Server side logs: encrypted and deleted after a few days
When you visit Security Praxis, your browser loads this website from its server. The web server stores on a log file (access logs, error logs, etc.) your IP address and other information provided by your browser (like the operating system, type of browser etc.). IP addresses are specifically defined as personal data per Article 4, Point 1; and Recital 49. In principle, we should obtain your consent in order to store your IP address. However, there is arguably a legal base to allow personal data collection on a limited scope even without your explicit consent asked in advance. As you may guess, it has to do with security: "to the extent strictly necessary and proportionate for the purposes of ensuring network and information security" (from Recital 49). Hence, we encrypt the web logs so in case someone breaks into the server there are good chances that this entity will not be able to read your IP address. We keep these server logs only for a few days for diagnostic purposes, after which we delete them automatically.
Crucially, the data that your browser sends to the web analytics service are not only encrypted in transit, but also anonymised. The last 16 bits of your IP address are set to zero (this is like deleting your phone number while keeping only the area code). A partially anonymised IP address will still reveal some information, i.e. that somebody living in your same country or city visited a certain webpage at a certain date and time, and so on.
You may have heard about "cookies" when browsing the internet. A cookie is a small text file that a website saves on your computer or mobile device when you visit a site. Since the European Union enacted its ePrivacy directive (some years before the GDPR) you may have spent a non negligible fraction of your online time clicking on pop-up banners saying that you accept that "cookie" are stored on your browser for this-and-that reason, unfailingly to help the website administrators to make it better and thus improve your user experience.
Websites and web analytics services could still identify you using permanent profiling “cookies,” but we have disable those too, including the web analytics service cookie. We tested the Security Praxis website with Firefox browser: once the "Do not track me" preference is set, the only cookie you may end up with after visiting our website is where Twitter stores the language, and it expires at the end of the session. Your experience may vary with other browsers.
You can find more information about how to control and/or delete cookies on aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Security Praxis website may embed videos from YouTube or updates from Twitter and other third-party services. When your browser loads the Security Praxis page it will send some bits of information to these services and they may store a cookie in your browser, according to your local settings (e.g. if the "do not track" preference is set or not). This is a tradeoff we have to live with if we want to keep providing you what we consider useful services. The best we can do is being open about it.