I am strongly committed to protecting the privacy of users of this website, and do all that I can to protect user information.

Data protection

Any information you provide will be held securely and in accordance with the Data Protection Act 1998. Your personal details will not be disclosed to third parties.

This website is hosted by EZPZ Hosting, 56 London Road, Lowestoft, Suffolk NR33 7AQ. The server is physically located in the UK.

You have a right to request a copy of your personal details at any time to check the accuracy of the information held. If you want to ask whether I hold any personal data relating to you, please contact me.

Information I collect from visitors

I collect information from visitors relating to:

  • feedback submitted to me
  • comments submitted to this website
  • email notifications
  • site usage tracking

1. Feedback

If you provide feedback about the website through a contact form or email address I will only use this information for the purposes intended. You will not receive any subsequent unsolicited communication.

2. Comments submitted

If you choose to submit a public comment on this website, you will be asked to give your name and email address, and optionally a personal website address along with your comment. These details are stored by the website along with you comment. Your email address is never displayed publicly and is never passed on to a third party, but may be used to contact you if there is a problem with your comment. The IP address of the device you used to submit the comment is also stored.

3. Email notifications

If you sign up to receive email notifications when follow-up comments are posted, I will use the information you give us to provide the service(s) you have requested only. If you inform us that you wish to cancel your details will be deleted from our records.

4. Site usage tracking

i) Cookies

To make this site simpler, small data files – cookies – are placed on your computer.

They improve things by:

  • remembering settings, so you don’t have to keep re-entering them whenever you visit a new page
  • remembering information you’ve given so you don’t need to keep entering it
  • measuring how you use the website so features like “Popular” are filled with relevant content

Cookies here are not used to identify you personally. They are just here to make the site work better for you. Indeed, you can manage and/or delete these small files as you wish.

To learn more about cookies and how to manage them, visit AboutCookies.org.

First Party Cookies
These are cookies that are set by this website directly.

I use Piwik to collect information about how people use this site. Piwik is installed on the same server as the blog itself – no data is passed to third parties. Piwik stores information about what pages you visit, how long you are on the site, how you got here and what you click on. I do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

There are also cookies that store basic data on your interactions with WordPress, the CMS running this website, whether you have logged into WordPress, and whether you have clicked “Accept” to remove the cookies message at the bottom of the screen.

Third Party Cookies
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Flattr and Facebook once a user clicks on the “Two Click Social Sharing” buttons. Additional third party cookies are set by Gravatar (the system that adds images when commenting) and also may be set for posts with embedded video. If you want to prevent sites setting third party cookies, instructions to do so are here.

ii) Log files

Log files allow me to record visitors’ use of the site. These logs are automatically generated from all our visitors, which I use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you.

Join the Conversation



    Anyone’s welcome to the text. But I shall not be liable if it is inadequate for full compliance!

    Thank you Jon



    Basically you have to give the “right to refuse” in order to comply, however, some types of cookie are exempt. A policy may not comply by itself, however, can be used to show steps towards complacence.


    To summarize everything, if I put all cookie details in privacy policy… then do I also need to enable any notification, popup or anything else to comply with this law?? or ask user’s consent to store cookies??


    Anyone’s welcome to the text. But I shall not be liable if it is inadequate for full compliance!


    Hi Jon. I read with interest your article on EU Cookie directive and this ‘privacy’ page.

    I like the simple and clear way you have laid this out. Can I copy what you have done and adapt it for my own site please?


    Technically Google Analytics cookies are set by code running on the visitors computer, JavaScript in the browser. However, the JavaScript loading and API calls are from Google itself and not your server, although, you maybe able to self-host the JavaScript side of things. Unless the ICO relaxes or specifically exempts analytics then I think this will remain very much an issue as analytics is a necessity for the day to day running of a website, even the Government Digital Service acknowledges that.


    Steve – it depends how you define first party versus third party cookies. The Google Analytics cookies are set by code running on my domain and my server, hence first party. Data is indeed transmitted to Google. But the definition of first vs. third party cookies is which domain sets the cookie, not what subsequently happens to the data as a result.


    Are Google Analytics cookies really first party? This can hardly be true because it’s Google that needs to read these cookies, not you. Since all cookies are domain-specific, it would seem highly improbable that your domain is setting these, because then Google wouldn’t be able to read them. No, what’s actually happening is that you are hosting a call to Google’s server on your page and, because the user’s browser is calling that page and that call to Google, Google is dropping (sending by return) its cookie, not you. As such, these are stone cold certain third party cookies, read and tracked by a third party (ie Google) and not you. You should change your guidance here accordingly.