Privacy Policy
Effective date: 17 April 2026
Last reviewed: 17 April 2026
1. Introduction and scope
This Privacy Policy describes how Cristian Schmitt Nieto (“I”, “me”, or “my”) collects, uses, and protects personal data in connection with the personal technology blog published at schmitt-nieto.com (the “Site”).
This policy applies to all visitors of the Site regardless of their location. Where European Union law applies (including the General Data Protection Regulation, “GDPR”), the United Kingdom GDPR, or the Swiss Federal Act on Data Protection (“nFADP”), I act as the data controller.
If you have questions about this policy or your personal data, contact me at privacy@schmitt-nieto.com.
2. Controller identity and contact
| Field | Details |
|---|---|
| Controller | Cristian Schmitt Nieto |
| Website | schmitt-nieto.com |
| Privacy contact | privacy@schmitt-nieto.com |
No Data Protection Officer is appointed for this blog, as one is not required for processing of this nature and scale. For all privacy inquiries, use the email address above.
3. Hosting and infrastructure
The Site is hosted on GitHub Pages (GitHub, Inc., a subsidiary of Microsoft Corporation). When you visit the Site, GitHub processes standard server log data for security and delivery purposes, including your IP address, request timestamps, and requested URLs. This processing is independent and is governed by the GitHub Privacy Statement.
All traffic to the Site is served exclusively over HTTPS. I do not operate any separate web servers or databases.
4. Personal data collected and processed
4.1 Data processed automatically by hosting infrastructure
When you access any page, the hosting platform (GitHub Pages) records standard server log data. This includes your IP address, browser user agent, request date and time, and the URL requested. I do not independently access, copy, or store these logs. They are retained and controlled by GitHub.
4.2 Analytics data (with your consent)
With your consent, I use two analytics services to understand how the Site is used:
- Google Analytics 4 collects page views, navigation paths, scroll events, session duration, approximate geographic region (at country or region level), and device and browser characteristics. IP address data is anonymized before storage and I do not receive full IP addresses.
- Microsoft Clarity records interaction events including click maps, scroll depth, and session replays that are designed to exclude sensitive content. It collects approximate location, device and browser information, and behavioral data.
Neither service is used to identify you personally. Both are disabled until you provide explicit consent.
4.3 Comment data via Disqus
Blog posts include a Disqus comment widget, which loads only after you accept cookies. When the widget loads, Disqus may set cookies and receive your IP address, user agent, and the page URL. If you submit a comment, Disqus processes the text you provide, any name or profile information associated with your account, and metadata about the comment. Disqus operates as an independent data controller for this data. If you decline cookies, a placeholder is shown in place of the comment thread.
4.4 Data not collected
- Special category data (health, religion, political views, or similar) is not collected on this Site.
- This Site does not use contact forms, newsletter subscriptions, or user login systems.
- I do not knowingly collect data from children under 16. See Section 11.
5. Cookies and similar technologies
The Site uses cookies and similar client-side storage mechanisms. The table below summarizes what is used, subject to your consent choices.
| Category | Cookie or technology | Provider | Purpose | Basis |
|---|---|---|---|---|
| Essential | Session / security mechanisms | GitHub Pages | Deliver pages securely and reliably | Legitimate interests |
| Analytics | _ga, _ga_* |
Google Analytics | Measure page engagement and site usage | Consent |
| Analytics | _clck, _clsk, CLID, ANONCHK, MR, MUID, SM |
Microsoft Clarity | Record interaction patterns and session replays | Consent |
| Comments | Various (Disqus session and tracking cookies) | Disqus / Ziff Davis | Manage comment sessions, prevent abuse, enable widget functionality | Consent |
6. Consent and cookie preferences
When you first visit the Site, a consent banner is displayed. Analytics cookies and related technologies are loaded only after you select Accept. If you select Decline, only hosting-level essential mechanisms operate.
The consent mechanism implements Google Consent Mode v2 and the Microsoft Clarity Consent API. Your choice is transmitted to both services at page load. If you decline, analytics storage is disabled and Clarity operates in a restricted mode that does not set analytics cookies.
You can change your preference at any time using the cookie preferences button visible on the page, or by deleting and blocking cookies in your browser settings. For general guidance on managing cookies, visit www.allaboutcookies.org.
7. Legal bases for processing
| Processing activity | Legal basis |
|---|---|
| Delivering the Site and serving pages | Legitimate interests (operation of a publicly accessible blog) |
| GitHub server logs | Legitimate interests (security and reliability of hosting infrastructure) |
| Google Analytics | Consent (Article 6(1)(a) GDPR) |
| Microsoft Clarity | Consent (Article 6(1)(a) GDPR) |
| Loading the Disqus comment widget | Consent (Article 6(1)(a) GDPR) |
| Handling privacy rights requests | Legal obligation and legitimate interests |
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
8. Third party controllers
The following providers act as independent data controllers for their own services. Their processing is governed by their respective privacy policies, which I encourage you to review.
| Provider | Service | Privacy documentation |
|---|---|---|
| GitHub, Inc. | Site hosting | GitHub Privacy Statement |
| Google LLC | Google Analytics | Google Privacy Policy |
| Microsoft Corporation | Microsoft Clarity | Microsoft Privacy Statement |
| Disqus (Ziff Davis, LLC) | Comment system | Disqus Privacy Policy |
9. International data transfers
Some providers listed above are based in the United States or operate across multiple countries. Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to countries without an adequacy decision, transfers rely on appropriate safeguards. These safeguards typically include Standard Contractual Clauses approved by the European Commission and, where applicable, the UK International Data Transfer Addendum.
Each provider’s transfer safeguards are described in the privacy documentation linked in Section 8.
10. Retention
| Data category | Retention |
|---|---|
| GitHub hosting logs | Retained and controlled by GitHub under their policies |
| Google Analytics event data | Up to 14 months, as configured in Google Analytics settings |
| Microsoft Clarity session data | Up to 13 months, as controlled by Microsoft |
| Disqus comment content | Retained by Disqus; contact me to request removal from the page display |
I do not maintain independent copies of analytics or log data beyond what the respective platforms retain. I do not purchase, sell, or broker personal data.
11. Children
This Site addresses technology professionals and is not intended for children under the age of 16. I do not knowingly collect personal data from children. If you believe a child has provided personal data through this Site, contact me at privacy@schmitt-nieto.com and I will take appropriate steps to address it.
12. Security
I apply reasonable technical and organizational measures to protect the Site against unauthorized access, loss, and disclosure:
- All site traffic is served over HTTPS with TLS encryption.
- The Site does not store visitor personal data in independently operated databases or backend systems.
- Credentials and sensitive configuration are managed outside the public repository.
- Access to administrative accounts and services is protected by multi-factor authentication.
Because the Site relies on third party platforms for hosting, analytics, and comments, the security of data processed by those platforms is governed by their respective security programs and certifications.
13. Your data protection rights
Subject to applicable law, you may exercise the following rights:
- Access: Request a copy of the personal data I hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data where there is no longer a lawful basis for retention.
- Restriction: Request that processing be restricted in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format where technically feasible and legally applicable.
- Objection: Object to processing based on legitimate interests.
- Withdrawal of consent: Withdraw consent for analytics at any time using the cookie preferences button or your browser settings, without affecting the lawfulness of prior processing.
To exercise any of these rights, email privacy@schmitt-nieto.com. I will respond within 30 days. For rights concerning data held directly by Disqus, Google, or Microsoft, please contact those providers using the links in Section 8.
You have the right to lodge a complaint with the data protection supervisory authority in your country of residence. A list of EEA supervisory authorities is available at edpb.europa.eu.
14. Third party links
The Site may contain links to external websites. I am not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal data.
15. Changes to this policy
This policy may be updated to reflect changes in applicable law, Site features, or service provider relationships. The effective date at the top of this page is updated with each revision. For material changes, a notice will appear on this page describing what changed and when.
Previous versions of this policy are available on request by emailing privacy@schmitt-nieto.com.
16. Contact
For any questions, requests, or complaints related to this Privacy Policy or the processing of your personal data:
Cristian Schmitt Nieto
Email: privacy@schmitt-nieto.com
I aim to respond to all privacy inquiries within 30 days.