Who I am
The Donuts and Dragons blog, its Twitter account, Facebook Page and associated groups are a personal project by me, Inge Loots. The blog is hosted at https://donutsdragons.eu/
What Personal Data I Collect and Why
By default, WordPress does not collect any personal data about you, and only collects the data from registered users. Some of my plugins do collect data, I’ll explain what they collect and why they collect it below.
When you leave comments on the site I collect the data shown in the comments form, and also the your IP address and information about the browser you are using for spam detection.
After approval of your comment, it will be visible on the website and permanently stored in the database for as long as the site is live. The system uses your information to make sure any following comments won’t be queued for moderation, but posted directly to the site.
Akismet collects information when you comment on this blog using the Akismet anti-spam service. The information they collect typically includes the your IP address, your browser information, if you clicked a link to end up here and any information you fill in on the comment form. The data is collected to distinguish spam from real comments on the site.
Your IP address, the user ID of logged in users, and any usernames used to try to login are logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.
In accordance with EU guidelines, I use a plugin to ask your permission for cookies. Some content (cookies and scripts) will be blocked upon loading the page and need your explicit permission before being displayed.
If you leave a comment on this site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
I have enabled sharing icons to some social platforms and services: Buffer, Pinterest and Twitter. You can also share via e-mail or print the post if you want to. These sharing icons are part of the site’s theme which is Extra by Elegant Themes.
Some forms on this site require the use of Google’s reCAPTCHA service before they can be submitted. The purpose of these cookies is to avoid getting challenged every time you want to submit a form. If you consent to use Google’s reCAPTCHA service, a cookie is created that stores your consent. This cookie deletes itself after thirty days.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you would visit the other website. Examples of embedded content on this site are the Spotify and Twitter widgets in the side bar and YouTube videos in posts and on pages.
Note that blocking these cookies interferes with the embedded content. If you want to watch an embedded video on the site, or see my tweets, you need to allow these cookies.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I have, including any data you have provided to me. You can also request that I erase any personal data I have. This does not include any data I am obliged to keep for administrative, legal, or security purposes.
If you want to use your rights, you can contact me through my contact form. Note that under Dutch law, I have to ask for proper identification before handing over any personal data and that I can only disclose your personal data to you. I am not allowed to share your data with anyone else without your written permission.
Where I send your data
Visitor comments may be checked through an automated spam detection service (Akismet). The information entered in a comment form may also be shared with Gravatar, a global avatar service that connects avatars with email addresses. WordPress, Akismet and Gravatar are all services by Automattic, Inc.
How I protect your data
I try to avoid collecting any unnecessary data and try to keep it to username, email address and IP address. This data lives in this site’s database, which I protect with a security plug-in. The plug-in prevents unauthorized access to your data.
What data breach procedures I have in place
What is on the internet, can be hacked. That’s the core thought in my data breach procedure. Anyone who tries hard enough will be able to hack anything. The only thing a web master can do is make it harder, hoping that hackers try an easier target instead. I have installed a security plug-in for that and make sure I keep the site, the theme and all plug-ins up-to-date.
When I get hacked despite all of this, I will inform anyone who has ever commented by sending them an email. I also will notify the public by a sticky blog post on my site and via my social media channels and notify the Dutch regulator when appropriate.