The Family Patch understands that your privacy is important to you and that you care about how your personal data is used and shared online. I respect and value the privacy of everyone who visits this website, https://www.thefamilypatch.com (“My Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with the General Data Protection Regulation (GDPR).
Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
|“Cookie”||means a small text file placed on your computer or device by My Site when you visit certain parts of My Site and/or when you use certain features of My Site. Details of the Cookies used by My Site are set out below;|
|“Cookie Law”||means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;|
|“personal data”||means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via My Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and|
|“I/Me/My”||means The Family Patch, a personal blog written by Amanda Shortman.|
Who I am
My website address is: https://www.thefamilypatch.com.
My Site is a personal blog run by Amanda Shortman, who is registered as a Data Controller with the Information Commissioner’s Office (ICO) with the registration number ZA305557.
what is personal data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers (e.g. your IP Address).
What rights you have over your data
Under the GDPR, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This is known as a “subject access request”.
Your request to erase personal data I hold about you does not include any data I am obliged to keep for administrative, legal, or security purposes.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about My use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
What personal data I collect and why I collect it
Under the GDPR, I must always have a lawful basis for using personal data. This may be because: the data is necessary for My performance of a contract with you; because you have consented to My use of your personal data; or because it is in My legitimate business interests to use it. Your personal data may be used for the following purposes:
- Communicating with you. This may include responding to comments from you.
- Supplying you with information by email that you have opted-in to (this currently applies only to subscriptions to blog posts by email, which you can unsubscribe from at any time).
- Analysing your use of My Site to enable me to continually improve My Site and your user experience.
The personal data I collect is listed in the sections below.
When visitors leave comments on the site I collect the data shown in the comments form (name, email address, and website URL), and also the visitor’s IP address and browser user agent string to help spam detection.
Comments, along with the visitor’s name, are displayed publicly on the blog. I may respond to some comments via the email address given.
As with comments, when visitors use the contact form on the site I collect the data shown in the contact form (name, email address, and website URL), and also the visitor’s IP address and browser user agent string to help spam detection. The contact form is created using the Jetpack plugin, whilst spam detection is run by Akismet, both of which are owned by Automattic.
The actual submission data is stored in the database of Our Site and is emailed directly to Amanda Shortman. This email will include the submitter’s IP address, timestamp, name, email address, website, and message.
If you leave a comment on My Site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
My Site also uses the following plugins and third-party systems:
- Akismet (an anti-spam plugin provided by Automattic) for the purpose of automatically capturing spam comments.
- Google Analytics (provided by Google) for the purpose of monitoring user demographics. You can find out more about Google Analytics Cookie Usage on Websites here
If you do not wish for My Site to place Cookies on your device, you can disable Cookies within your browser. I have provided links to tutorials for disabling Cookies on the major browsers below:
Embedded content from other websites
Articles on My Site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How and Where I Store or Transfer your Personal Data
Your personal data is stored upon My Site’s database, which is hosted on a UK based server. If you leave a comment or fill in the contact form, it will be shared to Amanda Shortman’s Gmail account. Visitor demographics will be shared with the Jetpack and Askimet plugins (owned by Automattic) and Google Analytics.
How long I retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
If you use the contact form, your message and contact details will be kept for as long as is deemed necessary. I will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. The following factors will be used to determine how long it is kept:
- the potential for ongoing or future work with you
- business needs that require documentation to be retained
Data collected and stored for the purpose of analytics will be stored for the lifetime of this website.
Where I send your data
Visitor comments are checked through an automated spam detection service (Akismet). Analytics are collected by Jetpack. Emails are sent to Gmail.
How i protect your data
In order to keep your data as safe as possible, I use secure passwords to access any place your data may be stored. My laptop and mobile phone are also both password protected.
Within WordPress itself, I have a security plugin installed (Wordfence), which informs me of any potential risks to security, including any attempts to log into WordPress.
What data breach procedures i have in place
In the event of a breach, I will implement the following procedure:
- Change all passwords immediately and ensure security is restored
- Carry out a complete audit to investigate the breach and how it impacts the personal data I hold
- Implement any further security measures highlighted by the audit
- Create a report about the breach and steps taken, and inform the ICO within 72 hours of the breach
- Follow any guidance provided by the ICO
my contact information
To contact me about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
I may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if I change My Business in a way that affects personal data protection.