GDPR compliance

  • Resolved wpandlpuser

    (@wpandlpuser)


    2 months ago

    Dear URM Team,

    I am currently working on the privacy policy document of my website in which I use your plugin.

    1.Under GDPR, I need to list all the service providers that use cookies, and those cookies might be stored on the visitor’s computer upon visiting the site.

    Would you please let me know if your plugin uses cookies?
    -If yes, which cookies?
    -What are these cookies used for?
    -How long are they retained?
    -Would you please provide a link to your applicable privacy policy?
    -Any additional information that could be useful

    2.Also, as per GDPR, I need to list all service providers who process visitor’s personal data on my behalf.

    Would you please let me know if your plugin is processing such personal data?
    -If so, please provide me a link to your DPA (data processing agreement) that I can reference in my Privacy policy.

    Thank you in advance!

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter wpandlpuser

    (@wpandlpuser)

    2 months ago

    Dear Support team,

    Would you please let me know on the above questions?
    It will also be very useful for other website administrators as well in the future to stay compliant.

    Thank you in advance!

    Plugin Support Amrit Kumar Shrestha

    (@shresthauzwal)

    2 months ago

    Hi @wpandlpuser,

    Thank you for reaching out and for preparing your website’s privacy policy carefully. We are happy to clarify how the plugin behaves regarding cookies and personal data.

    1. Cookies used by the plugin

    Our plugin does not create tracking or marketing cookies by default. However, it may rely on standard WordPress cookies to manage user sessions and login status.

    These cookies are typically:

    • wordpress_logged_in_[hash]
      Purpose: Identifies a logged-in user and maintains the login session.
      Retention: Until the session ends or the user logs out.
    • wordpress_sec_[hash]
      Purpose: Provides security for authenticated sessions.
      Retention: Until the session ends or the user logs out.
    • wp-settings-[user_id] and wp-settings-time-[user_id]
      Purpose: Stores user interface preferences in the WordPress admin area.
      Retention: Usually 1 year.

    Privacy policy reference:
    You can refer to the WordPress privacy policy documentation for core cookies:
    https://wordpress.org/about/privacy/

    1. Personal data processing

    Our plugin processes personal data only within your website and database. This includes information submitted by users through registration and profile forms, such as:

    • Name
    • Email address
    • Username
    • Profile information
    • Membership-related data

    All data is stored locally on your WordPress site. We do not collect, transmit, or store user data on external servers.

    Because of this, we do not act as an external data processor, and there is no separate DPA required from our side. You remain the data controller, and the data is processed within your own hosting environment.

    Kind regards,

    Thread Starter wpandlpuser

    (@wpandlpuser)

    2 months ago

    Dear @shresthauzwal ,

    Thank you for the comprehensive feedback!

    Wishing you a great day!

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.