General Data Protection Regulation (GDPR)
The GDPR law is the European law that regulates the privacy rights of users from the European Economic Area (EEA). Our Declaration of Conformity can be found here.
GDPR’s main principle is that users own their personal data, and the companies have the obligation to make the right steps to facilitate the users’ rights:
- to know what personal data companies collect, how they store this info and for how long
- to know if the personal data is shared with third parties
- to get the personal data (data portability)
- to delete the personal data
- to correct the personal data
Terms used in this document: We, users, third parties.
- CPOThemes is the provider of the service, referred sometimes as we.
- By users we understand all the users of our tools and service, and also, the visitors of our site.
- Visitors are those who browse the web pages of CPOThemes. The logged in visitors are users of our service because they previously signed-up for a CPOThemes account.
- Customers are the users that purchased paid plans.
- Third parties are other companies and the services they provide us.
What personal data we collect and how we collect it
From the users of our WordPress plugins and from those who use our WordPress themes, we directly collect the following data: WordPress CMS version, PHP version, theme name, theme version, theme author, theme slug, date installed, IP, installed version, site language, and the website’s url.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Visitor comments may be checked through an automated spam detection service
When the visitors of our website sign-up for an account we collect their emails, name, password, and billing address.
We also keep the personal data used in the financial transactions. The invoice details as payment email, billing address, amount of money, name of the customer, company, and payment system, are not completely under the GDPR law, but due to the fiscal policy we need to store them for 10 years. Our customers cannot ask us to delete the payment details as we don’t have the right to do so.
What we do with the collected personal data
In order to help our customers we need to use their personal data:
- Personal data needed for user identification: the email address used for registration and name.
- Personal data needed for debugging reasons: the domain where the theme/plugin is installed, theme information, plugin information.
- Personal data needed to communicate with the clients that need assistance: their email addresses
We send newsletters to our users about deals and promotions. Our marketing campaigns could promote other services as well, if we believe that they are compatible with our service, and that they could be useful for our users. We try to keep these types of messages at a maximum of two emails per user/ each month.
How long do we keep your personal data?
The details of personal data used in the financial transactions we keep for accounting purposes and store them for 10 years. We also keep your account records and each user can access these records from their CPOThemes account. This data is stored indefinitely and users have the right to ask us to delete their private data, even if this could mean the termination of the service we provide them due to technical reasons.
What do we share, with whom, and under what conditions?
Our users’ data is shared with third parties that help us run the service. Please check below a list of the services that have full or partial access to our users’ data, and their privacy and data policies.
We will tell our users if we intend to share their info with other third parties. We don’t sell personal data.
Important rights of our users regarding the personal data
Portability: You own your data. Please contact us if you want to receive the information we store about you and about your history with our service.
Personal data deletion and account removal: Users that want their personal data to be deleted can send a request at firstname.lastname@example.org specifying if they want the deletion of all their personal information or just a partial removal. Furthermore, the users can request that their data won’t be handed over or used in some of the ways mentioned in this document. The deletion of personal information can lead to the termination of the service we provide due to technical reasons.
Please contact us if you wish to have your personal data removed or if you wish to terminate your account.
Personal data errors: You have the right to correct your personal data. Use our contact form or write us at email@example.com if you want to correct your data.
The right to fill a complaint: For us, your personal data is important, and we try to take all the necessary steps to protect your personal data and to respect your rights. You have the right to fill a complaint at the National Authority for the Supervision of Personal Data Processing (Romanian: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
You can export data collected by us by creating a request here.
You can delete data collected by us by creating a request here.
Third parties that have access to your personal data
Help Scout – helpscout.net
This is a customer and ticketing service. It helps us manage and track the complaints of our clients. Help Scout has access to the following personal data: IPs, email, name, license, and website url. The Help Scout Company declared its compliance with GDPR, the EU law regarding the personal data protection. Read more about this here.
Help Scout promises to securely store the personal data needed for running their service and they will not use the personal data for other purposes.
NinjaForms – ninjaforms.com
By default, WordPress does not include a contact form. We are using NinjaForms as our contact form plugin.Through our contact form we collect your name and email address. This data is stored indefinitely for customer support purposes and users have the right to ask us to delete their private data, even if this could mean the termination of the service we provide them due to technical reasons. We do not use the information submitted through here for marketing purposes.
FastSpring – fastspring.com
FastSpring is our payment processor which offers a subscription billing system for our digital products. We don’t keep any Credit Card data.
FastSpring is fully compliant with GDPR as you can see here.
As we mentioned above, we keep the payment details as we are obligated by the fiscal law.
Akismet – akismet.com
EDD – easydigitaldownloads.com
We collect information about you during the checkout process on our store. This information may include, but is not limited to, your name, billing address, shipping address, email address, phone number, credit card/payment details and any other details that might be requested from you for the purpose of processing your orders.
Handling this data also allows us to:
– Send you important account/order/service information.
– Respond to your queries, refund requests, or complaints.
– Process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests.
– Set up and administer your account, provide technical and/or customer support, and to verify your identity.
Additionally we may also collect the following information:
– Location and traffic data (including IP address and browser type) if you place an order, or if we need to estimate taxes and shipping costs based on your location.
– Product pages visited and content viewed while your session is active.
– Your comments and product reviews if you choose to leave them on our website.
– Account email/password to allow you to access your account, if you have one.
– If you choose to create an account with us, your name, address, and email address, which will be used to populate the checkout for future orders.
WordPress – wordpress.org
WordPress.org is the foundation that manages the WordPress content management system, WordPress themes, WordPress plugins. WordPress is used by many of our users to develop and run websites. Our WordPress plugin is a piece of software that connects the sites built with WordPress to our servers, where we optimize the images of our users.
WordPress aggregates data about the active plugin installs and about the total number of downloads. WordPress.org is developing a tool to help plugin creators (like us) to comply with the GDPR law. This tool is not ready as we speak. We will implement it as soon as it becomes available to the general public.
Kinsta – kinsta.com
Kinsta is a hosting company. We use their service for hosting our website. Kinsta uses Google Cloud Platform which is fully compliant to GDPR. You can read about this here.
Google Analytics – analytics.google.com
We use the Google Analytics service to obtain statistics about our site’s visitor number, origin and behavior. We took the necessary steps to ensure that the information we gather through Google Analytics is anonymized and that we cannot identify a particular visitor.
If you wish to subscribe to the Company’s newsletter(s), we will use your name and e-mail address to send the newsletters to you.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Other Information Collected
Some information may be collected automatically every time you visit the Company’s web sites, such as cookies and computer information. In addition, information may be collected from other independent, third-party sources. We also collect information about which pages you visit within this site. This site visitation data is identified only by a unique URL.
The Company uses both session ID cookies and persistent cookies as part of its interaction with your browser. A cookie is an alphanumeric identifier (a file) that the Company’s web sites transfer to your computer’s hard drive through a web browser to enable its systems to recognize your browser for record-keeping purposes. A session ID cookie expires when you close your browser, while a persistent cookie remains on your hard drive for an extended period of time.
We use session ID cookies to make it easier for you to navigate our web sites. We use persistent cookies to identify and track which sections of its web site you most often visit. We also use persistent cookies in areas of its web site where you must register, and where you are able to customize the information you see, so that you don’t have to enter your preferences more than once.
The Company uses Google Analytics, an ad tracking technology that is provided by Google. For more information about Google Analytics, please visit https://www.google.com/analytics/
As it is true of most web sites, the Company gathers certain information automatically and stores it in log files. This information includes internet protocol (IP) addresses, browser type, internet services provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. The Company uses this information to analyze trends, to screen for fraud, to administer the Company’s sites, to track users’ movements around the web sites and to gather demographic information about the Company’s user base as a whole.
Information from Third Party Sources
To improve services and enhance personalization, the Company may periodically obtain information about you from other independent third party sources and add it to our account information. For example, when you visit a site on which the Company advertises, and click through such advertisement, the Company may place cookies on your computer.
Use of Information
Verification, Billing, and Order Status
The Company collects Personal Information to verify the accuracy of your name, billing address, shipping address, credit card number, and credit card expiration date provided, to screen for fraud, to bill you for the products and services purchased and to pay you for the products and services sold. The Company uses your e-mail address(es) to contact you regarding the status of your order when necessary and to send you a Receipt Purchase/Sale Confirmation and Order Shipping Notification.
Special Offers and Updates
The Company collects information about which sections of its web site you visit most often, so that it can send you our newsletter and the information about the offers, promotions, contests, and sweepstakes which may interest you.
Accordingly, the Company will occasionally send you information on products, services, special deals, promotions and sweepstakes.
The Company may, but is not obligated, to send you strictly service-related announcements on rare occasions, when it is necessary to do so. For example, if our service is temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of these communications since they are not promotional in nature. If you do not wish to receive them, you may have the option to deactivate your account.
We also collect information for research purposes and to provide anonymous reporting for internal and external clients. The Company uses the information collected for its own internal marketing and demographic studies, to improve customer service and product offerings.
We will communicate with you in response to your inquiries, to provide the products and services you request, and to manage your account. We will communicate with you by e-mail, live chat or telephone.
The Company stores information that it collects through cookies, log files, and third party sources, to create a profile of your preferences, in order to improve the content of the Company’s web site for you.
Information Sharing and Disclosure
The Company does not sell or rent any of the information collected to third parties for any purposes, but it shares information with third parties as described below.
The Company discloses the information collected to external service providers, necessary to facilitate the following outsourced operations: address verification, credit card processing, fraud screening and order shipping.
Compliance with Legal Authorities
As required by law, and to enforce customers’ or the Company’s legal rights, and to comply with local, state, federal and international law, the Company may disclose information to law enforcement agencies.
Choice and Opt-Out
If you no longer wish to receive the Company’s promotional communications, you may “opt-out” of receiving them by following the instructions included in each communication.
Links to Other Web Sites
Storage and Security of Personal Information
The Company stores the information it collects on computers located in a controlled, secure facility, protected from physical or electronic unauthorized access, use, or disclosure.
The Company protects the privacy and integrity of the information it collects by employing appropriate administrative protocols, technical safeguards, and physical security controls, designed to limit access, detect and prevent the unauthorized access, improper disclosure, alteration, or destruction of the information under its control. The Company transmits the information used by its external service providers for the specific outsourced operations listed above, across public and private networks via recognized encryption technologies, such as by using Secure Sockets Layer (SSL) software, which encrypts the information you input.
Although the Company follows the procedures set forth above to protect the Personal Information submitted to the Company, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while the Company strives to use commercially acceptable means to protect your Personal Information, the Company cannot guarantee its absolute security.
If you have any questions about the Company’s security on its web sites, please feel free to contact us using the contact page on the site.
The Company has a ZERO TOLERANCE policy for Internet fraud or any attempt to access or acquire customer or other information on its web sites via illegal or surreptitious means. The Company works with local, national, and international fraud investigation agencies and employs a variety of electronic and other means to discourage, detect, and intercept fraudulent activities. The Company aggressively prosecutes, to the fullest extent of the law, those perpetrators apprehended conducting fraudulent activities on its web site.
Personal Information collected by the Company may be stored and processed in Romania or any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the Company’s web sites, you consent to any such transfer of Personal Information outside of your country.
The Company’s sites are not intended for or directed to persons under the age of 16. The Company does not buy or sell products or services from or to children. Any person who provides their information to the Company through the Company’s web sites attests that they are 16 years of age or older.
Changes to this Statement
You may contact the Company by using the contact form on the site.