BenTasker.co.uk - The Home of Ben Tasker

This page serves as the GDPR Privacy Notice for www.bentasker.co.uk.

The controller of the data collected is Ben Tasker.

You have the right to object to processing, either by objecting to a specific mechanism as described below, or by Contacting Me. If you feel your objection has not been appropriately handled, or that the processing does not have a lawful basis, you also have the right to complain to a supervisory authority.

As an overall summary of the policy - I collect some data in order to run and improve the site, but will not share that data with third parties unless I'm legally compelled to do so

Where I'm performing a service for you (i.e. you're a customer rather than simply visiting the site), our contract will include sections as needed to cover any additional elements I may encounter whilst working for you.


Compliance with a Legal Obligation

The following data is processed/retained in order to comply with Legal Obligations - GDPR Section 6(1)(c)

Tax Records

If you purchase a product or service for me, then you will have been issued with an invoice containing some or all of the following personal data

  • Your Name
  • Your Address
  • Your Email Address
  • Your Telephone Number

A copy of your invoice will be filed with my Tax records, which in order to fulfil HMRC's requirements must be retained for up to 7 years.

Because this data must be available in order to comply with a legal obligation, the GDPR rights of erasure and objection cannot be exercised for this data.

The data is retained on isolated systems with very strong access controls, and will not routinely be passed to any third party. In the event of an audit by HMRC, however, the data may be provided to them when formally requested.


Legitimate Interests

The following data is processed/retained based upon the Lawful Basis of GDPR Section 6(1)(f) - Legitimate Interests. In accordance with GDPR, all have been subjected to a Legitimate Interest Assessment (LIA) in order to balance your rights with the legitimate needs.

Access Logs

All requests and connections to my network services are written to access logs for the necessary purposes of Network & Information Systems Security, Billing and Account Management Purposes and Network Systems scaling and management.

The data stored which may be considered to contain Personal Data is

  • Connecting IP address
  • Details of the request/connection (i.e. which page and site was requested, or for non HTTP connections, which service was requested)
  • HTTP Referrer string (where available)
  • HTTP User-Agent header (where available)

The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

Access logs are retained for 90 days from the date of their creation, after which they are automatically removed. However, where log lines are considered potentially relevant to a network incident, they may be retained until the investigation has completed. Those which are assessed to relate directly to the incident will be retained as part of the incident report, but will be anonymised as appropriate to the context in which they are being reported.

Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation).

A limited amount of automated processing is used in order to identify "bad actor" IPs and limit their ability to cause harm to my systems. The data is not passed to any third party in order to perform this processing.

The processing of this data is not only essential to the services I provide, but is necessary to help ensure that any other data I may hold on you remains protected. Logs form an essential component of investigations into any suspected breach, and without them it may not be possible to identify (and fix) the method used to achieve a compromise. Ultimately, this limited processing benefits both you and my entire user-base.

Site Behavioural Analytics

I use an analytics program in order to record site and user behaviour on my sites for the purposes of identifying how sites are behaving and where (and how) improvements can be made (for example if a regularly visited URL results in a 404 Not Found). The data is used in order to rectify issues, track site performance and to aid in troubleshooting when issues are reported. It is also utilised in order to help make scaling and deployment decisions within my Content Distribution Network (CDN), as well as identifying cases where a user has been routed to an incorrect server (for example, a US user being sent to an Asian distribution node).

The following personal data is collected and stored

  • IP address (masked to exclude the final 2 bytes - i.e. 192.168.x.x instead of 192.168.1.1)
  • Rough geographic location (based upon the anonymised form of the IP)
  • HTTP Referer (where available)
  • Screen resolution (used to aid design decisions and optimise media for delivery)
  • HTTP user-agent
  • OS and hardware platform (derived from the above)
  • Browser language (from the Accept-Language header)

This granularity of data is retained for 31 days. The data is then used to generate an aggregated data-set (so records are grouped by items they have in common - like geographic location) which is retained for 4 month

The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

If you wish to object to this processing there are three means of doing so

  • Visit https://piwik.bentasker.co.uk/optout and set appropriately
  • Enable "Do Not Track" in your browser
  • Install an adblocker and enable it

The former will have full effect on all my sites/services. However, it will not protect you from similar processing on other people's sites, so it's strongly recommended that you consider the other options too (particularly the final one)

The data is protected by a variety of strong mechanisms, and access to the data is very tightly restricted.

Cookies

Cookies set by the site are essential in order to operate, or in order to fulfil a request that you have made. They are used only for this purpose and not used in order to track or otherwise profile you.

For a list of the cookies set, please see https://www.bentasker.co.uk/cookies. You can also self-serve on the Your Stored Data page.

Backups

As might be reasonably expected, all my systems generate backups, for the purposes of ensuring Service/Business Continuity. They may also, in extreme cases, be used during investigation of Security Incidents.

This means that my backups may (and likely will) contain any of the Private Data discussed in this privacy policy at any one time.

The data collected within backups is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

Backups are generated (at least) daily and retained for 90 days from the date of their creation.

Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation). However, you should be aware that it's unlikely to be possible to exclude your data from backups.

Similarly, individuals are unable to exercise their right of erasure against backups. Interfering with a backup may render it entirely unusable, undermining the legitimate purpose of the backups. However, because backups are only retained for a short period before rotating out, your data will cease to exist in a backed up form within 90 days of completion of your erasure request under different sections of this policy.

Data with backups is not accessed nor processed unless a backup restoration is required - which is (and will hopefully remain) a rare occurrence. The existence of the backups therefore doesn't change the way you're data is handled/processed other than that it means it will be stored in an additional location.

Backups are very strongly encrypted, and the necessary decryption keys are stored in an 'offline' format with strong physical security. Backups are not moved outside of the European Economic Area. Systems generating backups have the ability to upload data to the storage area, but not the ability to read it back - so even with the decryption key, compromise of a backed up host should not be sufficient to grant access to the backup contents.

The generation of backups is essential to providing and maintaining any digital service, and in some cases (such as for Tax records) may also be necessary in order to ensure compliance with a legal obligation (GDPR Section 6(1)(c)). Ensuring the continuity of service can be maintained benefits the both of us.


Consent

The following items are processed based upon a lawful basis of Consent - Section 6 (1)(c)

Social Media Icons

Various pages within this site display Social Media icons allowing you to quickly and easily share content onto various social networks.

By default, these are disabled, so no requests are made to social media sites as the result of loading a page.

If you wish to utilise these buttons, you will need to consent to the activation of these links, and can do so in one of the two following ways

  • Per page: You can simply click the social media icons to enable them (and then click the relevant icon to share the content). On the next page load/refresh, the icons will once again be disabled.
  • Site wide: In the privacy options pane on the left of this site is the option "Unblock Social icons". Clicking this will set a locally stored object in your browser, and the icons will be active on every page. If you wish to withdraw that consent, you may simply click "Block social icons" in the same location and your preference will be reverted.

When you enable social icons, be aware that your browser will place a request to the social media network in order to generate the share button (and ultimately, to share/like the content if you click again). The privacy policies of each of the social networks applies to those requests, but as a guide, each of the social networks will likely do the following if you allow the icon to load

  • Record your IP address and time of request
  • Set a cookie (and check for existing cookies)
  • Record the address of the page you're on
  • Record your username (if you're currently logged into that social media network)

They will also likely process the above in order to update an advertising profile.

The social media icons are provided for convenience purposes only, and out of principle I advise against enabling them globally. You may also want to consider configuring an ad-blocker to block social media icons for networks that you either don't use, or don't commonly share content to (for example, I block Facebook like buttons and LinkedIn Share buttons as I primarily share content on Twitter).

This page serves as the GDPR Privacy Notice for www.bentasker.co.uk.

The controller of the data collected is Ben Tasker.

You have the right to object to processing, either by objecting to a specific mechanism as described below, or by Contacting Me. If you feel your objection has not been appropriately handled, or that the processing does not have a lawful basis, you also have the right to complain to a supervisory authority.

As an overall summary of the policy - I collect some data in order to run and improve the site, but will not share that data with third parties unless I'm legally compelled to do so

Where I'm performing a service for you (i.e. you're a customer rather than simply visiting the site), our contract will include sections as needed to cover any additional elements I may encounter whilst working for you.


Compliance with a Legal Obligation

The following data is processed/retained in order to comply with Legal Obligations - GDPR Section 6(1)(c)

Tax Records

If you purchase a product or service for me, then you will have been issued with an invoice containing some or all of the following personal data

  • Your Name
  • Your Address
  • Your Email Address
  • Your Telephone Number

A copy of your invoice will be filed with my Tax records, which in order to fulfil HMRC's requirements must be retained for up to 7 years.

Because this data must be available in order to comply with a legal obligation, the GDPR rights of erasure and objection cannot be exercised for this data.

The data is retained on isolated systems with very strong access controls, and will not routinely be passed to any third party. In the event of an audit by HMRC, however, the data may be provided to them when formally requested.


Legitimate Interests

The following data is processed/retained based upon the Lawful Basis of GDPR Section 6(1)(f) - Legitimate Interests. In accordance with GDPR, all have been subjected to a Legitimate Interest Assessment (LIA) in order to balance your rights with the legitimate needs.

Access Logs

All requests and connections to my network services are written to access logs for the necessary purposes of Network & Information Systems Security, Billing and Account Management Purposes and Network Systems scaling and management.

The data stored which may be considered to contain Personal Data is

  • Connecting IP address
  • Details of the request/connection (i.e. which page and site was requested, or for non HTTP connections, which service was requested)
  • HTTP Referrer string (where available)
  • HTTP User-Agent header (where available)

The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

Access logs are retained for 90 days from the date of their creation, after which they are automatically removed. However, where log lines are considered potentially relevant to a network incident, they may be retained until the investigation has completed. Those which are assessed to relate directly to the incident will be retained as part of the incident report, but will be anonymised as appropriate to the context in which they are being reported.

Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation).

A limited amount of automated processing is used in order to identify "bad actor" IPs and limit their ability to cause harm to my systems. The data is not passed to any third party in order to perform this processing.

The processing of this data is not only essential to the services I provide, but is necessary to help ensure that any other data I may hold on you remains protected. Logs form an essential component of investigations into any suspected breach, and without them it may not be possible to identify (and fix) the method used to achieve a compromise. Ultimately, this limited processing benefits both you and my entire user-base.

Site Behavioural Analytics

I use an analytics program in order to record site and user behaviour on my sites for the purposes of identifying how sites are behaving and where (and how) improvements can be made (for example if a regularly visited URL results in a 404 Not Found). The data is used in order to rectify issues, track site performance and to aid in troubleshooting when issues are reported. It is also utilised in order to help make scaling and deployment decisions within my Content Distribution Network (CDN), as well as identifying cases where a user has been routed to an incorrect server (for example, a US user being sent to an Asian distribution node).

The following personal data is collected and stored

  • IP address (masked to exclude the final 2 bytes - i.e. 192.168.x.x instead of 192.168.1.1)
  • Rough geographic location (based upon the anonymised form of the IP)
  • HTTP Referer (where available)
  • Screen resolution (used to aid design decisions and optimise media for delivery)
  • HTTP user-agent
  • OS and hardware platform (derived from the above)
  • Browser language (from the Accept-Language header)

This granularity of data is retained for 31 days. The data is then used to generate an aggregated data-set (so records are grouped by items they have in common - like geographic location) which is retained for 4 month

The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

If you wish to object to this processing there are three means of doing so

  • Visit https://piwik.bentasker.co.uk/optout and set appropriately
  • Enable "Do Not Track" in your browser
  • Install an adblocker and enable it

The former will have full effect on all my sites/services. However, it will not protect you from similar processing on other people's sites, so it's strongly recommended that you consider the other options too (particularly the final one)

The data is protected by a variety of strong mechanisms, and access to the data is very tightly restricted.

Cookies

Cookies set by the site are essential in order to operate, or in order to fulfil a request that you have made. They are used only for this purpose and not used in order to track or otherwise profile you.

For a list of the cookies set, please see https://www.bentasker.co.uk/cookies. You can also self-serve on the Your Stored Data page.

Backups

As might be reasonably expected, all my systems generate backups, for the purposes of ensuring Service/Business Continuity. They may also, in extreme cases, be used during investigation of Security Incidents.

This means that my backups may (and likely will) contain any of the Private Data discussed in this privacy policy at any one time.

The data collected within backups is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

Backups are generated (at least) daily and retained for 90 days from the date of their creation.

Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation). However, you should be aware that it's unlikely to be possible to exclude your data from backups.

Similarly, individuals are unable to exercise their right of erasure against backups. Interfering with a backup may render it entirely unusable, undermining the legitimate purpose of the backups. However, because backups are only retained for a short period before rotating out, your data will cease to exist in a backed up form within 90 days of completion of your erasure request under different sections of this policy.

Data with backups is not accessed nor processed unless a backup restoration is required - which is (and will hopefully remain) a rare occurrence. The existence of the backups therefore doesn't change the way you're data is handled/processed other than that it means it will be stored in an additional location.

Backups are very strongly encrypted, and the necessary decryption keys are stored in an 'offline' format with strong physical security. Backups are not moved outside of the European Economic Area. Systems generating backups have the ability to upload data to the storage area, but not the ability to read it back - so even with the decryption key, compromise of a backed up host should not be sufficient to grant access to the backup contents.

The generation of backups is essential to providing and maintaining any digital service, and in some cases (such as for Tax records) may also be necessary in order to ensure compliance with a legal obligation (GDPR Section 6(1)(c)). Ensuring the continuity of service can be maintained benefits the both of us.


Consent

The following items are processed based upon a lawful basis of Consent - Section 6 (1)(c)

Social Media Icons

Various pages within this site display Social Media icons allowing you to quickly and easily share content onto various social networks.

By default, these are disabled, so no requests are made to social media sites as the result of loading a page.

If you wish to utilise these buttons, you will need to consent to the activation of these links, and can do so in one of the two following ways

  • Per page: You can simply click the social media icons to enable them (and then click the relevant icon to share the content). On the next page load/refresh, the icons will once again be disabled.
  • Site wide: In the privacy options pane on the left of this site is the option "Unblock Social icons". Clicking this will set a locally stored object in your browser, and the icons will be active on every page. If you wish to withdraw that consent, you may simply click "Block social icons" in the same location and your preference will be reverted.

When you enable social icons, be aware that your browser will place a request to the social media network in order to generate the share button (and ultimately, to share/like the content if you click again). The privacy policies of each of the social networks applies to those requests, but as a guide, each of the social networks will likely do the following if you allow the icon to load

  • Record your IP address and time of request
  • Set a cookie (and check for existing cookies)
  • Record the address of the page you're on
  • Record your username (if you're currently logged into that social media network)

They will also likely process the above in order to update an advertising profile.

The social media icons are provided for convenience purposes only, and out of principle I advise against enabling them globally. You may also want to consider configuring an ad-blocker to block social media icons for networks that you either don't use, or don't commonly share content to (for example, I block Facebook like buttons and LinkedIn Share buttons as I primarily share content on Twitter).


Other

The following are provided for informational purposes, as they doesn't fall within the scope of GDPR (usually because they don't include the collection or processing of personal data)

Advertisements

Where ads are shown on pages within this site, they're displayed using Google's "non-personalised" ads setting. No data is collected about you and your previous (or future) browsing history is not used in order to 'tailor' the ads for you. The ads displayed are based on the content of the page/site you are viewing.

As no personal data is processed, the ads do not fall within the scope of GDPR. However, they do help ensure that the site remains available as they contribute towards the (not inconsiderable) running costs. None-the-less, if you'd prefer not to see the ads, it's recommended that you install an Adblocking extension such as Ublock Origin as this will help protect you across the net.

You can see a breakdown of the rationale of the ads versus other options here - Google, Cloudflare and GDPR - My Quandry

The items below are currently stored in your browser by BenTasker.co.uk, click an item to delete it - some may be re-set when you next visit a page. Some additional items are likely to have been set by other services, you can reduce the number of these by blocking the social media icons (you'll need to leave the LocalStorage object blockSocials set).

A number of the functions of my site use cookies, all are either used to directly improve your experience, or to help me improve the site further.

I've no control over cookies set by third parties, so have only listed those that show as being set by BenTasker.co.uk.

The following cookies are likely to be set when you visit BenTasker.co.uk, you can find out which have been set by visiting Your Stored Data. Which of the third party cookies are set will depend on the privacy options you have set on the left.

CookieNameDescription
Session Token Varies

These session tokens are used to recognise your browser throughout the time you're browsing BenTasker.co.uk. Primarily used to remember choices such as font-size. The cookies expires with your browsing session - normally when you close your browser

Both will have a random 128bit name, and certain features of the site (such as the shopping cart) will not work if you block them.

Theme selector btaskerColorChoice You'll only ever see this cookie if you used the 'Switch Colors' link that used to exist on this site. It exists to do one thing - make sure you see the site in whichever color scheme you've chosen. It has a relatively long expiry so that your choice will be remembered the next time you return.



Social Media

The following are exclusively set by the Social Media share buttons you see around the site. Social Media icons are disabled by default, however can be enabled by clicking them or enabling them in the privacy options on the right. As these cookies are set by a third party, they may well change without notice.

CookieNameDescription
Google+ NID

This cookie is set by Google Plus - generally by the 'Share on Google+' button that's displayed on each article.

See Google's Privacy overview for more information.

Twitter

guest_id

__utma

__utmz

__utmv

k

auth_tok_session

Secure_session

twll

remember_checked

These cookies are set by Twitter's 'tweet' button. Some will only appear if you are also logged into Twitter.

See Twitter's Privacy policy for more information.

LinkedIn

X-LI-IDC

L1e

IN_HASH

LinkedIn cookies are set by the LinkedIN share buttons, for more information see LinkedIN's privacy policy.

 

To find out more about cookies and how they're used (and to some extent how they can be mis-used) visit http://www.aboutcookies.org/.

I offer the following services on a freelance basis;

 

  • IT and Computer Support

    • Security Advice
    • Network Penetration Testing
    • Network Troubleshooting
    • Backup and Recovery
    • Server, Desktop and Laptop Support (Windows and/or Linux)

 

  • Training

    • Applications
    • Operating Systems
    • Data Security
    • Information Security
  • Website Design
  • Hardware/Software Solutions
  • Software Development (Primarily Web Based)

 

If you have any projects or work you feel I may be interested in, please contact me!

More Articles ...

  1. Contact Me
  2. Privacy Policy

Subcategories