Privacy Policy


Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.

What data does this store collect about me?

Start by “self-testing” your own store and noting of all the fields (required or optional) where customers are prompted to enter information or make selections. Note the obvious personal data like name and address, along with anything else you collect from them when they check out or become a registered user on your site.

Next, look at the less explicit tools, like cookies or analytics, that your site uses. Examine what plugins you have installed and review their privacy information.Does a plugin send data outside the country or perhaps the European Union? That’s another thing you’ll need to disclose to customers.

Take advantage of the new tools in WordPress to see privacy updates from active plugins: starting with WordPress 4.9.6, plugins can register privacy information with WordPress itself, and you’ll see that information a special box near the editor when you are editing your privacy policy page in wp-admin. WordPress itself will also provide information on the information it collects from visitors to your site, like comments and cookies.

The new privacy information box makes it possible to copy and paste privacy information from WordPress and plugins directly into your privacy policy, where you can edit it to the particulars of your store. However, since much depends on the specific settings you use and how plugins interact with one another, you’ll want to review and edit that text to make sure it’s right for your store.

If a plugin doesn’t provide privacy information you can visit the developer’s website or contact them directly and ask them about what data their plugin collects from visitors to your site, if any, and what they do with it.

What does this store do with my data and why?

After you know what you’re collecting, you’ll need to note why you’re collecting it.

Explanations for much of the data you collect are simple: you need their address to ship them a product, or you need their email address to update them on their order status.

If you’re collecting any personal data that you don’t actually need to fulfill an order, you’ll want to explain why to your customer and give them a means to opt out of that sort of “processing” (see “Checkboxes aren’t the only way” below).

Who does this store share my data with?

Here, a bit of sleuthing is involved — you’ll want to review how they data you collect is used. A few types of plugins are more likely to share data:

  • Payment gateways often share data with the payment provider to process the payment.
  • Shipping extensions often share data with shipping providers to calculate shipping rates or print shipping labels.
  • Marketing and analytics extensions often share data to add customers to lists or analyze their behavior.

Essentially, if a plugin connects to an external service, they’re likely sharing some type of data with that service. You’ll want to review the privacy policies of these services to make sure they align with your privacy priorities.  

How long does this store keep my data?

There are lots of reasons to retain records, including if a charge is disputed by a customer, for tax audition, or for other legal concerns. While laws like the GDPR have “right to erasure,” you are not required erase records you need for these other aspects of your business.

That said, your privacy policy, alongside your terms and conditions page, should make it clear to customers how long you retain their personal data and why.

How can I access, update, or delete the collected data?

In addition to knowing what you’re doing with personal data, customers need to know how they can update their data, including:

  • Getting a copy of their data
  • Updating their data
  • Deleting their data

Your privacy policy should give customers clear instructions on how to reach you or your designated privacy person with these of requests. If you allow your customers to edit some of their own information, for example under My Account, you can mention that here as well.

Checkboxes aren’t the only way

Under the GDPR, there are multiple legal approaches to handling personal data. Your privacy policy should state under which basis you are doing each kind of processing of personal data. The ones most applicable to eCommerce sites include:

  • Consent: The user explicitly gives their consent to a specific kind of processing of their personal data (e.g., consent to participate in market research performed by a third party).
  • Contractual necessity: The processing of the personal data is required to fulfill a contract (e.g., ship their order).
  • Compliance with legal obligations: The processing of the personal data is required for legal reasons (e.g., a VAT Tax ID).
  • Legitimate interests: The processing of the personal data is a legitimate, expected behavior of a business (e.g., follow up emails after they’ve placed their order with other products they may be interested in).

Compare Products
No products were added to compare list
Return to Shop
0 customer review
0 customer review
0 customer review
0 customer review
0 customer review
0 customer review
0 customer review
0 customer review
  • No products in the cart.