefinite term until the earliest of: (a) full fulfilment of the purposes of the Personal Data Processing; and (b) my revocation of this consent by a written (including via message to the Author by using the contact form on the Website) notice to the Author.
All capitalised words and expressions used above shall, unless specifically defined or the context otherwise requires, have the meanings given to them in the User Agreement and the Privacy Policy as they are available on the “Legal” webpage of the Website.”
12.Rights of the User as the Data Subject
12.1Depending on the Applicable Law, if the User provided any Personal Data to the Website, he or she may have some or all of the rights listed below as stipulated by the applicable personal data protection laws:
(a)Request access to the User’s Personal Data – this enables the User to receive a copy of the Personal Data the Website holds about him or her and to check that the Author is lawfully processing it;
(b)Request correction of the User’s Personal Data – this enables the User to have any incomplete or inaccurate data the Website holds about him or her corrected, subject to the Author’s verification of the accuracy of the new data provide by the User;
(c)Request erasure of the User’s Personal Data – this enables the User to ask the Author to delete or remove Personal Data where there is no good reason for the Author continuing to Process it (however, the Author may not always be able to comply with such request for specific legal or factual reasons which will be notified to the User);
(d)Object to Processing of the User’s Personal Data – if the User objects to the Processing of his or her Personal Data on a particular ground as indicated in this Policy, or if the User takes the view that his or her fundamental rights and freedoms are compromised (the Author may demonstrate that he has compelling legitimate grounds to Process the User’s Personal Data which override the User’s rights and freedoms);
(e)Request restriction of Processing the User’s Personal Data – this enables the User to ask the Author to suspend the Processing of his or her Personal Data in the following scenarios: (a) if the User wants the Author to establish the data’s accuracy; (b) where the Website’s use of the data is unlawful but the User does not want the Author to erase it; (c) where the User needs the Author to hold the data even if the Website no longer requires it; or (d) the User has objected to the Website’s use of his or her data but the Author needs to verify whether he has overriding legitimate grounds to use it;
(f)Request transfer of the User’s Personal Data – this allows the User or a third person indicated by the User to receive his or her personal data in a structured, commonly used, machine-readable format (this right only applies to automated information which the User initially provided consent for the Author to use);
(g)Right to withdraw the User’s consent for Processing of Personal Data – where the Website is relying on the User’s consent to Process his or her Personal Data, the User may revoke his or her consent (however, this will not affect the lawfulness of (a) any Processing carried out before the withdrawal of consent and (b) any Processing carried out on other lawful grounds; also, this may result in termination of the User Agreement and require the User to immediately cease the Use of the Website and further refrain from any other Use in the future).
12.2The abovementioned rights to not extend to any Personal Data that: (a) are strictly necessary for its normal functioning, due maintenance and further advancement (including web analytics); and/or (b) any website, due to the technical nature of Internet, automatically Processes when a person accesses it.
12.3A User who wishes to exercise any of the rights set out above (to the extent such rights apply under the Applicable Law), may contact the Author using the “Contact” webpage. However, as a condition to the Author receiving and processing any such request, the User shall consent to the Processing of his or her Personal Data which may be submitted as part of the message in the contact form.
12.4The User may also prevent his or her Personal Data from being Processed by Google Analytics by either changing the privacy settings on the Website or using the “Google Analytics Opt-Out Browser Add-on” available at https://tools.google.com/dlpage/gaoptout.
13.Addressing User’s Request in Relation to Personal Data
13.1While the User does not have to pay a fee to access his or her Personal Data or to exercise any of the other rights, the Author may charge a reasonable fee to cover administrative and out-of-pocket costs and expenses to fulfil the User’s request if such request is, in the reasonable opinion of the Author, unfounded, repetitive or excessive. Alternatively, the User may refuse to comply with the User’s request in these circumstances.
13.2The Author may need to request specific information from the User to confirm the latter’s identity and ensure the latter’s right to access his or her Personal Data or to exercise any of his or her other rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. The Author may also contact the User to ask him or her for further information in relation to the request to speed up the response.
13.3The Author will try to respond to a legitimate request within one month after receipt of such request. Depending on the factual circumstances, or if the request is particularly complex or involve multiple enquiries, such timing may be further extended. The Author shall do his best to notify the User and keep him or her updated.
14.Further Amendments
14.1The Author may amend, revise or otherwise change the terms and conditions of this Policy at any time without prior or subsequent notice, and such amended, revised or otherwise changed Policy shall take effect since the date immediately after the date of publication thereof on the Website.
15.Severability
15.1If any term or provision in this Policy shall be held to be illegal, invalid or unenforceable, in whole or in part, under any enactment or rule of law, such term or part shall to that extent be deemed not to form part of this Policy, but the legality, validity or enforceability of the remainder of this Policy shall not be affected.
16.Applicable Law and Dispute Resolution
16.1This Policy is subject to (a) the Applicable Law as defined in, determined in accordance with, the User Agreement and (b) the dispute resolution procedure set out in paragraph “Applicable Law and Dispute Resolution” of the User Agreement.
17.Language
17.1This Policy is made in the English and Russian languages (which are not necessarily identical as the Russian version may need to adapt to specific Russian personal data law requirements) and may be additionally published in other languages. In case of any discrepancy between the texts of this Policy in any two languages: (a) if the Applicable Law is the laws of the Russian Federation, the Russian text shall prevail; or (b) if the Applicable Law is not the laws of the Russian Federation, the English text shall prevail.
18.Contact Information
18.1To contact the Author in relation to this Policy, or to exercise one’s right related to his or her Personal Data or to issue a request or enquiry to the Author, please proceed to the Contact page.