Start tracking your visitors adding our counter code in your website |
|
Welcome to our embeddable widget tracker privacy policy |
Website owner can integrate their policy going here: /?act=101 We apply the strictest privacy rules in accordance to our company European collocation, here more information about GDPR requirements and rules : https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en As explained in this page our data collection and storage is all in anonymized or aggregated way, in GDPR application rules there isn't one size fit all implementation, so if your website/local rules require it you can link to this page as complementary reference to your website privacy policy. Here some details in a simple language: What information is being collected? Histats collect only aggregated and fully anonimized information , this means that we cannot link data back to a singular subject even when they visit our website like what you are doing now reading this page, we cannot know if you visited any of our registered users website now or in the past. We don't register cookies belonging to histats.com domain during the tracking operations. Who is collecting it? Histats.com website is owned by Wisecode SRL , an italian company but we don't have a in-house server farm, all data is collected on servers we rent from cloud providers across EU and USA How is it collected? Data is collected on sites that use our web anytics tracker using javascript and html technologies and then is anonymized before storage Why is it being collected? Users of histats use our services to better understand how their website are used, how people reach their website, what problems their sites may have and how to improve their website usability How will it be used? Data is collected to create dashboard for website owners about their product usage ( ie : percentage of a given browser, or % of users that use mobile phone, number of visit that a page ( ie: a blog post ) receive , ...) so they can improve their product if some objective isn't reached another example is to track how many users reach their website from search engine or from a partner website, in order to structure their seo/partnership strategies Who will it be shared with? No one. Only the Histats registered user which is owner of the website have access to data he tracked ( if he want he can open publicly aggregated stats but this is 100% allowed by GDPR ) also even if anonymized data is completely isolated between each member of histats and anonymized using different "cryptographic-hashes", we do not try to cross link data to identify behaviour,due to the per-site anonymization process , anonymized data is not even combinable/comparable between different sites , we cannot even know if you have visited one of our member website when you visit another member website or even our histats.com website. What will be the effect of this on the individuals concerned? Individuals should know that histats doesn't know you , but if you want to be completely ignored from histats.com services on everyone of their served website you can opt-out here ( /optOut.php ) anyway website owner may have other tools to track your visit, you should check their individual privacy policy Is the intended use likely to cause individuals to object or complain? No, but if you have questions please ask the web before trying to get direct answers to your questions from us, we are a very small company trying to run a free service with a very low budged which compete in a world of similar services that are managed by behemoths which run their services tied with advertising product, we do not resell your data nor are interested in profile you for advertising purpose , if you want a simple, dedicated , fast , free and independent web analytics service, histats is for you :) How a personal subject can protect his privacy? If you are here you already had a good start, reading privacy policy of websites can help, now that you have understood what we do with your data you should check specific site privacy policy as they are in power to manage directly your data so you should be aware of what they do. More security can be given by the https protocol which encrypt data transmitted between you and the website owner and vice-versa ( meaning the your internet provider or who control your network cannot view the information you send to websites, i.e.: when writing an email from a website interface ), another way is to use a DNS provider which respect your privacy, i.e.: https://www.cloudflare.com/dns/ , this will make even more difficult to your network manager/internet provider (ISP) identify which sites you visits , obviously site owner still may be able to identify your IP, for that purpose the last step is VPN service or services like TOR https://www.torproject.org/ which allow to anonymize even more your internet experience, given that, to be sure that each information you write on the web is managed respectfully you should trust the service you are interacting with and their privacy policy and Term of Use , also there are search engine more privacy friendly like https://duckduckgo.com , and a search there https://duckduckgo.com/?q=how+i+can+protect+my+privacy+on+internet is a good way to start. Some more internal technical details on why and how we anonymize data: We are improving some of our systems to let us permit a finer grained management of data, this would allow in future more intermediate level of anonymization and pseudonymization, at the moment the best way we have found to comply with current regulation is to anonymize/aggregate everything. What are personal data : https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en Data processing (which apply to personal data ): https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-constitutes-data-processing_en How the most-difficult-to-anonimize data is handled on histats: When you visit a website that make use of our services , our javascript can create a 1st party cookie (we do not own the cookie so we cannot cross-link user identity between sites , if the website privacy policy (or our opt-out ) doesn't negate it, we do not share it with anyone it's not even sent to us, the id have only a purpose to compose a one-way cryptographic hash merged with other browser/website and live data ( ie: current browser time ) that is used to one way hash the data that we need to anonymize , ie : the last octet of IP address, we obviously have the IP address at the moment you load from our server the javascript file, as every web-served entity (site/image/json/javascript/..) in the world have the IP address when you request anything on the web, this is written in the TCP/IP protocol ( https://en.wikipedia.org/wiki/Internet_protocol_suite ) which exchange data between clients and servers ,the problem is if you store it, we don't store it, we hash ( one way so cannot be reconstructed ) it merging with the hash key is coming from the javascript and save in that anonymized form, we don't save neither the original IP nor the key used to hash it, we don't have access to information used the build the hash-key used to encrypt the IP, it has been generated with the combination of real time parameters + user visit to a website + 1st party cookie cookie ( not readable by us directly ) , this way even if our database gets hacked , or we goes crazy and decide to try to do that, data is not linkable to a given data subject, IP addresses and cookies id are hashed one way multiple times with informations we don't have access to and that change over time (this is a sort of double pseudonymization with multiple volatile data that is not stored by us nor we have access to it, this means that the identification of the user from the stored information is impossible). To be safe by default those anonymization features are enabled by default on all european ip addresses, in future we will allow single websites to opt-in for PII anonymization with their javascript code. This doesn't mean that nothing is tracked, we are required to try to separate sessions each other to be able to give a meaning to websites usage statistics this is the minimum requirement for a web analytics service but we've applied one more step to try to anonymize everything keeping only encrypted and hashed information in a session consistent way (hashed one-way only so the original information is lost). A website owner which directly expose PII ( Personally Identifiable Information ) in creative and not very secure ways or is hacking our services scripts could obviously try to persist them with our service as he can with any generic storage support or generic storage service which allow to save information , this is against our ToS and we may be forced to delete your analytics data for the time range affected. PII collection is not forbidden by GDPR but would require a more complicated approach by us and website owners , and we want to maintain our service as simple as possible to our users that's why are are at the moment avoiding and forbidding it. Also note: Technically some of our hardware and software firewall/IDS/security specialized software make use of the tcp/ip stack information ( such as Ip address of requests to our services ) to improve security of our services ( anti DDoS rules, anti spam, fighting hacking attempt ) this is contemplated and allowed by current regulations, our logs for those security purposes anyway doesn't undergo any other processing different from our internal security requirements their path is separated from our web analytics service , those are the server server log that every internet service is required to use to guarantee the server security and stability, when we are not under exceptional circumstances ( ie: under an hacking attempt ) this log data deleted in less than 6 hours. |
|
|||