Privacy and Cookies Policy

v1.4 - last updated October 5, 2018

Overview

In order for us to operate our business and provide services to you, it is sometimes necessary for us to collect or process information about you. Generally, this information will take one or more of the following forms:
  1. Information that you provide to us directly, such as in the situation where you complete a form or send us a message via our website;
  2. Information that is automatically sent to us by your computer’s internet browser when you visit our website, such as your computer’s technical address (or ‘IP address’) or information about which particular internet browser you are using and so on;
  3. Information about how you use our website or our services, such as which pages you visit, how frequently you visit the site and so forth. This privacy policy sets out the detail of what information we collect, as well as how that data is used and protected.


Privacy and Cookies Policy Changes

Although most changes are likely to be minor, we may change our Privacy and Cookies Policy from time to time, and in our sole discretion. We encourage visitors to check this page frequently for any changes to our Privacy and Cookies Policy. Your continued use of this site after any change in this Privacy and Cookies Policy will constitute your acceptance of such change.

Definition of ‘Personal Data’

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally identifiable information’ (PII), also known as 'personal data,' is being used online. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information.

Obvious examples of PII include your name, email address, mailing address, etc. Other types of information, such as your computer’s ‘IP’ address or broad geographical location may be considered potentially personally identifying information and, therefore, are covered here as well.

Who We Share Data With

We operate on a ‘need to know’ basis for all data that we work with, and that is particularly true for any personal data. The only people/organizations that are granted access to personal data are:

  • Employees, contractors, consultants, and/or service providers who provide website support services (for example, visitor comments and subscription requests may be checked through CleanTalk, an automated spam detection service that can use use cookies and other technology to secure and to protect this website from spam.);
  • Web hosting technology suppliers (currently GoDaddy) who provide the physical server infrastructure that this website operates on;
  • Our payment gateway processor (currently Paypal) to process and complete payment transactions for orders;
  • Our email service provider (currently MailChimp) to support subscription forms, delivery of our newsletter, fulfillment of download requests, and surveys;
  • Our cloud storage provider (currently Dropbox) whose services we use for secure backup storage.

Third-Party Links

Occasionally, at our discretion, we may include, offer, or link to third-party products or services on our website (for example, Amazon products referenced in a blog post and Zazzle products designed by Sumaiya Wood). We may also link to articles and other relevant content on third-party websites.

These third-party sites have separate and independent privacy policies. We, therefore, have no control, responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites. If you have any concerns, we encourage you to review the privacy policies of these websites.

Third-Party Content

Articles on this site may include embedded content (e.g. videos, images, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How Your Data Is Protected

We take the security of personal data very seriously, and that data is protected in multiple ways:
  • Access control: access to personal data is strictly limited in line with our policy detailed in the ‘who we share data with section’ on this page.
  • Security software: We operate access control software on our website. This software is responsible for limiting login attempts to our site, blocking potentially malicious attempts to access our services, and regularly performing system scans.
  • Data encryption: where data is stored in a cloud facility (for example, the storage of website backup files), that data is encrypted both ‘in transit’ and ‘at rest’ – meaning that all data is securely obscured both during the process of transfer to the cloud provider, and then additionally when it is in storage at its final location.
  • Encrypted traffic: this website is secured with SSL encryption, which means that all traffic to and from our servers is encrypted. This applies to our own administrative access to the website as well as that of users of our services.
  • Selection of third party service providers: we use a very limited number of third party service providers, but some are essential for the provision of physical hosting environments and cloud services. One of the core factors in the selection of such providers is their ability to provide secure systems and processes.

Your Data Rights

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

You can also request that we correct any incomplete or incorrect information held about you, or erase any personal data we hold about you altogether. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

In most circumstances, you can exercise these rights without paying a fee to us.

Questions?





If you have any questions or concerns about the data we hold about you, we can be contacted via email at info@sumaiyawood.com.

Types of Data Collected

Online Forms

When you complete an online form to subscribe to our newsletter, request a free download, provide comments, or ask that we contact you via our contact form, we collect your name and email address in order to respond to your request. Your IP address is also collected in order to help spam detection.

By submitting your information via any form on our website, you confirm and give permission to process your personal data, including your name, email, the text of your comment, data captured in other form fields, and your IP address.

We use the Contact Form 7 plugin to manage contact form submissions. Any information provided in our contact form is sent as an email message that only a select few are allowed to access. The information is also stored in the database on our hosting server for backup and later reference purposes.

For security reasons and to protect this website from spam, your data will be processed in the CleanTalk Cloud Service and they will be stored in log files for 7 days. On the expiry of this period, they will be deleted from the CleanTalk Cloud Service completely. CleanTalk may use information of spam activity of IP/email addresses to offer proper anti-spam protection to all websites connected to its service. It concerns exclusively those IP/email addresses that are being used for spam mailing.

We will also store the information you provide to us in our website database, and/or in our customer relationship management (CRM) system. Such storage allows us to efficiently access your data and respond to your requests.

For the purpose of maintaining the integrity of our systems, we may also store this data in system backups, which are encrypted and held securely by our technology partner Dropbox.

We may use this information to contact you about other of our own services that we believe may be of genuine interest to you. We will not use this data for any further purpose without your express further consent, nor will we sell your information to any 3rd party.

If you do not submit an online form on the website, no data will be collected in this regard.

If we do not enter into a further contract or agreement with you, we will retain contact form submission data for a maximum of 24 months. Newsletter subscriptions (including those initiated via a request for a download from the website) will be maintained for up to 24 months following the last activity on a newsletter issue (e.g., open and/or click).

Account Logins

For some website functionality, we will need to create for you a user account that allows you to login to the site to ensure that only authorized individuals can access your data and that functionality.

Examples include when you make an online purchase via the site, or when you have a role in administering or contributing towards website content (such as a blog post author). The purpose of these user accounts is to protect your personal data behind login security, and to protect the integrity of our site and the servers that run it.

Data collected will generally involve your name and email address, but may include your mailing address if it is required for online purchases.

If you do not register for an online account then no such data will be collected in this regard.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included.

Website visitors can download and extract location data from images on the website.

If you do not upload images to the website then no such data will be stored in this regard.

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Visitor comments may be checked through an automated spam detection service.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Email Marketing and Subscription

We require your consent to collect and use your personal data for subscriptions to our newsletter, to provide you with complimentary downloads offered throughout the site, and to add you to our marketing email list. This consent is supplied when you provide your personal information via forms on our site. We only collect certain data about you, as detailed in this Privacy and Cookies Policy. Please note that requests for complimentary downloads from our site also constitute requests to be added to our newsletter and email marketing list.

Newsletters, complimentary download links and email marketing messages are sent through MailChimp, our marketing automation platform. By subscribing to our newsletter, requesting complimentary downloads and discount coupons, and making purchases via our Shop, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

Emails sent via MailChimp may contain tracking beacons, tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data will show the activity each subscriber made for that email campaign.

We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences regarding the information we hold about you and the way we communicate with you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.

We may hold the following information about you within our marketing automation system:
  • Email address
  • I.P. address
  • Subscription date/time
  • Name
  • Address
  • Phone Number
  • The emails you’ve opened, read, clicked on and deleted, including dates/times
  • The pages on our website you have visited, including dates/times
  • Language
  • Location
  • Social media profiles
  • Orders placed on our website
  • Preferred email format

Technical Data (e.g., IP address)

When you visit our website, our systems will log a record of your visit in our server logs, and typically this record will include the technical ‘IP’ address that is associated with your device, and the browser type and version that you are using. By using this website, your IP address can be stored and processed for security reasons. Your IP address may be saved in the server log files, CMS log files, and CleanTalk Anti-Spam & Security log files. They can store and process your IP address.

Such server logs are extremely common practice, and are used to monitor technical resources, monitor high-level server activity, and to detect and prevent malicious or fraudulent activity on our systems. This data can also be used, if required, to diagnose reports of technical issues. The storage of IP addresses, allows us to identify patterns of behavior (for example, repeated malicious attempts to access a system).

IP addresses, in and of themselves, do not allow us in any way to identify you as an individual, especially given that it is very common for IP addresses to be dynamically allocated by your service provider. Therefore, this information will often routinely change.

We do not and will not use the content of server access logs to attempt to determine an identifiable individual. Therefore, do not consider that data held within server logs falls within the scope of ‘personal data’, and accordingly we do not seek your consent to collect it.

Cookies and Similar Technologies

We have included cookies, web beacons and similar technologies into one section because they all perform similar functions even if, from a technical perspective, they work slightly differently.

All of these technologies allow us to better understand how users are using our website and other related services. They can also be an essential part of providing certain online functionality. They are all essentially small data files placed on your computer (or other device) that allow us to tell when you have visited a particular page, or performed a particular action (such as clicking a particular button) on our website.

These technologies are used by most websites as they provide useful insight into how services are being used, as well as improving speed, performance and security, and enabling us to improve our personalization of your experience.

Cookies

Cookies are small text files placed in the memory or your browser or device when you visit a website, and allow a website to recognize a particular device or browser. For example, we use cookies to help us remember and process the items in your shopping cart.

They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

There are several types of cookies:
  • Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.
  • Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple visits.
  • First-party cookies are set by the site you are visiting.
  • Third-party cookies are set by a third-party site separate from the site you are visiting.
There are a number of ways that you can influence how cookies are used on your particular device. Most commercial browsers (such as Chrome, Edge, Firefox, Internet Explorer, Safari, etc.) allow you to set preferences for whether to allow or block website cookies.

They will also provide tools that allow you to remove any cookies that have already been set. Using the ‘Help’ functionality of your browser, or an internet search, will help you to understand how to use these features for your particular browser.

Additionally, we have incorporated specific cookie functionality on our website that allows you to easily indicate when you first visit the site whether or not you consent to having cookies be set on your device. Ironically, it is necessary for us to set cookies for this specific purpose in order for our site to remember your preference.

When you first visit our site, a cookie notification box will be displayed allowing you to choose whether to allow cookies or not. Only Essential cookies and those that do not contain/track any personal data will be set when you first visit our site.

By continuing to use our site beyond this cookie information (for example, by scrolling the page, clicking links, etc.) then you are consenting to the use of cookies, and we will set other non-essential cookies as described in this policy.

Web Beacons

Small graphic images (also known as “pixel tags” or “clear GIFs”) that may be included on our sites and services that typically work in conjunction with cookies to identify our users and user behavior.

Our uses of such technologies fall into the following general categories:

  1. Essential. We may use cookies, web beacons, or other similar technologies that are necessary to the operation of our sites, services, applications, and tools. This includes technologies that allow you access to our sites, services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity and improve security; or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions;
  2. Performance Related. We may use cookies, web beacons, or other similar technologies to assess the performance of our website, applications, services, and tools, including as part of our analytic practices to help us understand how our visitors use our website, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, services, or tools;
  3. Functionality Related. We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing or using our sites, services, applications, or tools. This may include identifying you when you sign into our site or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our site;
  4. Marketing Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that have been delivered to you, such as whether you have clicked on an advertisement.


The cookies currently in use on this site are as follows:
CookiePurpose
apbct_cookies_test, apbct_*, ct_*, ct_sfw_*, ct_checkjs, ct_cookies_test, ct_fkp_timestamp, ct_pointer_data, ct_ps_timestamp, ct_sfw_pass_key, ct_timestamp, ct_timezoneThis group of essential cookies is set by CleanTalk, our firewall and spam protection service. They are used to help us identify and prevent fraud and attempted unauthorized access to our systems.
_omappvp, _omappvs, om-*, omSuccess-*These essential cookies support optin forms, which allow visitors to request coupons, complimentary downloads, and subscribe to our newsletter
comment_author, comment_author_email, comment_author_url, wordpress_last_visitThese essential cookies are used to collect information related to comments and questions you post on our site.
_ga, _gat, _gidThese performance-related analytics cookies are set by Google Analytics
cookie_notice_acceptedThis cookie is set by the cookie notice plugin to record that you accept the fact that the website uses cookies. This cookie is used to stop the Cookie notification displaying each time a new page is opened. It expires 30 days after your last visit.
wordpress_test_cookieThis cookie is used to check if the visitor’s browser supports cookies.
woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_sessionThese essential cookies contain information related to your shopping cart and help us know when shopping cart data changes.
PHPSESSIDThis essential cookie is a PHP Session ID.


Manage Browser Cookie Settings

Through your browser settings, you can accept or decline cookies or set your browser to prompt you before accepting a cookie from the websites you visit. You should be aware that you may not be able to use all of our features if you set your browser to disable cookies entirely.

If you use different computers in different locations you will need to ensure that each browser is adjusted to suit your preferences.

You can delete any cookies that have been installed in the cookie folder of your browser. Various browsers provide different procedures to manage your cookie settings. Click on any of the links below for instructions. Microsoft Browsers
Google Chrome
Mozilla Firefox
Apple Safari
If you are not using any of the above-listed browsers, then select “cookies” in the “Help” function of your browser for information on where to find your cookie folder.

You should also be aware that disabling cookies does not necessarily disable other types of analytics products which we may use to collect generic information about how you and other visitors use our website.

Website Analytics

We use Google Analytics to better understand what content people look at on our website.

When people visit our site, information about their visit (such as which pages they look at, how long they spend on the site, etc.) is sent in an anonymous form to Google Analytics (which is controlled by Google).

The data contains information about anyone who uses our website from your computer, and there is no way to identify individuals from the data. Your IP address information is partially obscured during this process.

For further information of Google’s privacy practices and how this applies to Google analytics, please visit:

Other Google Services

In addition to Google Analytics, we use a number of industry-standard Google services to provide particular pieces of website content. These include:
  • Google Fonts: We may use one or more of Google’s web fonts to ensure that our website content is displayed in a clear and consistent fashion across all of the different types of devices and browsers.
  • Google Recaptcha: We may use Google’s Recaptcha service (which provides the ‘I Am Not A Robot’ functionality) on our contact and subscribe forms. This is a security measure to prevent the abuse of our contact forms by automated programs.
Each of these services involve our website making a connection to one or more Google servers, and may result in Google placing cookies on your device.

Google Fonts

By using Google Fonts, we make a connection to the Google Fonts API and, unless your browser has already stored a copy of the font in use (by virtue of visiting another website that uses it), your browser will download a copy of that font. This all happens in near real time, and means that our website content will be displayed on your device in the way we had intended it, regardless of whether the particular font is installed on your device.

The Google Fonts API connection is unauthenticated, meaning that it will work regardless of whether you are logged into Google. It does not rely on cookies being sent to Google. Google may capture your device’s IP address as part of this process, and uses this data only in aggregate form to understand the popularity of individual fonts. More detail can be found on the Google Fonts FAQ page.

Google Recaptcha

We use the Google Recaptcha (‘I Am Not A Robot’) functionality to prevent automated programs (or ‘bots’) abusing our contact forms with spam messages or other malicious activity.

Before submitting a contact form to us, you will be asked to check the ‘I Am Not A Robot’ checkbox. In the background, Google will perform a number of checks that are aimed at understanding the likelihood of your being a ‘real’ person, as opposed to an automated system. If it is in any doubt, it will ask you to perform one or more activities (such as identifying particular items within an image) that only a ‘real’ person can do.

The exact mechanism for this is a closely guarded Google secret, but it does involve Google checking your activity on our (and other) websites and the presence/absence of any Google cookies in place on your device.

Google Recaptcha enables us to maintain the security and integrity of our systems by minimising spam, and to provide an efficient service to ‘real’ users.