My website address is: http://www.jecphotography.com
What is the policy?
The policy for this website is quite simple unlike a lot of other websites where they give you pages and pages of legal jargon that is mainly how they – the website owner – are protected when it comes to using your information when you are visiting their website.
Basically, your privacy is never shared, rented, lent, etc. – period. There are a couple of exceptions to this more below in a second.
When you come to the site, I want you to enjoy the site and not have to worry about what I’m going to gain from it – which is nothing – unless you buy a print from me 🙂
Ok that being said, let’s get on with it:
1. The sharing of third party information.
Sometimes, the sharing of information needs to occur between yourself (i.e. when you make a purchase), the credit card firm or payment portal, myself and the delivery system to get the image into your hands. For example:
- You come to the site, see an image you like and decided to purchase it.
- You then order and pay for it and use a service such as Paypal, who then processes the payment.
- The process of the payment is shared between, you, Paypal and Myself.
- I then process/compete your order and prepare it for shipping.
- I then share my and your information to the shipper i.e. UPS / Canada Post / Fedex so that they can deliver the image from me to you.
- Once the process is completed, the record of the transaction is stored on my computer behind a firewall. The actual credit card information resides of the Paypal server.
2. Data Collection and Usage
Comments – currently the ability to leave a comment is turned off –
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
The only media allowed on the site is the media from J Edward Cook. Outside materials are not permitted. This is to help reduce potential spam and to also help prevent any links that could potentially send you to unsafe websites.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
We don’t except in the items listed in this page.
How long we retain your data – since comments and registered users are disabled, this is a mute point
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data – since comments and registered users are disabled, this is a mute point
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data – since comments and registered users are disabled, this is a mute point
Visitor comments may be checked through an automated spam detection service used mostly in comments and contact me emails
Your contact information – since comments and registered users are disabled, this is a mute point
Currently not collected save the above although this may change once ecommerce commences at which point this section may change.
How we protect your data
Data protection is that the website is behind a firewall, and is automatically updated when the WordPress themes, plugins etc. are updated.
These are all done at site host level, I have nothing on my personal machine, all work is done server level.
Since I do not allow comments, and do not currently do any ecommerce transactions via the website, no personal information is ever recorded for the outside world. The site is currently a static view only website. This section may change if I proceed to an ecommerce site.
What data breach procedures we have in place?
Over the past ten plus years or so, I have only had two breaches which hampered the functioning of the website to the outside world. There was no loss of any personal information of people who come to this website as I do not collect it.
The first occurrence was most likely due to a security issue from a plugin that I was using for a photo gallery – when I wanted to use that plugin again WordPress denied access to the plugin due to a ‘security issue’ with the plugin. I then upgraded to a more professional version.
The second was only an infection causing the php to not function correctly. This was mostly likely due to the database not being automatically updated properly – so I can’t say if it was actually an infection or if the WordPress Theme or plugins were the problem. In any case, the problem was rectified the day after it happened and a scorched earth procedure took place regardless. Everything is now up-to-date and backed up on a regular basis.
As for breach procedures they are as follows:
1. Site is immediately locked down and password protected – meaning that if you the public come to the site, you would need a password to see the site and any of its content. This is not to infer that the site is not password protected. The site on the server and access to it, in order to run the site, etc. is ALWAYS password protected.
2. Email is sent to the server host for investigation – to see if the site was actually a) hacked, b) infected or c) if the site is not working right because a WordPress Theme update or plugin broke he code needed to display the site correctly.
3. Steps taken re: number two above:
C – if item C, broken theme or plug-in, two courses of action 1. Wait for a hotfix for the broken code – not really plausible 2. revert back to the last working version of the theme and or plugin. Test the website, and if working, remove the public access restriction of the site
B – if item B, infection, one course of action. Scan site for infected files, malware, etc and clean infection. Most likely a complete reinstall of a clean backup of the site. Before this, all passwords, changed and a review of all technology is done – i.e databases using correct version i.e. version 10 instead of version 7 and all theme and plugin updates done as needed. The site is then re-released to the general public.
C – if item A, only one course of action – scorched earth policy. Website and all assets, email accounts etc are purged from the server, a new site is then built from scratch of a clean backup is then reloaded onto the server, new email accounts are created along with new passwords, etc. Once completed the site is re-released to the general public.