This website uses no cookies, no tracking scripts, and no analytics services. Your browsing is not tracked, profiled, or shared with advertisers. Server logs are kept for 14 days for security purposes only.
1. Data Controller
Stuart Thomas
Whitby, North Yorkshire, England
Email: stuartpaulthomas@gmail.com
ORCID: 0009-0008-4518-0064
2. What Data We Collect
This website collects only the data that your browser automatically sends when you visit any website. This is recorded in standard web server logs.
| Data | Example | Purpose |
|---|---|---|
| IP address | 86.168.xxx.xxx | Security, abuse prevention |
| Date and time | 13 Apr 2026 08:43 | Security monitoring |
| Page requested | /maritime-security.html | Understanding site usage |
| HTTP status code | 200 (OK) | Error monitoring |
| Referrer URL | google.com | Understanding how visitors find the site |
| User agent | Chrome 147 on macOS | Ensuring compatibility |
This data is collected automatically by the Nginx web server. It is not combined with data from any other source.
3. Legal Basis
The legal basis for processing this data is legitimate interest (Article 6(1)(f) UK GDPR), as supplemented by the recognised legitimate interests provisions introduced by the Data (Use and Access) Act 2025. The legitimate interests are:
- Maintaining the security and integrity of the website
- Detecting and preventing abuse, attacks, and unauthorised access
- Understanding general patterns of site usage to improve content
These interests are balanced against your rights — the data collected is minimal, standard across all websites, and is not used for profiling, marketing, or individual identification.
4. Cookies
This website sets no cookies.
No first-party cookies, no third-party cookies, no tracking cookies, no session cookies, no analytics cookies, and no advertising cookies are used anywhere on this website.
Because no cookies are set, no cookie consent banner is required under the Privacy and Electronic Communications Regulations 2003 (PECR). The Data (Use and Access) Act 2025 introduced exemptions for statistical and appearance cookies; however, since this site uses no cookies of any kind, these exemptions are not relied upon. The informational banner on this site is provided for transparency, not because consent is needed.
5. Third-Party Services
Google Fonts
This website loads typefaces (Inter, JetBrains Mono) from Google Fonts (fonts.googleapis.com, fonts.gstatic.com). When your browser requests these fonts, your IP address is transmitted to Google. Google states that it does not use font requests for tracking or profiling, and does not set cookies via Google Fonts. See Google Fonts Privacy FAQ.
No other third-party services, analytics platforms, advertising networks, or social media trackers are used on this website.
Outbound Links
This site contains links to external websites (GitHub, authenticwhitbyjet.co.uk). These sites have their own privacy policies. Clicking an outbound link does not share your personal data with those sites beyond the standard HTTP referrer header.
6. Data Retention
Server access logs are automatically rotated and deleted after 14 days. No log data is archived, exported, or retained beyond this period.
A weekly summary report is generated from the logs for the site owner's use. This report contains aggregated statistics (page view counts, country-level geographic data, organisation names from IP ranges) but does not store individual IP addresses. The report is overwritten weekly.
7. Data Sharing
Your data is not shared with any third party for marketing, analytics, or commercial purposes.
Server logs are stored on a Google Cloud Platform virtual machine in the europe-west2 (London) region. Google acts as a data processor under standard cloud hosting terms. No data is transferred outside the United Kingdom.
8. Your Rights
Under the UK GDPR and the Data (Use and Access) Act 2025, you have the right to:
- Access — request a copy of any personal data held about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data (server logs auto-delete after 14 days)
- Restriction — request that processing be restricted
- Object — object to processing based on legitimate interest
- Portability — request your data in a portable format
To exercise any of these rights, email stuartpaulthomas@gmail.com. Requests will be responded to within 30 days.
9. Complaints
Complain to the controller
Under the Data (Use and Access) Act 2025, you have the right to complain directly to the data controller. To do so, email stuartpaulthomas@gmail.com with the subject line "Data Protection Complaint". Your complaint will be acknowledged within 30 days and resolved without undue delay.
Complain to the ICO
If you are unhappy with the response, or prefer to complain to the regulator, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint
10. Changes to This Notice
This notice may be updated from time to time. The current version will always be available at this URL. Material changes will be noted with an updated date below.
Last updated: 13 April 2026