who are we
In this section, you should list your site URL, the company, organization or individual hosting the site, and accurate contact information.

The amount of information required in this section will depend on the commercial regulations in your country. For example, you may be required to show your physical address, registered address or company registration number.

What and why we collect personal data
In this section you should list what personal data you collect from site users and visitors, this may include personal data such as name, email address, personal account settings, transactional data such as purchase information, cookies contained in information and other technical data.

You should also indicate how you collect and store sensitive personal data, such as health-related data.

In addition to listing the personal data you collect, you also need to explain why you are collecting this information. The description here must indicate the legal basis for your data collection and retention, or whether you have obtained user consent.

Personal data is not only generated by user interactions with your site, but also by other technical processes such as contact forms, comments, cookies, statistics and third-party embedded content, etc.

By default, WordPress does not collect any personal data about visitors, but only about registered users, as displayed on the user profile page. However, some plugins you install may collect personal data. You should include relevant information below.

Comment
In this section, you should indicate what information you collect when users leave comments. We have listed below the information that WordPress collects by default.

media
In this section, you should indicate what information users will disclose when uploading media files. Generally, all uploaded files are publicly accessible.

contact form
WordPress does not provide a contact form by default. If you use a contact form plugin, please indicate in this section the type of personal data you collect and the retention period when visitors submit your contact form. For example, you may state that you will retain all contact form submissions for a period of time for customer service purposes, but that you will not use the information for marketing purposes.

cookies
In this section you should list the cookies used by your site, this also includes cookies set by your plug-ins, social media and statistical programs. We have listed for you the cookies that WordPress uses by default.

statistics
In this section, you should describe which statistical program packages you use, how users can opt out of statistical tracking, and a link to your statistical service provider’s privacy policy.

WordPress does not collect statistics by default, but many web hosting accounts do collect anonymous statistics. If you have installed WordPress plugins that provide statistical services, please list those plugins here.

Who we share your information with
In this section, you should list all third-party providers with whom you share Site data, including partners, cloud services, payment services, and other third-party service providers. You should describe what kind of data you share with them and why. You should also provide a link to their privacy policy if possible.

WordPress does not share any personal data with anyone by default.

How long we keep your information
In this section you should indicate the retention period for personal data collected or processed by the website. Although it is your responsibility to decide how long and why to keep your data sets, you need to include this information here. For example, you could state that you keep contact form entries for six months, statistics for one year, customer purchases for ten years, etc.

What rights do you have with respect to your information
In this section, you should explain the rights users have with respect to their personal data and how they can exercise their rights.

where your data will be sent
In this section you should list all transfers of your site data out of the EU and describe how this data is protected in compliance with European data protection standards. These data may include the web hosting, cloud storage and other third-party services used by your website.

EU data protection regulations require that all data about EU residents, if transferred out of the EU, be subject to the same level of protection as in the EU. Therefore, in addition to listing where this data goes, you will also need to describe how you or your third-party provider comply with these standards, such as through Privacy Shield (Privacy Shield) or similar agreements, form contractual clauses or binding corporate rules .

contact information
In this section, you should leave your contact information for dealing with privacy-related issues. If you have a Data Protection Officer (Data Protection Officer) in accordance with the law, please leave his name and full contact information.

other information
If you use your site for commercial activities and you carry out more complex collection and processing of personal data, you should write the following information in your privacy policy.

How we protect your data
In this section, you should explain what measures you have taken to protect your users’ data. This includes technical measures (such as encryption), security measures (such as two-factor authentication) and other measures (such as requiring staff to attend data protection training). If you have completed a Privacy Impact Assessment, you can also mention it here.

What data breach process do we have
In this section, you should describe the processes you have in place to deal with actual or potential data breaches, such as internal reporting systems, contact mechanisms, and bug bounty programs.

From which third parties we receive data
If your website receives data about users from third parties, such as advertisers, this information must be reflected in the section of your privacy policy dealing with third-party data.

What automated decision-making and/or profiling we use user data for
If your website provides services that include automated decision-making, such as allowing customers to apply for a credit card, or collecting customer information into advertising materials, you must clearly indicate that these events occur, and explain how the information is used and what decisions are made through which aggregated data , and what rights users have when decisions are made without human intervention.

Industry Regulatory Disclosure Requirements
If you are in a regulated industry or you are subject to other privacy laws, you may be required to disclose this information here.