Who we are
You should notice in this chapter your website URL, the name of the business, organization or person behind it, and some precise contact data.
Depending on your local or national business regulations, the quantity of data you may need to demonstrate will differ. For instance, you may need to show a physical address, registered address, or registration number of your business.
Suggested text: Our website address is: https://cosmeticplanetpro.com.
What private information we obtain and why we receive it
You should note in this chapter what private information you are collecting from customers and visitors to the site. This may include private data such as name, email address, preferences of personal account; transactional data such as purchase information; and technical data such as cookie information.
Any collection and retention of sensitive personal data such as health data should also be noted.
You need to remember why you gather it in relation to listing what private information you gather. These explanations must either note the legal foundation for collecting and retaining your information or the user’s active approval.
Not only is personal information generated by the relationships of a user with your site. Personal data is also produced from technical procedures such as forms of contact, comments, cookies, analytics, and embedding by third parties.
By default, WordPress gathers no private visitor information and only gathers information from registered clients displayed on the User Profile screen. Some of your plugins, however, may obtain private information. The appropriate data should be added below.
You should notice what data is captured by a comment in this subsection. We observed the information collected by WordPress by default.
Suggested text: When tourists leave remarks on the site, the information shown in the comment form will be collected, as well as the IP address of the visitor and the string of browser user agents to assist detect spam.
You should notice in this subsection what data consumers who can upload media files can disclose. All files uploaded are generally open to the public.
Suggested text: You should prevent uploading pictures with integrated location information (EXIF GPS) when uploading pictures to the website. Website visitors can download and extract from pictures on the website any location information.
By default, a contact form is not included in WordPress. Use this subsection if you use a contact form plugin to remember what private information will be captured when someone submits a contact form and how long you will maintain it. For example, you may note that for customer service purposes you keep contact form submissions for a certain period, but you do not use the information submitted for marketing purposes through them.
You should list the cookies that your website utilizes, including those set by your plugins, social media, and analytics, in this subsection. We have given the cookies installed by default by WordPress.
Suggested text: You may opt-in to save your name, email address and website in cookies if you leave a comment on our page. These are for your convenience so when you leave another comment, you don’t have to fill in your information again. These cookies are going to last for a year.
We will set a temporary cookie when you visit our login page to determine whether your browser accepts cookies. This cookie does not contain any private information and will be discarded when your browser is closed.
We will also set up several cookies when you log in to save your login information and display decisions on your screen. Login cookies last two days, and cookies last one year for display choices.
An extra cookie will be saved in your browser if you edit or publish an article. This cookie does not contain any personal data and simply displays the post ID of the article you have just edited. After 1 day, it expires.
Embedded content from other websites
Suggested text: Embedded content (e.g. videos, pictures, articles, etc.) may be included on this site. Embedded content from other websites acts as if the visitor had visited the other website in exactly the same way.
WordPress does not obtain analytics information by default. However, some anonymous analytics information is collected by many web hosting accounts. A WordPress plugin that offers analytics facilities may also have been mounted. Add data from this plugin here in that situation.
Who we share your data with
This section should list and name all third-party service providers that you share data about and why with, including partners, cloud services, payment processors and third-party service providers. If feasible, link to your own privacy policies.
By default, no private information is shared by WordPress with anyone.
How long we retain your data
You should clarify in this chapter how long you maintain private information that the website collects or processes. While it is your duty to come up with the timetable of how long and why you maintain each dataset, this data needs to be listed here. You might want to say, for example, that you keep six-month contact form entries, one-year analytics records, and ten-year customer purchase records.
Suggested text: The comment and its metadata will be retained indefinitely if you leave a comment. This is so that we can automatically acknowledge and approve any follow-up remarks rather than hold them in a restraint queue.
We also store the private data they provide in their customer profile for customers who register on our website (if any). All consumers at any time can see, edit, or delete their private data (unless they can modify their username). Administrators of websites can also view and edit this data.
What rights you have over your data
You should clarify in this chapter what privileges your consumers have over their information and how those rights can be invoked.
Suggested text: If you have an account on this website or have any remarks left, you may request the receipt of an exported file of the private information that we hold about you, including any information that you supplied. You can also ask us to erase any private information about you that we hold. This does not include any information for administrative, legal or safety reasons that we are required to maintain.
Where we send your data
In this chapter, you should list all transfers of your website information outside the European Union and explain how this information is protected in accordance with European data protection norms. This may include your internet hosting, cloud storage, or other services provided by third parties.
European data protection law requires data concerning European residents transferred outside the European Union to be protected in accordance with the same standards as if the data were in Europe. Therefore, in relation to listing where information goes, you should explain how to guarantee that these requirements are met either by yourself or by your third party suppliers, whether through an arrangement such as Privacy Shield, model clauses in your agreements, or binding corporate regulations.
Suggested text: Comments of visitors can be verified via an automated spam detection service.
Your contact information
You should provide a contact technique for specific privacy issues in this chapter. If you need a Data Protection Officer, please also list your name and full contact information here.
How we protect your data
You should clarify in this chapter what steps you have taken to safeguard the information of your customers. This could include technical measures such as encryption; safety measures such as authentication of two factors; and measures such as data protection training for employees. You can also mention it here if you have performed a Privacy Impact Assessment.
What data breach procedures we have in place
You should clarify in this chapter which processes you have in place to address information breaches, either potential or actual, such as inner reporting schemes, contact mechanisms, or bug bounties.
What third parties we receive data from
What are user data for automated decisions and/or profiling?
If your website offers an automated decision-making service. Or, for instance, enabling loan applications for clients. Or aggregate their information into a profile of advertisements. You must note that this is happening and include data on how this data is being used. What choices are produced with this aggregated information, and what rights consumers have to make without human intervention choices.
Industry regulatory disclosure requirements
If you’re a controlled sector member. Or you may be needed to disclose that data here if you are subject to extra privacy laws.