Who we are
In this section it is necessary to report the URL of the site, as well as the name of the company, organization or individual behind it and some accurate contact information.
The amount of information that may be required for the presentation will vary based on local or national company regulations. For example, it may be mandatory to display a physical address, a registered address or the company registration number.
Suggested text: The address of our website is: https://automatesrl.it.
What personal data we collect and why we collect it
In this section you should note which personal data you collect from users and site visitors. This could include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information on cookies.
You should also take note of the collection and storage of sensitive personal data, such as health data.
In addition to listing the personal data you collect, you must motivate them to collect them. These explanations must consider both the legal basis for collecting and storing the data and the active consent that the user has provided.
Personal data is not created only by user interactions with your site. Personal data is also generated by technical processes such as contact forms, comments, cookies, statistics and third-party incorporations.
By default WordPress does not collect personal data on visitors and only collects data shown on the User Profile screen by registered users. However, some plugins may collect personal data. You should add the relevant information below.
Comments
In this subsection you should report what information is taken through the comments. We have taken note of the data collected by WordPress by default.
Suggested text: When visitors leave comments on the site, we collect the data shown in the comments form in addition to the visitor's IP address and the browser user agent string to facilitate spam detection.
An anonymized string created from your email address (also known as a hash) can be provided to the Gravatar service to see if you are using it. The privacy policy of the Gravatar service is available here: https://automattic.com/privacy/. After your comment is approved, your profile picture is visible to the public in the context of your comment.
Average
In this subsection you should note which information could be disclosed by users who can upload media files. All uploaded files are usually publicly accessible.
Suggested text: If you upload images to the website, you should avoid uploading images that include embedded position data (EXIF GPS). Website visitors can download and extract any location data from the images on the website.
Contact form
By default, WordPress does not include a contact form. If you use a plugin for the contact form, use this subsection to describe which personal data is acquired when someone submits a contact form and how long it is kept. For example, it is possible to report that contact form submissions are kept for a certain period for customer service purposes, but the information sent through them is not used for marketing purposes.
Cookie
In this subsection you should list the cookies used by your website, including those set by your plugins, social media and statistics. We have provided cookies that WordPress installs by default.
Suggested text: If you leave a comment on our site, you can choose to save your name, email address and website in cookies. They are used for your convenience so you don't have to enter your details again when you leave another comment. These cookies will last for one year.
If you have an account and access this site, a temporary cookie will be set to determine if your browser accepts cookies. This cookie does not contain personal data and is deleted when you close the browser.
When you log in, different cookies will be set to save your login information and screen viewing options. Login cookies last two days while cookies for screen options last a year. If you select "Remember Me", your access will persist for two weeks. If you log out of your account, login cookies will be removed.
If you modify or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data, but simply indicates the ID of the article just modified. Expires after 1 day.
Content embedded from other websites
Suggested text: Articles on this site may include embedded content (such as videos, images, articles, etc.). The contents incorporated by other websites behave in exactly the same way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, integrate additional third-party tracking and monitor interaction with them, including tracking your interaction with embedded content if you have an account and are connected to those websites.
Analytics
In this subsection you should note which analytical packages you use, how users can exit analytical tracking, and a link to the privacy policy of your analytics providers, if any.
By default WordPress does not collect statistical data. However, many Web hosting accounts collect anonymous statistical data. You may also have installed a WordPress plugin that provides analysis services. In that case, add information from that plugin here.
With whom we share your data
In this section you should name and list all third-party providers with whom you share site data, including partners, cloud-based services, payment systems and third-party service providers, and report what data you share with them and why. Add a link to their privacy policies, if possible.
By default, WordPress does not share any personal data with anyone.
How long we keep your data
In this section you should explain how long you keep personal data collected or processed by the website. Although it is your responsibility to describe how long you keep each data set and why you keep it, this information must be listed here. For example, you might want to say that you keep contact form entries for six months, one-year statistics records and customer purchase records for ten years.
Suggested text: If you leave a comment, the comment and its metadata are kept indefinitely. This is how we can automatically recognize and approve any subsequent comments instead of keeping them in a moderation queue.
For users who register on our website (if any), we also store the personal information they provide in their user profile. All users can view, change or delete their personal information at any time (except their username that they cannot change). Website administrators can also view and modify this information.
What rights you have on your data
In this section you should indicate what rights your users have in managing their data and how they can exercise it
Suggested text: If you have an account on this site, or have left comments, you can request to receive a file exported from the site with the personal information we have about you, including the data you provided. You can also request that we delete all personal data about you. This does not include the data we are obliged to keep for administrative, legal or security purposes.
Where we send your data
In this section you should list all data transfers of the site outside the European Union and describe how the data is safeguarded according to European data protection standards. This could include your web hosting, cloud storage or other third-party services.
European data protection legislation requires that data concerning European residents transferred outside the European Union be protected to the same standards as if the data were in Europe. So in addition to listing where data is moved, you should describe how you are assured that these standards are met by you or your third-party vendors, either through an agreement like the Privacy Shield, clauses in your contracts or binding business rules .
Suggested text: Visitor comments can be checked through an automatic spam detection service.
Your contact information
In this section you should report a contact method for privacy issues. If you need a Data Protection Officer (DPO), list their name and full contact details here.
Additional information
If you use your site for commercial purposes and engage in more complex collection or processing of personal data, you should take note of the following information in your privacy policy in addition to the information we have already discussed.
How we protect your data
In this section you should explain what steps you have taken to protect your users' data. This could include technical measures such as encryption; security measures such as two-factor authentication; and measures such as training staff on data protection. Here you can also mention if you have made a privacy impact assessment.
What procedures we have set up to prevent data breaches
In this section, you should explain what procedures you will implement in the event of a data breach, be it potential or real, such as internal reporting systems, automatic contacting or bug hunters.
From which third parties we receive data
If your website receives data about users from third parties, including advertisers, this information must be included in the section of your privacy policy that deals with third-party data.
What automated decision making process and / or profiling we do with user data
If your website provides a service that includes automatic decision making, for example allowing customers to request credit, or aggregate their data in an advertising profile - you should note that this is happening, and includes information about how that information is used, what decisions are made with those aggregated data, and what rights users have over decisions made without human intervention.
Regulatory information requirements of the sector
If you are a member of a regulated industry, or if you are subject to additional privacy laws, you may be asked to disclose this information here.