Davy and Davy
Standards compliant
Website design and build

Decrease text size  Increase text size   Reset text size  Stop external pages opening in a new window
 

Davy and Davy

Privacy Policy

Davy and Davy is a trading name of Stephen Davy, a sole trader designing and building websites in West Yorkshire in the UK.

Davy and Davy - Making Websites that Work.
Website design and build

Information I collect

If you make an enquiry I ask you to email or complete an online form.  I will collect your name, email address and perhaps telephone number or other contact details so I can provide you with the information you request.  If you subsequently decide to engage my services I will most likely ask for further contact details.

I may use your information in the future, in a limited way, to inform you about any services that I might offer but will stop if you ask me to.  I may keep your information for a reasonable amount of time unless you don't want that to happen.  I will not pass your contact information to any other party without your explicit permission.

Cookies

This website currently uses some cookies.

Cookies are small pieces of text that a website can store on a user's computer or other device to be retrieved later.  In the case of "session" cookies, "later" could be a few seconds later when the user navigates to the next page as he browsers the website.  In the case of "persistent" cookies, "later" could be months later when the user revisits the website.  Session cookies are normally stored in computer memory allocated to the browser (user agent) and are destroyed when the browser is closed.  Persistent cookies are normally stored on a hard drive or in some other non-volatile memory.

Ideally, I would like to use a session cookie to store a server session identifier to maintain state between pages as the user browses the website.  This helps the website remember user preferences and browser settings as the user navigates the site, and is intended to make the visit a better experience.  However, a 2011 amendment to the UK Privacy and Electronic Communications Regulations effectively prohibits the use of all cookies, including session cookies.[1][2]  This is particularly annoying because the session cookie has little or no impact on privacy and being part and parcel of the Worldwide Web specification for well over a decade is used by the majority of websites to maintain state, without which certain functions and features do not work.  Even more annoying because other EU member states have excluded session cookies from the severe restrictions that have been placed on the use of cookies.[2]

In an attempt to comply with the amended Regulations, but partly for experimental and development purposes, this website no longer uses a session cookie to follow the server session.  Instead I am developing and testing a cookie free method of maintaining state.  The method and purpose is outlined below.

Third Party Website Statistics and Analytics Tools

The pages on this website currently use two third party agents, Google Analytics and StatCounter, to collect basic information about your Internet browser, and to recognise and count visitors as they browse the site.  This helps me form and improve the way the website works to suit regular visitors.  Included in this information is the IP address of your Internet connection and this might be used to identify your country and other location details.  This location information, although not always accurate, helps me further understand the needs of the website visitors.

Google Analytics uses four "first party" cookies - one session cookie and 3 "persistent" cookies - to carry out this task.  Persistent cookies are used to record multiple visits.  The first party cookies can only be retrieved when you visit this website and not any other website.  I don't see the IP address that Google Analytics collects, just the associated location information.  My Google Analytics account has data sharing settings that don't allow Google to share the data with anyone else.  You can read more about Google Analytics, including how to opt out of all Google Analytics data collection, on their Google Analytics Privacy OverviewLink opens in a new window web page.

Guidelines from the UK ICO state that the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended 2011, requires user consent to use cookies for website analytical purposes.  However, the guidance also indicates that first party analytical cookies are highly unlikely to receive regulatory attention provided the use of such cookies is made clear to the user.  This guidance is, let's say, confusing and I'd welcome opinion or feedback on the matter from general visitors.  For reasons explained, analytics is very useful but I might consider removing this tool if I think consent really is necessary.  That's because I believe most people do not understand cookies and therefore consent will not be given and in many ways partial analytical data is of less use than no analytical data.

StatCounter uses a third party "persistent" cookie to gather similar information to Google Analytics.  This cookie can be recovered by any website that also uses StatCounter.  The visitor information collected by StatCounter, including the IP address, is available to me and I find it very useful but, because the cookie is third party and could possibly be used for site-to-site tracking, I am considering removing the tool from our website.

No other cookies are used on this website.

For a comprehensive guide about cookies, including how to control and delete them, see aboutcookies.org.Link opens in a new window

Cookie Free Session Identification

In an attempt to comply with the amended Regulations, but partly for experimental and development purposes, this website no longer uses session cookies to maintain state.  Instead I am developing and testing an alternative, cookie free, method.  This attempts to take a "partial fingerprint" of the user's system to tie the device to the server's session identifier.  This method is less reliable that using a session cookie but is probably good enough for the purposes.  It has no more, or less, impact on privacy than the session cookie but does not require user consent.[3]  The "partial fingerprint" is stored on this website's server and is destroyed after a predetermined period of time.  Currently this is 24 hours.

The "partial fingerprint" is used to "maintain state" across the website for a number of purposes:

  1. If you use the "A" links near the top right of the page to change the size of the main body text, this information is remembered between pages so you don't have to change the text size on every page.
  2. This website uses a "fluid" page layout and adjusts the page layout to suit your browser width setting.  Once done, this information is remembered between pages which reduces the time taken to reformat subsequent pages and reduces the visual disturbances between pages.
  3. The website uses an experimental first party website statistics gathering tool outlined below.  For this the server session needs to be maintained across the pages and the "partial fingerprint" does this.

First Party Website Statistics and Analytics Tool

As a result of the 2011 amendment to the UK Privacy and Electronic Communications Regulations I am developing a cookie free method of collecting and analysing website visitor statistics.  This website is currently testing the technique which makes use of the "partial fingerprint" mentioned above to maintain state across the pages.  The resulting data, which contains no personal information, is stored on this website's server and not third party servers such as Google Analytics or StatCounter.  These statistics include visitor IP address and basic browser information such as screen size and browser type, along with a record of the pages visited on the site and the paths taken.  It helps me form the pages and content to suit regular visitors, deliver the content that the user is looking for and generally analyse how the website is used and how it performs.  The data obtained is similar to the that obtained using the third party agents but does not include any return visitor information.  I have no interest in site-to-site visitor tracking and the data is most definitely not shared with any other website or party.  No cookies are used.

Notes

[1] In response to a European Directive, the 2011 amendment to the UK Privacy and Electronic Communications Regulations 2003 placed extra restrictions on the use of cookies by UK owned websites.  Briefly, the amendment says that if the cookie is not "strictly necessary for the provision of an information society service requested by the subscriber or user" then the website must get "consent" from the user to store a cookie on the user's computer or other device.

Since most users do not know what a cookie is, and the majority the rest appear to believe them to be universally bad, it is my opinion that the majority of users, if presented with a request for consent, would either not answer or say no.  Indeed a freedom of information request made to the Information Commissioner's Office (ICO) about visitor statistics gathered by the ICO website since it introduced such a request in May 2011 suggests that only 10% of visitors are giving consent.  In my option, for most websites, requesting consent is therefore pointless and unless the cookie is "strictly necessary" then using one is, in effect, prohibited.

[2] As is often the case with European Directives, different member states implement them in different ways.  In a response to a question about session cookies, the UK ICO, which has the responsibility of interpreting and policing the UK implementation of the European Directive about Privacy and Electronic Communications, says that all cookies that are not strictly necessary require consent.  In contrast, the Irish Data Protection Commissioner, who has the responsibility of interpreting and policing the Irish implementation of the same Directive, and the equivalent authority in France, are advising that cookies that are deleted at the end of the session do not need consent.  That said, Version 2 (13th December 2011) of the guidelines from the UK Information Commissioner's Office (ICO) makes a distinction between session cookies and persistent cookies in that advice is given change a persistent cookie to a session cookie, where possible, to mitigate the risk of a user objecting.  The purpose of this statement is not clear if both session and persistent cookies are covered by the same rules, which the guidelines also state.

[3] The ICO acknowledges that "device fingerprinting" is an alternative method of identifying the device when, for example, trying to analyse website visitors and using this technique, rather than using cookies, falls outside the UK Privacy and Electronic Communications Regulations cookie rules.  However, the ICO points out that collecting such information is still covered by the Data Protection Act if it builds up a picture of an individual.  I'm using the "fingerprint" to build up a picture of the device, not the individual, and this is used simply to identify the server session to maintain state across the browsing session.  The "fingerprint" information is destroyed after a period of time when it can reasonably be assumed the session is finished.

UK Web Design Association Registered Member.Listed on w3cSites.Explanation of Level Triple-A Conformance.Valid XHTML.Valid CSSThese links open in new windows
Accessible Web Site Design