Privacy Policy – BrenJS Knits

This privacy policy has been compiled to help you understand how we store and use your data, and specifically that data which is personally identifiable. This is so you are fully informed and understand your choices, and is in line with both US Privacy law and the European GDPR law.

Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

Who we are

Our website address is: https://brenjsknits.com.
BrenJS Knits is owned and operated by Brenda Shack.
Our mailing address is: 66 Broad St., PO Box 1562, Pawcatuck, CT, 06379

This Privacy Policy does not apply to the practices of third parties that I do not own or control, including WordPress (my website hosting service), Mailerlite (my email service provider for subscription lists), Ravelry (an online marketplace where I sell patterns, located at www.Ravelry.com), or any third party services you access through those sites.

We use MailerLite to manage our email marketing subscriber list and send emails to our subscribers. MailerLite is a third-party provider, which may collect and process your data using industry standard technologies to help us monitor and improve our newsletter. MailerLite’s privacy policy is available at https://www.mailerlite.com/privacy-policy. You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter.

You can reference Mailerlite, Ravelry, and WordPress Privacy Policies at the following links to learn more about their privacy practices.

Mailerlite’s Privacy Policy: https://convertkit.com/privacy
Ravelry’s Privacy Policy: https://www.ravelry.com/about/privacy
WordPress’s Privacy Policy: https://en-ca.wordpress.org/about/privacy/

What personal data we collect and why we collect it

Your information allows me to offer you certain products and services, including the use of my website, to fulfill my obligations to you, to customize your interaction with my company and my website, and to allow me to suggest other products and services I think might interest you. I rely on a number of legal bases to collect, use, and share your information, including:

as needed to provide my services, such as when I use your information to fulfil your order, to settle disputes, or to provide customer support;
process payments or refunds;
when you have provided your affirmative consent, which you may revoke at any time, such as by signing up for my mailing list;
contacting you about new offerings I think you will be interested in;
notify you of updates to our product and service offerings;
administer contests or giveaways;
compile anonymous statistical data for my own use;
analyze trends to improve my website and offerings
if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and
as necessary for the purpose of my legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as 1) providing and improving my services. I use your information to provide the services you requested and in my legitimate interest to improve my services; 2) I use your information as necessary to comply with my obligations under the Etsy Seller Policy and Terms of Use; 3) I use your information as necessary to comply with my obligations under the Ravelry Terms of Service.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

Data Synced (?): Post and post meta data associated with a user’s contact form submission. If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.

Cookies

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Gravatar Hovercards

Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.

Infinite Scroll

Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.

Jetpack Comments

Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. If Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.

Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.

Data Synced (?): All data and metadata (see above) associated with comments. This includes the status of the comment and, if Akismet is enabled on the site, whether or not it was classified as spam by Akismet.

Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.

Activity Tracked: Post likes.

Mobile Theme

Data Used: A visitor’s preference on viewing the mobile version of a site.

Activity Tracked: A cookie (akm_mobile) is stored for 3.5 days to remember whether or not a visitor of the site wishes to view its mobile version. Learn more about this cookie.

Notifications

This feature is only accessible to registered users of the site who are logged in to WordPress.com.

Data Used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.

Activity Tracked: Sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.

Protect

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

Search

Data Used: Any of the visitor-chosen search filters and query data in order to process a search request on the WordPress.com servers.

Sharing

Data Used: When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content. This content will be sent to Akismet (also owned by Automattic) so that a spam check can be performed. Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy here.

Subscriptions

Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam. Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active

Analytics

Google Analytics

We use Google Analytics’ 3rd-party audience such as age, gender and interests to better understand the behaviour of our customers and work with Google Analytics which collects information about your online activities to provide advertising targeted to suit your interests and preferences.

To provide website visitors the ability to prevent their data from being used by Google Analytics, Google has developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js).

Information I Collect

I collect a variety of information from you when you visit my website, make purchases, or interact with me on social media. By accepting this Privacy Policy, you are specifically consenting to our collection of the data described below, to our use of the data, to the processing of this data, and to our sharing of the data with third party processors as needed for our legitimate business interests. The information we collect may include:

Personal Data: Personal Data is information that can be used to identify you specifically, including your name, shipping address, email address, telephone number or demographic information like your age, gender, or hometown. You consent to giving me this information by providing it to me voluntarily on my website or any mobile application. You may also provide this information by participating in various activities associated with our site, including responding to blog posts or contacting us with questions. Your decision to disclose this data is entirely voluntary. You are under no obligation to provide this information, but your refusal may prevent you from accessing certain benefits from our website or from making purchases.
Derivative Data: Derivative data is information that our servers automatically collect about you when you access our website, such as your IP address, browser type, the dates and times that you access our website, and the specific pages you view. If you are using a mobile application, our servers may collect information about your device name and type, your phone number, your country of origin, and other interactions with our application.
Social Networking Data: I may access personal information from social networking sites and apps, including Facebook, Instagram, Linkedin, Twitter, Snapchat or other social networking sites or apps not named specifically here, which may include your name, your social network username, location, email address, age, gender, profile picture and any other public information. If you do not want us to access this information, please go to the specific social networking site and change your privacy settings.
Mobile Device Data: If you use our website via a mobile device or app, I may collect information about your mobile device, including device ID, model and manufacturer, and location information.
Other data: On occasion, you may give us additional data in order to enter into a contest or giveaway or to participate in a survey. You will be prompted for this information and it will be clear that you are offering this kind of information in exchange for an entry into such a contest or giveaway.

If you want to opt out, download and install the add-on for your web browser. The Google Analytics opt-out add-on is designed to be compatible with Chrome, Internet Explorer 11, Safari, Firefox and Opera. In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled. Learn more about the opt-out and how to properly install the browser add-on here.

Who we share your data with

Information Sharing and Disclosure

Information about my customers is important to my business. I share your personal information for very limited reasons and in limited circumstances, as follows:

Administration of my website, communicating with you, taking orders for goods or services, delivery of goods and services, identifying trends, protecting the security of our company and website, and marketing additional goods and services to you.
Ravelry. I share information with Ravelry as necessary to provide you my services and comply with my obligations under the Ravelry Terms of Service.
Service providers. I engage certain trusted third parties to perform functions and provide services to my shop, such as delivery companies. I will share your personal information with these third parties, but only to the extent necessary to perform these services.
Business transfers. If I sell or merge my business, I may disclose your information as part of that transaction, only to the extent permitted by law.
Compliance with laws. I may collect, use, retain, and share your information if I have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce my agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of my customers, or others.
The legal basis for our disclosure of your data is both your Consent to this Privacy Policy and our own right to protect and promote my legitimate business interests.
Advertisers: I may use third party advertising companies to run and manage my ads, such as Facebook or Ravelry to produce ads that appears when you visit my Website or mobile app. These companies may use information about your visit to our website and other websites that are contained in web cookies (as described below) to offer you personalized advertisements about goods and services that might interest you. I cannot control the activities of, such other advertisers or web sites. You should consult the respective Privacy Policies of these third-party advertisers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices.
Other Third Parties: We may share information with advertisers, our investors, or other third parties for the purpose of conducting general business analysis. If we do so, we will make reasonable efforts to inform you if required by law.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Your Rights

If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:

Access. You may have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information. Absent exceptional circumstances (like where I am required to store data for legal reasons) I will generally delete your personal information upon request.
Object. You can object to (i) my processing of some of your information based on my legitimate interests and (ii) receiving marketing messages from me after providing your express consent to receive them. In such cases, I will delete your personal information unless I have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
Complain. If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those inpiduals with whom it is being shared, and to comply with this policy. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA we agree to the following:

Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
Our Privacy Policy link includes the word ‘Privacy’, and can be easily be found on the page specified above.

Transfer of Data Outside the EU

We may store and process your information through third-party services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If we transfer information about you outside the EU, we will do so to organizations which are Privacy Shield certified or which are considered to have adequate data protection controls for the purposes of GDPR.

Your contact information

How we protect your data

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
We use an SSL certificate.
We only provide articles and information.

What data breach procedures we have in place

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify the users via email within 3 business days.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CANSPAM we agree to the following:

NOT use false, or misleading subjects or email addresses.
Identify the message as an advertisement in some reasonable way.
Include the physical address of our business or site headquarters.
Monitor third party email marketing services for compliance, if one is used.
Honour opt-out/unsubscribe requests quickly.
Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can:

Follow the instructions at the bottom of each email to unsubscribe and we will promptly remove you from ALL correspondence.