[wp-trac] [WordPress Trac] #43473: Add default text for a privacy policy
WordPress Trac
noreply at wordpress.org
Thu Apr 26 15:05:31 UTC 2018
#43473: Add default text for a privacy policy
------------------------------+-----------------------
Reporter: azaozz | Owner: idea15
Type: enhancement | Status: assigned
Priority: normal | Milestone: 4.9.6
Component: General | Version:
Severity: normal | Resolution:
Keywords: gdpr needs-patch | Focuses:
------------------------------+-----------------------
Comment (by azaozz):
Replying to [comment:21 idea15]:
This is a pretty good tutorial on how to write a privacy policy :)
> The user should be able to choose from the the following available
headings:
I was imagining the "default policy text" to be something that covers the
default WordPress installation. I.e. if I install WP and don't add any
plugins or themes that use personal data, this text should be pretty much
all I need for the privacy policy.
In that terms the default text should be something like:
> * Who we are
[Site URL.]
> * What personal data we collect and why we collect it
> * Their own manually input information
> * WP: Contact forms
> * WP: Cookies
None of the above.
> * WP: Comments
Only applies to visitors that leave comments on the site. We collect the
data shown in the comments form, and also the visitor's IP address and
browser user agent string to help spam detection.
> * WP: Third party embeds
There can be unlimited number of embeds. Needs text that "covers" all up
to a certain level. All embeds are `Pieces from other websites that are
shown on our website. They behave in the exact same way as if the visitor
has visited the other site.`.
> * Analytics
None by default. Can mention GA and wp.com/Jetpack as common analytics
services.
> * Who we share your data with
Nobody.
> * How long we retain your data
For visitors that leave comments: indefinitely. This is so we can
recognize and approve any follow-up comments automatically instead of
holding them in a moderation queue.
For users that register on the site (if any), we also store the data they
provide in their profile. All registered users can see, change or delete
most of that data at any time except their login name/nickname.
> * What rights you have over your data
If you are a registered user or have left comments on our site you can
request to see or download the data we have about you. Typically for
visitors that have left comments that will be their email address, any IP
addresses assigned to them at the time of leaving the comments and the
browser user agent strings of the browsers they used. The rest of the data
is public as published by the visitors.
You can also request "to be forgotten" and we will erase any personally
identifiable data we have about you, typically a year after it was
published. Of course this excludes data we need for administrative or
security purposes or if we are required by law to retain some of the data.
> * Where we send your data
For visitors that leave comments we may send the data to a spam detection
service.
> * Your contact information
[contact form URL?]
> * How we protect your data
All access to sensitive areas of our site is password protected.
> * What data breach procedures we have in place
If our site is compromised we will do our best to establish if any
personal data was accessed and inform the affected users.
> * What third parties we receive data from
None.
> * What automated decision making and/or profiling we do with user data
For users that leave comments we may send the comment data to a spam
detection service. We don't do anything else for any users.
> * Any industry regulatory disclosure requirements
Are there any we can add by default?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43473#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list