Who we are
Our website address is: https://deconstructingyourself.com.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Akismet is used on this site — your IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.
Additionally, the IP address and user agent originally submitted with the comment are synced and they are stored in post meta. We do this on the basis of legitimate business interests in protecting against spam, and to be able to respond to your requests.
Mailchimp is used on this site. We collect your first name, last name, and email address in order to subscribe you to our newsletter list or to deliver information to you that you have requested. We do this on the basis of your consent.
We have ecommerce order forms on our website. Our order forms constitute a contractual agreement between us for the delivery of the specified products and services in line with our terms and conditions. We collect data about you in order to deliver the products or services that you have requested. We do this on the basis of legitimate business interest and on the basis of your consent.
This feature is only accessible to users logged in to WordPress.com.
Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.
Activity Tracked: Post likes.We do this in order to provide you with the service you have requested (to submit a post or to leave a like on a comment or post) on the basis of our legitimate business interests.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. We do this on the basis of your consent.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Data Used: Please refer to the appropriate Google Analytics documentation for the specific type of data it collects. For sites running WooCommerce (also owned by Automattic) and this feature simultaneously and having all purchase tracking explicitly enabled, purchase events will send Google Analytics the following information: order number, product id and name, product category, total cost, and quantity of items purchased. Google Analytics does offer IP anonymization, which can be enabled by the site owner.
Activity Tracked: This feature sends page view events (and potentially video play events) over to Google Analytics for consumption. We do this on the basis of our legitimate business interests.
We will only send you information by email about products or services we feel may interest you. If you have previously requested information from us or utilised our products or services, we will only contact you by email with information about products and services similar to those you have previously utilised or enquired about.
You can ask us to stop sending you marketing messages at any time. If you would like to do this, you can unsubscribe by clicking the link at the bottom of the email that we send you. Alternately, please email us (see ‘How to contact us’ section below).
Who we share your data with
We do not sell any of your personal data. To be able to provide our services to you, and to run Deconstructing Yourself, we share data with third parties from the following categories:
- Third parties, which are invoiced in processing purchases, e.g. web store systems, payment service providers, [enter here any other third parties involved in processing purchases – i.e. logistics companies, order packers, online cart systems, etc], etc.
- Third parties, which provide professional services to us, e.g. business consultants, web hosting providers, marketing agencies, etc.
- Third parties, which are closely related to us where necessary to deliver a service to you or where you have asked us to do so, e.g. our business partners and other closely related partner organisations;
- Law enforcement, regulatory bodies, auditors or other government agencies, and professional advisers to comply with any legal obligations, e.g. tax offices, accountants, customs officers, etc.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). For example, if you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
Should you wish to access the personal data we may hold about you then you can request this from us in writing. Upon written request, we will provide you with a readable copy of the personal data which we keep about you. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the written request. We will provide the information without charge, but we may charge a reasonable fee for the administrative cost of providing the information where the request for information is unfounded, repetitive or excessive. To make this request in writing, address your request to the Data Department using the contact details under the ‘How to contact us’ section below.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your personal data which we hold about you. It is not possible to change your username.
Should you require us to rectify any inaccuracies to the personal data we hold about you, please send a written request to the Data Department using the contact details under the ‘How to contact us’ section below. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the request. If we have disclosed your personal data to any third parties, we will also inform those third parties of any correction to your personal data where possible.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please click the unsubscribe link in our emails. Alternately, please email us (see the ‘How to contact us’ section below).
Right to erasure
You can require us to erase personal information we hold about you without undue delay in the following circumstances:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based and there is no other legal ground for the processing of the data;
- you object to the processing and there is no overriding legitimate interest for us to continue the processing of the data;
- your personal data was unlawfully processed; or
- your personal data must be erased in order to comply with a legal obligation.
We may not always be able to comply with your request of erasure for specific administrative, legal, or security purposes. These reasons will be notified to you, if applicable, at the time of your request.
Right to restrict processing of your personal data
You have the right to restrict the processing of your personal data in the following circumstances:
- you contest the accuracy of the personal data;
- you have objected to our processing of your data, and we are considering your objection because we have said the processing is necessary for the purpose of our legitimate interests;
- the processing is unlawful and you do not wish for the data to be erased but require restricted processing of the data instead; or
- we no longer require your personal data but you require the data to establish, exercise or defend a legal claim.
When processing of your data has been restricted, we will be permitted to store your data but will not perform any other processing of it, unless you consent to further processing or processing is necessary for the establishment of a legal claim; for the protection of rights of another person; or for reasons of important public interest.
Right to object to processing of your personal data
You have the right to object to us processing your personal data where our legal basis for processing the data is:
- for the purposes of our legitimate interests or for the performance of a task carried out in the public interest or any official authority held by us. Should you object to our processing of your personal data on these legal bases, your objection must be based on grounds relating to your particular situation. If you make such an objection, we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the exercise or defense of legal claims;
- direct marketing (including profiling). Should you object to our processing of your personal data for direct marketing purposes (including profiling), we will stop processing your personal data for this purpose; and
- for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest. Should you object to our processing of your personal data on this legal basis, your objection must be based on grounds relating to your particular situation.
Right to withdraw consent
Where we have relied on your consent for the processing of your personal data, you have the right to withdraw that consent at any time. If you wish to withdraw you consent please, email us using the contact details under ‘How to contact us’ below.
Where we send your data
We may need to transfer your personal data to countries that are located outside the European Economic Area (“EEA”) for the purposes of processing by parties that work for Deconstructing Yourself or one of its suppliers. For example, this may happen as the computer services used to host our website are located in a country outside of the EEA.
We may transfer your data to the USA to organizations such as Mailchimp for content delivery services; Twitter, Facebook, Google, etc. for communication and marketing services in accordance with your preferences (see the ‘Marketing’ section above for more information); Akismet for automated spam detection services.
We may transfer your data to closely related partner organizations located outside of the EEA where it is necessary for the performance of a contract with you related to our activities and services or because you have asked us to take specific steps before entering into a contract in respect of these activities and services.
How to contact us
The data controller responsible for your personal information for the purposes of the applicable European Union data protection law is:
San Francisco, California, USA
How we protect your data
We will use technical and organizational measures to safeguard your personal data. All information you provide to us is stored securely and any access to your online user account is controlled by a password and username that is unique to you. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
What data breach procedures we have in place
In the event of a data breach, that is, unauthorized access by a third party, to data managed by Deconstructing Yourself, or by one of our third party data processors (e.g. Mailchimp, Akismet, etc.), we will provide notification within 72 hours in accordance with the California Civil Code §§ 1798.29, 1798.82.
This means we will provide notice of what happened (including, where possible, the categories and approximate number of data subjects affected and the categories and approximate number of personal data records concerned, and whether and how long notification was delayed due to the intervention of law enforcement agencies), what data was involved, what we are doing, what you can do (including potential consequences of the data breach), any other important information related to the data breach, and how to contact us.
We will provide this notice by email, if we have an email address for you, by posting this information in a clearly accessible way on our website, and by notifying the Office of Information Security within the California Department of Technology.