This is all super boring, but it’s stuff I gotta let you know. Especially if you are visiting from the EU or UK.
What personal data do we collect?
When visitors leave comments on this Site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Your email address will not show in the comments, but anything you say in the comment will. So please only leave comments that you are comfortable with the public reading. Do not leave any personal information (such as a physical address, email, or other personally identifying information) in the body of your comment, to protect your privacy.
When visitors use the contact form on this Site, they are required to provide an email address. We only use this email address to reply to the inquiry. We will not send any unsolicited marketing material to the email address.
If the contact form is used to initiate a hiring contract between Marissa and the visitor of this Site, then further communication via email between Marissa and this Site visitor may take place.
The information included in the contact form (name, email and message) is kept in this site for a period of five years, for the purpose of future reference and follow up replies only. If the visitor wishes to have this information deleted, they may state that in their message and we will honor that request. See also the information under the “what rights you have over your data” heading, further down, for more details about this.
What are cookies?
A cookie is a small text file created when you visit a website. They are created to keep track of your movements within the site, help you resume where you left off, and save any customizations you made.
The text file contained in a cookie includes some or all of the following information:
- IP addresses
- Internet Service Provider
- Date and time stamp
- Type of browser (such as Chrome, Firefox, Explorer, etc)
- Enter and exit pages
How long cookies stay on your browser depends on the duration set for that particular cookie. Some stay for a year or more, some are gone as soon as you close the browser.
Links to help you control cookies on your browser:
Different types of cookies
There are two types of cookies: necessary and non-necessary.
Necessary cookies are exactly what the name implies – they are needed to make this Site function properly for you. For example, if we have links to products on a third-party site, those links need to work for you and may require cookies to do so. If we have an online store feature in our site (coming at some point), you’ll need cookies to add products to your cart.
Non-necessary cookies are one of these:
- Performance cookies that track activity, like pages visited, error messages, and similar info. They don’t identify a particular user, just overall activity on this Site.
- Functionality cookies that remember choices you’ve made on this Site, like the comment cookies we mention below.
- Targeting or Advertising cookies that use your browsing habits to display ads on a site.
What cookies do we use on this site?
We use both necessary and non-necessary cookies.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
These are non-necessary functionality cookies, so if you do not opt-in when you comment, the site will still function normally for you.
We use a security plugin on our site, called Wordfence. This helps us keep the site free from malware and viruses, which in turn protects our users as well. Wordfence has a feature we enabled called “Live Traffic”. This shows us the IP address of visitors currently using our site and what pages they viewed.
It also shows IP addresses of bots and crawlers. Which sounds like bugs, but are web tools used by Bing, Google and other companies and softwares. Some of them are good and some bad, but that’s the beauty of Wordfence – it alerts us to the bad ones. It also detects if an IP address is known for installing viruses on other sites and blocks it.
Each visitor to the Site, whether bot or human, gets a row in the Wordfence live traffic screen. When a person or bot clicks on a new page, that displays to us in a new row.
The reason I’m explaining this is to let you know that the length of time the live traffic data is stored, varies according to the number of rows we wish to save. It is currently set to 500 rows. That sounds like a lot, but because many of those hits are bots and crawlers, it’s really not that much. The timeframe this entails depends on how much traffic we get.
If a hack or malware attempt comes from an IP address, that address is saved in our records for a long time – 10 years – so that we recognize the mo’fo’ if they try it again.
The Wordfence cookies are necessary because they help protect this Site from malware and viruses.
We also use Google Analytics, which uses non-necessary performance cookies and deserves a heading all on its own.
Google Analytics cookies
Like any business we like to see if our visitors come from Google, Facebook or another site in order to better manage and market our business. We use Google Analytics to tell us this information. When we login to our Google Analytics account, we can see which pages on this website visitors visited, the paths visitors took, where they came from and how they left.
We can not see which website you visited after you leave us, however. The only way we could narrow down the information to any one individual is if only one person was on this website that day, and we knew who that was (hi, mom!).
Our Google Analytics Cookies are set to retain the visitor information for 26 months and resets each time you visit us. For example, if you visit this Site on July 1, then again on July 14, the 26 months starts again on the July 14 visit.
This visitor usage history helps us to see, month over month or year over year, how our site is performing, which pages people like and how we can improve it to get more visitors.
Furthermore, we have our Google Analytics set to anonymize IP addresses. That means the last three numbers of your IP address becomes a zero, rendering it more anonymous than it was before. It is then not a personally identifiable piece of information (it really wasn’t completely one before, but in combination with other pieces of information, it could have been). Clear as mud, right?
Yeah, it confuses me too. The main thing is that our Google Analytics isn’t saving or sharing your personal information.
On your very first visit to this Site, you will see a cookie consent message at the bottom. There we let you know a quick summary of the types of cookies we use and why. According to the GDPR, we have to get the consent of EU visitors before we use any non-necessary cookies that share or store personal information.
Well, NONE of our non-necessary cookies share or store personal information, so we don’t ask for consent before installing them. So when you click “Accept” on our cookie consent message, it’s really just informing you and making the annoying message go away.
And when you click “Tell me more”, you go to this page you’re on, (hi!) to read all this stuff.
BUT, if you just don’t like the idea of any cookies from our site being installed on your browser, that’s totally okay. You can use the links to control the cookies in your browser, that I gave earlier to help you block them. Or…you can use the below technique to see and block the cookies that a particular website installs on your browser.
Cool technique to view and block cookies
First, for this to show just the cookies installed on your browser by a particular website, you have to do this in an incognito window. In Chrome, you click on the three dots on the far right of your browser tool bar:
Then, click on “New incognito window” and type in the website url you want to visit.
When the site comes up, look in the browser window, on the left, before the url. You’ll see a little lock icon. Or, if the site doesn’t have a security certificate, it might be a little “i”. Either way, click on it and you’ll see a popup box like this:
Click on where it says “Cookies”. You’ll see a number after it, which is the number of cookies that website installed on your browser. If you do not do this in an incognito window, you’ll see a lot more cookies, because if you’re signed into Chrome, or Google or something, there’s all those cookies in there as well and those aren’t coming from just that particular website.
Anyway…so when you click on “Cookies” a box comes up that looks like this:
It shows you the cookies that are installed and where they came from. In this snippet, it’s the Instagram Feed plugin that installed some cookies. If you highlight the source of the cookies, like in the picture, you can click “Block” down in the bottom left corner, and those cookies will be blocked by your browser. You should be able to do that for any of the cookies listed there, theoretically. I haven’t tried this in every browser or for every cookie, so I don’t know if it works every time, but I thought it was a cool little tool.
Now, if those Instagram cookies are blocked, that means you probably have to relog into Instagram to follow me on Instagram, so it’s kind of a pain for you. But…that’s how you can block them and other cookies like them, if you want to.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Below are links to the privacy policies of the sites where we embed content from:
Third party plugins and social sharing
We use third party plugins for social sharing and other purposes. Below are the ones we use and how they may affect your information.
According to the Instagram Feed’s plugin website, when the plugin makes a request to Instagram’s API to get new posts (api.instagram.com), it sets three cookies in the web browser: rur, urlgen, and csrftoken. These are arbitrary cookies used for functional purposes to validate the connection to the Instagram API. They do not transfer or store personal data. They are only used on the first page load after the plugin cache has expired.
Facebook and Twitter
We have the Mashshare plugin that allows you to share content from this Site to Facebook and Twitter. Mashshare does not share your IP address with either of those networks when you share our posts.
What do we do with your personal data?
Currently, the only personal data we collect from you is possibly an email address (from your comment or contact form) and an IP address (from Wordfence, our security software plugin).
We mentioned above that we will only use your email address to reply to your inquiry from our contact form. As far as comments, we may reply to a comment, but that reply doesn’t even get sent to you via email. You can view those in your WordPress account or come back to the post where you commented and check for a reply. We don’t use the email address you provide when you comment unless you specifically request us to do so.
As for your IP address, we mentioned how we use Wordfence to see the live traffic hits to our site, from humans, crawlers and bots and to protect this Site from virus attacks.
These are the only ways we use your data.
Who do we share your data with?
Also, if you comment, it will be checked by the spam filter within the Wordfence plugin, to determine if the comment contains a virus or is spam.
We also do not share your contact form information with anyone else. All conversations between Marissa and you via email or the contact form are private. If law enforcement legally demands those conversations then we would have to comply, but other than that, we don’t spill.
We may have links to other websites from our Site. We are not responsible for the content, security, privacy policies and practices of any other websites, even if you access them using links from this Site or if you can access this Site or use our services from them. We recommend that you check the policy of each website that you visit and make sure that you are comfortable with the terms of such policies before providing any personal information.
If our business is sold or merged, or if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. We will make sure that any such transfer is done in a secure way.
How long do we retain your data?
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Earlier, we explained about the Wordfence security plugin and how long (approximately) that data is retained.
Where do we store your data?
We maintain your data at the server of our hosting company, Siteground, and within the backups for this Site stored on our business computer.
If you leave a comment on this website, that information is stored at our hosting company, Siteground, as well. That information includes your name, your avatar, your comment, the time you left the comment and your ISP address.
For any Europeans using the site, the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or contractors. Territories outside of the EEA may not have equivalent legal protections to those that apply within the EEA but we are under a duty to make sure that our suppliers and contractors located outside of the EEA continue to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. By submitting your personal data to us, you agree to this transfer, storing or processing.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
We follow strict security procedures to ensure that your personal information is not damaged, destroyed or disclosed to a third party without your permission and to prevent unauthorized access to it. The computers that store the information are kept in a secure facility with restricted physical access and we use secure firewalls and other measures to restrict electronic access. If we are working with third parties, we will require them to have in place similar measures to protect your information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
You have the right to ask us not to process your personal data at any time.*
You have the right to ask us, at any time, to show you what data we’ve collected.
You have the right to fix any data we have that is incomplete or wrong.
The Data Protection Act 1998 (DPA) and the GDPR (in Europe) gives you the right to access information held about you. Your right of access can be exercised in accordance with the DPA and GDPR.
You can also exercise the rights above at any time by contacting us at Marissa (at) Namasteabroad.com. Simply send us an email with your request and we will comply.
*Asking us to not process your data does require us to delete your data, which is legally considered processing your data. So respectfully inform you that we’d have to do that one thing.
How we protect your data
We use whatever means are within our control to protect your data and that consists of:
- This Site uses a SSL security certificate to help prevent evil hackers from intercepting the connection between your computer and our Site.
- We use Wordfence, a security plugin to protect our site from hackers, attackers and other malicious entities out to steal people’s information.
- We don’t share your email with anyone, unless we’re required to by law.
Data breach procedures
After, cussing, stomping around, crying in a corner and calling my mom, the procedure I’ll follow if I discover my website has been breached is to email the commenters, form submitters and registered users within 24 hours of discovering the breach.
I will also perform a scan of this Site to determine where and how the breach occurred and take extra security precautions to ensure it doesn’t happen again.
Children Online Privacy Protection Act (COPPA)
In case you haven’t noticed, this Site is not intended for children under 13 years of age. No one under age 13 may provide any information to or on this Site. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Site or on or through any of its features. This includes registering on this Site, making any payments through this Site, using any of the interactive or public comment features of this Site, or filling in the contact form on this Site. Do not provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use.
If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at marissa (at) namasteabroad.com
We are committed to complying with the Children’s Online Privacy Protection Act (COPPA). Schools and parents should supervise their children’s online activities and consider the use of other means to provide a child-friendly, online environment. If you would like to learn more about COPPA, visit the Federal Trade Commission home page at http://www.ftc.gov.
If you are living in the EU and are under the age of 16, it is required by law that you obtain consent from your parents before subscribing to any email list. We do not target, cater or provide products or services for 16 years and under and thus do not have a parental approval process.
You are responsible for periodically visiting this page of our Site to check for any changes and to ensure the email address you have provided to us is accurate in case we need to notify you of a breach.