Who we are
Our website address is: https://www.livinginitaly.com.
If you have given us your email address (by emailing us, buying something from our website or subscribing to our website, for example) you should read this to reassure yourself that we are looking after your data responsibly.
If any website visitors understand these rules better than us and believe there is something else we should be doing, please don’t hesitate to let us know. We value the security of your information extremely highly and will never intentionally breach the rules. However, the rules are designed for large organisations and this website is run as a hobby and owned by a freelance business person just doing her best to keep up.
Our lead data protection supervisory authority is the The Italian Data Protection Authority- Garante per la protezione dei dati personali (http://www.garanteprivacy.it/). Our website is aimed at an English-speaking readership, however, so in order to create this document we consulted the UK ICO booklet, “Preparing for the General Data Protection Regulation – 12 Steps to Take Now”.
What personal data we collect and why we collect it
Name and email address
Email addresses of people who have emailed us via our contact form and to whom we have replied – automatically saved in Gmail account – collected only for the purposes of replying to emails.
We do not share this information with anyone, unless specifically indicated and when explicit consent has been given by the message sender, or in the highly unlikely event that we are legally obliged to do so.
If someone randomly asks for another person’s email address, unless both are known closely to us, we will always check with the other person first.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Comment form cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Google’s reCAPTCHA Cookies
Some forms on this site require the use of Google’s reCAPTCHA service before they can be submitted. If you consent to use Google’s reCAPTCHA service, a cookie is created that stores your consent. This cookie deletes itself after thirty days.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use Google Analytics to monitor traffic levels, search queries and visits to this website. Google Analytics stores IP addresses anonymously on its servers in the US, and neither we nor Google can associate your IP address with any personally identifiable information. To find out more please visit: How Google uses data when you use our partners’ sites or apps
Who we share your data with
We never share your name or email with anybody unless legally obliged to do so.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Security logs are retained for 14 days.
What rights you have over your data
Since version 4.9.6 upwards WordPress core has provided a tool to assist website owners comply with GDPR requirements. If you have an account on this site, or have left comments you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
If someone asked to see their data stored via Gmail we will take a screenshot of their email entry/entries.
If they unsubscribe themselves from a Mailchimp list, their data is automatically deleted.
This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service called iThemes Security provided by ithemes.com.
Subject access requests
We aim to respond to all requests within 72 hours and usually much sooner.
Lawful basis for processing data
If people have emailed us, they have given us their email address, and usually, their names. We do not actively add it to a list but Gmail will save it to our Contacts list. We will not add it to any database or spreadsheet unless someone asks us to or gives us explicit and detailed permission.
If people have opted into our Mailchimp list they have actively opted in, in the knowledge that they will receive the following:
• Occasional newsletters and occasional bits of news based on blog posts on website
• Each newsletter will remind users (again) that they can unsubscribe at any time
Young people sometimes email us but we don’t know their age unless they tell us – and we only have their word for that. We would not deliberately keep their email address (but Gmail would save it in our account.) Since we are not “processing” their data, we are not required to ask for parental consent. We might reply to the email, but will not actively contact them again.
We have done everything we can to prevent this, by strongly password-protecting our computers, mobile devices, Gmail, Dropbox, Siteground and iThemes BackUpBuddy Stash accounts, and using twofactor verification where available. If any of those organisations were compromised we would take steps to follow their advice immediately. Our website is hosted by Siteground and is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information. Access to back end website management is also protected by strong passwords and two-factor verification.
Communicating privacy information
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. This page was last updated 6th July 2018