Skip to content

Latest commit

 

History

History
158 lines (89 loc) · 14.6 KB

PRIVACY.md

File metadata and controls

158 lines (89 loc) · 14.6 KB

A Privacy Policy is a legal document stating how your website collects, discloses, and processes the data of visitors. Because it is near impossible not to collect any data — just think about what a comment is — you are advised to always include a Privacy Policy page.

The following template is free to use and covers an unaltered WordPress with Fictioneer. If you customize the theme or add plugins that collect visitor data, such as analytics, you may need to make changes. Please refer to one of the many guides, templates, and policy generators easily found on the Internet in that case.

However, do not just blindly copy the template! There is still some work to do and you should be aware of the legal obligations included. Make sure to fill in, replace, or omit the marked parts and any section as needed. For example, if you do not plan to allow subscriber registrations, you can omit OAuth 2.0 Authentications entirely. Also mind the formatting and outgoing links.

If you are hosted on a service such as WordPress.com that comes with a free tier in exchange for ads, you may need to use a different template altogether. In the case of WordPress.com, you can refer to their own How to Write and Add a Privacy Policy to Your WordPress Site guide. Other services may differ.


Privacy Policy

One of our main priorities at website.com is the privacy of our visitors. Please read our following Privacy Policy carefully as it outlines the collected and recorded personal information in regards to use, retention, disclosure, and protection. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby agree to our Privacy Policy and agree to its terms. By accepting the Cookie Notice, you hereby agree to our Cookie Policy within the scope of your consent as outlined under Cookies. You may withdraw your consent at any time. When you provide us with your personal information as outlined under Information Collection, you consent that we may store and use it for the purposes outlined under Information Processing.

Information Collection

We only collect personal information within your consent and applicable law, restricted to our legitimate interest. The purpose of these collected information will be made clear to you when you are asked to provide them. For example, we collect information when you create an account, subscribe, comment, fill out a form, or participate in other interactive activities or services.

If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message, attachments sent, and any other information you may choose to provide on your own volition.

If you have any analytics plugin running, list what data it collects here.

Categories

As required by the CCPA, the following list outlines a broad set of "categories" of the personal information we may collect based on your consent, applicable law, and services used.

  • Identifiers (contact information, device and online identifiers)
  • Activities (usage of services, like the comment system)
  • Geolocation (broad and based on your IP address for statistics)
  • Audio/Visual (such as your profile picture)

OAuth 2.0 Authentication

You may register and log in with an external provider (Discord, Twitch, Google, and so forth), given your prior consent through the OAuth 2.0 protocol confirmation. This will create an account with your username, email address, profile picture, and unique ID. Any other information is discarded and the connection is severed afterwards. Subscribers can delete their account at any time.

The unique ID serves as link to your external provider. The display name and email address can be changed in your profile; you may also add or remove additional external providers there. The profile picture will be shown on all of your comments unless disabled — or a gravatar associated with your email address if you are registered to that service. Your profile will be updated whenever you log in anew, but no external changes are tracked by itself.

Comments

If you want to leave a comment on our website, you are required to check an additional consent at least once. This will be stored as cookie. When you submit the comment, we collect the data shown in the comment form in addition to your IP address and browser user agent string to assist spam detecting or exclude undesired individuals.

If provided, an anonymized string (hash) created from your email address is sent to the Gravatar service to see if you are using it. The Gravatar Privacy Policy can be found here. After approval of your comment, your Gravatar profile picture will be visible to the public in the context of your comment. Your email address will never be publicly shown.

Please note that if you comment anonymously, we may not be able to adhere to requests in regards to access, rectification, or erasure (GDPR/CCPA). Without any identifier, we cannot verify your claim of ownership over the comment. After all, you could be a pretender trying to cause harm.

Exceptions

While we strive to create and maintain a safe and welcoming community, the Internet is filled with malicious individuals that aim to cause strife and harm. We retain the right to revoke our privacy concession to such individuals to protect ourself and our visitors, which is in our legitimate interest. This may extend to denial of features and services, bans, and criminal prosecution in cooperation with the authorities if necessary.

Retention

We generally discard personal information once they fulfilled their purpose — as described under Information Processing — and if we are not legally required to keep it.

If you leave a comment, the comment and its metadata are retained indefinitely. This is in order to process any requests, recognize and approve follow-up comments automatically without holding them for approval, and protect us from malicious intents.

For users that register an account, we store the provided personal information in their user profile. All users can see, edit, or delete their own personal information at any time (except they cannot change their username). Administrators can also see and edit that information.

Information Processing

We use your personal information to render services within your consent and applicable law, including to:

  • provide, operate, and maintain our website;
  • improve, personalize, and expand our website;
  • manage our relationship with you and respond to requests;
  • protect ourself and you from spam and malicious intents;
  • comply with any regulatory or legal obligations;
  • detect and prevent illegal or prohibited activities;
  • measure performance and benchmark our systems.

We do not share your personal information without your consent, unless:

  • doing so is appropriate to carry out your own request;
  • the information is public by your own volition, such as comments;
  • it is legally required or necessary to enforce our legal agreements;
  • to detect, prevent, or address criminal, security, or technical issues.

Information Sharing

Aside from the legal exceptions listed under Information Processing, we do not share your personal information with third parties. Any third party plugins must comply with our policies. We do not sell your personal information, neither in plain text nor anonymized. We do not practice targeted marketing.

Security

We take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, you should keep in mind that no Internet trans­mission is ever completely secure or error-free. This goes for your end as well — we cannot protect your system. In particular, emails sent to or from any site may not be secure.

Social Media

We feature social media buttons provided by services like Facebook, Twitter, and others. These services are infamous for collecting and selling your data and usually load tracking technologies just by being present.

In order to prevent this, the buttons are quarantined until you deliberately click on them. Your use of these third party services is entirely optional. This is an informed action of your own volition. We are not responsible for the privacy policies and/or practices of these third party services, and you are responsible for reading and understanding those third party services’ privacy policies.

Embedded Content

Articles on this site may include embedded content (e.g. videos, audio, texts, etc.). Embedded content from other websites behaves in the exact same way as if you had visited the other site. See Third Party Links.

These websites may collect personal information, use cookies, embed third party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

The following paragraph is only true if you enable the consent wrappers theme option.

In order to prevent this, embedded contents are quarantined until you deliberately click on them. Your access of these embedded contents is entirely optional. This is an informed action of your own volition. We are not responsible for the privacy policies and/or practices of these third party services, and you are responsible for reading and under­standing those third party services’ privacy policies.

Third Party Links

Our website may contain links to third party websites for convenience. When you open a link to those third party websites, you are subject to the terms of these third party websites, including any Privacy Policy. We are not responsible for, nor do we control, the content, products, or services provided by any linked third party website. The access, use, and reliance upon these third party websites is entirely at your own risk. We are not liable for any loss or damage caused by those websites.

Cookies

Cookies are small pieces of data stored as text files on your device when websites are loaded in a browser. They are widely used to "remember" you and your preferences, either for a single visit ("session cookies") or multiple visits ("persistent cookies"). We use them to enhance your experience and to perform essential functions, such as registering an account and remain logged in.

Types of cookies:

  • Essential: These cookies are necessary to perform basic functions and operate certain features. This includes authentication for registered users, storing preferences across pages and visits, and ensuring our services run properly.
  • Analytics/Performance: These cookies allow us to evaluate how users interact with our website, including which pages are visited most, how long they stay, and other statistics. We use these statistics to improve our systems and content.

[fictioneer_cookie_buttons]

Web Storage

Web Storage files work similar to cookies, except that the stored data is not sent to the server when you load the site. We use them to store data not required to deliver the site, such as your bookmarks and custom settings. Until you deliberately use features that require storage, these files are either empty or contain anonymous default values.

Log Files

Our website’s host (HOST NAME) follows a standard procedure of using log files, which is beyond our control. All hosting companies do this. Please read their privacy policy for more information.

The information collected include IP addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring/exit pages, bytes served, errors, and possibly the number of clicks. The purpose of this is for administering services and sites, handling errors, analyzing trends, and more.

Your Rights

Depending on your geographical location and jurisdiction, you have certain rights regarding your personal information granted by data protection laws, such as the European General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA). Please refer to the respective legal texts for more comprehensive details. If you would like to exercise your rights, please follow the instructions listed under Contact.

  • Access: You have the right to request copies of your personal information. We may charge you a small fee for this service.
  • Rectification: You have the right to request the correction of inaccurate or incomplete information.
  • Erasure: You have the right to request that we erase your personal information, under certain conditions.
  • Restriction: You have the right to restrict the processing of your personal information, under certain conditions.
  • Objection: You have the right to object our processing of your personal information, under certain conditions.
  • Portability: You have the right to request the transfer of your personal information to another organization or directly to you, under certain conditions. We may charge you a small fee for this service.
  • You will not receive discriminatory treatment for exercising your rights.

Children Under 13

This website is not intended for children under the age of 13. We do not knowingly collect any personal information from this age group. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Changes to our Privacy Policy

We may change our Privacy Policy from time to time, although changes are likely to be minor. However, we will not reduce your rights. You are encouraged to frequently check this page for any changes, summarized under Updates. In the event of larger changes, we will provide an additional notice. Further use of our website after a change to our Privacy Policy will be subject to the updated policy.

Contact

If you make a privacy-related request to privacy@website.com, we got one month to respond to you. We are allowed to take measures to protect ourselves and our visitors from fraudulent requests, such as demanding a proof of identity or ownership of the requested information. Please note that if you cannot provide either, we have to err on the safe side and decline your request.

Instead of exposing an email address here for bots to find, you can also use the [fictioneer_contact_form email="Email Address (optional)" name="Your name (optional)" text_1="Topic (optional)" title="Privacy Policy Contact Form" privacy_policy="1"] shortcode to display a contact form.

Updates

If you make updates, list them here with the date.