Privacy Policy

Last updated: [DD Month YYYY]

This Privacy Policy explains how silverlocks.org (“we”, “us”, “our”) collects, uses, and protects
personal data when you visit our website, leave a comment, subscribe to our newsletter, or contact us.

We respect your privacy and process your personal data in accordance with applicable data protection laws,
including the General Data Protection Regulation (GDPR).

1) Data Controller

The data controller responsible for personal data processing on this website is:

[Your legal name / company name]
Address: [Your address]
Email: [Your contact email]

If you have any questions regarding this policy or your personal data, please contact us at the email address above.

2) What Personal Data We Collect

Depending on how you use the website, we may collect:

a) Data you provide directly

  • Newsletter subscription data (e.g., email address, and optionally name), when you sign up via MailerLite forms
  • Comment data (name, email address, website (optional), comment content) when you leave comments
  • Contact data (name, email address and message content) if you contact us via email or forms

b) Data collected automatically (technical and usage data)

When you visit the website, we may automatically collect:

  • IP address (may be shortened/anonymised where possible)
  • Browser type and version
  • Device and operating system
  • Referring page/source
  • Pages visited, time spent on pages, clicks and basic interaction signals
  • Date/time of access
  • Approximate location (derived from IP)

This data is used for security, website functionality, performance measurement, and analytics.

3) Why We Process Your Data (Purposes)

We process personal data to:

  • Provide and operate the website
  • Enable commenting and prevent spam/abuse
  • Deliver newsletter updates and manage subscriptions through MailerLite
  • Respond to inquiries or requests
  • Maintain website security and prevent fraud or misuse
  • Measure website traffic and usage trends via Google Analytics
  • Manage website tags and tracking configuration via Google Tag Manager
  • Comply with legal obligations (where applicable)

4) Legal Bases for Processing (GDPR)

We process your data under the following legal bases:

  • Consent (Art. 6(1)(a)) – for newsletter subscriptions (MailerLite) and non-essential cookies/marketing where applicable
  • Contract / steps before contract (Art. 6(1)(b)) – to respond to service-related inquiries where relevant
  • Legal obligation (Art. 6(1)(c)) – if we must retain data to meet legal requirements
  • Legitimate interests (Art. 6(1)(f)) – website security, comment moderation, basic performance measurement, and service improvement

Where consent is used, you can withdraw it at any time (see Section 11).

5) Cookies and Similar Technologies

Our website uses cookies and similar technologies to ensure functionality and measure performance.
Cookies may be set by us and by third-party providers such as Google and MailerLite.

Types of cookies we may use

  • Essential cookies – required for core site functionality
  • Preference cookies – remember settings and user choices
  • Analytics cookies – used by Google Analytics to help us understand how visitors use the site
  • Marketing/advertising cookies – only if enabled and you consent (may be set through Google Tag Manager)

You can manage cookies through the cookie banner (if present) and/or your browser settings. Blocking cookies may affect site functionality.

6) Comments (WordPress)

If you leave a comment on the site, we collect the information shown in the comment form, as well as your IP address and browser user agent string.
This helps us detect spam and keep the site secure.

Comment data may include:

  • Name (or nickname)
  • Email address
  • Website (optional)
  • Comment content
  • IP address
  • Browser user agent string

Comments may be checked through an automated spam detection service (e.g., Akismet or similar, if enabled).

Gravatar (if enabled)

If you use Gravatar, an anonymised hash created from your email address may be provided to the Gravatar service to see if you are using it.
After approval of your comment, your profile picture may be visible to the public in the context of your comment.

7) Newsletter Subscriptions (MailerLite)

If you subscribe to our newsletter, we collect and process your data to send you emails and manage your subscription preferences.
We use MailerLite as our email marketing service provider.

Newsletter data may include:

  • Email address
  • Name (if provided)
  • Subscription date/time
  • Subscription source (e.g., which form/page you subscribed from)
  • Email engagement metrics (e.g., open and click tracking), where enabled

You can unsubscribe at any time using the link in any newsletter email. Unsubscribing will stop further communications,
but we may retain limited records to respect your opt-out preferences.

8) Analytics (Google Analytics)

We use Google Analytics to understand how visitors interact with our website and to improve its performance.
Google Analytics may collect information such as pages visited, time spent on pages, device type, browser information, and approximate location.

Google Analytics typically uses cookies or similar technologies to collect this information. Where required, we will request your consent
before enabling analytics cookies.

9) Tag Management (Google Tag Manager)

We use Google Tag Manager (GTM) to manage website tags and tracking scripts. GTM itself does not typically collect personal data;
however, it may load third-party tags (such as Google Analytics) which can collect personal data and set cookies.

10) Embedded Content From Other Websites

Pages on silverlocks.org may include embedded content (e.g., videos, social posts). Embedded content behaves in the same way
as if you visited the external website directly.

These third-party sites may:

  • collect data about you
  • use cookies
  • track your interaction with embedded content

We recommend reviewing the privacy policies of those third parties.

11) Who We Share Data With

We do not sell your personal data.

We may share limited data with trusted service providers when necessary to operate this website, including:

  • Website hosting provider: [Your hosting provider]
  • Email marketing provider: MailerLite
  • Analytics provider: Google Analytics
  • Tag management provider: Google Tag Manager
  • Security / anti-spam services: [e.g., Akismet, firewall provider, etc.]

These providers may process personal data as processors or independent controllers (depending on the service).
We use appropriate safeguards where required.

12) Your Rights Under GDPR

If GDPR applies to you, you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Delete your data (“right to be forgotten”) where applicable
  • Restrict processing in certain situations
  • Object to processing based on legitimate interests
  • Data portability (where processing is based on consent or contract)
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us at: [your contact email].

You also have the right to lodge a complaint with your local data protection authority. In Poland, this is the
President of the Personal Data Protection Office (UODO).

13) Data Retention

We keep personal data only as long as necessary for the purposes described in this policy, including:

  • Newsletter subscription data: retained until you unsubscribe (and limited suppression records may be kept to respect opt-outs)
  • Comments: retained as long as the comment remains published, unless removed
  • Analytics data: retained according to Google Analytics settings configured for this site
  • Security logs: typically retained for [e.g., 7–90 days]
  • Inquiries: typically retained for [e.g., 6–24 months]

14) Security Measures

We implement reasonable administrative and technical measures to protect personal data, such as:

  • HTTPS/SSL encryption
  • Access controls and authentication
  • Security monitoring and malware protection
  • Regular updates of WordPress core, themes, and plugins

However, no online system can be guaranteed 100% secure.

15) International Transfers

Some of our service providers may process data outside the European Economic Area (EEA).
Where this happens, we rely on appropriate safeguards such as:

  • Adequacy decisions (where applicable)
  • Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms under GDPR

16) Children’s Privacy

This website is not intended for children under the age of 16. We do not knowingly collect personal data from children.
If you believe a child has provided personal data, please contact us so we can remove it.

17) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page,
with the “Last updated” date shown at the top.

18) Contact

For privacy-related questions or requests, contact:

[Your name / company]
Email: [your contact email]
Address: [your address]