Introduction
Wp Admin ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy. This GDPR & Data Protection Policy explains how we collect, use, process, and safeguard your personal information when you use our WordPress administration services, visit our website, or interact with us in any way.
This policy is designed to comply with the European Union's General Data Protection Regulation (GDPR) β Regulation (EU) 2016/679 β as well as applicable data protection laws in other jurisdictions where we operate.
βΉοΈ Scope of This Policy
This policy applies to all individuals whose personal data we process, including our clients, website visitors, prospective customers, employees, and business partners. It covers both online and offline data processing activities conducted by Wp Admin.
Our Commitment
We take data protection seriously. At Wp Admin, we believe that:
- Your personal data belongs to you, not to us.
- Transparency is fundamental to building trust.
- Security and privacy are not optional β they are essential.
- You have the right to control how your data is used.
- We are accountable for every piece of personal data we process.
Data Controller
For the purposes of the GDPR, Wp Admin is the "data controller" responsible for your personal data. This means we determine the purposes and means of processing your personal information.
π’ Company Details
Wp Admin s.r.o.
123 Digital Avenue, Suite 400
Prague 2, 120 00, Czech Republic
Registration No.: CZ-12345678
VAT No.: CZ12345678
Email: privacy@wpadmin.com
If you have any questions about this policy or our data processing activities, you can contact us directly at the address above or email our Data Protection Officer at dpo@wpadmin.com.
Personal Data We Collect
We only collect personal data that is necessary for the purposes described in this policy. The categories of personal data we may collect include:
a) Identity Data
- First name, last name, and title
- Username or similar identifier
- Company name and job title
b) Contact Data
- Billing address and delivery address
- Private address, email address, and telephone numbers
c) Technical Data
- Internet protocol (IP) address
- Login data, browser type and version
- Time zone setting and location
- Browser plug-in types and versions
- Operating system and platform
- WordPress site URLs and server details
d) Usage Data
- Information about how you use our website and services
- Service usage statistics and feature access logs
- Dashboard interaction data and report views
e) Transaction Data
- Purchase history and payment information
- Service plans, subscription details, and billing records
- Invoice numbers and transaction dates
f) WordPress Site Data
- Website URLs, WordPress versions, and plugin information
- Security scan results, backup data, and performance metrics
- Server credentials (encrypted and stored securely)
g) Marketing and Communications Data
- Email subscription preferences
- Communication history and support ticket content
- Survey responses and feedback
β οΈ Special Category Data
We do not intentionally collect special category personal data (e.g., racial or ethnic origin, political opinions, religious beliefs, health data, biometric data). If such data is accidentally disclosed, we will delete it immediately unless we are legally required to retain it.
Legal Basis for Processing
Under GDPR Article 6, we must have a lawful basis for processing your personal data. We rely on the following legal bases:
a) Performance of a Contract (Article 6(1)(b))
When you engage our WordPress administration services, we process your personal data to fulfill our contractual obligations, including managing your website, providing security services, performing backups, and delivering support.
b) Legitimate Interests (Article 6(1)(f))
We process certain data for our legitimate business interests, including:
- Improving our services and website experience
- Ensuring network and information security
- Preventing fraud and unauthorized access
- Internal IT operations and troubleshooting
c) Consent (Article 6(1)(a))
For certain optional processing activities, such as:
- Marketing communications via email
- Non-essential cookies and tracking technologies
- Optional surveys and market research
You may withdraw your consent at any time, and this will not affect the lawfulness of processing based on consent before its withdrawal.
d) Legal Obligation (Article 6(1)(c))
We may process your personal data where we are required to do so by law, such as for tax compliance, anti-money laundering requirements, or when responding to lawful requests from public authorities.
βΉοΈ Note on Legitimate Interests
Where we rely on legitimate interests, we have carefully considered and balanced those interests against your rights and freedoms. You have the right to object to processing based on legitimate interests. Please contact our DPO to exercise this right.
How We Use Your Personal Data
We process your personal data for specific, explicit, and legitimate purposes. Below is a comprehensive breakdown:
Service Delivery
- Managing and maintaining your WordPress website(s)
- Performing security scans, updates, and vulnerability patches
- Creating and managing automated backups
- Monitoring site uptime, performance, and availability
- Providing technical support and troubleshooting
- Generating monthly service reports and analytics
Account & Billing Management
- Creating and managing your Wp Admin account
- Processing payments and issuing invoices
- Verifying identity and preventing fraud
- Managing subscriptions, upgrades, and cancellations
Communication
- Responding to your inquiries and support requests
- Sending service-related notifications and alerts
- Informing you about service changes, maintenance windows, or security issues
Marketing (with consent)
- Sending newsletters and promotional offers
- Informing you about new services and features
- Conducting customer satisfaction surveys
Legal & Compliance
- Complying with applicable laws and regulations
- Enforcing our Terms of Service
- Protecting the rights, property, or safety of Wp Admin, our clients, or others
Data Sharing & Third Parties
We do not sell your personal data. We only share your data with third parties when necessary and under strict contractual safeguards. Below are the categories of recipients:
Service Providers (Data Processors)
We engage trusted third-party service providers who process personal data on our behalf under binding Data Processing Agreements (DPAs):
- Cloud Hosting Providers: For secure data storage and website hosting infrastructure
- Payment Processors: For processing subscription payments (e.g., Stripe, PayPal)
- Email & Communication Platforms: For transactional emails and client communication
- Analytics Providers: For website usage analytics and service optimization
- Customer Support Tools: For managing support tickets and client communication
- Backup Services: For off-site data backup and disaster recovery
Professional Advisors
- Lawyers, auditors, and consultants who require access to perform professional services
- These parties are bound by confidentiality obligations
Legal Requirements
We may disclose personal data where we are legally obligated to do so, including to comply with:
- Applicable laws, regulations, and legal processes
- Court orders, subpoenas, or government requests
- Law enforcement investigations
β Our Guarantees
All third-party processors are carefully vetted, bound by DPAs, and required to implement appropriate technical and organizational security measures. We regularly audit our processors to ensure ongoing compliance.
Your GDPR Rights
Under the GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting our Data Protection Officer:
ποΈ Right of Access
You can request a copy of all personal data we hold about you, including details about how it is processed.
βοΈ Right to Rectification
If any of your personal data is inaccurate or incomplete, you have the right to have it corrected without undue delay.
ποΈ Right to Erasure
You can request deletion of your personal data where there is no compelling legitimate ground for continuing processing ("right to be forgotten").
βΈοΈ Right to Restrict Processing
You can request that we temporarily stop processing your data, for example while we verify the accuracy of the data or the lawfulness of processing.
π¦ Right to Data Portability
You can request a machine-readable copy of your data in a commonly used format, and have it transmitted to another controller where technically feasible.
π« Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing immediately upon objection for marketing.
π€ Rights Regarding Automated Decisions
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
π Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
β±οΈ Response Time
We will respond to your request within one (1) calendar month of receiving it. In complex cases, this may be extended by two additional months. We will inform you of any extension within one month of receipt.
Right to Lodge a Complaint
If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with your local supervisory authority. In the European Union, you may contact the authority in your member state. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (ΓOOΓ).
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.
Retention Periods
- Active Client Data: Retained for the duration of the service agreement plus 3 years after termination
- Financial Records: Retained for 7 years as required by tax and accounting laws
- Website Backup Data: Retained per your selected backup retention plan (7β30 days)
- Security Logs: Retained for 90 days for security monitoring and incident response
- Support Tickets: Retained for 2 years after resolution
- Marketing Data: Retained until you unsubscribe or withdraw consent
- Website Visitor Data (non-EU): Retained for 12 months
β Data Deletion
Upon expiry of the retention period, your personal data will be securely deleted or anonymized. Deletion includes all copies across our systems, backups, and those of our service providers, subject to legal retention obligations.
Security Measures
We implement comprehensive technical and organizational measures to ensure a level of security appropriate to the risk. These include:
Technical Measures
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Control: Role-based access with multi-factor authentication for all staff systems
- Firewall Protection: Web application firewalls and network-level intrusion detection
- Vulnerability Management: Regular penetration testing and vulnerability assessments
- Secure Development: OWASP-compliant coding practices and regular security audits
- Isolation: Client data is logically and physically isolated from other clients
Organizational Measures
- Staff Training: Mandatory GDPR and security awareness training for all employees
- Data Processing Agreements: Legally binding DPAs with all processors
- Incident Response Plan: Documented procedures for data breach detection and response
- Regular Audits: Internal and external security audits conducted annually
- Need-to-Know Principle: Employee access limited to data required for their role
- Business Continuity: Disaster recovery and backup procedures tested quarterly
β οΈ Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach and will inform you without undue delay where required by law.
International Data Transfers
Wp Admin is based in the Czech Republic (EU), and your personal data is primarily processed within the European Union and European Economic Area (EEA). However, some of our service providers may operate in countries outside the EEA.
Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs): Legally approved transfer mechanisms between the EU and third countries
- Adequacy Decisions: Transfers to countries the European Commission has deemed to provide adequate data protection
- Supplementary Measures: Additional technical and contractual measures to protect data in transit
- Transfer Impact Assessments: Regular assessments of the legal environment in recipient countries
βΉοΈ Your Consent to Transfers
By providing us with your personal data and using our services, you consent to the transfer, storage, and processing of your data in the countries described above in accordance with the safeguards outlined in this policy.
Cookies Policy
Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver relevant content. We only set cookies that are necessary without your consent, and for all other cookies, we obtain your explicit consent via our cookie consent banner.
What Are Cookies?
Cookies are small text files that are stored on your device when you visit a website. They help the website remember your preferences, understand how you use the site, and improve performance.
Types of Cookies We Use
Managing Your Cookie Preferences
- On our website: Click "Cookie Settings" in the footer to modify your preferences at any time
- In your browser: Most browsers allow you to control cookies through settings (chrome://settings, about:preferences)
- Do Not Track: We respect Do Not Track headers where supported
βΉοΈ Consent
For all non-essential cookies, we obtain your explicit consent before they are set. You can change your mind at any time by using our cookie preference center or contacting us.
Data Protection Officer (DPO)
In accordance with GDPR Article 37, Wp Admin has appointed a Data Protection Officer responsible for overseeing data protection strategy and implementation to ensure compliance with regulatory requirements.
π‘οΈ Contact Our Data Protection Officer
For any GDPR-related inquiries, data protection concerns, or to exercise your rights, please contact:
Prague 2, 120 00, Czech Republic
Changes to This Policy
We may update this GDPR & Data Protection Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this page periodically for the latest information on our privacy practices.
How We Notify You of Changes
- Significant Changes: We will notify you via email and/or a prominent notice on our website at least 30 days before the changes take effect
- Minor Changes: Updates may be posted directly on this page with the revised "Last Updated" date
- Service Impact: If changes affect how we process your data, we may ask for your renewed consent where required
Continued use of our services after changes are made constitutes your acknowledgment and acceptance of the updated policy.
β οΈ Important
Changes to this policy will take effect as set forth in the revised policy. If we make material changes, we will provide more prominent notice, including, where required, by email or prominent notice on our website.
Contact Us
If you have any questions about this GDPR & Data Protection Policy, our data practices, or if you wish to exercise any of your rights, please don't hesitate to reach out to us.
π¬ Get in Touch
We're here to help with any privacy-related questions or concerns. Our team typically responds within 24 hours.
Prague 2, Czech Republic
β Your Rights Summary
You have the right to access, rectify, erase, restrict processing, object to processing, and port your data at any time. You also have the right to withdraw consent and lodge a complaint with a supervisory authority. Contact our DPO to exercise any of these rights.