Privacy Policy

1. General Data Protection Regulation (GDPR)

GDPR applies to any website that collects or processes personal data from individuals in the European Union (EU). Even though your business is based in the U.S., if you have visitors from the EU, you must comply with GDPR. Here's how:

Key Requirements:

  • Consent Mechanism:
    • Explicit Consent: Make sure users actively agree to cookies and tracking technologies by providing a clear consent banner when they visit your website.
    • Cookie Notice: Include a clear notice explaining the types of cookies you use and their purpose.
  • Data Protection Policy:
    • Privacy Policy: Include a comprehensive privacy policy that details the type of data collected, how it is used, stored, and shared. It should also explain users' rights under GDPR (access, correction, deletion, data portability, etc.).
    • Data Retention Policy: Explain how long data will be stored and how users can request deletion.
  • Data Subject Rights:
    • Allow EU users to request access to their personal data, have it corrected, or have it deleted.
    • Implement a system for handling data access and deletion requests within a month.
  • Data Breach Notifications:
    • Ensure a process is in place to notify users and regulators of any data breaches within 72 hours of discovering the breach.
  • Third-Party Compliance:
    • Ensure any third parties (e.g., advertising platforms, analytics services) comply with GDPR as they handle user data from your website.

2. California Consumer Privacy Act (CCPA)

CCPA applies if your website collects personal data from California residents and your business meets one of the following conditions:

  • Annual gross revenue over $25 million.
  • Buys, receives, or sells the personal information of 50,000 or more California residents, households, or devices.
  • Derives 50% or more of annual revenue from selling California residents' personal information.

Even if your business doesn't meet these criteria, it's a good practice to follow CCPA rules if you have California visitors.

Key Requirements:

  • Privacy Policy:
    • Update your privacy policy to include how you collect, use, and share personal information. It should explain consumers' rights under CCPA (right to know, right to delete, right to opt out of data selling).
  • “Do Not Sell My Personal Information” Link:
    • Add a visible link titled “Do Not Sell My Personal Information” on your website. This allows users to opt out of the sale of their data.
  • Consumer Rights:
    • Give California residents the option to request access to their personal data and the ability to delete it.
    • Provide a mechanism for users to submit these requests, such as an email address or web form.
  • Data Access and Deletion Requests:
    • Respond to consumer requests within 45 days.
    • Ensure that you verify the identity of the individual making the request before processing it.
  • Notice at Collection:
    • Inform users at or before the point of collection about the categories of personal information you are collecting and the purposes for which it will be used.

Steps to Implement on WebHealthyTips.com:

  1. Update Your Privacy Policy:
    • Include sections dedicated to GDPR and CCPA compliance.
    • Clearly outline the types of data collected, the purpose of collection, and third-party sharing practices.
  2. Add a Consent Management Tool:
    • Implement a cookie consent banner that allows users to accept or decline cookies based on their preferences.
    • Ensure that consent is actively given, particularly for GDPR compliance.
  3. Create Opt-Out Mechanisms:
    • Add a “Do Not Sell My Personal Information” link for CCPA compliance, and ensure it is prominently displayed.
  4. Set Up Data Access/Deletion Requests:
    • Add a form or email link for users to submit requests to access, modify, or delete their personal data.
    • Set up a system to handle these requests within the required time frame.
  5. Third-Party Vendor Audit:
    • Review your partnerships with any third-party services (advertising, analytics) to ensure they comply with both GDPR and CCPA regulations.
  6. Data Breach Procedures:
    • Establish a protocol for reporting data breaches to users and authorities in a timely manner.

Who we are

Suggested text: Our website address is: https://webhealthytips.com.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.