WordPress.org

About

Privacy

Privacy policy

WordPress.org websites (collectively “WordPress.org” in this document) refer to sites hosted on the WordPress.org, WordPress.net, WordCamp.org, BuddyPress.org, bbPress.org, and other related domains and subdomains thereof. This privacy policy describes how WordPress.org uses and protects any information that you give us. We are committed to ensuring that your privacy is protected. If you provide us with personal information through WordPress.org, you can be assured that it will only be used in accordance with this privacy statement.

Website visitors

Like most website operators, WordPress.org collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. WordPress.org’s purpose in collecting non-personally identifying information is to better understand how WordPress.org’s visitors use its website. From time to time, WordPress.org may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

WordPress.org also collects potentially personally-identifying information like Internet Protocol (IP) addresses. WordPress.org does not use IP addresses to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described below.

Gathering of personally-identifying information

Certain visitors to WordPress.org choose to interact with WordPress.org in ways that require WordPress.org to gather personally-identifying information. The amount and type of information that WordPress.org gathers depends on the nature of the interaction. For example, we ask visitors who use our forums to provide a username and email address.

In each case, WordPress.org collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with WordPress.org. WordPress.org does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities, like purchasing a WordCamp ticket.

All of the information that is collected on WordPress.org will be handled in accordance with GDPR legislation.

Protection of certain personally-identifying information

WordPress.org discloses potentially personally-identifying and personally-identifying information only to those of project administrators, employees, contractors, and affiliated organizations that (i) need to know that information in order to process it on WordPress.org’s behalf or to provide services available through WordPress.org, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using WordPress.org, you consent to the transfer of such information to them.

WordPress.org will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to project administrators, employees, contractors, and affiliated organizations, as described above, WordPress.org discloses potentially personally-identifying and personally-identifying information only when required to do so by law, if you give permission to have your information shared, or when WordPress.org believes in good faith that disclosure is reasonably necessary to protect the property or rights of WordPress.org, third parties, or the public at large.

If you are a registered user of a WordPress.org website and have supplied your email address, WordPress.org may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with WordPress.org and our products. We primarily use our blog to communicate this type of information, so we expect to keep this type of email to a minimum.

If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. WordPress.org takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of potentially personally-identifying and personally-identifying information.

Use of personal information

We will not use the information you provide when you register for an account, attend our events, receive newsletters, use certain other services, or participate in the WordPress open source project in any other way.

We will not sell or lease your personal information to third parties unless we have your permission or are required by law to do so.

We would like to send you email marketing communication which may be of interest to you from time to time. If you have consented to marketing, you may opt out later.

You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click on the unsubscribe link at the bottom of the email.

Legal grounds for processing personal information

We rely on one or more of the following processing conditions:

  • our legitimate interests in the effective delivery of information and services to you;
  • explicit consent that you have given;
  • legal obligations.

Access to data

You have the right to request a copy of the information we hold about you. If you would like a copy of some or all your personal information, please follow the instructions at the end of this section.

All WordCamp attendee-provided data can be viewed and changed by the attendee via the Access Token URL that is emailed to confirm a successful ticket purchase.

WordPress.org user accounts can be edited by following these steps:

  1. Visit https://login.wordpress.org/, and enter your username and password.
  2. You will be redirected to https://profiles.wordpress.org/your_username.
  3. Click the “Edit” link next to your username.

If you would like to request access to your account data, please follow these steps:

  1. Visit https://wordpress.org/about/privacy/data-export-request/.
  2. Enter your email address.
  3. Click “Accept Declaration and Request Export”.

Note: If you have a WP.org account, it’s recommended you log in before submitting to associate your account with the request.

Retention of personal information

We will retain your personal information on our systems only for as long as we need to, for the success of the WordPress open source project and the programs that support WordPress.org. We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information from our live systems. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request.

WordPress.org will not delete personal data from logs or records necessary to the operation, development, or archives of the WordPress open source project.

WordPress.org shall maintain WordCamp attendee data for 3 years to better track and foster community growth, and then automatically delete non-essential data collected via registration. Attendee names and email addresses will be retained indefinitely, to preserve our ability to respond to code of conduct reports.

On WordCamp.org sites, banking/financial data collected as part of a reimbursement request is deleted from WordCamp.org 7 days after the request is marked paid. The reason for the 7-day retention period is to prevent organizers having to re-enter their banking details if a wire fails or if a payment was marked “Paid” in error. Invoices and receipts related to WordCamp expenses are retained for 7 years after the close of the calendar year’s audit, by instruction of our financial consultants (auditors & bookkeepers).

When deletion is requested or otherwise required, we will anonymise the data of data subjects and/or remove their information from publicly accessible sites if the deletion of data would break essential systems or damage the logs or records necessary to the operation, development, or archival records of the WordPress open source project.

If you would like to request deletion of your account and associated data, please follow these steps:

  1. Visit https://wordpress.org/about/privacy/data-erasure-request/.
  2. Enter your email address.
  3. Click “Accept Declaration and Request Permanent Account Deletion”.

Note: If you have a WP.org account, it’s recommended you log in before submitting to associate your account with the request.

Rights in relation to your information

You may have certain rights under data protection law in relation to the personal information we hold about you. In particular, you may have a right to:

  • request a copy of personal information we hold about you;
  • ask that we update the personal information we hold about you, or independently correct such personal information that you think is incorrect or incomplete;
  • ask that we delete personal information that we hold about you from live systems, or restrict the way in which we use such personal information (for information on deletion from archives, see the “Retention of personal information” section);
  • object to our processing of your personal information; and/or
  • withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).

If you would like to exercise these rights or understand if these rights apply to you, please follow the instructions at the end of this Privacy statement.

Third party links

Our website may contain links to other websites provided by third parties not under our control. When following a link and providing information to a 3rd-party website, please be aware that we are not responsible for the data provided to that third party. This privacy policy only applies to the websites listed at the beginning of this document, so when you visit other websites, even when you click on a link posted on WordPress.org, you should read their own privacy policies.

Aggregated statistics

WordPress.org may collect statistics about the behavior of visitors to its websites. For instance, WordPress.org may reveal how many times a particular version of WordPress was downloaded or report on which plugins are the most popular, based on data gathered by api.wordpress.org, a web service used by WordPress installations to check for new versions of WordPress and plugins. However, WordPress.org does not disclose personally-identifying information other than as described in this policy.

Cookies

Additionally, information about how you use our website is collected automatically using “cookies”. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

Please see our cookie policy for more information about what cookies are collected on WordPress.org.

Privacy policy changes

Although most changes are likely to be minor, WordPress.org may change its Privacy Policy from time to time, and at WordPress.org’s sole discretion. WordPress.org encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Contact

Please note we cannot provide help or information about other websites, including those which may run on WordPress open source software but are hosted by third parties.

We suggest contacting the site owner or author directly. To find more information about the site’s host or domain registrar, you can use these tools:

Please contact us if you have any questions about our privacy policy or information we hold about you by emailing dpo@wordpress.org.

Creative Commons License