Privacy Policy

This privacy policy outlines what personal information is collected and stored by Curious Daydreams, how and why it is collected and what security measures are in place to protect your data.

Last updated: 06/05/2020

Website details

My website address is: https://curiousdaydreams.com. The website is managed by myself (Anstice Brown). You can contact me at
dustingthesoul@gmail.com if you have any concerns or questions about your data.

Your privacy is extremely important to me and I only collect your personal data when you give your permission for me to do so. It is never used for marketing purposes or shared with third-parties without your explicit consent.

Why your data is collected

  • To ensure that you are a real person and not a spam bot.
  • So that I can contact you regarding a comment you have left or contact form that you have filled in.
  • To allow me to easily find your blog so that I can visit and leave a comment.
  • To allow you to sign in quickly and easily if you want to leave a comment.
  • To allow me to analyze how much traffic I am getting to my blog and which posts are more popular.
  • So that I can view, manage and process review requests.

How I comply with privacy legislation

Curious Daydreams complies with the new General Data Protection Regulations (GDPR) which apply to any organisation that is processing (obtaining, recording, storing, updating, sharing) personal information as part of an enterprise.

This website also complies with the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act, which outline rules about marketing, cookies, data security and privacy.

Here are some of the things I do to comply with this legislation and ensure your privacy:

  • I outline what data is collected, why it is collected and what it is used for in this privacy policy.
  • When I collect data from comments or contact forms, a privacy notice is displayed and you are required to tick a box to confirm that you are giving permission for your data to be stored.
  • You can request to withdraw your consent, access your personal data or have it deleted at any time.
  • Every plugin that collects personal data is GDPR compliant and able to export, provide and erase that data upon request.
  • I display the EU cookie law consent banner which means you must click ‚Äėaccept‚Äô to allow cookies to be stored.
  • I ensure the security of your data.
  • I erase data I no longer need.

What personal data is collected

Comments

When visitors leave comments on the site I collect the data shown in the comments form. Askimet anti-spam plugin collects the commenter’s IP address, browser user agent string, referrer, and site URL purely for the purposes of spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Before you submit your comment, you are prompted to tick the box to give your consent to this data being stored.

Comment Likes (Jetpack)

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a comment like, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment. If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.

Activity Tracked: Comment likes.

Post and Page Likes (Jetpack)

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.

Activity Tracked: Post likes.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact Forms (Ninja Forms)

When you fill in the contact form, your name and email address are stored by a plugin called Ninja Forms. You are prompted to tick a box to confirm that you agree to your personal information being stored and processed by Anstice Brown.

This data is collected so that I can respond to your query. It is kept for a maximum of six months, after which it is deleted. It is not used for any marketing purposes.

Subscriptions (Jetpack)

When you fill out the form to subscribe by email, your email address and ID of the post or comment is collected by a plugin called Jetpack.

Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data is used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, WordPress will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, WordPress also sets up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select ‚ÄúRemember Me‚ÄĚ, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

WordPress.com secure sign-on

This feature is only accessible to registered users of the site with WordPress.com accounts.

Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.

Data Synced (?): The user ID and role of any user who successfully signed in via this feature.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Page views (Jetpack and Google Analytics)

Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.

Analytics (Jetpack and Google Analytics)

When you visit this website, your IP address is collected by Google Analytics and Jetpack. It is used to track new and return visits to my site and provide me with anonymous traffic data. I am not able to see your location or any personal details about you.

Data Used:¬†IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.¬†Important:¬†The site owner does¬†not¬†have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs ‚ÄĒ containing visitor IP addresses and WordPress.com usernames (if available) ‚ÄĒ are retained by¬†Automattic¬†for 28 days and are used for the sole purpose of powering this feature.

Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honored.

How Google Analytics Collects Data

Google Analytics Data Privacy and Security Info

Failed Login Attempts

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

Sharing (Askimet)

Data Used: When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content. This content will be sent to Akismet (also owned by Automattic) so that a spam check can be performed. Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy here.

What happens to your data

Where I send your data and who I share it with

Visitor comments may be checked through an automated spam detection service. When you leave a comment, your name and any links you share e.g. to your Gravatar profile or blog, are visible to other visitors.

Your data is never sold or traded to third parties for marketing purposes, but your comment information may be shared with plugins such as Akismet anti-spam, Jetpack and Google Analytics for the purposes of spam detection and website performance analysis.

How long I retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

What rights you have over your data

If you have left comments on this site, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Please email me at dustingthesoul@gmail.com if you wish to do so.

How I protect your data and privacy

  • This website has an SSL certificate (https) and in most browsers, you will see the padlock symbol in the address bar. This means that all communications between your browser and this website are securely encrypted.
  • My web host carries out 24/7 security monitoring.
  • I use the security plugin¬†Wordfence¬†to protect my blog from hacks and malware.
  • I use anti-virus software and a strong password on my personal computer.
  • I use strong passwords on my web hosting and email accounts.
  • I keep all my plugins up-to-date and delete ones I no longer use.
  • If there is a data breach, all those affected will be notified immediately.