Privacy Policy
This document explains, in plain language, what testml.org collects when you visit, why we collect it, how long we keep it, and the choices you have over it. We treat your data the way we would want our own treated: kept to a minimum, stored carefully, and never sold. If something below is unclear, write to contact@testml.org and a real person will reply.
1. Who we are
For the purposes of the GDPR and the UK Data Protection Act 2018, the data controller for this website is the editorial team behind testml.org. You can reach the team by email at contact@testml.org. We do not currently operate a registered physical office; correspondence by email is the fastest way to reach us and is logged for audit purposes.
2. What we collect
We deliberately keep collection narrow. The categories below are everything that touches our systems:
| Category | Examples | Source |
|---|---|---|
| Server log data | Truncated IP address (last octet zeroed), user-agent string, timestamp, requested URL, HTTP status code | Automatic, on every page load |
| Analytics events | Anonymised page views, scroll depth, referrer host (no full URL), approximate country | Only if you accept the analytics cookie category |
| Direct correspondence | Email address, message body, any attachments you choose to send | You, when you write to us |
| Consent records | Your cookie banner choices, timestamp, banner version | Stored client-side; reflected server-side only when you submit a form |
We do not collect: payment details (we do not sell anything from this domain), precise geolocation, biometric data, or special-category data such as health, ethnicity, or political views.
3. Why we use it
- To keep the site running. Logs help us diagnose 500-errors, block scrapers, and confirm uptime.
- To improve what we publish. Aggregated analytics tell us which articles are useful and which need rewriting.
- To answer you. If you email us, we read it and reply — that is the only way to do so.
- To meet legal duties. We log consent so we can prove, if asked, that we honoured your choice.
4. Legal basis for processing
Under Article 6 GDPR our lawful bases are:
- Legitimate interests — for security logging and aggregate, non-identifying performance review.
- Consent — for analytics cookies and any optional tracking. You can withdraw consent at any time via the cookie preferences link in the footer.
- Legal obligation — for retaining consent records and responding to subject-access requests within statutory deadlines.
5. Cookies & analytics
On first visit a small banner asks whether you accept analytics and marketing cookies. Strictly necessary cookies (session, CSRF, consent state) are always on because the site cannot function without them. The full per-cookie list, with vendor and expiry, lives in our Cookie Policy.
6. Who we share data with
We share data only where strictly necessary, and only with vetted processors bound by written contracts:
- Hosting & CDN provider — receives the same request data your browser sends every time you load a page.
- Email provider — delivers replies when you contact us; sees the address and subject line.
- Privacy-respecting analytics — receives aggregate event data, only if you have consented.
We do not sell, rent, or trade personal data. We do not run real-time bidding (RTB) advertising on this site.
7. How long we keep it
| Data | Retention |
|---|---|
| Raw server logs | 30 days, then automatically purged |
| Analytics events (aggregate) | 14 months |
| Email correspondence | 24 months from the last reply, unless you ask us to delete sooner |
| Consent records | 24 months — minimum needed to demonstrate compliance |
8. Your rights
If the GDPR, UK GDPR, CCPA, LGPD or a comparable framework applies to you, you have the right to: request a copy of your data, correct it, ask us to erase it, restrict how we use it, object to processing, or receive a portable export. We will respond within 30 days. There is no fee for a reasonable request.
To exercise any of these rights, email contact@testml.org with the subject line “Data request”. We may ask one or two follow-up questions to verify the request is genuinely yours — this is to protect you, not to obstruct you.
9. International transfers
Our processors may be based outside your country. Where data leaves the European Economic Area or the UK we rely on the European Commission’s Standard Contractual Clauses (2021 modules) and, where appropriate, the UK International Data Transfer Addendum. We assess each transfer for additional safeguards before it begins.
10. Children
The site is written for an adult, general-interest audience and is not directed at children under 16. We do not knowingly collect data from children. If you are a parent or guardian and believe a child has submitted information to us, please write in and we will erase it.
11. Changes to this policy
We update this page when our practices change or when a regulator publishes new guidance. Material changes are noted at the top of the page and dated; minor wording fixes are applied silently. The current version number and effective date are shown beneath the title at the top of this page.
12. Contact & complaints
Questions, concerns, or a polite disagreement about how we have handled your data? Write to contact@testml.org. We aim to acknowledge within two working days and resolve within thirty.
If we cannot resolve your concern, you have the right to lodge a complaint with your local supervisory authority — for example, the Information Commissioner’s Office (ICO) in the United Kingdom or your country’s data-protection authority within the EEA.
This policy is written in plain English on purpose. If a clause confuses you, that is a bug in our writing — tell us and we will fix it.