This policy outlines what personal information is collected and stored by Dusting the Soul, how and why it is collected and what security measures are in place to protect your data.
Last updated: 25/05/18
Your privacy is extremely important to me and I only collect your personal data when you give your permission for me to do so. It is never used for marketing purposes or shared with third-parties without your explicit consent.
About Dusting the Soul
How does Dusting the Soul Comply with Privacy Legislation?
Dusting the Soul complies with the new General Data Protection Regulations (GDPR) which apply to any organisation that is processing (obtaining, recording, storing, updating, sharing) personal information as part of an enterprise.
Here are some of the things I do to comply with this legislation:
- The lawful basis used to collect personal data is consent. I always ask your permission and display a privacy notice before processing your details.
- You can request to withdraw your consent, access your personal data or have it deleted at any time.
- Every plugin that collects personal data is GDPR compliant and able to export, provide and erase that data upon request.
- I ensure the security of your data.
- I display the EU cookie law consent banner.
- I erase data I no longer need.
What personal data is collected?
Dusting the Soul collects and stores the following personal data:
- Email addresses
- Website/blog links
- Gravatar images
- IP addresses
- Cookies (small files stored on your computer that hold data about your preferences and past actions on this site)
How is my consent obtained?
The lawful basis of processing your data on Dusting the Soul is consent. Whenever I collect personal data, a privacy notice is displayed and you are required to tick a box to confirm that you are giving permission for your data to be stored. Before cookies are stored you must click the banner to accept or allow them.
When is this data collected?
When visitors leave comments on the blog the data shown in the comments form is collected, and also the visitor’s IP address and browser user agent string to help spam detection. Before you submit your comment, you are prompted to tick the box to give your consent to this data being stored.
When you fill in the contact form your name and email address are stored by a plugin called Ninja Forms. When you complete the review requests form, your data is stored on Google documents. In both cases, you are prompted to tick a box to confirm that you agree to your personal information being stored and processed by Dusting the Soul.
This data is kept for a maximum of six months, it is then deleted and is not used for any marketing purposes.
When you fill out the form to subscribe by email, your email address and ID of the post or comment is collected by a plugin called Jetpack.
In the event of a new subscription being initiated, Jetpack also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (
DOCUMENT_URI). This server data is used for the exclusive purpose of monitoring and preventing abuse and spam.
Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
If you leave a comment on Dusting the Soul you may opt-in to save your name, email address and website in cookies by clicking ‘accept’ on the cookie banner at the bottom of the screen. Storing cookies makes it more convenient for you so you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Embedded Content from Other Websites
Dusting the Soul contains some embedded content from other websites, such as the Instagram feed on the homepage, affiliate links in the sidebar and in some posts and association links in the footer. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
When you visit Dusting the Soul your IP address is collected by Google Analytics and Jetpack. It is used to track new and return visits to my site and provide me with anonymous traffic data. I am not able to see your location or any personal details about you.
Please see the ‘WordPress Stats’ right at the bottom for information about what data is collected by Jetpack analytics.
Why do you collect this data and what is it used for?
- To ensure that you are a real person and not a spam bot.
- So that I can contact you regarding a comment you have left or contact form that you have filled in.
- To allow me to easily find your blog so that I can visit and leave a comment.
- To allow you to sign in quickly and easily if you want to leave a comment.
- To allow me to analyse how much traffic I am getting to my blog and which posts are more popular.
- So that I can view, manage and process review requests
Who has access to my personal data?
When you leave a comment, your name and any links you share e.g. to your Gravatar profile or blog, are visible to other visitors.
Your data is never sold or traded to third-parties for marketing purposes, but your comment information may be shared with plugins such as Akismet which helps fight spam comments.
What are my rights? Can I withdraw my consent?
You have the right to request the details of any data I hold about you or ask for it to be amended or deleted at any time. Please email me at [email protected] if you wish to do so.
How long is my data retained?
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
Analytics records are also kept indefinitely so I can track the progress of my blog over time.
I keep contact form entries for six months and subscription information is kept until such a time as you wish to cancel your subscription.
Where is my data sent?
Cloudfare may process your data on its servers outside the European Economic Area (EEA) under the EU-US Privacy Shield Framework.
How do you protect my data?
- Dusting the Soul has switched to https and in most browsers, you will see the padlock symbol in the address bar. This means that all communications between your browser and this website are securely encrypted.
- My web host carries out 24/7 security monitoring.
- I use the security plugin Wordfence to protect my blog from hacks and malware.
- I use anti-virus software and a strong password on my personal computer.
- I use strong passwords on my web hosting and email accounts.
- I keep all my plugins up-to-date and delete ones I no longer use.
- If there is a data breach, all those affected will be notified immediately.
Jetpack Privacy Info
This feature is only accessible to users logged in to WordPress.com.
Data Used: In order to process a comment like, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment. If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.
Activity Tracked: Comment likes.
Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.
Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.
This feature is only accessible to users logged in to WordPress.com.
Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.
Activity Tracked: Post likes.
Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (
jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (
DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
WordPress.com Secure Sign On
This feature is only accessible to registered users of the site with WordPress.com accounts.
Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.
Data Synced (?): The user ID and role of any user who successfully signed in via this feature.
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.