Who We Are
The General Data Protection Regulation (GDPR) enforceable in the EU effective May 25, 2018, allows for stronger protections for PII, but frankly, I’m a little confused about the whole thing. (That actually should scare you a bit because I used to be an attorney before I voluntarily left the field, and I still don’t understand the GDPR.) But that won’t matter anyway because I’m going to tell you exactly what data I’m collecting on this blog, why I’m collecting it, how it will be stored, and how you can change or purge it. I will also talk about a few other subjects as well like people who use
(Does anyone else wish he or she had a pie at this point? Maybe a pumpkin pie? Or even better, a pumpkin pie roll with cream cheese frosting? Try this one from Gimme Some Oven. I tried it a few years ago, and it is surely delicious.)
What Personal Data I Collect and Why I Collect It
I collect various personal data on this site and for various reasons:
CONTACT: I have a form by which visitors can contact me to let me know of bugs on the blog, to suggest content, etc. Should you contact me via this form, I ask that you include as little information as is necessary to facilitate your contact. When you contact me, whether through e-mail or my contact form, I do ask for your e-mail address so that I can respond. I use that e-mail address only to respond to whatever you e-mailed me about. I don’t add you to my newsletter. I don’t sign you up for anyone else’s newsletters as a joke or for maliciousness. I don’t forward you chain e-mails I haven’t verified through Snopes.com. I don’t forward you chain e-mails I have verified through Snopes.com. I don’t even use your e-mail address to send you my late grandmother’s yummy secret pancake recipe. I just respond to your e-mail, and then I delete your e-mail and your e-mail address, barring some absurd reason I need to keep it like you threatened me harm. With regard to your e-mail, I don’t print it. I don’t save it. (Again, unless I have some reason I must keep it as mentioned just a couple of lines above.) I don’t even log your e-mail address. Hello?! I’m all about simplifying and decluttering. Why would I keep e-mails if I don’t have to?
One more thing: I also ask that you do not include any sensitive information via this form–and that you don’t send it to me via e-mail either. Save the TMI for folks you really know.
COMMENTS: I’ve pretty much decided I’m turning off comments on this blog. Never mind. I have absolutely decided to turn off comments on this blog. As of May 25, 2018, you won’t be able to comment here. You’ll have to go to my Facebook page to comment instead. I’ll ultimately publish a Facebook post for every blog article, and I’ll ultimately link each Facebook post at the bottom of the blog article. Then you’ll have your agreement with Facebook, and Mark Zuckerberg will be the processor of your information, not me, and your agreement with that entity (Facebook) will control.
WORDPRESS LIKES: I don’t think I can keep you from liking my posts on WordPress, and I wouldn’t want to. I want to know if you like my posts so that I can keep good content heading your way and write less about things you don’t want to hear about. How will I use this data? I’ll smile when I see the like pop up in my notifications, and I’ll give myself a pat on the back. And as I said, I’ll use the likes to improve my content. But I promise I won’t use the fact that you liked my post to stalk you or add you to my newsletter–if that is even possible because I don’t think it is. If it is, I’m not savvy enough to know how. If you have your own blog, I may visit it. And I may even like a post or two or follow you if I find your content likable. But again, I’ll refrain from stalking you. 🙂
WORDPRESS FOLLOWS: I don’t think I can keep you from following my blog either. And again, I wouldn’t want to. But I promise not to store your information. I won’t even keep your name in a list of followers enshrined on my wall on my office. I won’t stalk you. And if you unfollow me, I won’t stalk you then either. Because I won’t have a list of the actual followers and won’t know it was you unfollowed me in the first place, right? (I will keep my number of followers, but you won’t be personally identified as part of the number.)
CONTESTS: I’ve held one contest way back in July 2017, but that was before I changed my blog name to Ordered and Organized and deleted all that old content. That said, I have another contest planned for the near future, one way better than the last one but with a smaller prize. I thought about calling it off entirely, but I suddenly realized that I opened my past contests to only United States residents with U.S. mailing addresses in the contiguous United States and will continue with that practice. So the GDPR won’t apply with regard to the contests.
PLUG-INS: I use a number of plug-ins on this blog, mostly to make my life easier–and keeping me from coding, which I can do but don’t love.
Jetpack: This blog is self-hosted through WordPress. I have installed the free version of the Jetpack plug-in, which enables me to review my statistics such as how many visitors I have had in a day, week, or month. Via WordPress.com, I can also see where those visitors have been located (United States, Ireland, etc.). I cannot access any other personal information via the statistics–or if I can, I haven’t figured out how to do so. I use these statistics to track the growth of this blog.
I don’t sit here and analyze this information excessively. Hello?! This blog is so small that my time is better spent at this point producing content rather than focusing on visitors I don’t know how to identify. I am aware that the majority of my visitors are visiting from United States IP addresses and that a few are from countries like Canada and Australia and that on occasion I get a visitor from a country whose name I can’t even pronounce. (So far, I’ve had one trackable person from the EU. I didn’t even know I had a visitor from the EU until I checked for GDPR purposes. But I digress.)
In short, I’m not storing this information and am actually barely looking at it. I’m also not charting anything other than the numbers at this point. If and when that changes, I’ll update this policy.
Akismet: I used this plug-in to protect my blog and its visitors from spam back when I allowed comments. So this plug-in does currently collect information submitted in the comments. However, this plug-in should be a non-issue with regard to visitor privacy after I turn comments off on May 25, 2018. If I ever allow comments again, I’ll address any personal information collected by Akismet at that time.
Duplicate Post: I use this plug-in to duplicate posts so that I don’t have to recreate the mold for every post. (It’s like using a form at work.) No personal information is currently collected by this plug-in. It can duplicate comments from one post to another, but again, this collection of information will be a non-issue with regard to visitor privacy after I turn the comments on this blog off on May 25, 2018. As I’ve said earlier, if I decide to allow commenting again in the future, I’ll address the privacy information collected by this plug-in at that time.
Last Updated Shortcode: I have a lot of evergreen information on this blog. What’s that, you ask? Posts that are pretty much always relevant. Sometimes I update those posts, though. This plug-in allows me to display the date I last updated the content at the top of the blog post without having to update the information by hand. To the best of my knowledge and understanding, this plug-in collects no personal information.
Yoast SEO: I use Yoast SEO (search engine optimization) to improve where my site ranks with Google and Bing and other search engines. To the best of my knowledge and understanding, this plug-in collects no personal information.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different (and because there are so many and because browsers are updated all the time), look at your browser’s help menu to learn the correct way to modify your cookies.
You should be aware that if you turn cookies off, some of the features that make your site experience more efficient may not function properly.
See more information about cookies and Jetpack here.
If you venture off this blog, I’m not responsible for your data. If you’re on my Facebook page, Instagram feed, Twitter profile, or Pinterest boards, those entities (Facebook, Instagram, Twitter, and Pinterest, respectively) are your data processors, and your agreement is with them and controls.
I promise not to stalk you if you follow me on any of these social media accounts. (Facebook stalking is a time waster, and as you know, time in this life is finite. I promise you that I can find a better use of my time.) I may follow you back on Instagram or Twitter or Pinterest if we have common interests. (That said, just for your information, I do not follow private accounts on Instagram as I figure you have a good reason for having them private. Nor do I follow accounts with excessive selling techniques, excessive offense language, or excessive political rhetoric.)
I’m such a liar here. I call the newsletter my weekly-ish newsletter. It’s not weekly-ish. It’s not even monthly-ish. I send it about once a quarter, to be honest. Regardless, effective May 25, 2018, everyone who has subscribed has received a double opt-in confirmation. And every subscriber who subscribed before May 25, 2018, was someone who requested to be on the list anyway, not someone whose address I found on a slip of paper on the street somewhere or who bought something from me on Etsy (because that’s against Etsy rules anyway, just in case you didn’t know) or whose e-mail address was on a list I purchased.
This is the one area in which I keep records, but, ironically, only because of the GDPR that was supposed to give you more protection (right?). MailChimp confirms double opt-in, and I keep the record of that because I feel as though I need to be able to prove my adherence to international law. I print the confirmation of your subscription to a flash drive that never is removed from my laptop. If you unsubscribe, I’ll get a notification and will delete everything.
One more thing: I used to collect first names for my newsletter. The GDPR asks that you limit the information you request to whatever is necessary. So I’ve stopped collecting first names. Just know that you’ll no longer be getting any super friendly e-mail newsletters from me that include a friendly word like “Hi!” followed by your first name. Because I think that would be okay, but given how vague the GDPR appears to me, I’d just rather not risk it.
(Although I have thought about sending all newsletters from this point forward with the greeting “Hey Jude!” Don’t you love that song?!)
How This Blog Protects Your Information
Other than as mentioned above with regard to my newsletter, I don’t store much of anything. Your e-mail addresses, etc. are stored by Mailchimp, which confirms that it is GDPR-compliant. If you request to unsubscribe, you’ll be unsubscribed. I won’t be adding you back without your permission. As a (former) attorney (I wasn’t disbarred; I just hated the practice of law), I’m a rules girl, and I don’t want to get into trouble.
Where I Send Your Data
I don’t send your data anywhere–to anyone.
How Long I Keep Data
As you can see, I don’t keep a lot of data at this time–primarily numbers that don’t identify anyone and thus aren’t personal information. I’ll keep the numbers until I no longer run this site. If I start keeping more data, I’ll amend this policy.
What Rights You Have Over Your Data
Under the GDPR, you have the right to be forgotten. You can unsubscribe from my newsletter at any time.
If you already had an account on this blog or left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to us. You can also request that I erase any personal data I hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Changes in Personal Information
Scanning and Security Certificates
I’ve been encouraged to tell you that this blog does not use vulnerability scanning or malware scanning or scanning to PCI standards. I’ve also been encouraged to tell you that this blog does not use an SSL certificate, although MailChimp (my newsletter service provider) does use an SSL certificate.
This blog provides only articles and information. This blog never asks for credit card numbers, so an SSL certificate isn’t required for that either. Do not send payment information to me. Ever. If you venture to Amazon using one of my affiliate links, Amazon will process and control your credit card and other related information, not me. I’ll never see it.
I don’t want to process sensitive information because I have no need for medical data, data regarding your sexual orientation or religion, or anything like that. Please refrain from posting sensitive information anywhere on this site–through the contact form or some future comment form or otherwise. I’d appreciate it.
And now the real boilerplate starts. Sorry, I really don’t know how to liven it up.
Embedded Content from Other Sites
In other words, I’m not responsible for what those sites do. But if I have any inkling they are doing anything shady, I won’t embed that content. Period.
I will not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information. EVER. Didn’t I already say this? It’s worth saying again.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. I have not enabled Google AdSense on this blog, but I may do so in the future. But if I do, I’ll let you know here. Again, as soon as I finish with GDPR compliance (that has required over two weeks of research, by the way), I’ll be focused again on publishing quality content, not on advertising.
Does This Blog Allow Third-Party Behavioral Tracking?
I’ve been encouraged to note that this blog does not allow third-party behavioral tracking.
How Does This Blog Handle No-Track Signals?
This blog honors Do Not Track signals and does not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
What Will Happen in the Event of a Breach?
I do not suspect any breach will occur given how little data I process and because I use reliable third parties like Mailchimp to process what data I do process. That said, I will notify you via e-mail within ten (10) business days (based on the date of my knowledge( of a breach in the event of a breach of your information occurs.
California Online Privacy Protection Act
COPPA (Children Online Privacy Protection Act)
Seriously, I have no idea why anyone under the age of 18 would be interested in this blog, much less anyone under the age of 13. And if you’re less than 18 years old, you shouldn’t be submitting any personal information anyway, right?
At any rate, draw your own conclusions.
PS: All this talk of pies and cookies has made me hungry. I’m off to eat. No, seriously, I’ll be making some Red’s Amazing M&M Cookies shortly. Here’s the recipe if you’re also hungry now. They’re pretty fabulous. (Santa agrees.)