Privacy Policy (As Stated by Automattic)

Hi there! This Privacy Notice explains how we, at Automattic, process information about the visitors of our users’ websites in connection with the services we provide through WordPress.com, Jetpack (including WooCommerce Services), IntenseDebate, Polldaddy.com, and Akismet. Read on!

Who’s Who and What This Privacy Notice Covers

Let’s talk first about who we are at Automattic, what we do, and what this Privacy Notice covers. We are the folks behind a variety of products and services designed to allow anyone–from bloggers, to small business owners, and enterprises–to create, publish, and manage their own websites:

  • WordPress.com offers the design, features, and support to bring a website to life.
  • With Jetpack, website owners that host their websites elsewhere can connect those websites to features and tools available through WordPress.com and WooCommerce Services.
  • Polldaddy helps site owners create quizzes, surveys, and polls that fit their brand and vision.
  • Intense Debate gives site owners tools to manage comments on their websites.
  • Akismet helps keep spam under control by filtering out spam comments–hundreds of millions, every day!

To keep things simple, in this Privacy Notice we’ll refer to the users of the services we provide through these products and services–such as a website’s administrator, contributor, author, or editor–as our “Users,” and we’ll refer to our Users’ websites as “Sites.” Visitors to those Sites can read published content and interact with the Sites through features such as comments, “likes,” poll/survey responses, and follows. We put together this Privacy Notice to help our Users understand the information we collect about their Site visitors (a/k/a our Users’ users), and how that happens on their Sites. Our Users are responsible for publishing a privacy policy on their Sites that explains to their visitors how data is collected via the Sites and how that information is used and disclosed. This Privacy Notice does not apply to the information we collect about Users and those who visit Automattic’s websites (like automattic.com, wordpress.com, jetpack.com, or akismet.com)–that’s covered in our Privacy Policy. Alright, with those introductions out of the way, let’s turn to how we collect, use, and share information about visitors to our Users’ Sites.

Information We Collect About Visitors to Our Users’ Sites

We collect information about visitors to our Users’ Sites in a few different ways–we collect certain information that the visitors provide to the Site, we collect some information automatically, and we collect any information that our Users provide to us about their visitors.

Information a Visitor Provides to a Site

We’ll start with information that visitors provide directly to a Site, which primarily happens when visitors type into a text field on a Site, like a comment field or a sign-up form. Our Users may also implement other ways to allow Site visitors to provide information directly through their Sites. Here are the most common ways in which a visitor directly provides information to a Site:

  • Follower and Subscriber Information: When a visitor signs up to follow or subscribe to a Site using Jetpack or WordPress.com, we collect the sign-up information requested by the Site, which typically includes an email address.
  • Site Comments: When a visitor leaves a comment on a Site, we collect that comment, and other information that the visitor provides along with the comment, such as the visitor’s name and email address.
  • PollDaddy Survey Responses: When a visitor completes a poll, quiz, or other type of survey prepared by a User via Polldaddy.com, we collect the visitor’s responses to those surveys, and other information that the survey owner requires for a poll/quiz/survey response, like an e-mail address.
  • Order and Shipment Information: If a visitor orders something (hooray!) from a Site using our store and ecommerce features available through WordPress.com or Jetpack (including WooCommerce Services), we may collect information to process that order, such as credit card and billing information, and an address for shipping the package along to the recipient and calculating applicable taxes. We may also use this information for other purposes on behalf of our Users–for example, to send marketing and other communications from our Users to their customers, and to provide our User with analytics information about their ecommerce site (e.g., the number of orders from particular geographic areas).
  • Other Information Entered on the Site: We may also collect other information that a visitor enters on the Site–such as a contact form submission, a search query, or Site registration.

Information We Automatically Collect from the Site

We also automatically collect some information about visitors to a Site. The information we automatically collect depends on which of our services the Site uses. We’ve listed examples below:

  • Technical Data from a Visitor’s Computer and Etcetera: We collect the information that web browsers, mobile devices, and servers typically make available about visitors to a Site, such as the IP address, browser type, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information.
  • Visitor Interactions: We collect information about a visitor’s interactions with a Site, including the “likes” and “ratings” left by visitors to a Site using WordPress.com or Jetpack.
  • Location Information: We may determine the approximate location of a visitor’s device from the IP address. We collect and use this information to, for example, tally for our Users how many people visit their Sites from certain geographic regions. If you’d like, you can read more about our Site Stats feature for WordPress.com sites and Jetpack sites.
  • Akismet Commenter Information: We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address…oh, and the comment itself, of course).
  • Polldaddy Response Information: We collect information about visitors who respond to a Polldaddy survey. The information that we collect typically includes IP address, browser type, operating system, user agent, and the web page last visited.
  • Intense Debate Commenter Information: We collect information about visitors who comment on Sites that use our Intense Debate service. The information that we collect depends on how the User sets up Intense Debate for the Site, but typically includes the IP address and account information on the Site, along with the comment.
  • Information from Cookies and Other Technologies: A cookie is a string of information that a Site stores on a visitor’s computer, and that the visitor’s browser provides to the Site each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on Sites. Automattic uses cookies and other technologies like pixel tags to help identify and track visitors and Site usage, and to deliver targeted ads when ads are enabled for free WordPress.com sites or when ads are enabled on a Site through WordAds or Jetpack Ads (see the “Other Tools” section below for more details). For more information about our use of cookies and other technologies for tracking, including how visitors can control the use of cookies, please see our Cookie Policy.

Other Information Provided by Our Users

We also collect any other information that our Users provide to us about visitors to their Sites. For example, a User may upload a directory or other information about Site visitors and customers to the “backend” administrative platform for managing the Site.

How We Use Visitor Information

We use information about Site visitors in order to provide our Services to our Users and their Sites. Our users may use our Services to, for example, create and manage their Site, sell products and services on their Site, flag and fight comments from spammers, and collect information through polls, quizzes and other surveys. In addition to the above, we use some information about Site visitors who are also our Users as described in our Privacy Policy. We may also use and share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify any individual. For instance, we may publish aggregate statistics about the use of our services.

How We Share Visitor Information

We may share information collected about Site visitors in the limited circumstances spelled out below:

  • Subsidiaries, Employees, and Independent Contractors: We may disclose Site visitor information to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our services to our Users and their Sites, or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Notice for information about visitors that we share with them.
  • Third Party Vendors: We may share Site visitor information with third party vendors who need to know this information in order to provide their services to us. This group includes vendors that help us provide our services to our Users and their Sites. We require vendors to agree to privacy commitments in order to share information with them.
  • Legal Requests: We may disclose Site visitor information in response to a subpoena, court order, or other governmental request. For more information on how we respond to requests for information, please see our Legal Guidelines.
  • To Protect Rights, Property, and Others: We may disclose Site visitor information when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Automattic, our Users, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Automattic goes out of business or enters bankruptcy, Site visitor information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Notice would continue to apply to Site visitor information and the party receiving this information may continue to use this information, but only consistent with this Privacy Notice.
  • Information Shared Publicly: Information that visitors choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like visitor comments and “likes” are all available to others, including information about the visitor that is displayed in connection with a comment or “like” (such as a visitor’s WordPress.com username and Gravatar). We provide a “firehose” stream of public data (including comments) from Sites to provide that data to firehose subscribers, who may view and analyze the content, but do not have rights to re-publish it publicly. Public information may also be indexed by search engines or used by third parties.

Other Tools

Our Users’ Sites may contain ads from third party ad networks and advertisers, and our Users may integrate other tools and services on their Sites (such as Google Analytics and third party plugins). Please note that this Privacy Notice only covers the collection of information by Automattic, and does not cover the collection by any third party. Ad networks and analytics providers may set tracking technologies (like cookies) to collect information about visitors’ use of a Site and across other websites and online services, such as a visitor’s IP address, web browser, mobile network information, pages viewed, time spent on pages, links clicked, and conversion information. This information may be used by those companies to, among other things, analyze and track usage, determine the popularity of certain content, and deliver advertisements that may be more targeted to visitor interests. For more information about how to manage and delete cookies, visit aboutcookies.org, and for more information on interest-based ads, including information about how visitors may be able to opt out of having their web browsing information used for behavioral advertising purposes, please visit aboutads.info/choices (US based) and youronlinechoices.eu (EU based).

Other Resources

You can read more about how our products and services operate on the links at the top of this notice. And we’d love it if you follow us on privacy.blog for more information about privacy and transparency at Automattic.

Who we are

Our website address is: https://lanesteen.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

By default WordPress does not collect any analytics data. However, many web hosting accounts collect some anonymous analytics data. You may also have installed a WordPress plugin that provides analytics services. In that case, add information from that plugin here.

Who we share your data with

In this section you should name and list all third party providers with whom you share site data, including partners, cloud-based services, payment processors, and third party service providers, and note what data you share with them and why. Link to their own privacy policies if possible.

By default WordPress does not share any personal data with anyone.

How long we retain your data

In this section you should explain how long you retain personal data collected or processed by the web site. While it is your responsibility to come up with the schedule of how long you keep each dataset for and why you keep it, that information does need to be listed here. For example, you may want to say that you keep contact form entries for six months, analytics records for a year, and customer purchase records for ten years.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

In this section you should explain what rights your users have over their data and how they can invoke those rights.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

 

In this section you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.

European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So in addition to listing where data goes, you should describe how you ensure that these standards are met either by yourself or by your third party providers, whether that is through an agreement such as Privacy Shield, model clauses in your contracts, or binding corporate rule

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements