Your Privacy is important to me, so I’m trampling all over it!

General

I wanted to take the opportunity to highlight a few changes to my Privacy Policy and how I’m tracking you right now and in the future. This is a change from the past and so regular visitors should read and understand such changes carefully.

Why is this important?

The web is a scary place once you start to understand how web sites operate, especially sites which rely on advertising to make money, your details are often traded and consumed with little care or understanding of what that means. Unfortunately for many sites, the direct consequences of their actions in trading your information is never felt or feels unconnected, as nearly always the data is shared onwards down a chain until it reaches less savoury people. One way to counter this behaviour is to be clear and concise about what happens when you visit a site or hand over data. I have to strike a balance between my visitors right to privacy and any potential business needs that may occur.

Wait did you say business needs?

This site doesn’t have adverts except for my own products and services. My day to day business is providing consultancy to companies and organisations, I don’t use this site to promote that side of what I do very much and most of my work is through word of mouth. However I do have a second active activity which is my training courses. These are 1 day courses held in person, they don’t make a vast quantity of money as I’m constantly reminded but provide a good opportunity for small and large business to engage and interact with me without a huge consultancy bill.

I promote these courses via this site, if you are on a desktop computer you will see the current courses to the left hand side you should come on one ;)

This site is the primary tool for encouraging people to come on such courses and the mechanism to sign up. This is not to say it’s the primary focus of the site, which remains the articles and content which on the whole is free and accessible to everyone and will continue to be. However the sites, well being relies in part on the courses and as such the site is treat as a business asset.

What about Patreon

For those unclear on what Patreon is or how I use it please see here.
So Patreon further muddies the water a bit, I do not consider Patreon a business component per say, as it’s goal is isolated for my core business instead I see it as a genuine crowd funding opportunity to help raise money to allow videos to be created, it will almost certainly never make money as most “profit” would be re-invested both into the videos themselves and other community projects such as helping to encourage local community groups. However regardless of it’s goal it’s existence has meant a slight modification to my privacy policy.

Your Privacy and What I track

So here is a very condensed idea of what I’m currently doing and tracking:

  • General Visitors – If you landed on this page, you are being tracked with Google Analytics, WordPress also has placed a cookie in some circumstances, this is not a direct tracking cookie. You may also be tracked using “sessions” and other tracking mechanism to gather non personal data. Finally you may find some content changes depending on what is included in your cookie, this process allows me to optimise content using a process known as split testing
  • Going to a Courses page – If you go to a courses page, you “may” have been tagged, so that I can target you with adverts on third party sites, this process is known as re-targeting
  • When you subscribe to the newsletter, your details are added to my mailing list on MailChimp and maybe used to email you, you can unsubscribe at any time and are encouraged to do so if you no longer want to get emails, you can always re-subscribe.
  • When you comment, personal data is stored and is used to validate who you are and to pull some information, such as a Gravatar link. to a comment, if you tick the box, your email maybe added to the newsletter
  • When you submit the contact form, for either the general contact or a workshop you are sending data to a Google Apps email account, and are allowing permission to contact you (see emails generally)

Your Email Address

If you give me your email, I assume you are happy for me to contact you, by me I mean if you give me your email, via newsletter, contact form, comment I assume it’s ok for me to look in the DB take that email and manually email you for pretty much any reason from my personal account, you should also be able to contact me back using that email, in rare cases I may pass that email over to someone like Sally or Carolyn to email on my behalf. Even within such a small group as the primary Data Controller such data is restricted and only accessed for a given purpose.
What I don’t assume is that its ok for me to bulk email you, unless you have specifically opt-in to the Newsletter.

I may also take your MD5 hashed version of your email, and pass it to service like Full Contact API to get details about your social media accounts, which is how the twitter bot timnashcouk does it’s replies.

For most of the bit’s I do on this site, your email is the most sensitive data I collect and as such I will look after it.

Re-targeting & “tagging”

This is the major update of this privacy update, I am going to start implementing “tagging” of users who show an interest on the site, this will allow me to build lists of people interested in attending my courses who may not have signed up. Here is how it works:

  1. A visitor, goes and visits a course page, they are tagged, probably twice, once with visiting the course page and second with the specific course.
  2. The tag is stored in Google Analytics and then through a service like Google AdWords, I create an advert to be shown on OTHER websites
  3. As the visitor, visits other websites, which use Google Adsense they will see ads for this site, encouraging them to come back and sign up to a course
  4. If they come back and sign-up the course they are further “tagged” to make sure they don’t receive further ads
  5. If they don’t come back they will only see a couple of Ads before they are no longer targeted

Now re-targeting is by any standard a little creepy, so some important things to understand, while you have been added to a list, I actually won’t have any details about where you go once you leave this site. The site that you see the adverts on don’t get any information that you visited this site. The only people who get “the big picture” is Google, and while I know it’s not much comfort they already knew.

What I won’t do is tag every user who comes to the site, only those who take an active interest in the courses, it doesn’t make sense to have large lists of people who have no interest in the courses. Also I will be discounting some demographics, such as if you couldn’t make it to the course people of Australia you are safe! Though do consider flying over for example.

In addition I do also intend to carry out limited, audience tagging this is a bit more generic and doesn’t rely on you visiting the site, for example “Promoted tweets” & Promoted Posts on Facebook. In such scenarios I may choose to promote certain content not just courses to users. For example promoting a post to “influencers” to get it in front of other users might be one example. Such experiments would be of a limited scale but are covered under the new policy.

DNT Headers

Freaked out? Ok so a few things you can do to stop me (and other sites) doing this!
Most modern browsers support something called DNT (Do Not Track) headers, which is a HTTP header sent by the browser that asks the site not to use evasive tracking such as re-targeting. Before we start collecting tracking lists, we will be making sure the site obeys DNT headers and while it will continue to collect some data it will not collect any personalised data or re-target you in any way. If your browser supports DNT then please feel free to enable it.

Alternatively if you use an adblocker, consider adblocking this site which will in most cases prevent re-target cookies being set. However be aware many sites make a living through advertising so consider such solutions sparingly.

Notifying Privacy changes

Going forward I’m also making changes to the way I notify people about changes to this sites privacy policy as of this update the privacy policy has a change-log indicating what has changed and why. This change-log will not be in legaleese, but plain english. All newsletter subscribers, will be notified in the NEXT email broadcast of changes, unless the changes are known ahead of time. The footer on all pages, will have the date of the last change to the policy.

Over to you, your feedback is welcome

I know this is basically opening myself up to a huge pile of abuse but your opinions are welcome at all stages and I do try to balance an attempt to get people on courses with everyone general privacy. I also feel it’s important that any updates (even ones which might be considered a little evil) are done in a transparent way. Hence occasional posts like this when major changes occur.

So if you have opinions, thoughts, ideas on implementation I’m all ears and very open to suggestions.

Helping you and your customers stay safe


WordPress Security Consulting Services

Power Hour Consulting

Want to get expert advice on your site's security? Whether you're dealing with a hacked site or looking to future-proof your security, Tim will provide personalised guidance and answer any questions you may have. A power hour call is an ideal starting place for a project or a way to break deadlocks in complex problems.

Learn more

Site Reviews

Want to feel confident about your site's security and performance? A website review from Tim has got you covered. Using a powerful combination of automated and manual testing to analyse your site for any potential vulnerabilities or performance issues. With a comprehensive report and, importantly, recommendations for each action required.

Learn more

Code Reviews

Is your plugin or theme code secure and performing at its best? Tim provides a comprehensive code review, that combine the power of manual and automated testing, as well as a line-by-line analysis of your code base. With actionable insights, to help you optimise your code's security and performance.

Learn more

Or let's chat about your security?

Book a FREE 20 minute call with me to see how you can improve your WordPress Security.

(No Strings Attached, honest!)