Cookie Policy Update

As part of our ongoing commitment to transparency, today we released a significant update to our cookie policy on Automattic.com.

We released our first cookie policy in 2015, with the aim of providing our users and site owners more information about the cookies we set on our sites, and the information those cookies collected and used. This updated edition of our policy expands on our earlier work, including more detailed information on how and where we use cookies, with more specific examples. In addition, we provide more details on the third party ad partners we work with, and the operations of our internal analytics tool.

Finally, you may notice our new, attractive cookie notification banners.

Cookie Consent Banner

Our cookie policy ties in to these banners, explaining how they operate, and detailing the kinds of cookies that we place by default, as well as the cookies that we place only after a site visitor gives their consent.

We hope that you find this information useful, and for more details, check out the policy itself at automattic.com/cookies. This isn’t the end of the story – just an iteration – as we’ll continue to add more information as time goes on.

 

Data Processing Agreements with Automattic

Automattic is committed to helping our customers run their sites and online businesses in a manner that complies with the GDPR’s data protection and data transfer laws.

One way we are fulfilling our commitment is by providing a Data Processing Agreement, which is a contract that documents Automattic’s compliance with the GDPR requirements that apply to us as a data processor for your site. The Agreement also satisfies the requirement for standard model clauses that govern the transfer of your data to Automattic and its subsidiaries.

The Data Processing Agreement is an amendment to our Terms of Service and is available to anyone with an active subscription for one of our paid products. You can read our Data Processing Agreement here.

If you would like to sign a Data Processing Agreement with us, please contact us at gdpr-contracts@automattic.com. In your email, please let us know your wordpress.com username, list the paid product(s) to which you have subscribed, and whether you participate in our WordAds/Jetpack ads programs. We will follow up with a copy of the Data Processing Agreement for you to sign.

Offering a Data Processing Agreement is one way in which we’re assisting our users, worldwide, in meeting the requirements of GDPR.

Welcome to privacy.blog

Welcome to privacy.blog! We (your friends at Automattic) set up this site to provide information about new privacy laws, like Europe’s GDPR, that affect our services, our users, and the WordPress community overall. We’ll also use this site to announce our plans for implementing the GDPR’s important principles across Automattic’s products, including WordPress.com and Jetpack.

What is the GDPR?

User privacy and data protection are top of mind for many businesses, website owners, and users of online services. The General Data Protection Regulation (GDPR) is a new, comprehensive European privacy law that’s driving much of the recent attention. The GDPR, among other things, requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared. You can read more information about the GDPR and its requirements on our GDPR resource page.

It’s important to understand that while the GDPR is an European regulation, its requirements apply to all sites and online businesses who collect, store, and process personal data about residents of the EU no matter where the business is located.

With the GDPR in mind, we’re working hard to add features that enhance user choice around their personal data and bring more transparency to our practices around the collection, storage, and use of the data our users entrust to us.

Our Commitment to GDPR Compliance

As the enforcement date for the GDPR (May 25, 2018) approaches, we are working on several enhancements and tools to help WordPress.com, Jetpack, and WooCommerce services on their own compliance journeys.

Over the coming weeks, we will be introducing a number of new features and pieces of documentation to:

  • Honor personal data access and export requests for our WordPress.com, Jetpack, and WooCommerce users.
  • Offer account closure for WordPress.com accounts.
  • Enable opt-outs for Automattic’s first-party analytics system for WordPress.com users.
  • Provide more information on the cookies we use in our services, such as via on-site notifications (banners) that highlight the cookies we use on our sites.

We’re also releasing features to help you and your site meet the requirements of new privacy laws. These include: a new “cookie and consent” notification that WordPress.com and Jetpack site owners can add to their sites, and tools for our WooCommerce.com merchants to manage data access and deletion requests from their customers.

These new features are in addition to the features we have already launched (and will be blogging about here soon) and the privacy protections we had in place already to help you control your content, keep it secure, or even move your site to another WordPress host.

We’ve always held a strong commitment to user privacy and security. Many of the GDPR’s principles align with our long-held values and we look forward to sharing our privacy related work with you.