Who we are
In this section, you should write down the URL of your site, as well as the name of the company, organization or person behind it, along with specific contact information.
The amount of information you may need to provide varies depending on the local or national regulations that apply to your business. For example, you may need to provide a physical address, a registered address, or your business registration number.
Suggested text: Our website address is: https://aidsnet.ch
What personal data do we collect and why do we collect it?
In this section, you must indicate the personal data that you collect from users and visitors of the site. This may include personal data, such as name, email address, personal account preferences, transactional data, such as purchase information, and technical data, such as cookie information.
You should also note any collection and retention of sensitive personal data, such as health data.
In addition to listing the personal data you collect, you must state the reasons why you collect it. These explanations must mention either the legal basis for collecting and storing your data or the active consent given by the user.
Personal data is not only generated by a user’s interactions with your site. Personal data is also generated by technical processes such as contact forms, comments, cookies, analytics, and third-party integrations.
By default, WordPress does not collect any personal data about visitors and only collects the data displayed on the User Profile screen of registered users. However, some of your plugins may collect personal data. You should add the relevant information below.
Comments
In this subsection, you should note the information collected through comments. We have noted the data that WordPress collects by default.
Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
In this subsection, you should note the information that may be disclosed by users who may upload media files. All uploaded files are generally publicly available.
Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact Forms
By default, WordPress does not include a contact form. If you use a contact form plugin, use this subsection to note what personal data is collected when someone submits a contact form and how long you retain it. For example, you may note that you retain contact form submissions for a certain period of time for customer service purposes, but that you do not use the information submitted through those forms for marketing purposes.
Cookies
In this subsection, you should list the cookies your website uses, including those set by your plugins, social networks, and analytics. We have provided the cookies that WordPress sets by default.
Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These cookies are for your convenience only so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and display options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
In this subsection, you should note which analytics package you are using, how users can opt out of analytics tracking, and a link to your analytics provider’s privacy policy, if applicable.
By default, WordPress does not collect any analytics data. However, many web hosting accounts collect anonymous analytics data. You may also have installed a WordPress plugin that provides analytics services. In that case, add that plugin’s information here.
Who do we share your data with?
In this section, you should name and list all third-party vendors with whom you share site data, including partners, cloud-based services, payment processors, and third-party service providers, and note what data you share with them and why. If possible, link to their own privacy policies.
By default, WordPress does not share any personal data with anyone.
How long do we keep your data?
In this section, you should explain how long you keep the personal data collected or processed by the website. While it is your responsibility to establish the retention schedule for each set of data and the reason why you keep it, this information should be listed here. For example, you may state that you keep contact form entries for six months, analytics records for one year, and customer purchase records for ten years.
Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profiles. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights do you have over your data
In this section, you should explain what rights your users have over their data and how they can invoke these rights.
Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
In this section, you should list all data transfers from your site outside the European Union and describe how that data is protected in accordance with European data protection standards. This may include your web hosting, cloud storage, or other third-party services.
European data protection law requires that data of European residents transferred outside the European Union be protected to the same standards as if it were within Europe. So, in addition to listing where the data is going, you must describe how you ensure that these standards are met by you or your third-party providers, whether through an agreement such as Privacy Shield, standard clauses in your contracts, or binding corporate rules.
Suggested text: Visitor comments may be checked through an automated spam detection service.
Your contact details
In this section, you must provide a means of contact for specific privacy issues. If you need to appoint a data protection officer, also provide their name and full contact details here.
Additional Information
If you are using your site for commercial purposes and engage in more complex collection or processing of personal data, you should note the following information in your privacy policy in addition to the information we have already discussed.
How we protect your data
In this section, you should explain the measures you have taken to protect your users’ data. This may include technical measures such as encryption, security measures such as two-factor authentication, and measures such as staff training on data protection. If you have carried out a privacy impact assessment, you can also mention it here.
What data breach procedures do we have in place?
In this section, you should explain the procedures you have in place to handle potential or actual data breaches, such as internal reporting systems, contact mechanisms, or bug bounties.
What third parties do we receive data from?
If your website receives user data from third parties, including advertisers, this information should be included in the section of your privacy policy that addresses third-party data.
What automated decisions and/or profiling do we make with user data?
If your website provides a service that includes automated decision-making (for example, allowing customers to apply for credit or aggregating their data into an advertising profile), you must note that this is taking place and include information about how this information is used, the decisions made with this aggregated data, and users’ rights over decisions made without human intervention.