How to manage your privacy (Blankpage's Privacy Notice)
- Nadine Rinderknecht
- Apr 27
- 14 min read
Updated: 6 days ago
This step-by-step Privacy Notice walks you through everything you need to know about how your data is used and how to manage your privacy. Do you care enough to read the "world's most boring blog post"? (Spoiler: it's also about coffee to keep you awake).
What we'll cover
Starting point
Your privacy is in good hands. But let's be honest – privacy notices are usually the "world's most boring blog posts". Nobody reads them except the people paid to write them. But since you're here (which honestly surprises me a bit), I thought: why not formulate it as a how-to blog post like all my other posts? Why not make it easier to understand and more empowering? After all, knowing how to manage your privacy is perhaps just as important as learning how to become a legal innovator. So yes, your privacy is in good hands. Yours.
Imagine we're meeting for coffee, and you've asked me "So what happens with my data when I visit your blog? And what can I do to manage my privacy?" That's exactly what I want to explain here. No legal jargon, just one person talking to another.
Hello, nice to meet you! I'm Nadine Rinderknecht, the person behind the blog "Blankpage" (www.blankpage.world). I'll give you a behind-the-scenes look at how I handle your data and share practical tips along the way. You'll learn skills like:
evaluating a privacy notice,
managing cookies and similar technologies, and
exercising your data protection rights.
Since my blog follows standard practices, you can apply these skills on other websites too. Just remember to adapt what works for your situation.
Coffee in hand? Perfect, let's dive in!
Step 1: Start with an overview
Check out this Privacy Center I made for you. It gives you an overview of the most important data processing activities.
Tip 1: If the text is too small, open the image in full screen by clicking on the icon on the right-hand side of the image (sorry, couldn't make it bigger).
That's your visual overview. The legal side? I process your personal data (or let's simply call it "data") under Swiss data protection law including the FDPA. And, where applicable, foreign data protection laws like the EU General Data Protection Regulation (GDPR). But don't worry. I'll explain how this works in simple terms below.
Step 2: Meet your primary contact person
Contact me, Nadine Rinderknecht, at n.rinderknecht@blankpage.world if you have any questions or want to exercise your rights.
Coffee break: Why care about this step?
Look over there... See that café owner with the mustache behind the counter? Just like you'd talk to him to know more about how your coffee is made or to get another coffee if your order was wrong, knowing who's responsible for your data gives you a specific person to reach out to.
As the person behind this blog, I decide why and how your data is processed. So reach out to me when you have questions or when you want to exercise your data protection rights.
Hello again! My name is Nadine Rinderknecht and I'm primarily responsible for following data protection laws. Since I decide why and how your data is processed, I'm what data protection lawyers call the "data controller". If you have any questions or want to exercise your data protection rights, just reach out to me at n.rinderknecht@blankpage.world.
Tip 2: Review next steps for common answers. Before you contact me, take a look at the next steps. Many common questions, including how to manage logs, cookies, and similar technologies (Step 8) and how to exercise your data protection rights (Step 9), are already answered there.
Step 3: Meet other entities that process your data
Your data is also processed by my hosting provider, my website analysis provider, my video provider, authorities (if required by law), and their sub-processors.
Coffee break: Why care about this step?
The owner of the café doesn't work alone. He works with other people such as employees, co-founders, and coffee bean suppliers. Some only follow his instructions like his employees, while others are more independent.
What about Blankpage? As with most websites, your data is also processed by service providers and other entities. Some may act on my behalf (data protection lawyers call them "data processors" and their helpers "sub-processors"), while others may decide (independently) why and how they process your data ("data controllers"). This step helps you see the bigger picture by revealing especially the tech companies in the background of this site (e.g., my hosting or website analysis provider). It also tells you which privacy notices to check beyond mine. And it gives you practical details if you ever need to exercise your rights across multiple entities.
Hosting provider Wix.com Ltd. (Tel Aviv, Israel), or simply Wix, offers access to Blankpage and maintains server infrastructure. It also provides me with a built-in website analysis tool. Want to know more about how Wix processes your data? Visit their privacy notice: Tip 3: Don't get lost in Wix's privacy notice. Pay special attention to the sections about users-of-users (that's you: you're using my site, which uses Wix's services). | Website analysis provider Visitor Analytics GmbH (Berg, Germany), or simply Visitor Analytics, collects, measures, and analyzes data on website visitors and their behavior. More details here:
Video provider YouTube lets me embed videos on Blankpage and processes your data as well. YouTube is a service by Google Ireland Ltd. (Dublin, Ireland), or simply Google. More details here:
|
Sub-processors like cloud and security providers help processors provide services while still processing your data on my behalf. You can find them here:
*Just general information
(no list available)
| Authorities may receive your data if required by law. This includes government offices, courts, and other authorities in Switzerland and abroad. |
Tip 4: If you want to understand what role the other entities play, check out their privacy notices. By reading their privacy notices, you'll find out whether they're just following my instructions ("data processor") or taking (independently) their own decisions ("data controller").
Step 4: See what type of data is processed
I process the data you share with me via contact forms, emails, or otherwise. And technical data about your website visit using analysis tools.
Coffee break: Why care about this step?
What type of data do you think is usually collected when you're in a café? You actively share information with the café owner (like your name when placing an order), but he may also notice other information about you (like how often you visit). Notice how he glances at your half-eaten croissant? The crumbs tell a story too.
And Blankpage? Besides the data you share with me, data collection often happens in the background as you browse websites. So the law requires me to tell you what data I collect. This helps you see what data I have about you and make better choices about what you share. It also gives you more clarity about what data you might want to access, correct, delete, or use other data protection rights for at Step 9.
I process different categories of data from different sources, in particular:
Data you share with me via contact form, email, or otherwise, including contact data (like your name, email address, etc.) and any other data you choose to share.
Data from website analysis tools, more specifically Wix's built-in tool and Visitor Analytics. I process technical data such as:
IP address
Approximate location
Screen resolution and device type
Operating system
Browser type and version
Date and time of your visit
Pages you visited
Referring website addresses
Step 5: Understand why your data is processed
I process your data mainly to operate and improve Blankpage and to communicate with you, but also for other purposes.
Coffee break: Why care about this step?
Think about why the café keeps track of your orders. If your coffee preferences are gathered to serve you better, that's one thing. If this data is being sold to data brokers, that's something quite different.
You see that the "why" behind data processing matters just as much as the "how". The purposes for which your data is processed determine what can be done with it. Understanding these purposes helps you check if what I'm doing matches your expectations and ensure I'm not collecting more than I need. If the EU GDPR applies, it also lets you know on which legal bases I process your data.
I process your data mainly to:
Operate Blankpage in a secure and stable manner (server management, etc.).
Improve Blankpage (making it more user-friendly for you, etc.).
Communicate with you (replying to queries, etc.).
However, I may also process your data to comply with legal obligations or for legal proceedings, should the need arise.
What legal bases do I use if the EU GDPR applies?
I process your data under Swiss data protection law, mainly the Federal Act on Data Protection (FDPA). I don't assume that the EU General Data Protection Regulation (GDPR) applies to my data processing. But if the GDPR does apply, I process your data based on these legal bases:
To protect legitimate interests of me or others, except where such interests are overridden by yours (art. 6 para. 1 lit. f GDPR). I use this legal basis, for example, to comply with Swiss law, for security purposes, to analyze visitor behavior, and to communicate with you. Think of legitimate interest as when a café checks IDs for alcohol sales. It's necessary for legal compliance, even without your consent.
When you've consented to process your data (art. 6 para. 1 lit. a GDPR and art. 9 para. 2 lit. a GDPR).
For the performance of a contract with you and for the implementation of pre-contractual measures (art. 6 para. 1 lit. b GDPR).
To comply with the law of member states in the European Economic Area (EEA) if it applies to me (art. 6 para. 1 lit. c GDPR).
Step 6: Check the security measures
Your data is protected through appropriate measures, including threat prevention, detection, and incident response.
Coffee break: Why care about this step?
Imagine the café kept your credit card details on sticky notes next to the counter and other customers can see them. Or if your loyalty points suddenly vanished. Or if a burglar broke in overnight. Look around. The café uses security systems such as extra thick doors to prevent break-ins, motion sensors for detection, and calls the police in an emergency.
Websites need protection too. Without proper measures, you may, for example, no longer have access to your data, receive spam emails based on your breached data, or be subject to an identity theft. While the technical details of security measures are often complex and difficult for website visitors to understand, knowing the general approach can give you an idea of whether your privacy is being taken seriously.
I protect your data from unauthorized access, use, or disclosure with appropriate technical and organizational measures. For example, I engage in password management and my hosting provider Wix encrypts your data, continuously monitors their platform, and minimizes the impact of cybersecurity incidents if something happens. While no system is 100% secure (just like our café), these measures can significantly reduce privacy risks.
Tip 5: Dive deeper like a pro. If you need more technical details, check out the security frameworks by Wix on their website (with simple explanations) or their privacy notice (with more complex explanations), as well as those of my other service providers.
Step 7: See where your data is shared and transferred
Your data may be processed by my service providers and authorities in Switzerland, Germany, Ireland, Israel, and potentially worldwide.
Coffee break: Why care about this step?
Imagine you leave an entry in the guest book on the café's door. This note doesn't just stay in the book. The café owner might take a photo of it for social media, mention it in the newsletter, or share it with coffee suppliers. Your comment might go far beyond the walls of the café and you might not even realize it.
What about Blankpage? I primarily share your data with my service providers to provide Blankpage, but also with authorities if I have to. With each sharing, the circle of people who have access to your data expands. Understanding this step will help you get a better overview of where your data flows, assess potential privacy implications (especially when data is transferred internationally), and make better decisions about what you share through Blankpage.
To fulfill the purposes in Step 5, it may be necessary to disclose data to the recipients in these categories:
Service providers (hosting provider, website analysis provider, etc.).
Authorities like offices and courts if required by applicable laws.
Recipients may process your data in Switzerland (authorities, etc.), Germany (Visitor Analytics, etc.), Israel (Wix, etc.), and Ireland (Google, etc.). However, your data may potentially be processed in any country in the world, for example, through the sub-processors of my service providers.
How is your data protected when it's transferred internationally? A bit of legalese (but just a bit...)
I don't just send your data abroad without protection. For places without adequate data protection, I put in place appropriate safeguards through contracts (such as the so-called standard contractual clauses). This is similar to a café requiring its overseas coffee supplier to follow the same food safety standards, even if their country has different rules.
In some cases, data may be transferred without such contracts if:
You have consented to it; or
It's necessary for the performance of a contract, for the establishment, exercise, or enforcement of legal claims, or for overriding public interests (like safety or security).
Step 8: Manage logs, cookies, and similar technologies
Manage which data I can collect through logs, cookies, and similar technologies. I process this data for the proper functioning of this website and to understand how visitors use it – without identifying specific visitors.
Coffee break: Why care about this step?
Remember when the café owner saw me at the counter and immediately asked: “Iced latte”? I've been here many times and the owner knows my preferences, but he doesn't know who I am.
When browsing websites, data collection and analysis often happen invisibly in the background. Understanding what happens during your visit can help you make better choices about browser settings, extensions, and other privacy tools.
As with any connection to a web server, the server on which I provide Blankpage automatically logs and stores technical data (like your IP address, time of your visit, etc.). I also collect data through cookies and similar technologies.
Do I know who you are? I can tell one visitor from another, but I don’t know who anyone actually is. More precisely: I do collect data from logs, cookies, and similar technologies but without wanting to and being able to identify specific visitors. So this data isn't personal to me.
I collect data from logs, cookies, and similar technologies for the purposes in Step 5, especially for the proper functioning of my website and to understand how visitors use it.
What are logs?
When you visit websites, they automatically create records called "logs" that capture technical data about your visit and automatically store it on their servers. They function much like a ship captain’s logbook, recording a timeline of activities, errors, access attempts, and system changes related to the website. Logs don't follow you between visits or across different sites, and they typically contain less detailed data about your browsing habits than tracking technologies designed specifically for visitor analysis like cookies or similar technologies.
What are cookies?
When you visit certain websites, small text files are stored on your device: essential cookies for basic functions and non-essential cookies for additional purposes.
1. Essential cookies ("must-haves")
Essential cookies are necessary for the basic operation of a website. They enable core functionality like network management, secure login, page navigation, etc. Blocking essential cookies will break basic website functions.
2. Functionality, analytics, and marketing cookies ("nice-to-haves")
Non-essential cookies are used for additional purposes. Functionality cookies enhance user experience by remembering preferences and settings (like your language or region, etc.). Analytics cookies collect data about how you use the website to improve performance. And marketing cookies track your behavior for personalized ads and retargeting. Blocking non-essential cookies means you'll miss personalized features but the site will still work.
What are "similar technologies" like fingerprinting?
Similar technologies like fingerprinting are more and more used as alternatives to cookies. Fingerprinting scripts run in your browser to collect technical and behavioral data. They combine this data to create a unique "fingerprint" that's stored on website servers (so not on your device as with cookies).
This helps website owners to optimize their websites by tailoring content to specific device configurations and spotting technical problems. It can also be used to recognize visitors when they return to a website or track them across different websites for analytics and marketing purposes. And it's often used to prevent fraud by detecting suspicious behavior and implementing security measures like extra authentication when devices aren't recognized.
Tip 6: Find your sweet spot between privacy and benefits. Some visitors value the better experience that comes with data collection (like more helpful responses, personalized content, interesting features, etc.), while others value privacy more. Align your measures with your biggest concerns rather than following a one-size-fits-all approach. Use the appropriate approach to create your ideal balance – whether that's not changing anything at all or using the privacy tools below.
Tip 7: Want to hide your local browsing activity? Use private/incognito mode. Private browsing prevents your device from storing browsing history, cookies, and site data locally. This is useful when you don't want others using your computer to see what websites you've visited. Note: this doesn't hide your activity from websites, your internet provider, or network administrators.
Tip 8: Want to manage cookies? Here's how to do it. Most browsers allow you to view, block, or delete cookies through their privacy settings (but consider this may affect Blankpage's functionality). Check your browser's help section (usually under "Privacy" or "Security") for more details, or click directly on one of these links:
Tip 9: Want stronger tracking protection? Use your browser's enhanced settings. Most modern browsers offer advanced tracking protection (like Firefox's "Strict" mode or Safari's "Prevent Cross-Site Tracking") that blocks more tracking technologies than basic cookie settings. These work automatically and provide stronger protection, though no browser setting blocks all possible tracking.
Tip 10: Want to mask your online location and activity? Consider a VPN. VPNs hide your IP address and location from websites and your internet provider by encrypting your connection through their servers.
Step 9: Know your rights
You have the right to access, correct, or delete your data as well as other data protection rights.
Coffee break: Why care about this step?
As a customer of the café, you have rights. You can request corrections to wrong orders or send back a moldy muffin. Or you can ask for your loyalty card to be destroyed when you don't need it anymore.
Data protection laws give you certain rights regarding your data. These include, among others, knowing what and how data is processed about you, correcting inaccuracies, or having your data deleted. A better understanding of these rights will help you to decide when and how to exercise them.
You have certain rights under applicable data protection laws. In particular:
Tip 11: Expect that your request may not or only partially be fulfilled. I'm legally required to apply conditions, exceptions, or limitations. This happens especially when I need to comply with legal obligations or protect third parties, similar to how a café must follow health regulations and respect other customers' rights.
Do you want to exercise your rights? Here's how: 1. Write me at n.rinderknecht@blankpage.world 2. Identify yourself, for example, by including a copy of your ID card. This protects your privacy by ensuring that only you can manage your data. |
You can also file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) by clicking here or with another authority. But remember my blog's mission: legal innovation means respecting formal processes while exploring better ones. So I'm also available to discuss more direct and quicker solutions if you contact me first.
Step 10: Check this Privacy Notice regularly
I may update this Privacy Notice at any time, so check it regularly.
Coffee break: Why care about this step?
The menu in your hands isn't permanent. Seasonal drinks come and go. Prices adjust. Health regulations change, etc.
Privacy notices are living documents, too. They evolve as digital services develop and legal requirements change. Updates to this Privacy Notice may affect how your data is used. So check it regularly to reassess whether you wish to continue using Blankpage, adjust how you interact with it, or start using privacy tools as explained in Step 8.
In case you plan to revisit this Privacy Notice, know that the current version is always published on this site (www.blankpage.world/post/privacy-notice).
Wow, you're still here! If you read this entire Privacy Notice, you either work in data protection or you've had far too much coffee today. Either way, here's another cup, because you're clearly someone who makes good life choices. Bye!
Hello, I'm Nadine Rinderknecht
Founder of Blankpage. Experience in law firms and academia. Master of Law (University of Zurich) and other stuff.
Connect with me on LinkedIn.
Blankpage's mission is to inform and (hopefully) inspire you to fill your blank pages with great ideas. In legal practice. And when writing academic papers.
If you found this blog post helpful, explore my other free posts by clicking on this blue button: