Design Clipboard is a new series of articles I plan to write here on Horizontalpitch. As you can guess from the name, these...
Who We Are
Horizontalpitch is a privately-run, non-profit blog and can be accessed by visiting www.horizontalpitch.com
We do not have any interest in collecting any of your personal data. We try to keep any third-party service that involves collection of your data to a minimum. There is however some functionality of this website that involves the collection of personal data, which we have either not yet been able to remove/replace or that’s essential for the website. Feel free to contact us if you want any of your data to be updated or removed.
What personal data we collect and why we collect it
Email Contact Form
We like to keep this to a minimum, we only need your name and an email address. Right now all email is being received by Hannes, but might be shared to Konstantine or Marco if needed. This data will be stored only in our email client’s address book, used to communicate with you and not shared with anybody else.
When you leave a comment you are required to give us a name (can be made up, or a nickname) and a valid email address. Optionally you can also give us a website URL. Your name and website will be visible to other users on the website, the email will be visible only to us and serves the purpose of preventing spam.
This data is being saved on the website’s database and on WordPress.com indefinitely (as long as a comment isn’t being deleted).
We do not collect any data through cookies, but this website stores the following cookies set by third-party services:
font.googleapis.com / fonts.gstatic.com (and connected to that www.google.com and www.gstatic.com). These are cookies required to use Google’s free webfont service, which is built into the theme we use. Of course we all know that Google uses these to track you, we do not have any access to whatever data Google is mining through these cookies. The Google Fonts functionality is hardcoded into the theme, so for now there’s little we can do about it.
secure.gravatar.com similarly to the above. It’s hardcoded into WordPress. Gravatar is now run by Automattic, the company behind WordPress (the CMS this website is based on).
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
- Videos: These are hosted on Youtube and Vimeo. Both services set a series of tracking cookies when you access the page.
- Audio: Music is either hosted on Soundcloud, Bandcamp, or Mixcloud.
While Soundcloud and Mixcloud employ tracking cookies (more info here regarding Soundcloud), Bandcamp does not (quoting: “Bandcamp cookies do not collect Personal Information, and we do not combine the general information collected through cookies with other Personal Information to tell us who you are or what your screen name or email address is.”)
BTW. We recommend to install the free Privacy Badger extension for Chrome/Firefox to block common tracking cookies around the web!
The site uses the WordPress extention Jetpack with these functionality enabled (listing those where privacy related aspects apply):
Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (
jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (
DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
WordPress.com Secure Sign On
This feature is only accessible to registered users of the site with WordPress.com accounts.
Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.
Data Synced (?): The user ID and role of any user who successfully signed in via this feature.
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
Who we share your data with
We do not share any personal data with anybody, but be aware that you may be sharing your data with third-party services (eg. Google) by using this site and these could be sharing the data with others (check the links to the relative privacy pages to know more).
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
If you send us a message through the contact form and you are being featured on our blog, your message and contact data will be retained indefinitely in case we need to get in touch with you in the future. If you are not being featured on our blog, we will delete your email after a maximum period of 6 months.
What rights you have over your data
If you have left comments or sent us a message, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How we protect your data
The website itself does not store any personal data except for the comments. We make sure that WordPress and its plug-ins are always updated to the latest version, use secure passwords, keep the installation of plug-ins to the bare minimum and have brute force attack protection activated.