What personal data we collect and why we collect it
In this section, you should note what personal data you collect from users and site visitors. This may include personal data such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies.
You should also be aware of any collection and retention of sensitive personal data, such as health-related data.
In addition to listing the personal data you collect, you should write down why you collect it. These explanations must take into account the legal basis for the collection and retention of data or the active consent that the user has given.
Personal data is not only created through a user’s interactions with your site. Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics and third-party embeddings.
By default, WordPress does not collect any personal data about visitors, and only collects the data that is displayed on the user profile screen of registered users. However, some of its plugins may collect personal data. You must add the relevant information below.
Comments
In this subsection you should note what information is captured through comments. We have annotated the data that WordPress collects by default.
Suggested Text: When visitors leave comments on the site, we collect the data displayed in the comment form, as well as the visitor’s IP address and browser user agent string to help spam detection.
An anonymous string created from your email address (also called a hash) can be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile photo is visible to the public in the context of your comment.
Media
In this subsection, you should consider what information may be disclosed by users who can upload media files. All uploaded files are usually publicly accessible.
Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Website visitors can download and extract location data from website images.
Contact forms
By default, WordPress does not include a contact form. If you use a contact form plugin, use this subsection to record what personal data is captured when someone submits a contact form and how long they keep it. For example, you might keep in mind that you keep contact form submissions for a specified period for customer service purposes, but you don’t use the information submitted through them for marketing purposes.
Cookies
In this subsection, you should list the cookies your website uses, including those set by your plugins, social media, and analytics. We have provided the cookies that WordPress installs by default.
Suggested Text: If you leave a comment on our site, you can choose to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie does not contain personal data and is discarded when you close your browser.
When you log in, we will also set various cookies to save your login information and your screen display options. Login cookies last for two days and screen options cookies last for one year. If you select “Remember me”, your login will be kept for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data and simply indicates the publication ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Suggested Text: Articles on this site may include embedded content (for example, videos, images, articles, etc.). Integrated content from other websites behaves in exactly the same way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged into that website.
Analytics
In this subsection, you should note which analytics package you use, how users can opt out of analytics tracking, and a link to your analytics provider’s privacy policy, if applicable.
By default, WordPress does not collect analytical data. However, many web hosting accounts collect some anonymous analytical data. You may also have installed a WordPress plugin that provides analytics services. In that case, add information for that plugin here.
Who we share your data with
In this section, you should name and list all third-party vendors that you share site data with, including partners, cloud-based services, payment processors, and third-party service providers, and note what data you share with them and why. Link to your own privacy policies if possible.
By default, WordPress does not share any personal data with anyone.
How long we keep your data
In this section you must explain how long you keep the personal data collected or processed by the website. While it is your responsibility to create a timeline for how long you keep each dataset and why you keep it, that information should be included here. For example, you might want to say that you keep contact form entries for six months, analysis records for one year, and customer purchase records for ten years.
Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so that we can automatically recognize and approve any follow-up comments instead of keeping them in a moderation queue.
For users who register on our website (if applicable), we also store the personal information they provide in their user profile. All users can see, edit or delete their personal information at any time (except that they cannot change their username). Website administrators can also view and edit that information.
What rights do you have over your data
In this section you should explain what rights your users have over their data and how they can invoke those rights.
Suggested Text: If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including the data you have provided to us. You can also request that we erase any personal data that we hold about you. This does not include any data that we are required to keep for administrative, legal or security purposes.
Where we send your data
In this section, you should list all data transfers from your site outside the European Union and describe the means by which that data is protected under European data protection standards. This could include your web hosting, cloud storage, or other third party services.
European data protection law requires that data on European residents transferred outside the European Union be protected to the same standards as if the data were in Europe. Therefore, in addition to listing where the data goes, you should describe how you ensure that you or your third-party providers adhere to these standards, whether through an agreement such as Privacy Shield, model clauses in your contracts, or binding corporations. rules.
Suggested text: Visitor comments can be verified through an automatic spam detection service.
Your contact information
In this section, you must provide a method of contact for specific privacy concerns. If you need to have a data protection officer, please also provide their name and full contact details here.
Additional Information
If you use your site for commercial purposes and engage in more complex personal data collection or processing, you should consider the following information in your privacy policy, in addition to the information we have already discussed.
How we protect your data
In this section you should explain what measures you have taken to protect your users’ data. This could include technical measures such as encryption; security measures such as two-factor authentication; and measures such as training of personnel in data protection. If you have conducted a Privacy Impact Assessment, you can also mention it here.
What data breach procedures we have in place
In this section, you should explain what procedures you have in place to deal with potential or actual data breaches, such as internal reporting systems, contact mechanisms, or bug rewards.
From which third parties we receive data
If your website receives user data from third parties, including advertisers, this information should be included in the section of your privacy policy that deals with third party data.
What automated decision making and / or profiling we do with user data
If your website provides a service that includes automated decision-making, for example allowing customers to apply for credit or add their details in an advertising profile, you should be aware that this is happening and include information on how that is used. information. , what decisions are made with that aggregated data and what rights users have over decisions made without human intervention.
Industry regulatory disclosure requirements
If you are a member of a regulated industry or if you are subject to additional privacy laws, you may need to disclose that information here.