Privacy Policy – Subscotia Data Governance

Who we are

Our website address is: https://data.subscotia.net. This website is operated by Subscotia, a sole proprietorship registered with the Dutch Chamber of Commerce (Kamer van Koophandel).

Business Owner: Drew Patrick Campbell.
Address: Hilversum, Netherlands.
KvK Registration Number: 99867567.

What personal data we collect and why we collect it

Data collection and processing are governed by the General Data Protection Regulation (GDPR) and the Dutch implementation act (Uitvoeringswet AVG).

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, the visitor’s IP address, and the browser user agent string. The primary purpose is spam detection. An anonymised string created from your email address (hash) may be provided to the Gravatar service to verify usage. The Gravatar service privacy policy is available at: https://automattic.com/privacy/. Following comment approval, your profile picture is visible to the public in the context of your comment. The legal basis for this processing is legitimate interest (GDPR Article 6(1)(f)).

Media

If you upload images to the website, you must strip the files of embedded location data (EXIF GPS) prior to upload. Visitors to the website can download and extract any location data from images hosted on the site.

Cookies

If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies. These are for user convenience so that details do not require manual reentry for subsequent comments. These cookies have a duration of one year.

If you visit our login page, a temporary cookie is set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when your browser is closed.

Upon login, several cookies are established to save login information and screen display choices. Login cookies persist for two days. Screen options cookies persist for one year. If “Remember Me” is selected, your login will persist for two weeks. Logging out removes the login cookies.

If you edit or publish an article, an additional cookie is saved in your browser. This cookie includes no personal data and indicates the post ID of the edited article. It expires after one day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Data is shared with third parties exclusively to maintain site functionality and security.
Visitor comments may be checked through automated spam detection service Akismet.
Hosting infrastructure is provided by Hostinger.
If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Comments and their metadata are retained indefinitely. This facilitates the automatic recognition and approval of follow-up comments instead of holding them in a moderation queue.
For users that register on our website, we store the personal information provided in their user profile indefinitely. All users can see, edit, or delete their personal information at any time (username modification is not permitted). Website administrators can also view and edit this information.
Contact form entries are retained for 6 months.
Analytics records are retained for 14 months.

How long we retain your data

What rights you have over your data

Under the GDPR, data subjects have specific rights regarding their personal data. If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. The core rights include:

Right to Access (Article 15).
Right to Rectification (Article 16).
Right to Erasure (Article 17).
Right to Restriction of Processing (Article 18).
Right to Data Portability (Article 20).
Right to Object (Article 21).

To execute a data subject request, use the contact information provided below. You possess the right to lodge a formal complaint with the relevant supervisory authority, which is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Where your data is sent

The primary hosting environment for this website is located in Amsterdam, The Netherlands. Data transfers to entities outside the European Economic Area (EEA), such as US-based spam detection or analytics providers, are safeguarded using standardised mechanisms approved by the European Commission, specifically Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework adequacy decision.

How we protect your data

Data transit is secured using TLS/SSL encryption. At-rest data is protected through server-level firewalls, database encryption, regular malware scanning and two-factor authentication (2FA) for all administrative accounts.

What data breach procedures we have in place

Internal logging mechanisms are active to identify unauthorized access attempts. In the event of a verified personal data breach that poses a risk to the rights and freedoms of natural persons, notification will be sent to the Autoriteit Persoonsgegevens within 72 hours. If the breach poses a high risk to affected individuals, those individuals will be notified without undue delay.

We do not receive user data from third parties.

We do not engage in automated decision making or profiling.

Contact information

For privacy-specific concerns or to submit a data subject access request, contact:

Drew Patrick Campbell
Subscotia Data Governance
Email: drew@subscotia.net

Location: Hilversum, Netherlands.