Last updated: May 25, 2018
We value your privacy and strive to protect your personal information. Please read this Policy to understand what types of information we collect from you, for what purposes and what choices you have regarding our collection of your information.
In plain language, regulations such as GDPR define the following roles, rights, and responsibilities:
Data Subject – this is you, the end user.
Data Controller – this is us, the WordPress Association as the owners and operators of wordpress.org and its sub-sites.
Data Processor – any other organization that processes personal data on behalf of the Data Controller.
Rights of the Data Subject
Right to be Informed – A data subject has the right to know whether personal information is being processed; where; and for what purpose.
This information is outlined in the section below titled “Information We Collect About You” and “How we Use Your Information”.
Right to Access – A data subject has a right to access the information about them that is stored by the Data Controller.
This information is outlined in the section below titled “Information We Collect About You” and “How we Use Your Information”.
Right to Rectification – A data subject has the right to correct any errors in the data about them. This can be done by editing your user account, or contacting us directly.
Right to Restrict Processing – A data subject has the right to request that data not be processed, and yet also not be deleted by the Data Controller.
Right to Object – A data subject has the right to opt out of marketing, processing based on legitimate interest, or processing for research or statistical purposes.
Right to be Forgotten – Also known as the right to revoke consent, the right to be forgotten states that a data subject has the right to request erasure of data, the cessation of processing by the controller, and halting processing of the data by third party processors.
The conditions for this include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent.
It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
This information is outlined in the sections below titled “Accessing and Correcting Your Information”.
Data Portability – A data subject has the right to receive a copy of their data in a ‘commonly used and machine readable format.’
This information is outlined in the sections below titled “Your Choices About Use and Disclosure of Your Information” and “Accessing and Correcting Your Information”.
Responsibilities of the Data Controller and Data Processors
Privacy by Design – ‘The controller shall..implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects’. Article 23 of the GDPR calls for controllers to hold and process only the data absolutely necessary for the completion of its duties, as well as limit the access to personal data to those who need it to carry out these duties.
Breach Notification – The Data Controller must notify the appropriate data processing authority and any affected end user of any breach that might result in ‘risk to the rights and freedoms of individuals’ within 72 hours of becoming aware of the breach.
A Data Processor must notify the Data Controller of any breach ‘without undue delay.’
Data protection officer – A Data Controller or Processor must appoint a Data Protection Officer when: a Data Controller represents a public authority; or the core operations of the Controller require regular and systematic monitoring of Subjects on a large scale; or when the Controller’s core operations depend on processing a large scale of special categories of data (including but not limited to health data, criminal conviction information, etc).
The core operations for our website do not require us to establish a Data Protection Officer.
Information We Collect About You
We collect several types of information from and about you, including:
1. Your email address, name, and password (for any membership-based offerings, or if we provide an affiliate program). We treat this information as “Personally Identifiable Information” or “PII”. We never store passwords in plain text format, only secure password hashes.
2. Non-personally identifiable information, such as demographic information about you, information about your computer system or device, your preferences, your online activity, and your location information (“Non-Personally Identifiable Information” a “Non-PII”). Non-PII, by itself, does not identify you, but it can be combined with other information in way that allows you to be identified. If this happens, we will treat the combined information as PII.
We may collect information from or about you in the following ways:
Information Provided by You. We collect information provided by you when you (1) purchase products from us; (2) communicate with us or request information about or from us by e-mail or other means; (3) fill out forms or fields on this Website; (4) sign-up for any of our newsletters, materials or our services on this Website or other sites; or (5) participate in our online surveys or questionnaires.
Automatic Information Collection. We also use automatic data collection technologies to collect and store certain information about your equipment, browsing actions and patterns when you interact with this Website through your computer or mobile device.
When you purchase a product from us, we will collect additional information about you, such as your name, address, etc. We treat this information as nonpublic, “Personally Identifiable Information” or “PII”.
All credit card transactions happen via PayPal. We do not store any credit card information you provide during purchase. We recommend that you review the privacy and security policies of Paypal to determine how they handle information they may collect from or about you.
We use a number of service providers to help us operate the site and provide high quality user experience to our visitors. Some of those providers can access Non-PII about you via automatic data collection technologies.
Automatic Information Collection Technologies
The information that we collect about your equipment, browsing actions and patterns includes, but is not limited to, traffic data, location data, logs, the resources that you access, search queries, as well as information about the computer or device you are using and the Internet connection, including your IP address, operating system and browser type.
This automatically collected information typically does not include PII, but we may maintain it or associate it with your personal information collected in other ways. Collection of this type of information helps us to improve this Website and to deliver a better and more personalized service by enabling us to, among other things: (1) estimate our audience size and usage patterns; (2) store information about your preferences, allowing us to customize this Website according to your individual interests; (3) speed up your searches; and (4) recognize you when you return to this Website.
The automatic collection technologies we or our service providers use for this automatic information collection may include:
Cookies (or browser cookies). This Website may use two types of cookies (small data files placed on the hard drive of your computer when you visit a website): a “session cookie,” which expires immediately when you end your browsing session and a “persistent cookie,” which stores information on your hard drive so when you end your browsing session and return to this website later, the cookie information is still available.
This Website and some of our electronic communications to you, may contain links to other websites that are owned and operated by third parties. Links to third parties from this Website are not an endorsement by us. We do not control, and are not responsible for, the privacy and security practices of these third parties. We recommend that you review the privacy and security policies of these third parties to determine how they handle information they may collect from or about you.
This Website may also include social media features, such as the Facebook Like button, Google Plus, Twitter widgets, and links to other platforms. These features may collect information about your IP address and the page you are visiting on this Website, and they may set a cookie to make sure the feature functions properly. Your interactions with these features and the information from or about you collected by them are governed by the privacy policies of the companies that provide them.
How We Use Your Information
We use your information, including any PII, to:
Provide information and services requested by you;
Provide customer support, including responding to your requests and questions and troubleshooting and resolving problems or complaints;
Verify the information you provide to us;
Communicate with you;
Understand and anticipate your use of or interest in, our services, and content, and the products, services, and content offered by others;
Develop and display products, services, and content tailored to your interests on our websites and other websites;
Provide you with promotional materials and Newsletters in case you opt-in to receive those;
Measure the overall effectiveness of our online, content, and programming, and other activities;
Manage our business and operations;
Protect the security and integrity of this Website;
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
Use or post user contributions as permitted in our Terms of Service; and Fulfill any other purposes for which you provide your information and for any other purpose as described to you at the time your information is collected or for which your consent is given.
Disclosure of Your Information
We may disclose and share aggregated non-PII about you at our discretion.
We may disclose or share your PII only in limited circumstances:
Internally for support of our internal and business operations or to respond to a request made by you.
We may disclose information we collect from or about you when we believe disclosure is appropriate to comply with the law, to enforce agreements, or to protect the rights, property, or safety of users of this Website, the Association, or other persons or organizations.
We do not knowingly collect personal information from children under 16 without prior verifiable parental consent. If we learn that a child under the age of 16 has submitted personally identifiable information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others).
If you believe that a child under the age of 16 has provided us with personal information without verification of parental consent, please contact us through the contact method specified on this Website.
Your Choices About Use and Disclosure of Your Information
We strive to provide you with choices regarding our use of your personal information. Below are some mechanisms that provide you with control over your information:
Promotional and Informational e-mails. We do not send any promotional or informational emails without your opt-in first. If you do not wish to receive promotional e-mails from us, follow the unsubscribe process at the bottom of the promotional e-mail.
Note that even if you opt-out, you may still receive transactional e-mails from us (e.g., e-mails related to the completion of your registration, abandoned cart reminders, correction of user data, password reset requests, notification/alert/reminder e-mails that you have requested, and any other similar communications essential to your transactions on this Website).
Accessing and Correcting Your Information
The appropriate method(s) for accessing your information, if any, will depend on which of our websites and services you have visited or used. Depending on the website and service, you may have the ability to view or edit some of your information online, by logging into the website and visiting your account profile page. If you remove information from your user profile, it will stay in backups on our servers for 2 weeks, after which it will be completely removed.
To request access to, correct, or delete any personal information that you have provided to us you may contact us at any time.
We cannot delete your personal information except by also deleting any accounts you may have. We also may not accommodate a request to change or delete information if we believe the change would violate any law or legal requirements, be contrary to our Terms of Service or any other applicable agreement between you and us, or cause the information to be incorrect.
Upon deletion all private and personally identifying information from your profile will be deleted. The data will stay in backups on our servers for 2 weeks, after which it will be completely removed.
Once deleted, your account is gone and cannot be restored.
Protection of Your Information
We use reasonable security measures to protect your information collected through this Website. We do not store passwords in plain text format, only secure password hashes. However, no method of transmission or electronic storage is 100% safe, and we cannot guarantee absolute security. Therefore, your use of this Website is at your own risk and we do not promise or guarantee, and you should not expect, that your information will always and absolutely remain private and secure. We are not responsible for the circumvention of any privacy settings or security measures contained on or concerning this Website. You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse.
Visiting this Website from Outside the United States
Via postal mail:
2100 First Avenue South
Minneapolis, MN 55404