This site should force HTTPS. If it doesn't let me know, because something's wrong. This protects the usage of your IP address and other identifiable data by my webserver from third parties. This usage is unfortunately essential--all websites need to do some logging to serve you content and protect against malicious actors. Webserver access logs are stored for the default time (about 15 days) before being purged. This logging is GDPR compliant, not least because in the timeframe between when you ask me to remove your data and when I have to have it removed, your data will have already been purged.
There are only two other instances on this website where I process your data, but in neither case do they go to a third party:
The newsletter is run on Sendy. I track opens only so I can clean my list and thus avoid a huge number of regulatory issues. I host the instance, so your data doesn't go to any third party.