It’s really a shame nobody ever actually reads these documents, because what follows squarely falls into the category of Cyber Security Awareness Training.
Within the European Union, both the UK’s GCHQ and Germany’s Bundesnachrichtendienst are known to treat EU Privacy Legislation with considerable contempt, so even if you are located within the bounds of European law, you should take your right to privacy with a generous pinch of salt. Now wave at your webcam and say a cheery “Hi!” to GCHQ, the BND, the NSA, and in all probability to a number of French Intelligence Organizations too. And that’s not to mention all the spying operations your Internet Service Provider, Google, and Facebook carry out on you 24/7, long before websites like this one ever have a chance to get at your data.
Nevertheless, European Union legislation demands that we publicly post a compliant privacy statement, and the fact is that EU-compliant privacy policies are actually highly educational - from a Cyber Security Awareness Training Perspective - if they’re dissected and explained, so if you’re of a certain geekish, security-conscious mindset, you might learn something and get a twisted laugh out of the rest of this document at the same time.
Privacy policies are ostensibly posted to inform you - the visitor - about how websites collect, use, and protect the information they “harvest” from and about you. The legislative
With EU bureaucratic logic like that, what could possibly go wrong, from a legislative "Unintended Consequences" perspective?
Herein we inform you about what kind of information the site will “harvest” from you about your device, location, age, gender, and anything else we can get our hands on, or convince you to part with.
By its very nature, your device will give away a large amount of anonymized information which can be used to compile a statistical profile of your visitor-type. This is basically harmless, because this type of information is both anonymous and obscured by identical information gathered from countless other devices. However if we convinced you to create a user-profile on our website², we pretty much have Carte Blanche for the “gathering” of much more personal information, and - if we choose to ask for it and if you click “OK” without reading our Terms of Service - some intensely private data from your device.
This is just the standard level of information every website gathers from its visitors. It’s non-personally-identifiable, used for statistical purposes, and to make sure our website works properly on the devices it’s being viewed on.
* While you’re worrying about whether or not to let your browser accept cookies, Facebook has taken a ”digital fingerprint” of your device and dropped a tracking pixel onto your system. That way Facebook can keep track of you with a high degree of accuracy when you visit any Facebook website or any site that allows you to sign up with your Facebook account, for your ”convenience”.
A Tracking Pixel is a tiny image file carrying a unique identification tag that’s tied to your device. And because it’s an image file, clearing your cookies doesn’t get rid of it, so Facebook (and other sites) can track you forever more, without you even realizing it.
To be clear. WE DO NOT TRACK YOU TO THIS INVASIVE DEGREE. We’re merely pointing out that we could if we chose to, because that’s exactly what a lot of other websites are doing right now.
This is the part where we’re supposed to tell you how we’re going to use the information above. Common phrases used in this clause include “Personalizing our service to you”, “Administer our Website and/or Business”, “Send you communications relating to our business”, and suchlike. However, as we said above, we can pretty much include anything, so here goes:
Note: If you enter an email address into the relevant field of any contact form on this website we could collect it, even if you do not actually click the “Submit” button. Once in our possession, the usage conditions above would apply.
Shocked yet? Perhaps now you begin to realize what we mean about being able to include anything we please into this document or how utterly futile the European Union’s privacy legislation actually is?
In this section we’re supposed to assure you that we will never “sell” your personal information to “any third party³”. However, we will - of course - freely disclose your personal information to employees, contractors, authorized court or law enforcement officers acting on official orders, and any business which can reasonably deemed to be “associated” with our company and our business operations by any remotely acceptable definition of the term “Associated”.
If they’re “Associated”, they’re no longer a “Third Party”, right?
Note: If some of our “Associates” are geographically located outside the European Union, you can pretty much kiss your data/privacy goodbye immediately, since they’re not going to be bound by European Law for an instant. Once again, a great many online organizations make use of exactly this loophole, to circumvent privacy legislation... not least of which:
Interesting Fact: European Law forbids warrantless spying on Europe’s Citizenry by European Intelligence Agencies. At the same time US Law [currently still just about] forbids warrantless spying on America’s Citizenry by American Intelligence Agencies. This is why, for some time now, Britain’s GCHQ has conducted warrantless spying on Americans, while the NSA has been similarly spying on Europeans, before the two then “exchange” information. Australia, Canada, and New Zealand are also involved in this mutual
intelligence exchange spying program, which is commonly known as “Five Eyes”.
Not many people know that...
Your personal data will be retained by us until it has fulfilled the purpose for which it was submitted. After such time it will be deleted.
We are, of course, legally obligated to tell you how long we are going to retain your data, and we fully comply with this obligation through the above statement. Further, if we’ve passed your information to one of our “Associates”, they are under no obligation whatsoever to delete it at any stage, especially if they’re operating outside the European Union.
We will take every reasonable technical and organizational precaution to prevent the loss, misuse, or alteration of your personal data by storing it on a password and firewall protected server.
The watchword here is “reasonable,” because it is an EXTREMELY subjective yardstick, since firewalls and passwords are standard equipment in this day and age, and by themselves form no serious protection against a determined, concerted intrusion attempt. This is why we need to immediately cover our back by telling you that your data could just as easily be stolen before it gets to us, like so:
“You acknowledge that any transmission of data over the Internet is inherently insecure, and that we can in no way guarantee the security of any data sent over the World Wide Web.”
See what we did there?
Now, even if your data escapes into the wild, we can deny all wrongdoing, and the burden of proof immediately shifts to you when accusing us of neglect. And finally, we have to inform you that the security of any passwords you use on this site is your own problem. Don’t give them away; don’t write them down. We’re not responsible if your account is breached because your password escapes into the wild.
This is of course a fantastic catch-all for us, with which we can further indemnify ourselves against our users.
By telling you that we’re making frequent updates, and that keeping up with these updates is solely your own responsibility, we’re basically stating that we can do anything we want, herein, and that by using the site you’re specifically agreeing to the terms outlined on this page.
So… By continuing to use this website, you agree to make a weekly donation of one Dollar to the National Audubon Society for a period of one year, starting this coming Sunday.
With the information WE COULD HAVE HARVESTED through the means detailed above, we could - hypothetically speaking - compel you to actually comply fully, provided we can prove that you continued to use the Armament.Solutions website anytime after the relevant clause was included in this privacy statement
Because we must be seen as being transparent, we have to inform you about your rights. Here, as elsewhere, we can include hurdles that will stop you from making an effective data request.
We will, at your request, provide you with any personal information we hold about you. Provision of this data is subject to:
See how that works?
In order for us to give up whatever information we have on you, we’re going to not only charge you a fee, but we will also get enough information from you to commit identity fraud, should we so choose.
It’s really a good job Armament Solutions Limited is a security provider and not one of the bad guys...
It’s also fortunate nobody ever reads Privacy Policies. Otherwise nobody would visit any websites at all… ever again.
Now comes the part about using your information for marketing purposes. Remember that we told you we’d never sell your information. We didn’t say anything about our company (or an associate) trying to sell you stuff, using your own information.
You may instruct us at any stage not to process your personal information for marketing purposes. We may provide you with an opportunity to opt out of our marketing efforts. However, if we do not, we will take your submittal of personal information to constitute consent for inclusion into our marketing programs.
With this in place, you’ll have to physically ask us not to market to you. This is normally done through the inclusion of an “Opt Out” link - in tiny print and a faint font color - in any marketing email that’s sent to you. So once we have your details, we can basically do anything we want, until such time as you tell us not to.
Wherein we’re obligated to tell you that this website includes links to “other” websites, and that WE HAVE NO CONTROL AT ALL OVER THE PRIVACY POLICIES AND PRACTICES OF THOSE “OTHER” WEBSITES… because as an Internet user you would obviously assume that the Armament.Solutions privacy statement applied to ALL WEBSITES ON THE INTERNET, unless we tell you otherwise.
Common Sense is a Flower that doesn’t grow in every Garden, especially not in that big international one in the EU Parliament, where this type of legislation is cooked up and passed.
This is an excellent Rider Clause to the one about Your Rights, above. Essentially, if you want us to update the information we hold about you, we will do so at your request… if accompanied by twenty Euros and appropriate identification documents.
If you’ve made it this far through the document, you’re one of the few and the proud. But that’s not going to stop us from making one last attempt at getting some personal information out of you. That’s why we’re going to invite your feedback.
That way at least we’ll have your email address, which we’ll never, ever sell… Cross our Hearts.