How to manage your privacy (Blankpage's Privacy Notice)
- Nadine Rinderknecht
- Apr 26, 2025
- 14 min read
Updated: Feb 11
This step-by-step Privacy Notice walks you through everything you need to know about how your data is used and how to manage your privacy. Do you care enough to read the "world's most boring blog post"? Spoiler: It's also about coffee to keep you awake.
What we'll cover
Starting point
Let's be honest. Privacy notices are usually the "world's most boring blog posts". Nobody reads them except the people paid to write them. But since you're here, I thought: Why not write it as a how-to blog post like all my other posts? Why not make it easier to understand and more empowering? After all, knowing how to manage your privacy is perhaps just as important as learning how to become a legal innovator. So let's do this differently.
Imagine we're meeting for coffee, and you've asked me "So what happens with my data when I visit your website? And what can I do to manage my privacy?" That's exactly what I want to explain here. No legal jargon, just one person talking to another.
Nice to meet you! I'm Nadine Rinderknecht and I'm the person behind this website, Blankpage (www.blankpage.world). I'll give you a behind-the-scenes look at how I handle your data and share practical tips along the way. You'll learn skills like:
Reviewing a privacy notice
Managing cookies and similar technologies
Exercising your data protection rights
Here's a bonus: Since my website follows standard practices, you can apply these skills on similar websites too (but remember to adapt them to your specific situation).
Coffee in hand? Perfect, let's dive in!
Step 1: Start with an overview
Check out this Privacy Center I made for you. It gives an overview of the most important data processing activities.
Tip 1: If the text is too small, open the image in full screen by clicking on the icon on the right-hand side of the image.
That's your overview at a glance. But which law governs it? I process your personal data (or let's simply call it "data") under 🇨🇭 Swiss data protection law including the Federal Act on Data Protection (FDPA). And, where applicable, foreign data protection laws like the EU General Data Protection Regulation (GDPR).
But don't worry. I'll explain how this works in simple terms below.
Step 2: Meet your primary contact person
Contact me, Nadine Rinderknecht, at n.rinderknecht@blankpage.world if you have any questions or want to exercise your rights.
Coffee break: Why care about this step?
Look over there... See that café owner with the mustache behind the counter, wiping down the espresso machine? Just like you'd talk to him to know more about how your coffee is made or to get a different coffee if your order was wrong, knowing who's responsible for your data gives you a specific person to reach out to.
As the person behind this website, I decide why and how your data is processed. If you've any questions or want to exercise your rights, just reach out to me.
Hello! My name is Nadine Rinderknecht and I'm primarily responsible for following data protection laws. Since I decide why and how your data is processed, I'm what data protection lawyers call the "data controller".
If you've got any questions or want to exercise your data protection rights, just contact me at n.rinderknecht@blankpage.world.
Tip 2: Review next steps for common answers before you contact me. Many common questions, including how to manage logs, cookies, and similar technologies (Step 8) and how to exercise your rights (Step 9), are already answered below. Have a look!
Step 3: Meet other key entities that process your data
Your data is also processed by my hosting provider, website analysis provider, video provider, and authorities (only if required by law).
Coffee break: Why care about this step?
The owner of the café doesn't work alone. He works with other people like the barista pulling shots, co-founders managing inventory, and coffee bean suppliers in Colombia. Some only follow his instructions like his employees, while others are more independent.
What about this website? As with most websites, your data is also processed by service providers and other entities. Some may act on my behalf (data protection lawyers call them "data processors" and their helpers "sub-processors"), while others may decide (independently) why and how they process your data ("data controllers"). This step helps you see the bigger picture by showing especially the tech companies in the background of this site (like my hosting or website analysis providers). It also tells you which privacy notices to check beyond mine. And it gives you practical details if you ever need to exercise your rights across multiple entities.
I'm your primary contact person, but I'm not the only one who processes your data. Let me introduce you to the other key entities:
Tip 3: To better understand the data processing chain, check the documents below.
Privacy notices: Find out whether the entities are just following my instructions ("data processor") or taking (independently) their own decisions ("data controller").
Lists of sub-processors: Find out which sub-processors (like cloud and security providers) help entities provide services.
Keep in mind that entities may engage their own third parties, meaning your data may also be processed by them. I can restrict the processing by certain third parties (like IT providers), but not that of others (like authorities).
Now let's take a closer look at each of these entities.
1) Hosting provider Wix.com Ltd. (Tel Aviv, Israel), or simply Wix, offers access to this website and maintains server infrastructure. They also provide me with a built-in website analysis tool to understand how visitors use my website.
Privacy notice: www.wix.com/about/privacy
List of sub-processors: www.support.wix.com/en/article/list-of-wixs-sub-processors
Tip 4: Don't get lost in Wix's privacy notice. Pay special attention to the sections about users-of-users (that's you: you're using my site, which uses Wix's services).
2) Website analysis provider Visitor Analytics GmbH (Berg, Germany), or simply Visitor Analytics, collects, measures, and analyzes data on website visitors and their behavior.
Privacy notice: www.twipla.com/en/support/legal-data-privacy-certificates/standard-integration/privacy-policy
List of sub-processors (scroll down to Annex 2): https://www.twipla.com/fileadmin/twipla/downloads/20241220-twipla-data-processing-agreement-en-fin.pdf
3) Video provider YouTube lets me embed videos on this website and processes your data as well. YouTube is operated by Google Ireland Ltd. (Dublin, Ireland), or simply Google.
Privacy notice: www.policies.google.com/privacy?hl=en
Information on sub-processors: www.policies.google.com/privacy?hl=en#infosharing (Google explains data sharing practices but hasn't published a sub-processor list)
4) Authorities may receive your data, but only if required by law. This may include government offices, courts, and other authorities in Switzerland and abroad.
Step 4: See what type of data is processed
I process data you share with me via contact form, email, or otherwise. And the technical data about your website visit via analysis tools.
Coffee break: Why care about this step?
What type of data do you think is usually collected when you're in a café? You actively share information with the café owner (like "oat milk, no sugar" when placing an order), but he may also notice other information about you (like how often you visit and where you sit). Notice how he glances at your half-eaten croissant? The crumbs tell a story too.
Besides the data you share, data collection often happens in the background as you browse the internet. So the law says website owners must tell you what data is collected. This helps you make better choices about what you share. It also gives you more clarity about what data you might want to access, correct, delete, or use other data protection rights for at Step 9.
What type of data are we talking about? I process different categories of data from different sources, particularly:
Data you share with me via contact form, email, or otherwise, including contact data (like your name or email address) and any other data you choose to share.
Data from website analysis tools, specifically Wix's built-in tool and Visitor Analytics. I process technical data like:
IP address
Approximate location
Screen resolution and device type
Operating system
Browser type and version
Date and time of your visit
Pages you visited
Referring website addresses
Step 5: Understand why your data is processed
I mainly process your data to operate and improve this website and to communicate with you.
Coffee break: Why care about this step?
Think about why the café keeps track of your orders. If your coffee preferences are gathered to remember you're lactose intolerant, that's one thing. If this data is being sold to data brokers to spam you with coffee ads, that's something quite different.
You see that the "why" behind data processing matters just as much as the "how". The purposes for which your data is processed determine what may be done with it. Understanding these purposes helps you check if what I'm doing matches your expectations and make sure I'm not collecting more than I need. If the EU GDPR applies, it also lets you know on which legal bases I process your data.
Here's what I process your data for:
Operate this website in a secure and stable manner (including server management and security monitoring).
Improve this website (including making it more user-friendly by analyzing site usage and optimizing navigation).
Communicate with you (including replying to your queries).
I may also process your data to comply with legal obligations or for legal proceedings, should the need come up.
If the EU GDPR applies: What legal bases do I use?
I process your data under Swiss data protection law, mainly the Federal Act on Data Protection (FDPA). I don't assume that the EU General Data Protection Regulation (GDPR) applies to my data processing. But if it does apply, I process your data based on these legal bases:
To protect legitimate interests of me or others, unless your interests weigh more (art. 6 para. 1 lit. f GDPR). I use this legal basis, for example, for security purposes, to analyze visitor behavior, to communicate with you, and to comply with Swiss law.
When you've consented to process your data (art. 6 para. 1 lit. a GDPR and art. 9 para. 2 lit. a GDPR).
To perform a contract with you and to carry out pre-contractual measures (art. 6 para. 1 lit. b GDPR).
To comply with the law of member states in the European Economic Area (EEA) if it applies to me (art. 6 para. 1 lit. c GDPR).
Step 6: Check the security measures
Your data is protected through appropriate measures, including threat prevention, detection, and incident response.
Coffee break: Why care about this step?
Imagine the café kept your credit card details on sticky notes next to the counter where anyone could see them. Or if your loyalty points suddenly vanished after a system breach. Or if a burglar smashed through the front window overnight. Look around. The café uses security measures like thick doors to prevent break-ins, motion sensors for detection, and calling the police in an emergency.
Websites need protection, too. Without proper measures, you may, for example, no longer have access to your data, receive spam emails based on your breached data, or become a victim of an identity theft. While the technical details of security measures are often complex and difficult for website visitors to understand, knowing the general approach gives you an idea of whether your privacy is being taken seriously. And for all the security pros, I've added links to more technical information below.
Let's talk security. I protect your data from unauthorized access, use, or disclosure with appropriate technical and organizational measures. For example, I use password management and my hosting provider Wix encrypts your data, continuously monitors the platform, and minimizes the impact of cybersecurity incidents if something happens. While no system is 100% secure (just like our café), these measures can significantly reduce privacy risks.
Tip 5: Dive deeper like a pro. If you want more technical details, check out the security frameworks by Wix on their website (with simple explanations) or their privacy notice (with more complex explanations), as well as those of my other service providers.
Step 7: See where your data is shared and transferred
Your data may be processed by my service providers and authorities in Switzerland, Germany, Ireland, Israel, and potentially worldwide.
Coffee break: Why care about this step?
Imagine you leave an entry in the guest book by the café's door: "Best cappuccino in town!" This note doesn't just stay in the book. The café owner might take a photo for Instagram, mention it in the monthly newsletter, or share it with coffee suppliers in Brazil. Your comment might travel far beyond the walls of the café and you might not even realize it.
What about this website? I primarily share your data with my service providers to provide this website, but also with authorities if I have to. With each sharing, the circle of people who have access to your data expands. Understanding this step will help you get a better overview of where your data flows, assess potential privacy risks (especially when data is transferred internationally), and make better decisions about what you share through this website.
Who may process data besides me? To meet the purposes in Step 5, I may need to disclose data to the recipients in these categories:
Service providers (and their sub-processors)
Authorities like offices and courts if required by applicable laws
Recipients may process your data in Germany (Visitor Analytics, etc.), Israel (Wix, etc.), Ireland (Google, etc.), and Switzerland (authorities, etc.). However, your data may potentially be processed in any country in the world, for example, through the sub-processors of my service providers.
How's your data protected when it's transferred internationally?
I don't just send your data abroad without protection. For locations without adequate data protection, I put in place appropriate safeguards through contracts (like standard contractual clauses). That's similar to a café requiring its overseas coffee supplier to follow the same food safety standards, even if their country has different rules.
In some cases, data may be transferred without such contracts if:
You've consented to it, or
It's necessary for the performance of a contract, for the establishment, exercise, or enforcement of legal claims, or for overriding public interests (like safety or security).
Step 8: Manage logs, cookies, and similar technologies
Manage the data I collect through logs, cookies, and similar technologies by using privacy tools.
Coffee break: Why care about this step?
Remember when the café owner saw me walk through the door and immediately asked “iced latte”? I've been here many times and the owner has memorized my usual.
When browsing websites, data collection and analysis often happen invisibly in the background, similar to a café owner who quietly observes your orders and behaviors. Understanding what happens during your visit can help you make better choices about browser settings, extensions, and other privacy tools.
Like any other web server, the server on which I provide this website automatically logs and stores technical data like browser type and time of your visit. I also collect data through cookies and similar technologies. All such data is processed for the purposes in Step 5, especially for the proper functioning of my website and to understand how visitors use it.
Click to learn more:
What are logs?
When you visit websites, they automatically create records called "logs" that contain technical data about your visit and store it on their servers. Think of them like a ship captain’s logbook, recording a timeline of activities, errors, access attempts, and system changes on the website. Logs don't follow you between visits or across different sites, and they usually have less detailed data about your browsing habits than tracking technologies made for visitor analysis like cookies or similar technologies.
What are cookies?
When you visit websites, small text files are typically stored on your device: essential cookies for basic functions and non-essential cookies for additional purposes.
1. Essential cookies ("must-haves")
Essential cookies are necessary for the basic operation of the website. They enable core functionality like network management, secure login, page browsing, etc. So remember: Blocking essential cookies breaks basic website functions.
2. Functionality, analytics, and marketing cookies ("nice-to-haves")
Non-essential cookies are used for additional purposes. Functionality cookies improve user experience by remembering preferences and settings (like your language or region). Analytics cookies collect data about how you use the website to improve performance. And marketing cookies track your behavior for personalized ads and retargeting. Blocking non-essential cookies means you miss personalized features but the site still works.
What are "similar technologies" like fingerprinting?
Similar technologies like fingerprinting are more and more used as alternatives to cookies. Fingerprinting scripts run in your browser to collect technical and behavioral data. They combine this data to create a unique "fingerprint" that's stored on website servers (rather than on your device, as with cookies).
This helps website owners improve their websites by adjusting content to specific device setups and spotting technical problems. It may be used to recognize visitors when they return to a website or track them across different websites for analytics and marketing purposes. Plus, fingerprinting may be used to prevent fraud by spotting suspicious behavior and using security measures like extra authentication when devices aren't recognized.
Want to manage your privacy? Take a look at the tips right below.
Tip 6: Find your sweet spot between privacy and benefits. Some visitors value the better experience that comes with data collection (like full website functionality and more helpful responses to queries), while others value privacy more. Rather than following a one-size-fits-all approach, match your settings with your concerns – whether that's not doing anything at all or using the privacy tools in the tips below.
Tip 7: Want to hide your local browsing activity? Use private/incognito mode. Private browsing prevents your device from storing browsing history, cookies, and site data locally. That's useful when you don't want others using your computer to see what websites you've visited. But remember: Your activity is still visible to websites, your internet provider, or network administrators.
Tip 8: Want to manage cookies? Here's how to do it. Most browsers allow you to view, block, or delete cookies through their privacy settings (though this may affect the functionality of this website). Check your browser's help section for more details (usually under "Privacy" or "Security"), or click directly on one of these links:
Tip 9: Want even stronger tracking protection? Use your browser's enhanced settings. Most modern browsers offer advanced tracking protection (like Firefox's "Strict" mode or Safari's "Prevent Cross-Site Tracking") that blocks more tracking technologies than cookie settings. These provide stronger protection, though no browser setting blocks all possible tracking.
Tip 10: Want to hide your IP address and other data? Consider a VPN. VPNs use encryption to hide your IP address, rough location, and contents of your traffic from websites and your internet provider.
Step 9: Know your rights
You've the right to access, correct, or delete your data as well as other data protection rights.
Coffee break: Why care about this step?
As a customer of the café, you have rights. You can request corrections to wrong orders (like when they give you regular coffee instead of decaf) or send back a moldy muffin. Or you can ask for your loyalty card to be destroyed when you don't need it anymore.
Data protection laws give you certain rights about your data. These include, among others, knowing what data is processed about you, correcting errors, or having your data deleted. A better understanding of these rights will help you decide when and how to exercise them.
You've certain rights under applicable data protection laws, including:
Want to exercise your rights? Here's how: 1. Write me at n.rinderknecht@blankpage.world 2. Identify yourself, for example, by including a copy of your ID card. This protects your privacy by making sure only you can manage your data. |
Tip 11: Know that conditions, exceptions, and limitations are built into data protection law. Sometimes I can't fully meet your requests. This happens especially when I need to comply with legal obligations or protect third parties, similar to how a café must follow health regulations or respect other customers' rights.
You can also file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) by clicking here or with another authority. But remember my website's mission: Legal innovation means respecting formal processes while exploring better ones. So I'm also available to discuss more direct and quicker solutions if you contact me first.
Step 10: Check this Privacy Notice regularly
I may update this Privacy Notice at any time, so check it regularly.
Coffee break: Why care about this step?
Look at the menu in your hands. It's not permanent. Seasonal drinks come and go. Prices adjust. Health regulations change.
Privacy notices are living documents, too. They evolve as digital services develop and legal requirements change. Updates to this Privacy Notice may change how your data is used. So check it regularly to decide whether you want to keep using this website, change how you interact with it, or start using privacy tools in Step 8.
One last thing... In case you plan to revisit this Privacy Notice, know that the current version is always published on this site (www.blankpage.world/post/privacy-notice). You can also bookmark it if you like.
Wow, you're still here! If you read this entire Privacy Notice, you either work in data protection law or you've had far too much coffee today. Either way, here's another cup, because you're clearly someone who makes good life choices. Bye!
Hello, I'm Nadine Rinderknecht
Experience in law firms and academia. Master of Law (University of Zurich), LL.M. TMT (Queen Mary University of London), and other stuff.
Connect with me on LinkedIn ☺
What's this blog about? Build your unique practice style and intellectual capital in IT law. Time to become a legal innovator.
If this post was helpful, explore my other posts by clicking on this blue button: