Privacy Policy

This policy outlines what personal information is collected and stored by Dusting the Soul, how and why it is collected and what security measures are in place to protect your data.

Last updated: 25/05/18

Your privacy is extremely important to me and I only collect your personal data when you give your permission for me to do so. It is never used for marketing purposes or shared with third-parties without your explicit consent.

 

About Dusting the Soul

Dusting the Soul (https://dustingthesoul.com) is a blog run by Anstice ‘Tizzy’ Brown. You can contact me at [email protected] or find out more about me here.

 

How does Dusting the Soul Comply with Privacy Legislation?

Dusting the Soul complies with the new General Data Protection Regulations (GDPR) which apply to any organisation that is processing (obtaining, recording, storing, updating, sharing) personal information as part of an enterprise.

Dusting the Soul also complies with the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act, which outline rules about marketing, cookies, data security and privacy.

Here are some of the things I do to comply with this legislation:

  • I outline what data is collected, why it is collected and what it is used for in this privacy policy.
  • The lawful basis used to collect personal data is consent. I always ask your permission and display a privacy notice before processing your details.
  • You can request to withdraw your consent, access your personal data or have it deleted at any time.
  • Every plugin that collects personal data is GDPR compliant and able to export, provide and erase that data upon request.
  • I ensure the security of your data.
  • I display the EU cookie law consent banner.
  • I erase data I no longer need.

 

What personal data is collected?

Dusting the Soul collects and stores the following personal data:

  • Names
  • Email addresses
  • Website/blog links
  • Gravatar images
  • IP addresses
  • Cookies (small files stored on your computer that hold data about your preferences and past actions on this site)

 

How is my consent obtained?

The lawful basis of processing your data on Dusting the Soul is consent. Whenever I collect personal data, a privacy notice is displayed and you are required to tick a box to confirm that you are giving permission for your data to be stored. Before cookies are stored you must click the banner to accept or allow them.

 

When is this data collected?

 

Comments

When visitors leave comments on the blog the data shown in the comments form is collected, and also the visitor’s IP address and browser user agent string to help spam detection. Before you submit your comment, you are prompted to tick the box to give your consent to this data being stored.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ After approval of your comment, your profile picture is visible to the public in the context of your comment.

 

Forms

When you fill in the contact form your name and email address are stored by a plugin called Ninja Forms. When you complete the review requests form, your data is stored on Google documents. In both cases, you are prompted to tick a box to confirm that you agree to your personal information being stored and processed by Dusting the Soul.

This data is kept for a maximum of six months, it is then deleted and is not used for any marketing purposes.

 

Subscriptions

When you fill out the form to subscribe by email, your email address and ID of the post or comment is collected by a plugin called Jetpack.

In the event of a new subscription being initiated, Jetpack also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data is used for the exclusive purpose of monitoring and preventing abuse and spam.

Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

 

Cookies

If you leave a comment on Dusting the Soul you may opt-in to save your name, email address and website in cookies by clicking ‘accept’ on the cookie banner at the bottom of the screen. Storing cookies makes it more convenient for you so you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

 

Embedded Content from Other Websites

Dusting the Soul contains some embedded content from other websites, such as the Instagram feed on the homepage, affiliate links in the sidebar and in some posts and association links in the footer. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

 

Analytics

When you visit Dusting the Soul your IP address is collected by Google Analytics and Jetpack. It is used to track new and return visits to my site and provide me with anonymous traffic data. I am not able to see your location or any personal details about you.

How Google Analytics Collects Data

Google Analytics Data Privacy and Security Info

Please see the ‘WordPress Stats’ right at the bottom for information about what data is collected by Jetpack analytics.

 

Why do you collect this data and what is it used for?

  • To ensure that you are a real person and not a spam bot.
  • So that I can contact you regarding a comment you have left or contact form that you have filled in.
  • To allow me to easily find your blog so that I can visit and leave a comment.
  • To allow you to sign in quickly and easily if you want to leave a comment.
  • To allow me to analyse how much traffic I am getting to my blog and which posts are more popular.
  • So that I can view, manage and process review requests

 

Who has access to my personal data?

When you leave a comment, your name and any links you share e.g. to your Gravatar profile or blog, are visible to other visitors.

Your data is never sold or traded to third-parties for marketing purposes, but your comment information may be shared with plugins such as Akismet which helps fight spam comments.

 

What are my rights? Can I withdraw my consent?

You have the right to request the details of any data I hold about you or ask for it to be amended or deleted at any time. Please email me at [email protected] if you wish to do so.

 

How long is my data retained?

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

Analytics records are also kept indefinitely so I can track the progress of my blog over time.

I keep contact form entries for six months and subscription information is kept until such a time as you wish to cancel your subscription.

 

Where is my data sent?

Cloudfare may process your data on its servers outside the European Economic Area (EEA) under the EU-US Privacy Shield Framework.

Cloudfare’s EU-US Privacy Shield Framework Statement

Cloudfare Privacy and Security Policy

 

How do you protect my data?

  • Dusting the Soul has switched to https and in most browsers, you will see the padlock symbol in the address bar. This means that all communications between your browser and this website are securely encrypted.
  • My web host carries out 24/7 security monitoring.
  • I use the security plugin Wordfence to protect my blog from hacks and malware.
  • I use anti-virus software and a strong password on my personal computer.
  • I use strong passwords on my web hosting and email accounts.
  • I keep all my plugins up-to-date and delete ones I no longer use.
  • If there is a data breach, all those affected will be notified immediately.

 

Jetpack Privacy Info

Jetpack’s Privacy Policy: https://jetpack.com/support/privacy/

Comment Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a comment like, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment. If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.

Activity Tracked: Comment likes.


Gravatar Hovercards

Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.


Infinite Scroll

Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.


Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.

Activity Tracked: Post likes.


Protect

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.


Sharing

Data Used: When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content. This content will be sent to Akismet (also owned by Automattic) so that a spam check can be performed. Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy here.


Subscriptions

Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.


WordPress.com Secure Sign On

This feature is only accessible to registered users of the site with WordPress.com accounts.

Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.

Data Synced (?): The user ID and role of any user who successfully signed in via this feature.


WordPress.com Stats

Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honored.