Who I am
My name is Caroline Wickham-Jones
My website address is https://mesolithic.co.uk
It is hosted by Archaeo.org.uk
Archaeo is a Projects Point concept: https://projectspoint.co.uk.
Projects point is wholly owned and operated by Get the Point Ltd, which is registered with the UK’s data protection body: ICO. No. 308321, Data Protection Registration number: ZA027221
What personal data I collect and why I collect it
When visitors leave comments or feedback, the data collected is that shown in the comments form, and also the visitor’s IP address and browser user agent string, to help spam detection.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Embedded content from other websites, including social media
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who I share your data with
I use Google Analytics and WordPress.com to gather statistics, which are depersonalised / anonymised.
Projects Point has set the retention policy to 38 months.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data held about you, including any data you have provided. You can also request that any personal data held about you be erased.
This does not include any data I am obliged to keep for administrative, legal, or security purposes.
Where I send your data
Visitor comments may be checked through an automated spam detection service, Akismet, which is operated by the good folks at WordPress.
Your contact information
If you have a question that cannot be addressed by the individual site owner, please contact firstname.lastname@example.org
How I protect your data
Projects Point encourage their website owners to use unique passwords, and encourage them to employ 2 factor authentication with associated services e.g. wordpress.com, google etc.
Projects Point websites are secured by SSL security certificates issued by LetsEncrypt.
Servers are run on a cloud platform in the United Kingdom, by a very professional and dedicated tech company called Bytemark with data centres in Manchester and York.
The operating system processes keep an eye on most things, including connections and will blacklist suspicious traffic.
They monitor system performance (such as memory usage, incoming and outgoing connections and CPU, which can alert us within minutes of abnormalities. We avail ourselves of the free services of Pingdom and TrueSight.
Projects Point use a number of tools to keep their sites protected from hackers, that automatically throttle or ban bad IP addresses, they use bots that test security and block fraudulent attempts to login.
They also restrict outgoing connections to trusted sites, using a firewall, which can be helpful in the event of a single site being compromised.
They keep all their plugins up to date, and at intervals run software audits to identify known problems.
They employ trusted software that is actively developed and supported in the Open Source community.
They operate a triple backup regime, whereby a snapshot of the server is taken daily. This is retained for 4 days. They also take daily and weekly snapshots of the files and databases, with data retained over a period of 10 weeks. Finally they run an incremental backup daily, which is auto pruned over a period of around 3-4 months.
What data breach procedures are in place
Projects Point assess the risk of any incident and put in place a plan to first protect user data, which in extremis may mean suspending the public facing website.
Having established the risk (likelihood of harm X magnitude of impact), they will endeavour to fix the immediate problem, via an update, patch, removal of offending code, suspending the compromised function, while assessing the impact on user’s personal data.
If a personal data breach should occur, they would inform website owners first and discuss plans to inform their users of the breach. They might need to share salient details of the breach with the software community, but not the personal data itself. They would assess the need to share details of the breach with the relevant authorities.
What third parties do Projects Point receive data from
See Analytics section above.
What automated decision making and/or profiling do Projects Point do with user data
Spam detection, using Akismet.
Industry regulatory disclosure requirements
Get the Point Ltd is registered with the ICO.