In this section, you should specify the www.curiospaces.com, as well as the name of the company, organization, or individual responsible, and include detailed contact information.
The amount of information you may be required to provide varies depending on your location or specific business regulations. For instance, you may need to provide a physical address, business address, or your company’s registration number.
What Personal Data We Collect and Why
In this section, you should describe what personal data you collect from users and visitors on your site. This may include personal data such as name, email address, personal preferences, and transactional data like purchase information, as well as technical data, such as cookie information.
You should also justify the collection and retention of sensitive personal data, such as health-related information.
In addition to listing the personal data you collect, you must explain why you collect it. These explanations should justify the legal basis for collecting and retaining the data or the explicit consent provided by the user.
Personal data is not created solely through user interactions with your site. It can also be generated through technical processes such as contact forms, cookies, analytics, and embedded third-party content.
By default, WordPress does not collect any personal data about visitors and only collects the data displayed on the user profile screen for registered users. However, if any of your plugins collect personal data, include that information below.
Comments
In this subsection, you should describe what information is collected from comments. We have already described what data WordPress collects by default.
Media
In this subsection, describe what information may be disclosed when a user uploads media files. All media files uploaded are typically public.
Contact Forms
By default, WordPress does not include a contact form. If you use a contact form plugin, use this subsection to explain what personal data is collected when someone submits information through a contact form and how long you retain that information. For example, you may state that you keep form submissions for a certain period for customer service purposes but do not use the information for marketing.
Cookies
In this subsection, list the cookies used on your site, including those set by your plugins, social media platforms, and analytics tools. Below are the cookies installed by WordPress by default.
Analytics
In this subsection, describe the analytics service your site uses, how users can opt out of tracking, and provide a link to the privacy policy of your analytics provider if applicable.
By default, WordPress does not collect any analytics data. However, many web hosting services collect some anonymous data for analytics purposes. If you’ve installed a WordPress plugin that provides analytics services, add the plugin’s details here.
Who We Share Your Data With
In this section, list all third-party providers with whom you share site data, including partners, cloud-based services, payment processors, and third-party service providers. Explain what data you share with them and why. Link to their privacy policies when possible.
By default, WordPress does not share any personal data.
How Long We Retain Your Data
In this section, explain how long you retain the personal data collected or processed by the website. While it is your responsibility to set a timeline for retaining each set of data and explain why you keep it, this information must be listed here. For example, you might state that you keep contact form entries for six months, analytics records for one year, and customer purchase records for ten years.
What Rights You Have Over Your Data
In this section, explain what rights your users have regarding their data and how they can exercise these rights.
Where Your Data Is Sent
In this section, list all data transfers from your site outside the European Union and describe the measures taken to protect the data according to European data protection standards. This may include your web hosting, cloud storage, or other third-party services.
European data protection laws require that the data of EU residents transferred outside the EU maintain the same level of protection as if it remained in the EU. Therefore, in addition to listing where the data goes, describe how you ensure compliance with these standards, whether through agreements such as the Privacy Shield, model clauses in your contracts, or binding corporate rules.
Contact Information
In this section, provide contact details for specific privacy inquiries. If you are required to have a data protection officer, list their name and full contact details here.
Additional Information
If your site has commercial purposes and engages in more complex processes for collecting or processing personal data, you should also highlight that information in your privacy policy along with all the previously discussed details.
How We Protect Your Data
In this section, explain what measures are in place to protect your users’ data. This may include technical measures such as encryption, security measures like two-factor authentication, and protocols such as staff training in data protection. If you’ve conducted a Privacy Impact Assessment, you may mention it here.
What Data Breach Procedures We Have in Place
In this section, explain the procedures used to handle data breaches, potential or actual, such as internal reporting systems, contact mechanisms, or bug bounties.
What Third Parties We Receive Data From
If your site receives user data from third parties, including advertisers, include this information in the relevant section of your privacy policy.
What Automated Decision Making and/or Profiling We Do With User Data
If your site provides a service that includes automated decision-making, such as allowing customers to apply for credit or aggregating their data into an advertising profile, you must disclose this. Include details about how this information is used, what decisions are made with this aggregated data, and what rights users have regarding decisions made without human intervention.
Industry Regulatory Disclosure Requirements
If you are a member of a regulated industry or subject to additional privacy laws, you may be required to disclose this information here.