Privacy Policy

Who I am

My name is Caroline Wickham-Jones

My website address is https://mesolithic.co.uk

It is hosted by Archaeo.org.uk

Archaeo is a Projects Point concept: https://projectspoint.co.uk.

Projects point is wholly owned and operated by Get the Point Ltd, which is registered with the UK’s data protection body: ICO. No. 308321, Data Protection Registration number: ZA027221

What personal data I collect and why I collect it

Comments

When visitors leave comments or feedback, the data collected is that shown in the comments form, and also the visitor’s IP address and browser user agent string, to help spam detection.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Embedded content from other websites, including social media

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who I share your data with

I use Google Analytics and WordPress.com to gather statistics, which are depersonalised / anonymised.

Projects Point has set the retention policy to 38 months.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data held about you, including any data you have provided. You can also request that any personal data held about you be erased.

This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where I send your data

Visitor comments may be checked through an automated spam detection service, Akismet, which is operated by the good folks at WordPress.

Your contact information

If you have a question that cannot be addressed by the individual site owner, please contact philip@projectspoint.co.uk

Additional information

How I protect your data

Projects Point encourage their website owners to use unique passwords, and encourage them to employ 2 factor authentication with associated services e.g. wordpress.com, google etc.

Projects Point websites are secured by SSL security certificates issued by LetsEncrypt.

Servers are run on a cloud platform in the United Kingdom, by a very professional and dedicated tech company called Bytemark with data centres in Manchester and York.

The operating system processes keep an eye on most things, including connections and will blacklist suspicious traffic.

They monitor system performance (such as memory usage, incoming and outgoing connections and CPU, which can alert us within minutes of abnormalities. We avail ourselves of the free services of Pingdom and TrueSight.

Projects Point use a number of tools to keep their sites protected from hackers, that automatically throttle or ban bad IP addresses, they use bots that test  security and block fraudulent attempts to login.

They also restrict outgoing connections to trusted sites, using a firewall, which can be helpful in the event of a single site being compromised.

They keep all their plugins up to date, and at intervals run software audits to identify known problems.

They employ trusted software that is actively developed and supported in the Open Source community.

They operate a triple backup regime, whereby a snapshot of the server is taken daily. This is retained for 4 days. They also take daily and weekly snapshots of the files and databases, with data retained over a period of 10 weeks. Finally they run an incremental backup daily, which is auto pruned over a period of around 3-4 months.

What data breach procedures are in place

Projects Point assess the risk of any incident and put in place a plan to first protect user data, which in extremis may mean suspending the public facing website.

Having established the risk (likelihood of harm X magnitude of impact), they will endeavour to fix the immediate problem, via an update, patch, removal of offending code, suspending the compromised function, while assessing the impact on user’s personal data.

If a personal data breach should occur, they would inform website owners first and discuss plans to inform their users of the breach. They might need to share salient details of the breach with the software community, but not the personal data itself. They would assess the need to share details of the breach with the relevant authorities.

What third parties do Projects Point receive data from

See Analytics section above.

What automated decision making and/or profiling do Projects Point do with user data

Spam detection, using Akismet.

Industry regulatory disclosure requirements

Get the Point Ltd is registered with the ICO.