A Bright Clear Web

A Bright Clear Web - Simple, effective, accessible websites

You are here: Home / Privacy and Cookies Policy

Privacy and Cookies Policy

Phone, iPad and glasses

Who I am

I am Claire Brotherton, trading as A Bright Clear Web.

My website address is: http://www.abrightclearweb.com.

I am registered with the ICO in the UK, registration number ZA384277.

What personal data I collect and why

Comments

What is collected?

When visitors leave comments on the site I collect the data shown in the comment form:

  • Name
  • Email address
  • Website (optional)
  • Comment

The visitor’s IP address and browser user agent string are collected to help spam detection.

Third party data sharing

Visitor comments may be checked through an automated spam detection service. I use Akismet for this purpose.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Both Akismet and Gravatar are part of Automattic: read Automattic’s privacy policy

What is the legal basis for processing this data?

Consent

What is the data retention period?

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

Unpublished or spam comments are deleted after 30 days.

User accounts and media

What is collected?

Occasionally I allow guest post contributions on my blog. If you supply images for the website, you should avoid using images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

For any guest contributors I store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). As the website administrator, I can also see and edit that information.

Third party data sharing

This information is not shared with third parties.

What is the legal basis for processing this data?

Consent

What is the data retention period?

The data is retained indefinitely.

Contact form

What is collected?

If you submit data through my contact form the following is collected:

  • Name
  • Email
  • Subject
  • Message

Form submissions are emailed to me directly and not stored on the website.

Third party data sharing

Contact form data is sent by email. I use G Suite as my email service provider.

Google’s privacy policy.

What is the legal basis for processing this data?

Legitimate interest

What is the data retention period?

If we establish a contractual relationship the data is kept for 7 years from the date of our last contact.

If not, your data will be deleted after 1 year.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

I use two third-party forms of analytics – Jetpack Site Stats and Google Analytics.

Jetpack Site Stats: What is collected?

  • IP address
  • com user ID (if logged in)
  • com username (if logged in)
  • user agent
  • visiting URL
  • referring URL
  • timestamp of event
  • browser language
  • country code
  • post and page views
  • video plays (if videos are hosted by WordPress.com)
  • outbound link clicks
  • referring URLs and search engine terms
  • country.

Jetpack also tracks performance on each page load that includes the Javascript file we use for Stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.).

Jetpack’s privacy statement for Site Stats

Third party data sharing

The data is shared with Jetpack, which is part of Automattic.

What is the legal basis for processing this data?

Legitimate interest

What is the data retention period?

Any piece of data explicitly identifying a specific user (IP address, WordPress.com ID, WordPress.com username, etc.) is not visible to the site owner when using this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post.

Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used only for the purpose of powering this feature.

Google Analytics: What is collected?

Google Analytics collects data on the usage of this website, capturing statistics that are used for understanding the usage of this website so that I can improve it.

As I understand it my configuration aggregates the data so that visitors are not personally identified. I am not using the User-ID feature and the Google Analytics tracking script is set to anonymise IP addresses. I am also not sharing advertising data with Google AdWords or DoubleClick.

As a visitor, you can opt out of Google Analytics data collection by installing the Google Analytics Opt-out Browser Add-on for your browser.

Third party data sharing

The data is shared with Google.

What is the legal basis for processing this data?

Legitimate interest

What is the data retention period?

26 months.

Blog and comment subscriptions

Blog and comment subscriptions are provided by Jetpack’s Subscriptions module. Signing up for a subscription means that you will get emails when a new post is published or a new comment is published in a thread you are interested in.

The subscription process requires a double opt-in for confirmation, so if you accidentally

What is collected?

Jetpack says:

To set up and process subscriptions, we use the subscriber’s email address, as well as the ID of the post or comment (depending on the specific subscription being processed).

In the event of a new subscription being initiated, we also collect some basic server data, including:

  • all of the subscribing user’s HTTP request headers
  • the IP address from which the subscribing user is viewing the page
  • the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI).

Cookies are set (for a duration of 347 days) to remember the user’s blog and post subscription choices.

Jetpack Subscriptions privacy statement

Third party data sharing

The data is shared with Jetpack, which is part of Automattic.

What is the legal basis for processing this data?

Consent

What is the data retention period?

Subscriptions run indefinitely. You can cancel your subscription to my blog or a comment thread at any time by clicking on the Unsubscribe link in the relevant notification emails.

Alternatively, you can unsubscribe or adjust your subscription settings by visiting WordPress.com Subscription Management.

Cookies

Cookies are small text files which are created by websites. They are often used to remember a previous visit you have made to the site. This website sets some cookies, mentioned below.

To control cookie preferences, use your browser settings. You can find out more from the following:

How to Delete Cookies In Every Major Browser

Your Online Choices – to control advertising cookies

Commenter cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment.

The cookie names are:

  • comment_author_{HASH}: expires in 1 year. Remembers the value entered into the comment form‘s name field.
  • comment_author_email_{HASH}: expires in 1 year. Remembers the value entered into the comment form‘s email field.
  • comment_author_url_{HASH}: expires in 1 year. Remembers the value entered into the comment form‘s URL field.

The {HASH} is a long string of letters and numbers.

User account cookies

If you visit the login page, a temporary cookie is set to determine if your browser accepts cookies. This cookie (wordpress_test_cookie) contains no personal data and is discarded when you close your browser.

When you log in, several cookies are created to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Blog and post subscription cookies

If you subscribe to my blog and have confirmed your subscription, cookies are set.

These cookies are:

  • jetpack_comments_subscribe_{HASH}: expires in 347 days. Remembers that a user has subscribed to a comment thread.
  • jetpack_blog_subscribe_{HASH}: expires in 347 days. Remembers that a user has subscribed to the blog.

The {HASH} is a long string of letters and numbers.

Analytics cookies

These are the cookies set by Google Analytics:

  • _ga: expires in 2 years. Used to distinguish users.
  • _gid: expires in 24 hours. Used to distinguish users.
  • _gat: expires in 1 minute. Used to throttle the request rate.

Jetpack’s Site Stats:

  • stnojs: expires in 2 days. An admin area only cookie, only set if stats are requested without Javascript.

Server logs

What is collected?

Your IP address is captured when you visit any page on this site. This is a standard behaviour of web servers. It is necessary to prevent fraud and keep the website secure.

Third party data sharing

The data is stored by my host WP Engine.

What is the legal basis for processing this data?

Legitimate interest

What is the data retention period?

Log data is collected daily and added to a monthly log. After the month is complete the data is deleted and the next month’s log begins.

Who I share your data with

I have mentioned third parties that data is shared with above. Your data will not be shared with any third parties for marketing purposes.

How long I retain your data

I have mentioned retention periods above.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Data may be sent outwith the EEA by the following third parties:

  • Automattic
  • Google

These companies are registered with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

Contact information

Contact me on [email protected] if you have any questions about this privacy policy or want to make a Subject Access Request.

Additional information

Your personal data rights

Your personal data rights under the GDPR are:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling. (I do not do any automated decision making and profiling with your personal data.)

How I protect your data

This website uses SSL. An SSL certificate encrypts the data transferred between your browser and the web server, protecting it in transit.

I continually keep WordPress and my plugins and themes up to date to mitigate security risks. I use security plugins which take various measures to secure my site. I am waiting on their GDPR compliance information and will update this policy accordingly.

What data breach procedures I have in place

In the event of a data breach, I will:

  1. Attempt to identify if any personal data has been affected, and which individuals it belongs to.
  2. Notify anyone affected within 72 hours. The notification will include:
  • a description of how and when the breach occurred
  • what data was involved
  • any actions required on your part (e.g. changing a password)
  • steps I will take to prevent a breach happening in future
  • contact information for any follow-up actions.
  1. Notify the UK’s ICO if the breach is particularly serious or many people are involved.
  2. Keep a record that the breach occurred.

What third parties I receive data from

I do not receive data from third parties.

 

Date of policy: 23 May 2018

Last updated: 31 July 2020

potted cactus and laptop with code