Privacy Policy
PRIVACY POLICY
Last Updated: June 27th, 2025
Data Controller: bloggmag.com
Website: https://bloggmag.com
Contact: admin@bloggmag.com
1. INTRODUCTION
This Privacy Policy (“Policy”) complies with:
-
GDPR (General Data Protection Regulation – EU 2016/679)
-
CCPA/CPRA (California Consumer Privacy Act as amended)
-
Other applicable US/EU data protection laws
By using BloggMag (“Site”), you consent to the practices described below.
2. DATA CONTROLLER INFORMATION
Legal Entity: [Your Registered Business Name]
Address: [Your Physical Address]
Data Protection Officer: [Name/Title] at admin@bloggmag.com
EU Representative: [Required if targeting EU users – Name/Address]
3. PERSONAL DATA WE COLLECT
A. Directly Collected:
| Data Category | Examples | Legal Basis (GDPR) | CCPA Category |
|---|---|---|---|
| Identifiers | Name, email, IP address | Consent (Art. 6(1)(a)) | §1798.140(v)(1) |
| Account Information | Username, password | Contract Performance (Art. 6(1)(b)) | §1798.140(v)(1) |
| Payment Data* | Billing address, card last digits | Contract Performance | §1798.140(v)(1) |
| Communications | Emails, chat logs | Legitimate Interest (Art. 6(1)(f)) | §1798.140(v)(1) |
B. Automatically Collected:
| Data Category | Purpose | Retention Period |
|---|---|---|
| Usage Data | Pages visited, clickstream | 12 months |
| Device Information | OS, browser type, device ID | 12 months |
| Location Data | Country-level (IP-derived) | 6 months |
| Cookies/Trackers | See Section 8 | Varies by cookie |
*Full payment processing handled by PCI-DSS compliant third parties (e.g., Stripe, PayPal)
4. PURPOSES & LEGAL BASIS FOR PROCESSING (GDPR ART. 13)
| Purpose | Legal Basis (GDPR) | CCPA Business Purpose |
|---|---|---|
| Provide blog services | Contract Performance | Service Delivery |
| Respond to inquiries | Legitimate Interest | Customer Support |
| Send newsletters | Consent | Marketing |
| Prevent fraud/abuse | Legal Obligation | Security |
| Analytics/improvements | Legitimate Interest | Research & Development |
5. DATA SHARING & DISCLOSURES
A. Third Parties:
| Recipient Type | Purpose | GDPR Safeguard |
|---|---|---|
| Email Service (e.g., Mailchimp) | Newsletters | SCCs + DPAs |
| Analytics (e.g., Google Analytics) | Traffic analysis | Anonymization where possible |
| Hosting Provider | Infrastructure | EU Data Centers |
| Ad Networks* | Targeted ads (if used) | Consent Management |
*CCPA “Sale/Sharing” Notice: We do not sell personal data for monetary compensation. For targeted ads using cookies/IPs, California residents may opt-out via [Link to Opt-Out Preference Signal/.
B. Legal Disclosures:
We may disclose data when required by law (e.g., court orders, GDPR Art. 49 derogations).
6. INTERNATIONAL DATA TRANSFERS (GDPR CHAPTER V)
-
Data may be transferred outside the EEA to US-based services.
-
Safeguards include:
• Standard Contractual Clauses (SCCs)
• Data Processing Addendums (DPAs)
• Adequacy Decisions where applicable
7. YOUR RIGHTS
GDPR (EEA/UK Users):
| Right | How to Exercise |
|---|---|
| Access (Art. 15) | Email admin@bloggmag.com |
| Rectification (Art. 16) | Update via account dashboard |
| Erasure (“Right to Forget”, Art. 17) | Written request |
| Data Portability (Art. 20) | CSV/JSON export within 30 days |
| Object Processing (Art. 21) | Opt-out links in emails |
CCPA (California Residents):
| Right | How to Exercise |
|---|---|
| Know (Categories/Specifics) | Submit verifiable request |
| Delete | Email admin@bloggmag.com |
| Opt-Out of Sale/Sharing | “Do Not Sell/Share My Info” link |
| Non-Discrimination | We won’t deny services for exercising rights |
Response Time: 45 days (extendable to 90 with notice). No fee unless manifestly unfounded.
8. COOKIES & TRACKING TECHNOLOGIES
-
Strictly Necessary: Always active (e.g., login sessions)
-
Analytics: Google Analytics (anonymized IPs) – manage via cookie banner
-
Advertising: Facebook Pixel, Google Ads (consent required)
Consent Management:
-
EU/UK: Explicit opt-in via cookie banner (IAB Europe TCF compliant)
-
Global: Granular preference center at [Link to Cookie Settings]
9. DATA RETENTION
We retain data:
-
Until account deletion request
-
3 years after last activity (inactive accounts)
-
As required by tax/compliance laws (e.g., payment records: 7 years)
10. CHILDREN’S PRIVACY (COPPA/GDPR-K)
-
Site not directed to children under:
• 16 (GDPR) / 13 (US COPPA) -
We do not knowingly collect data from minors. Contact us to remove accidental collections.
11. SECURITY MEASURES
-
Technical: SSL encryption, firewalls, OWASP standards
-
Organizational: Staff training, access controls, DPAs with vendors
-
Breach Notification: Within 72 hours (GDPR) or 45 days (CCPA) where required
12. POLICY UPDATES
-
Material changes will:
• Be notified via email/Site banner 30 days in advance
• Require renewed consent where legally mandated -
Archive available at [Link to Previous Versions]
13. CONTACT & COMPLAINTS
Data Requests: admin@bloggmag.com
EU Supervisory Authority: [Your Lead DPA, e.g., Irish Data Protection Commission]
CCPA Requests: Toll-Free [Number] or Webform [Link]