In light of the new General Data Protection Regulation (GDPR) here’s the updated Privacy Notice for visitors to websites operated by Automattic (the people behind WordPress). You can read the updated Cookies Policy here — this is also linked in the cookies banner that appears at the bottom of the page when you visit the blog. Please contact me on firstname.lastname@example.org if you have questions, comments or concerns. Thank you!
Privacy Notice for Visitors to Our Users’ Sites
Hi there! This Privacy Notice explains how we, at Automattic, process information about the visitors of our users’ websites in connection with the services we provide through WordPress.com, Jetpack (including WooCommerce Services), IntenseDebate, Polldaddy.com, and Akismet. Read on!
Who’s Who and What This Privacy Notice Covers
Let’s talk first about who we are at Automattic, what we do, and what this Privacy Notice covers.
We are the folks behind a variety of products and services designed to allow anyone–from bloggers, to small business owners, and enterprises–to create, publish, and manage their own websites:
- WordPress.com offers the design, features, and support to bring a website to life.
- With Jetpack, website owners that host their websites elsewhere can connect those websites to features and tools available through WordPress.com and WooCommerce Services.
- Polldaddy helps site owners create quizzes, surveys, and polls that fit their brand and vision.
- Intense Debate gives site owners tools to manage comments on their websites.
- Akismet helps keep spam under control by filtering out spam comments–hundreds of millions, every day!
To keep things simple, in this Privacy Notice we’ll refer to the users of the services we provide through these products and services–such as a website’s administrator, contributor, author, or editor–as our “Users,” and we’ll refer to our Users’ websites as “Sites.” Visitors to those Sites can read published content and interact with the Sites through features such as comments, “likes,” poll/survey responses, and follows.
Alright, with those introductions out of the way, let’s turn to how we collect, use, and share information about visitors to our Users’ Sites.
Information We Collect About Visitors to Our Users’ Sites
We collect information about visitors to our Users’ Sites in a few different ways–we collect certain information that the visitors provide to the Site, we collect some information automatically, and we collect any information that our Users provide to us about their visitors.
Information a Visitor Provides to a Site
We’ll start with information that visitors provide directly to a Site, which primarily happens when visitors type into a text field on a Site, like a comment field or a sign-up form. Our Users may also implement other ways to allow Site visitors to provide information directly through their Sites.
Here are the most common ways in which a visitor directly provides information to a Site:
- Follower and Subscriber Information: When a visitor signs up to follow or subscribe to a Site using Jetpack or WordPress.com, we collect the sign-up information requested by the Site, which typically includes an email address.
- Site Comments: When a visitor leaves a comment on a Site, we collect that comment, and other information that the visitor provides along with the comment, such as the visitor’s name and email address.
- PollDaddy Survey Responses: When a visitor completes a poll, quiz, or other type of survey prepared by a User via Polldaddy.com, we collect the visitor’s responses to those surveys, and other information that the survey owner requires for a poll/quiz/survey response, like an e-mail address.
- Order and Shipment Information: If a visitor orders something (hooray!) from a Site using our store and ecommerce features available through WordPress.com or Jetpack (including WooCommerce Services), we may collect information to process that order, such as credit card and billing information, and an address for shipping the package along to the recipient and calculating applicable taxes. We may also use this information for other purposes on behalf of our Users–for example, to send marketing and other communications from our Users to their customers, and to provide our User with analytics information about their ecommerce site (e.g., the number of orders from particular geographic areas).
- Other Information Entered on the Site: We may also collect other information that a visitor enters on the Site–such as a contact form submission, a search query, or Site registration.
Information We Automatically Collect from the Site
We also automatically collect some information about visitors to a Site. The information we automatically collect depends on which of our services the Site uses. We’ve listed examples below:
- Technical Data from a Visitor’s Computer and Etcetera: We collect the information that web browsers, mobile devices, and servers typically make available about visitors to a Site, such as the IP address, browser type, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information.
- Visitor Interactions: We collect information about a visitor’s interactions with a Site, including the “likes” and “ratings” left by visitors to a Site using WordPress.com or Jetpack.
- Location Information: We may determine the approximate location of a visitor’s device from the IP address. We collect and use this information to, for example, tally for our Users how many people visit their Sites from certain geographic regions. If you’d like, you can read more about our Site Stats feature for WordPress.com sites and Jetpack sites.
- Akismet Commenter Information: We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address…oh, and the comment itself, of course).
- Polldaddy Response Information: We collect information about visitors who respond to a Polldaddy survey. The information that we collect typically includes IP address, browser type, operating system, user agent, and the web page last visited.
- Intense Debate Commenter Information: We collect information about visitors who comment on Sites that use our Intense Debate service. The information that we collect depends on how the User sets up Intense Debate for the Site, but typically includes the IP address and account information on the Site, along with the comment.
Other Information Provided by Our Users
We also collect any other information that our Users provide to us about visitors to their Sites. For example, a User may upload a directory or other information about Site visitors and customers to the “backend” administrative platform for managing the Site.
How We Use Visitor Information
We use information about Site visitors in order to provide our Services to our Users and their Sites. Our users may use our Services to, for example, create and manage their Site, sell products and services on their Site, flag and fight comments from spammers, and collect information through polls, quizzes and other surveys.
We may also use and share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify any individual. For instance, we may publish aggregate statistics about the use of our services.
How We Share Visitor Information
We may share information collected about Site visitors in the limited circumstances spelled out below:
- Subsidiaries, Employees, and Independent Contractors: We may disclose Site visitor information to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our services to our Users and their Sites, or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Notice for information about visitors that we share with them.
- Third Party Vendors: We may share Site visitor information with third party vendors who need to know this information in order to provide their services to us. This group includes vendors that help us provide our services to our Users and their Sites. We require vendors to agree to privacy commitments in order to share information with them.
- Legal Requests: We may disclose Site visitor information in response to a subpoena, court order, or other governmental request. For more information on how we respond to requests for information, please see our Legal Guidelines.
- To Protect Rights, Property, and Others: We may disclose Site visitor information when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Automattic, our Users, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Automattic goes out of business or enters bankruptcy, Site visitor information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Notice would continue to apply to Site visitor information and the party receiving this information may continue to use this information, but only consistent with this Privacy Notice.
- Information Shared Publicly: Information that visitors choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like visitor comments and “likes” are all available to others, including information about the visitor that is displayed in connection with a comment or “like” (such as a visitor’s WordPress.com username and Gravatar). We provide a “firehose” stream of public data (including comments) from Sites to provide that data to firehose subscribers, who may view and analyze the content, but do not have rights to re-publish it publicly. Public information may also be indexed by search engines or used by third parties.
Our Users’ Sites may contain ads from third party ad networks and advertisers, and our Users may integrate other tools and services on their Sites (such as Google Analytics and third party plugins). Please note that this Privacy Notice only covers the collection of information by Automattic, and does not cover the collection by any third party.
Ad networks and analytics providers may set tracking technologies (like cookies) to collect information about visitors’ use of a Site and across other websites and online services, such as a visitor’s IP address, web browser, mobile network information, pages viewed, time spent on pages, links clicked, and conversion information. This information may be used by those companies to, among other things, analyze and track usage, determine the popularity of certain content, and deliver advertisements that may be more targeted to visitor interests. For more information about how to manage and delete cookies, visit aboutcookies.org, and for more information on interest-based ads, including information about how visitors may be able to opt out of having their web browsing information used for behavioral advertising purposes, please visit aboutads.info/choices (US based) and youronlinechoices.eu (EU based).
You can read more about how our products and services operate on the links at the top of this notice.
And we’d love it if you follow us on privacy.blog for more information about privacy and transparency at Automattic.