While
the new GDPR regulations have been in place since the end of May
Definitions
- Logged In vs Logged Out Users: Logged in users are users who have registered (created) an account on the site and have provided their username and password to log in to the site. Some sites require users to be registered and logged in to do things like comment on an article. Logged out users are users who have not logged in, or who do not have an account on the site at all (e.g. visitors).
- Gravatar: An optional public profile, including a photo or image, related to your email address.
- IP Address: The address of your device on the Internet. This address is assigned by the Internet Service Provider providing the connection to the Internet which your device is using and may be shared with other devices at that same location.
- Role: A logged in user also has a role, e.g. Contributor, Author, Editor, etc. Each role has a prescribed set of capabilities – e.g. some roles can delete comments but others cannot.
- User Agent: A browser’s user agent is a line of text that usually includes which browser you are using, its version, and your operating system and its version.
Comments
Comments Left by All Users
- If you elect to leave a comment on an article, in addition to the comment text you provide we also collect your IP Address and your User Agent.
- Your comment text, your name, email address, website URL, IP Address and User Agent are accessible by administrators on our site.
- An anonymized string created from your email address (also called a hash) is provided to the Gravatar service to see if a profile picture of you is available for display. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ Prior to approval of your comment, your profile picture is only visible to administrators. After approval of your comment, your profile picture is visible to the public in the context of your comment.
- Following approval of your comment, your comment text, your name, and website URL (if provided) are visible to the public.
- Comments containing links or certain words or phrases may require manual approval by an administrator.
- Your comment, including comment text, your name, email address, website URL, IP address and User Agent, is:
- stored in the website’s database, access to which is restricted to site administrators. Site administrator authentication is by username and password.
- retained indefinitely until explicitly deleted by an administrator.
Comments Left by Logged In Users
- You may edit the display name used for new comments in your profile.
- If your role on the site has sufficient permission (e.g. Editor), you may edit or delete comments.
Comments Left by Logged Out Users / Visitors
- If you are not logged in to the site and elect to leave a comment on an article, we require your name and your email address and we request your website URL. You may also elect to provide a partial name, initials or even a pseudonym in lieu of your full name. You are not required to provide a website URL.
- When you leave a comment, you will be asked if you opt-in to saving your name, email address and website URL in your browser for future commenting. If you so opt-in, we store three cookies on your browser to make it easier for you to comment again in the future. The cookies contain your name, your email address and your website URL. They are set to expire after one year.
Embedded Content
- Articles on this site may include embedded content from other services (e.g. videos, images, articles, etc.).
- These services may collect your IP address, your User Agent, store and retrieve cookies on your browser, embed additional third party tracking, and monitor your interaction with that embedded content, including correlating your interaction with the content with your account with that service, if you are logged in to that service.
- A link to each service’s privacy policy has been included below. Where a general privacy policy is not available, the applicable country is indicated.
Gravatar Hovercards
Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatarservice (also owned by Automattic) in order to retrieve their profile image.
Notifications
This feature is only accessible to registered users of this site who are logged in to WordPress.com.
Data Used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.
Activity Tracked: Sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.
Subscriptions
Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI
and DOCUMENT_URI
). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honored.