About Us
This section should contain the URL of the site, the name of the company, organization, or individual operating the site, and accurate contact information.
The amount of information that needs to be displayed varies depending on regional or national business regulations. For example, displaying a physical address, registered address, or company registration number may be required.
Personal Data We Collect and Why
This section should mention what personal data we collect from users and site visitors. This may include personal data like names, email addresses, personal account settings, transactional data such as purchase information, and technical data like cookies.
Mention should also be made of the collection and retention of sensitive personal data, such as health-related data.
Not only should there be a list of personal data collected, but also the reason for its collection. Within the explanation, reference must be made either to the legal basis for data collection and retention or to the active consent of the user.
Personal data is also created from user and site interactions. Personal data is generated from contact forms, comments, cookies, analytics, and third-party embeds.
By default, WordPress does not collect any personal data about visitors and only collects the data shown on the User Profile screen from registered users. However, some of your plugins may collect personal data. You should add the relevant information below.
Comments
This subsection should mention the information collected through comments. The data that WordPress collects by default is specified.
Media
This subsection should mention what information might be exposed by users who upload media files. All uploaded files are usually publicly accessible.
Contact Forms
By default, WordPress does not include a contact form. If you use a contact form plugin, use this subsection to mention the personal data it collects and the retention period. For example, information sent through contact forms might be retained for customer service purposes but not used for marketing purposes.
Cookies
This subsection should list the cookies that your site uses, including those set by plugins, social media, and analytics. The cookies that WordPress installs by default are already described.
Analytics
In this subsection, mention what analytics package you use, how users can opt out of analytics tracking, and a link to your analytics provider’s privacy policy if available.
By default, WordPress does not collect any analytics data. However, many web hosting accounts collect some anonymous analytics data. You may have also installed a WordPress plugin that provides analytics services. In that case, add information from that plugin here.
Who We Share Your Data With
In this section, mention all third-party service providers with whom you share site data, such as co-authors, cloud-based services, payment processors, and third-party service providers, and mention the data shared with them and why. Provide links to their own privacy policies if possible.
By default, WordPress does not share any personal data with anyone.
How Long We Retain Your Data
This section should explain the period for which you retain personal data collected or processed by the site. It’s your responsibility to set and document the retention periods for each dataset, but you should state these periods here. For example, you might retain information submitted through contact forms for six months, analytics records for a year, and customer purchase records for ten years.
Your Rights Over Your Data
This section should explain the rights users have over their data and how they can exercise those rights.
Where We Send Your Data
In this section, mention all transfers of your site data outside the European Union and describe the means by which that data is protected to European data protection standards. This could include web hosting, cloud storage, or other third-party services.
European data protection law requires that data about European residents transferred outside the European Union be protected to the same standards as if the data was in Europe. So in addition to listing where the data is stored, you also need to describe how you or your third-party providers are complying with those standards, whether through a mechanism like Privacy Shield, standard contractual clauses in your contracts, or binding corporate rules.
Contact Information
In this section, you should provide a method for contacting you about privacy-specific concerns. If you are required to have a Data Protection Officer, provide their name and full contact details here.
Additional Information
If your site is a commercial site, and you engage in more complex collection or processing of personal data, you should note that in addition to the information provided above.
How We Protect Your Data
In this section, you should explain what measures you have taken to protect your users’ data. This could be technical measures such as encryption; security measures like two-factor authentication; and measures such as staff training in data protection. If you have carried out a Privacy Impact Assessment, you can mention it here.
Data Breach Procedures
In this section, you should explain what measures you have in place to deal with data breaches, either potential or real, such as internal reporting systems, contact mechanisms, or bug bounty programs.
Third Parties We Receive Data From
If your site receives data about users from third parties, including advertisers, this information must be included in the section of the privacy policy dealing with third-party data.
Automated Decision Making and Profiling
If your site provides a service that includes automated decision-making – for example, allowing customers to apply for credit, or aggregating their data into an advertising profile – you must note that these decisions are made automatically and provide information about how those decisions are made, what kinds of data are used to make them, what the logic involved is, and the rights users have over decisions made without human intervention.
Industry Regulatory Disclosure Requirements
If you belong to a regulated industry, or if you are subject to additional privacy laws, you may be required to disclose that here.