Who I am
My name is Caroline Wickham-Jones
My website address is https://mesolithic.orkneyarchaeologysociety.org.uk
Projects point is the host and it is operated by Get the Point Ltd, which is registered with the UK’s data protection body: ICO. No. 308321, Data Protection Registration number: ZA027221
What personal data I collect and why I collect it
When visitors leave comments or feedback, the data collected is that shown in the comments form, and also the visitor’s IP address and browser user agent string, to help spam detection. Comments are not activated.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Subscribers are managed through wordpress.com. When you subscribe by email, you are sharing your email address with me to follow my posts. That email is visible to me and my hosting company and to wordpress.com, who provide the subscription tool. Your sign up time is recorded in the database, but no other information is available to me. Rest assured that I won’t use it for any other purposes than your subscription to new mesolithic.co.uk posts.
Please refer to WordPress.com privacy policies, if you have concerns about signing up.
Embedded content from other websites, including social media
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who I share your data with
I use WordPress.com to gather statistics, which are depersonalised / anonymised.
How long we retain your data
If you leave a comment, the comment and its metadata can be retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. At present comments are disabled.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data held about you, including any data you have provided. You can also request that any personal data held about you be erased.
This does not include any data I am obliged to keep for administrative, legal, or security purposes.
Where I send your data
Visitor comments may be checked through an automated spam detection service, Akismet, which is operated by the good folks at WordPress.
How I protect your data
Projects Point encourage their website owners to use unique passwords, and encourage them to employ 2 factor authentication with associated services e.g. wordpress.com, google etc.
Projects Point websites are secured by SSL security certificates issued by LetsEncrypt.
Servers are run on a cloud platform with servers in London (United Kingdom), provided by Digital Ocean.
The operating system processes keep an eye on most things, including connections and will blacklist suspicious traffic.
They monitor system performance (such as memory usage, incoming and outgoing connections and CPU, which can alert us within minutes of abnormalities.
Projects Point use a number of tools to keep their sites protected from hackers, that automatically throttle or ban bad IP addresses, they use bots that test security and block fraudulent attempts to login.
They also restrict outgoing connections to trusted sites, using a firewall, which can be helpful in the event of a single site being compromised.
They keep all their plugins up to date, and at intervals run software audits to identify known problems.
They employ trusted software that is actively developed and supported in the Open Source community.
They operate a triple backup regime, whereby a snapshot of the server is taken daily. This is retained for 4 days. They also take daily and weekly snapshots of the files and databases, with data retained over a period of 10 weeks. Finally they run an incremental backup daily, which is auto pruned over a period of around 3-4 months.
What data breach procedures are in place
Projects Point assess the risk of any incident and put in place a plan to first protect user data, which in extremis may mean suspending the public facing website.
Having established the risk (likelihood of harm X magnitude of impact), they will endeavour to fix the immediate problem, via an update, patch, removal of offending code, suspending the compromised function, while assessing the impact on user’s personal data.
If a personal data breach should occur, they would inform website owners first and discuss plans to inform their users of the breach. They might need to share salient details of the breach with the software community, but not the personal data itself. They would assess the need to share details of the breach with the relevant authorities.
What third parties do Projects Point receive data from
See Analytics section above.
What automated decision making and/or profiling do Projects Point do with user data
Spam detection, using Akismet.
Industry regulatory disclosure requirements
Get the Point Ltd is registered with the ICO.