Privacy policy

---

1. Privacy and security

This website does not

• set or use any cookies, including third-party cookies¹,
• store any additional information in your browser, either temporarily or permanently²,
• use any web trackers (scripts that derive information about you),
• use any web beacons (single-pixel images),
• load any scripts from third-party servers,
• access your browsing history,
• access the geolocation provided by your device,
• access your microphone or camera,
• collect any non-essential information about your device, operating system, browser, browser extensions, time zone, installed software, fonts, or graphics rendering features,
• scan your device or your network to find open TCP or UDP ports,
• send any data to any third party websites or servers,
• attempt to fingerprint your browser instance, but it requests the orientation and the dimensions of your display to improve the layout of the pages,
• require you to use the Do Not Track (DNT) privacy preference setting available in certain browsers, or
• participate in any profiling activity that is based on your browsing behaviour (such as FLoC*).

This website loads fonts from Google Fonts*.

This website contains links to external websites. All such links are marked with the external link symbol *.

2. Location and hosting

This website is located in the Netherlands, in the European Union. Hosting service is provided by Digital­Ocean*.

3. Transport level security and certificates

This website uses only known secure TLS protocols and only known secure cipher suites, see IT Security Guidelines for Transport Layer Security*. The TLS (SSL) certificates are provided by Let's Encrypt*, world's largest non-profit certificate authority, run by the Internet Security Research Group ISRG*.

4. Data collection

The web server that provides this website creates log files. These files log visitors when they visit the website. The information collected by the log files for each page visit includes the following:

• a date and time stamp,
• Internet protocol (IP) address of the visitor as seen by the server,
• address of the page requested,
• browser type and version used by the visitor,
• visitor's operating system, if the information is available,
• a status code (success, redirection, forbidden, not found, error), and
• the number of bytes transferred.

As a visitor's IP address can potentially be associated with a data subject (person), the IP addresses are therefore treated as personal data as defined by the EU General Data Protection Regulation* (GDPR, EUR-Lex*). This website does not collect any other personal data.

5. Data usage

The log files are required to monitor and maintain the security of the website and to troubleshoot and maintain the website server. The collection and processing of the log data is necessary for the purposes of the legitimate interests of the website owner, see GDPR Article 6 - Lawfulness of processing*. Logged data is never sold, shared or given to any third parties, or moved across the borders of the EU.

6. Data retention

The log files are encrypted within 24 hours of their creation with a hybrid cryptosystem based on AES PDF* and RSA PDF*. All logs are purged after 15 days at the latest.

7. Your rights

You have the following rights to your personal data, see GDPR Chapter 3 - Rights of the data subject* for details:

• right to access your data,
• right to get your data rectified,
• right to get your data erased (“right to be forgotten”),
• right to restrict the processing of your data,
• right to get notified regarding rectification, erasure, and restriction of processing of your data,
• right to transfer your data without hindrance to another controller, and
• right to object the processing of your data, to request that the data not be processed at all.

If you think your data protection rights have been violated, you can, as a citizen or resident of any of the countries represented in the European Data Protection Board* (EU countries, Iceland, Liechtenstein, and Norway), file a complaint with any national Data Protection Authority*, or contact the website owner.

The owner and controller (within the meaning of GDPR Article 4*) of the website is Petri Kutvonen*. To exercise your rights in relation to your personal data, send an e-mail to contact@kutvonen.net. The data processor (also defined by GDPR Article 4*) is the hosting provider Digital­Ocean*.

8. Compliance

Besides the GDPR, this website is compliant

• with the Article 82 of the French Data Protection Act* (unofficial translation PDF*),
• with the guidelines* of the French Data Protection Authority CNIL* about cookies and other trackers, and
• with the California Online Privacy Protection Act*.

The California Consumer Privacy Act (CCPA)* does not apply to this website.

In the UK, the UK GDPR UK Data Protection Act 2018* is still in force, but the government has announced that the UK is departing from it and is moving to a less stringent regulation.

9. Privacy policy changes

The right to revise this privacy policy to make it more accurate is reserved. The Privacy policy link will always take you to the current policy.

_______________
Notes

1. Your browser or a browser extension (not the website) might set site-specific cookies.
2. Your browser or a browser extension might do this.

Last revised May 7, 2023