Privacy Policy

Who we are

Our website address is: https://penpaperpencil.net.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

If you contact us using our contact form or by email, we will keep your message and contact form indefinitely unless you request that it be deleted. We do not share this information with any third parties.

Cookies

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

The following are collected and used by WordPress for the purposes of analysing site traffic: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

We share your personal information with third parties such as WordPress only as specified in this policy.

We use PayPal or Stripe to complete payments when an order is made – you can read about PayPal’s privacy policy here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev and Stripe’s here: https://stripe.com/gb/privacy.

We use Mailchimp to manage your personal information including your name and email address if you have opted in to receiving our monthly newsletter. The Mailchimp privacy policy can be found here: https://mailchimp.com/legal/privacy/.

We may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username).

Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Fully encrypted backups are stored on WordPress servers.

Contact information

Please use the contact form if you wish to contact us about any privacy-specific concerns.

How we protect your data

We take the protection of your data seriously. We use industry standard encryption and password practices with our website and email.

What data breach procedures we have in place

In the unlikely event of a data breach where your information has been accessed we will notify you by email as soon as possible (within 7 days of our knowledge of a data breach).