Last updated: May 25, 2018
Who I am
Moonsteam Design is run by me, Sara. It’s just me, a one-woman show. I do not have any employees or assistants or helpers.
What personal data I collect and why I collect it
Information collected via contact forms is used only by me to communicate with you regarding your inquiries. No one else receives this information.
When you sign up for my mailing list, your name and email are kept by my mailing list provider, Mailerlite, for the purpose of sending newsletters via email.
I will be using Woocommerce for my online shop, but it is not currently fully running. I will update this section with the data collected once the shop is live.
Cookies are used by various plugins on my site in order to give me information about website visitors (analytics), to keep track of cookie consent/denial, to monitor shop information, and used by various social media sites when I embed content from them (ex: Youtube videos).
You can also clear your browser cache of all data (many cookies only last for a “session,” i.e. the duration of your visit).
Who I share your data with
I do not share names or email addresses sent via contact forms with any other party.
If you sign up for my mailling list, Mailerlite will have your name and email address.
Google Analytics only retains info about visitors, pages viewed, etc. GA does not collect any info that could identify you personally (but they collect data around the web in various forms and aggregate it, so see further info below to manage that data).
Data collected by my shopping cart, Woocommerce, is only used by me to manage orders. Woocommerce does not collect any data from me (I have opted out of their data collection).
Data collected by social media companies, such as that from embedded Youtube videos, becomes part of the data that Google collects; see the note below about managing your Google data.
WordPress itself does not share any data with anyone.
How long I retain your data
My newsletter service will retain your name and email until you ask me to have you “forgotten,” which takes 30 days to happen. Email me directly (you can use my contact form) and ask me to “forget” you from the mailing list. When I remove you, I am able to competely remove your data. From Mailerlite: “When you use the Delete function in the subscriber section of MailerLite, the information is not entirely removed. The reason for this is simple. If that person later resubscribes, his or her history is still there so you don’t have to rebuild their profile. … MailerLite created a new feature called Forget that completely wipes a person’s data from our system. This function was built specifically for GDPR compliance of the right to be forgotten. … When you choose the option, Forget, the subscriber’s data will be completely removed. Everything will be permanently deleted including reports, clicks, profile data, etc.” Once initiated, data is entirely gone within 30 days.
Google Analytics keeps data on site traffic up to 14 months, the shortest retention period available (but remember, site stats do not have any info about who you are personally). While my site does not give Google any personal info about you, other websites might have at some point…you can find out more & use tools to manage your Google data here: https://privacy.google.com/your-data.html.
Data is not yet actively collected by Woocommerce as I do not yet have a shop open. The Woocommerce cookies that are set are “waiting” for data, but since the shop is not live or available, there is no actual data collected by them.
How your data is protected
I use the plugin Wordfence to keep my site and data secure. I also use two-factor authentication for my domain and hosting.
While I do not personally keep any data on any visitors, some plugins that I use do keep data. These plugins are all GDPR-compliant (or about to be), and have provided detailed privacy information:
- Yoast SEO: Collects website data only, no personal info: find out more here.
- Wordfence: Wordfence is a security plugin that helps guard against hacks and data breaches. They are fully GDPR compliant.
- Woocommerce: Owned by Automattic; privacy info here.
- Akismet: Owned by Automattic; privacy info here.
What data breach procedures I have in place
If my mailing list is ever compromised, I will notify every subscriber and let them know what data was breached, to the best of my knowledge.