Close

Destination

Who we are

Suggested text: Our website address is: https://goodplacestovisit.com.

The General Data Privacy Regulation (GDPR)

The GDPR regulates privacy policy requirements for entities targeting users in the European Union (EU) and the European Economic Area (EEA), regardless of the company’s physical location.

Your business must comply with the GDPR if it targets EU consumers and meets one of the following thresholds:

  • It offers goods or services
  • It monitors online behavior

Chapter 3, Articles 13 and 14 of the law clarify that users have the right to be fully informed about the collection and use of their personal data.

Linking to a generic privacy policy is not enough under the GDPR; you also need freely given consent from users before collecting their personal information. Under the law, personal data refers to any information relating to an identifiable person, either directly or indirectly.

It’s important to note that different privacy laws use unique definitions for personal information, each with slight variations in meaning.

Your business can communicate all relevant data gathering and processing information in compliance with the GDPR and request user consent by publishing a privacy policy on your website.

The penalties for GDPR non-compliance are fines of up to 4% of your annual global turnover or €24 million ($23 million), whatever is highest.

The California Consumer Protection Act (CCPA)

The CCPA regulates privacy policy requirements for businesses targeting users in California, regardless of the company’s physical location.

Your business falls under the CCPA if it meets one of the following thresholds:

  • It generates over $25 million in annual gross revenue
  • It annually buys, receives, sells, or shares the personal information of 50,000 or more consumers (changing to 100,000 under the CPRA)
  • It derives 50% or more of its annual revenue from the sale of personal consumer data

Under the law,  you must inform users about the personal data you collect and how it’s processed.

The text of the CCPA defines personal data similarly to the GDPR but excludes publicly available information, like social media posts.

You must also provide a way for consumers to opt out of the sale of their data.

To comply with the CCPA, you can outline your data practices with our standard privacy policy template and include a conspicuous “Do Not Sell My Personal Information” link.

The penalties for CCPA non-compliance are fines of $2,5000 per violation or $7,500 per intentional violation.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.