Who are we?

In this section, provide your site URL, your name or the name of your company or organization, and your contact information.

The amount of information you must display depends on your local or national regulations. For example, you may be required to display a physical address, a public address, or your company registration number.

How we collect personal data

In this section, indicate the personal data you collect about users and visitors to your site. This may include personal data such as name, email address, personal account preferences; transactional data such as order information; and technical data like cookie information.

You should also list any collection or retention of sensitive personal data like medical data.

In addition to listing the personal data you collect, you should indicate why you are doing so. These explanations should include either the legal basis for the data collection and retention or the active consent given by the user.

Personal data is not only created by a person’s interaction with your site. It is generated by a technical process like a contact form, comments, cookies, or third-party service integration.

By default, WordPress does not collect any personal data about visitors, and only collects the data present in the “Your Profile” screen of registered accounts. However, some of your plugins may collect personal data. In this case, please provide the appropriate information below.

Comments

In this subsection, specify the information that is collected via comments. We have indicated the data collected natively by WordPress.

Media

In this subsection, specify the information that could be revealed by accounts that can upload files to your media library. Uploaded files are generally publicly accessible.

Contact Forms

By default, WordPress does not include a contact form. If you are using a contact form plugin, use this subsection to specify what personal data is recorded when the form is submitted, and how long it is retained. For example, you might indicate that you retain contact form submissions for a given period of time for customer service purposes, but that you will not use them for marketing purposes.

Cookies

In this subsection, you should list the cookies used by your site, including those recorded by your plugins, social networks, and your visitor statistics. We have indicated the cookies that WordPress installs by default.

Statistics and audience measurement

In this subsection, indicate the statistics tools that you use for your audience measurement, and if applicable, provide a link to your provider’s privacy policy.

By default, WordPress does not collect any visitor statistics. However, many hosts collect anonymous statistical data. You may also have installed a WordPress plugin that provides analytics services. In this case, provide information about that plugin here.

How we share your data

In this section, list and name all third-party vendors with whom you share your site data, including partners, cloud services, payment gateways, and any other third-party services. Indicate what data you share and why you share it. Link to their privacy policy if possible.

By default, WordPress does not share your personal information with anyone.

How long we store your data

In this section, you should indicate how long your website will store the personal data collected and processed. While it is your responsibility to provide a retention schedule for each set of data you have, this information does not need to be displayed here. For example, you could indicate that you keep the data received via your contact forms for six months, the visitor statistics for one year and the records related to online sales for ten years.

The rights you have over your data

In this section, indicate the rights of the accounts regarding their data and how they can exercise these rights.

Where your data is sent

List in this section all the data transfers from your site to outside the European Union and describe how this data is protected with regard to European standards for the protection of private data. This may include your web host, cloud storage, or other third-party services.

European data protection law requires that data about European residents transferred outside the European Union be protected under the same conditions as if it were within Europe. In addition to listing where the data goes, you should describe how you or your subcontractors ensure compliance with these standards, whether through an agreement like the EU-U.S. Privacy Shield, clauses in your contracts, or binding corporate rules.

Contact Information

In this section, indicate the contact method available for privacy-related requests. If you are required to have a Data Protection Officer, also include their name and contact details.

Additional Information

If you are using your site for commercial purposes and engage in the collection and processing of more complex personal data, you should include the following information in your privacy statement, in addition to the information detailed above.

How We Protect Your Data

In this section, outline the steps you have taken to protect your account data. This may include technical measures such as encryption, security measures such as two-factor authentication, or human measures such as having a trained data protection team. If you have conducted an impact assessment related to the private data breach, you can also indicate this here.

Procedures implemented in the event of a data breach

In this section, indicate the procedures you have in place in the event of a data breach, whether potential or actual, such as internal notification systems, contact mechanisms, or any rewards provided to “bug hunters”.

Third-party services that transmit data to us

If your site receives personal data from third-party sources – including advertising sources – this information should be included in the third-party data section of your privacy statement.

Automated marketing and/or profiling operations carried out using personal data

If your site provides a service that includes automated decision-making – for example, allowing your customers to apply for credit or aggregating their data into an advertising profile – you must explain what is being done and include information about how the information is used, what decisions are made with that aggregated data, and what rights users have over decisions made without human intervention.

Displaying information related to industries subject to specific regulations

If you are a member of a regulated industry, or are subject to specific regulations, it is likely necessary to display that information here.