This is a privacy policy that I have posted because legally it seems all websites are required to have one. It is currently a work in progress because I am still researching what kind of privacy policy a website like mine is required to have, meaning a website that does not allow visitor comments, has no newsletter or log-in options, and does not have a contact form or form of any kind in which a visitor would be able to enter in information. The only way to contact me is to find my actual business email on the “contact me” page, and send me an email. I am in the process of determining if my website hosting company automatically collects any sort of visitor data for analytics (which I have no interest in analyzing if it was collected).
Who Am I?
My website address is: https://www.meghanshappywordsandart.com.
Comments
I do not allow comments on my website, and if there is the option to leave a comment, that would be an IT mistake I would need to rectify. However, hypothetically, if visitors would happen to leave comments on the site, the site would collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it (but again, if this option is available, that is something I need to fix and disable). The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture would be visible to the public in the context of your comment. (I don’t even really know what this means, but a privacy policy template suggested I add this paragraph.)
Media
My website does not allow the uploading of images, and that is not the purpose of any aspect of my website. However, to make sure I cover the legal bases, if you were to upload images to this website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to this website would be able to download and extract any location data from images on the website.
Cookies (not the yummy in the tum tum kind)
I do not allow comments on my website or blog posts. However, again to cover the legal bases, if I had the option for you leave a comment on my site, you would be provided with an opt-in to saving your name, email address and website in cookies. These would be for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies (according to WordPress) will last for one year.
If you visited a hypothetical login page, a temporary cookie would be set up to determine if your browser accepts cookies. This cookie would contain no personal data and would be discarded when you close your browser.
Again, talking about a hypothetical log in action, when you would log in, several cookies would be set up to save your login information and your screen display choices. Login cookies last for only two days, and screen options cookies last for a year. If you would select “Remember Me”, your login would stay in the system for two weeks. If you would log out of your hypothetical account, the login cookies would be removed.
If my website allowed you to edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you would have just edited. This excitingly hypothetical cookie would expire after 1 day.
Embedded content from other websites
If articles on my site would happen to include embedded content (e.g. videos, images, articles, etc.), the embedded content from other websites behaves in the exact same way as if you, the visitor, has visited the other website.
These other websites may collect data about you. They might use cookies, embed additional third-party tracking, and monitor (i.e. spy on?) your interaction with that embedded content, which might include tracking your interaction with the embedded content if you have an account and are logged in to that website.
Do I share your data?
Nope. I do not share your data. However, hypothetically, if I ever add an option that required a password, if you would request a password reset, your IP address would be included in your reset email.
How would this site retain your data if it allowed comments?
Again, my site does not allow comments. However, if that were an option, if you would leave a comment, it and its metadata would be retained indefinitely. (I don’t like how that sounds, so good thing I don’t allow comments). This would be so the system (?) could recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. (Although if I did allow comments, I would personally look at each follow-up comment before approval anyway.)
For users that would hypothetically register on this website for some reason, the personal information they provide would be stored in those users’ profile. All users would be able to see, edit, or delete their personal information at any time (except they would not be able to change their username). Website administrators would also be able to see and edit that information.
What rights you have over your data?
If you were to create an account on this site (which is not currently an option), or would leave comments (which also is not be an option), you would be able to request to receive an exported file of the personal data held about you, including any data you would have provided to this site (and whoever would be in charge of that data for my site). You would also be able to request that I erase any personal data held about you on this site. This does not include any data that this site would be obliged to keep for administrative, legal, or security purposes.
Where your data would be sent
If this site allowed visitor comments, those comments may be checked through an automated spam detection service. Spam detection (according to my understanding) happens through website plugins, and these plugins may collect information that my site itself does not collect.