Privacy Policy

Last updated: May 31, 2018 at 5:52 am

Who We Are

As you can see to the right there, my name is Bridget. I am the blogger/owner of the blog/web site located here at http://orderedandorganized.com.  I can be contacted at bridget @ orderedandorganized.com or through the form available at this link.  (Just make sure you read this entire privacy policy before you contact me, okay?)

So I’m using “we” and “our” throughout this privacy policy, but if you’ve been around here for any length of time, you know that this blog is run by me alone. Nonetheless, for the purposes of this privacy policy, I’ll identify as “we,” “our,” “she,” or “her”–perhaps even all of the above. 🙂

About This Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their “Personally Identifiable Information” (PII) is being used online. PII, as described in U.S. privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. (This blog is based in the U.S., so I’m definitely following the laws here.) With the passage of the General Data Protection Regulation (GDPR) in the EU, this information includes not just names or e-mail addresses but also IP addresses.

The General Data Protection Regulation (GDPR) enforceable in the EU effective May 25, 2018, allows for stronger protections for PII, but frankly, I’m a little confused about the whole thing. (That actually should scare you a bit because I used to be an attorney before I voluntarily left the field, and I still don’t understand the GDPR.) But that won’t matter anyway because I’m going to tell you exactly what data I’m collecting on this blog, why I’m collecting it, how it will be stored, and how you can change or purge it. I will also talk about a few other subjects as well like people who use

All that said, please read this privacy policy carefully to get a clear (I think, anyway) understanding of how this blog (that’s basically me) collects, uses, protects, or otherwise handles your PII.

(Does anyone else wish he or she had a pie at this point? Maybe a pumpkin pie? Or even better, a pumpkin pie roll with cream cheese frosting? Try this one from Gimme Some Oven. I tried it a few years ago, and it is surely delicious.)

What Personal Data I Collect and Why I Collect It

I collect various personal data on this site and for various reasons:

CONTACT: I have a form by which visitors can contact me to let me know of bugs on the blog, to suggest content, etc. Should you contact me via this form, I ask that you include as little information as is necessary to facilitate your contact. When you contact me, whether through e-mail or my contact form, I do ask for your e-mail address so that I can respond. I use that e-mail address only to respond to whatever you e-mailed me about. I don’t add you to my newsletter. I don’t sign you up for anyone else’s newsletters as a joke or for maliciousness. I don’t forward you chain e-mails I haven’t verified through Snopes.com. I don’t forward you chain e-mails I have verified through Snopes.com. I don’t even use your e-mail address to send you my late grandmother’s yummy secret pancake recipe. I just respond to your e-mail, and then I delete your e-mail and your e-mail address, barring some absurd reason I need to keep it like you threatened me harm. With regard to your e-mail, I don’t print it. I don’t save it. (Again, unless I have some reason I must keep it as mentioned just a couple of lines above.) I don’t even log your e-mail address. Hello?! I’m all about simplifying and decluttering. Why would I keep e-mails if I don’t have to?

One more thing: I also ask that you do not include any sensitive information via this form–and that you don’t send it to me via e-mail either. Save the TMI for folks you really know.

COMMENTS:  I’ve pretty much decided I’m turning off comments on this blog.  Never mind.  I have absolutely decided to turn off comments on this blog. As of May 25, 2018, you won’t be able to comment here. You’ll have to go to my Facebook page to comment instead. I’ll ultimately publish a Facebook post for every blog article, and I’ll ultimately link each Facebook post at the bottom of the blog article. Then you’ll have your agreement with Facebook, and Mark Zuckerberg will be the processor of your information, not me, and your agreement with that entity (Facebook) will control.

As Sara Evans noted in a song a few years back, I’m a woman, and I just might change my mind . . . on this whole commenting policy, that is. If so, though, I’ll amend my privacy policy and let you know right here. In fact, you might want to bookmark this page to keep track of any exciting changes to my privacy policy. Just do it. You know you have space in your bookmarks for something as exciting and useful as this privacy policy, right?

WORDPRESS LIKES: I don’t think I can keep you from liking my posts on WordPress, and I wouldn’t want to. I want to know if you like my posts so that I can keep good content heading your way and write less about things you don’t want to hear about. How will I use this data? I’ll smile when I see the like pop up in my notifications, and I’ll give myself a pat on the back. And as I said, I’ll use the likes to improve my content. But I promise I won’t use the fact that you liked my post to stalk you or add you to my newsletter–if that is even possible because I don’t think it is. If it is, I’m not savvy enough to know how. If you have your own blog, I may visit it. And I may even like a post or two or follow you if I find your content likable. But again, I’ll refrain from stalking you. 🙂

WORDPRESS FOLLOWS: I don’t think I can keep you from following my blog either. And again, I wouldn’t want to. But I promise not to store your information. I won’t even keep your name in a list of followers enshrined on my wall on my office. I won’t stalk you. And if you unfollow me, I won’t stalk you then either. Because I won’t have a list of the actual followers and won’t know it was you unfollowed me in the first place, right? (I will keep my number of followers, but you won’t be personally identified as part of the number.)

CONTESTS: I’ve held one contest way back in July 2017, but that was before I changed my blog name to Ordered and Organized and deleted all that old content. That said, I have another contest planned for the near future, one way better than the last one but with a smaller prize. I thought about calling it off entirely, but I suddenly realized that I opened my past contests to only United States residents with U.S. mailing addresses in the contiguous United States and will continue with that practice. So the GDPR won’t apply with regard to the contests.

Nonetheless, if you enter a contest on this blog, I won’t use your address to sign you up for my newsletter without your permission. (If you give me permission, I’ll send you a double opt-in confirmation.) I won’t stalk you. I’ll delete your contest entry information as soon as the contest winner’s prize has been delivered to him or her unless stated otherwise in the rules for some legal reason that hits me at a later date (and of course, I’d change this privacy policy at that point as well). If you’re a winner, I’ll use your address or e-mail address only to send you your prize. And I won’t send not a single thing extra, not even the Hutzler 571 Banana Slicer that you know you really want.  (Note:  The link to Amazon here is not an affiliate link.  I only place affiliate links to items I have used and recommend.)

ADS: This blog is still very new and very small. I don’t sell ads. If I sell ads in the distant future, I’ll change my privacy policy and let you know. I promise. Pinky swear.

PLUG-INS: I use a number of plug-ins on this blog, mostly to make my life easier–and keeping me from coding, which I can do but don’t love.

Jetpack: This blog is self-hosted through WordPress. I have installed the free version of the Jetpack plug-in, which enables me to review my statistics such as how many visitors I have had in a day, week, or month. Via WordPress.com, I can also see where those visitors have been located (United States, Ireland, etc.). I cannot access any other personal information via the statistics–or if I can, I haven’t figured out how to do so. I use these statistics to track the growth of this blog.

I don’t sit here and analyze this information excessively. Hello?! This blog is so small that my time is better spent at this point producing content rather than focusing on visitors I don’t know how to identify. I am aware that the majority of my visitors are visiting from United States IP addresses and that a few are from countries like Canada and Australia and that on occasion I get a visitor from a country whose name I can’t even pronounce. (So far, I’ve had one trackable person from the EU. I didn’t even know I had a visitor from the EU until I checked for GDPR purposes. But I digress.)

In short, I’m not storing this information and am actually barely looking at it. I’m also not charting anything other than the numbers at this point. If and when that changes, I’ll update this policy.

Akismet: I used this plug-in to protect my blog and its visitors from spam back when I allowed comments. So this plug-in does currently collect information submitted in the comments. However, this plug-in should be a non-issue with regard to visitor privacy after I turn comments off on May 25, 2018. If I ever allow comments again, I’ll address any personal information collected by Akismet at that time.

Duplicate Post: I use this plug-in to duplicate posts so that I don’t have to recreate the mold for every post. (It’s like using a form at work.) No personal information is currently collected by this plug-in. It can duplicate comments from one post to another, but again, this collection of information will be a non-issue with regard to visitor privacy after I turn the comments on this blog off on May 25, 2018. As I’ve said earlier, if I decide to allow commenting again in the future, I’ll address the privacy information collected by this plug-in at that time.

Last Updated Shortcode: I have a lot of evergreen information on this blog. What’s that, you ask? Posts that are pretty much always relevant. Sometimes I update those posts, though. This plug-in allows me to display the date I last updated the content at the top of the blog post without having to update the information by hand. To the best of my knowledge and understanding, this plug-in collects no personal information.

Yoast SEO: I use Yoast SEO (search engine optimization) to improve where my site ranks with Google and Bing and other search engines. To the best of my knowledge and understanding, this plug-in collects no personal information.

AFFILIATE LINKS: I spend my own personal money on the domain name for this site and its web hosting. I also spent money this year to pay for a yearly subscription to Stencil, which I use to create graphics for this blog and its social media accounts. Those three services have cost than $100, less than $200. Surely you understand that I’d love to earn that money back–and more if possible. In order to accomplish that goal, I have created an affiliate relationship with Amazon. If you click on links, Amazon will identify you via a cookie (see my cookie policy below). And while I’ll receive reports from Amazon on what was purchased (and I don’t care what you purchase, by the way), I won’t receive any information that will personally identify you or what purchases you made. I won’t get an address or a phone number or even a country of purchase. Although I will assume you were in the United States if you were purchasing from Amazon.com rather than some other Amazon site.

Cookies

Consider this my cookie policy.  This blog uses cookies.  Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, this site may use cookies to help this blog understand your preferences based on previous or current site activity, enabling this blog to provide you with improved services. This blog also uses cookies to help compile aggregate data about site traffic and site interaction so that the blog can offer better site experiences and tools in the future. This blog may also use trusted third-party services that track this information on its behalf. As an example, the Jetpack plug-in I mentioned above does this. In the future, I may start using Google Analytics. But if I do so, I’ll post an update here. I promise.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different (and because there are so many and because browsers are updated all the time), look at your browser’s help menu to learn the correct way to modify your cookies.

You should be aware that if you turn cookies off, some of the features that make your site experience more efficient may not function properly.

See more information about cookies and Jetpack here.

Social Media

If you venture off this blog, I’m not responsible for your data. If you’re on my Facebook page, Instagram feed, Twitter profile, or Pinterest boards, those entities (Facebook, Instagram, Twitter, and Pinterest, respectively) are your data processors, and your agreement is with them and controls.

I promise not to stalk you if you follow me on any of these social media accounts. (Facebook stalking is a time waster, and as you know, time in this life is finite. I promise you that I can find a better use of my time.) I may follow you back on Instagram or Twitter or Pinterest if we have common interests. (That said, just for your information, I do not follow private accounts on Instagram as I figure you have a good reason for having them private. Nor do I follow accounts with excessive selling techniques, excessive offense language, or excessive political rhetoric.)

Newsletter

I’m such a liar here. I call the newsletter my weekly-ish newsletter. It’s not weekly-ish. It’s not even monthly-ish. I send it about once a quarter, to be honest. Regardless, effective May 25, 2018, everyone who has subscribed has received a double opt-in confirmation. And every subscriber who subscribed before May 25, 2018, was someone who requested to be on the list anyway, not someone whose address I found on a slip of paper on the street somewhere or who bought something from me on Etsy (because that’s against Etsy rules anyway, just in case you didn’t know) or whose e-mail address was on a list I purchased.

This is the one area in which I keep records, but, ironically, only because of the GDPR that was supposed to give you more protection (right?). MailChimp confirms double opt-in, and I keep the record of that because I feel as though I need to be able to prove my adherence to international law. I print the confirmation of your subscription to a flash drive that never is removed from my laptop. If you unsubscribe, I’ll get a notification and will delete everything.

One more thing: I used to collect first names for my newsletter. The GDPR asks that you limit the information you request to whatever is necessary. So I’ve stopped collecting first names. Just know that you’ll no longer be getting any super friendly e-mail newsletters from me that include a friendly word like “Hi!” followed by your first name. Because I think that would be okay, but given how vague the GDPR appears to me, I’d just rather not risk it.

(Although I have thought about sending all newsletters from this point forward with the greeting “Hey Jude!” Don’t you love that song?!)

How This Blog Protects Your Information

Other than as mentioned above with regard to my newsletter, I don’t store much of anything. Your e-mail addresses, etc. are stored by Mailchimp, which confirms that it is GDPR-compliant. If you request to unsubscribe, you’ll be unsubscribed. I won’t be adding you back without your permission. As a (former) attorney (I wasn’t disbarred; I just hated the practice of law), I’m a rules girl, and I don’t want to get into trouble.

Where I Send Your Data

I don’t send your data anywhere–to anyone.

How Long I Keep Data

As you can see, I don’t keep a lot of data at this time–primarily numbers that don’t identify anyone and thus aren’t personal information. I’ll keep the numbers until I no longer run this site. If I start keeping more data, I’ll amend this policy.

What Rights You Have Over Your Data

Under the GDPR, you have the right to be forgotten. You can unsubscribe from my newsletter at any time.

And if you contact me and ask me to confirm that you are unsubscribed, I’ll gladly do that. Just remember if you contact me, you’re already subject to this privacy policy. And because at that point, I’ll need to keep your e-mail to confirm our conversations about forgetting you, I’m not really going to be forgetting you totally at that point. (Some of the GDPR is a little ridiculous, right?)

If you already had an account on this blog or left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to us. You can also request that I erase any personal data I hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Changes in Personal Information

If you want to change your e-mail address in the newsletter, you can do so through Mailchimp’s footer. You can also contact me, but see the portion of this privacy policy on contact first.

Scanning and Security Certificates

I’ve been encouraged to tell you that this blog does not use vulnerability scanning or malware scanning or scanning to PCI standards. I’ve also been encouraged to tell you that this blog does not use an SSL certificate, although MailChimp (my newsletter service provider) does use an SSL certificate.

This blog provides only articles and information. This blog never asks for credit card numbers, so an SSL certificate isn’t required for that either. Do not send payment information to me. Ever. If you venture to Amazon using one of my affiliate links, Amazon will process and control your credit card and other related information, not me. I’ll never see it.

Sensitive Information

I don’t want to process sensitive information because I have no need for medical data, data regarding your sexual orientation or religion, or anything like that. Please refrain from posting sensitive information anywhere on this site–through the contact form or some future comment form or otherwise. I’d appreciate it.

And now the real boilerplate starts. Sorry, I really don’t know how to liven it up.

Embedded Content from Other Sites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other web sites behaves in the exact same way as if you visited the other web site. These web sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that web site.

In other words, I’m not responsible for what those sites do. But if I have any inkling they are doing anything shady, I won’t embed that content. Period.

Third-Party Disclosure

I will not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information. EVER. Didn’t I already say this? It’s worth saying again.

Third-Party Links

Occasionally, at my discretion, this blog may include or offer third-party products or services. These third-party sites have separate and independent privacy policies. This blog has no responsibility or liability for the content and activities of these linked sites. Nonetheless, I want to protect the integrity of this blog, and I welcome any feedback about these sites. Use the contact page, but again, read the privacy policy before you contact me.

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.  I have not enabled Google AdSense on this blog, but I may do so in the future. But if I do, I’ll let you know here. Again, as soon as I finish with GDPR compliance (that has required over two weeks of research, by the way), I’ll be focused again on publishing quality content, not on advertising.

Does This Blog Allow Third-Party Behavioral Tracking?

I’ve been encouraged to note that this blog does not allow third-party behavioral tracking.

How Does This Blog Handle No-Track Signals?

This blog honors Do Not Track signals and does not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

What Will Happen in the Event of a Breach?

I do not suspect any breach will occur given how little data I process and because I use reliable third parties like Mailchimp to process what data I do process. That said, I will notify you via e-mail within ten (10) business days (based on the date of my knowledge( of a breach in the event of a breach of your information occurs.

California Online Privacy Protection Act

Before there was GDPR, there was CalOPPA. CalOPPA is the first state law in the nation to require commercial web sites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates web sites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its web site stating exactly the information being collected and those individuals or companies with whom it is being shared.  You can learn more here.

Consistent with CalOPPA, I agree that users can visit this site anonymously, that I will include a privacy policy link specifically in the navigation menu of my blog, that the privacy policy link will include the word “privacy” and be easily found on the front page.

Updates

Have I said it enough? I’ll let you know if I make changes to this privacy policy on this page.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of web sites and online services must do to protect children’s privacy and safety online. This blog does not specifically market to children under the age of 13 years old. This blog does not specifically market to persons under 18 years old. If you’re under the age of 18, you should obtain parental consent before submitting any personal information on this site–which, because of cookies, includes even surfing this site.

Seriously, I have no idea why anyone under the age of 18 would be interested in this blog, much less anyone under the age of 13. And if you’re less than 18 years old, you shouldn’t be submitting any personal information anyway, right?

In Closing

I read an article over at the Wall Street Journal about the changes various entities have made to their privacy policies in advance of the GDPR taking effect. https://www.wsj.com/articles/privacy-policies-flooding-your-inbox-how-to-cut-through-the-gibberish-1526565342 Apparently Twitter’s new privacy policy has an additional 4,000-ish words. That’s a lot of words, especially given most people still won’t read them. I would like to point out that the Constitution of the United States consists of just 4,543 words and that, even with all of its 27 amendments, contains fewer words than Twitter’s new privacy policy. (This policy is about that length, and that in my opinion is ridiculous.)

One more fact you probably care nothing about. The president with the shortest inaugural address was George Washington, who in 1793 gave an address of just 135 words. I’m sure you know who he is and can even recite a few facts about him. In contrast, William Henry Harrison’s inaugural address was 8,445 words. (And even his inaugural address was shorter than Twitter’s current privacy policy!) He died a month later. You probably don’t know much of anything else about him. You may not have even known these details, to be honest.

At any rate, draw your own conclusions.

Blessings,
Bridget

PS: All this talk of pies and cookies has made me hungry. I’m off to eat. No, seriously, I’ll be making some Red’s Amazing M&M Cookies shortly. Here’s the recipe if you’re also hungry now. They’re pretty fabulous. (Santa agrees.)

You are here:  Home > About This Blog > Privacy Policy