Privacy Policy

About

My website address is: http://rebeccagudgeon.co.uk. I run this website myself and no-one else has direct access to it at an administrative level.

As I use various services to ensure the smooth running of this website, all other entities who may have access to data gathered by this site are detailed below.

This privacy policy exists so that you can be aware of what information this website gathers relating to you, how and why it is stored, what happens to it, how long it is kept for, and what to do if you want me to stop storing it, or to give you access to what information I am holding about you.

In general principle, I will not knowingly give your data to anyone for commercial use, nor will I use it to send you anything you haven’t consented to. If I discover that information about you held by me has been accessed in any way that could undermine your data protection rights, I will report a data breach to the ICO as required under the General Data Protection Regulations.

The data processing that takes place does so for the purpose of maintaining the security and function of the website, and this is identified as the ‘legitimate interest’ lawful basis for this data processing. Additionally, in some cases, data is processed on the basis of the explicit consent of the individual for the data to be processed for a specific purpose. Data collection and retention is kept to a minimum, and all data collected is kept securely as far as we are able.

What personal data is collected on this website, why, and what happens to it

Contacting Us

This site does not use a contact form. If you choose to get in touch via this site, you will do so by email. If you send me an email, any personal identifying information (eg your name, email address, website, phone number etc) you include in it will be stored for up to one year after your enquiry (or longer if explicitly agreed between us), and I will retain this information for contact purposes only. It will not be used for marketing purposes or passed on to anyone else without your explicit consent.

Security

This site uses the security plugin, Wordfence. Defiant, the company who own the Wordfence security plugin we use, processes the data it gathers for us, for the purposes of this site’s security, and this includes sending the data outside of the UK. There is a Data Processing Agreement in place covering this, which details how the data is processed and the security measures in place. The plugin sets cookies as listed here:

wfwaf-authcookie-(hash)

What it does:This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.

Who gets this cookie:This is only set for users that are able to log into WordPress.

How this cookie helps:This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

wf_loginalerted_(hash)

What it does:This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.

Who gets this cookie:This is only set for administrators.

How this cookie helps:This cookie helps site owners know whether there has been an admin login from a new device or location.

wfCBLBypass

What it does:Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.

Who gets this cookie:When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This will be set for anyone who knows the URL that allows bypass of standard country blocking. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.

How this cookie helps:This cookie gives site owners a way to allow certain users from blocked countries, even though their country has been blocked.

Jetpack

This site collects some data through some of the features of the Jetpack plugin, as detailed below:

Activity Log

This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type.

Data Used:To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.

Activity Tracked:Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).

Data Synced (?):Successful and failed login attempts, which will include the actor’s IP address and user agent.

Subscriptions

Data Used:To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URIand DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked:Functionality cookiesare set for a duration of 347 daysto remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

WordPress.com Stats

Data Used:IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important:The site owner does nothave access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automatticfor 28 days and are used for the sole purpose of powering this feature.

Activity Tracked:Post and page views, video plays(if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honour DNT settings of visitors. By default, DNT is currently not honoured.

Google Analytics

I use the Google Analytics service to track how this site is used, meaning that some site user data is gathered by Google. This sends page view events (and potentially video play events) over to Google Analytics. Google Analytics does offer IP anonymization, which has been enabled on this site. The data gathered is aggregated and I am able to view patterns and trends, not to identify users as individuals. Please refer to the appropriate Google Analytics documentation for the specific type of data it collects. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

What rights you have over your data

If you have an account on this site you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Your contact information

If you would like to get in touch regarding data protection, please email me at rebecca@rebeccagudgeon.co.uk.