Who I am

The Donuts and Dragons blog, its Twitter account, Facebook Page and associated groups are a personal project by me, Inge Loots. The blog is hosted at https://donutsdragons.eu/

For my entire biography, visit my profile page. If you want to contact me, you can through the contact form. For privacy and security reasons, I am not sharing my physical address on-line.

What Personal Data I Collect and Why

By default WordPress does not collect any personal data about my visitors, and only collects the data shown on the User Profile screen from registered users. Some of my plugins do collect data, I’ll explain what they collect and why they collect it below.


When visitors leave comments on the site I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

After approval of your comment, it will be visible on the website. At the moment, I have Gravatar service disabled because the service has some privacy issues. I won’t enable the service until this is resolved. Until then it is not possible to set an avatar on this site, I apologise for the inconvenience.

Akismet collects information about visitors who comment on this blog using the Akismet anti-spam service. The information they collect typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself). The data is collected to distinguish spam from real comments on the site.

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.


Contact Form

When you use my JetPack powered Contact Form, it collects your IP address, user agent (which browser you use on which operating system), name, email address, website, and message are submitted to the Akismet service, for the sole purpose of spam checking. Both Akismet and Jetpack are owned by the company that makes WordPress: Automattic.

The actual submission data is stored in the database of this site and is emailed directly to me. This email will include the submitter’s IP address, time-stamp, name, email address, website, and message. I don’t get to see all the other data Automattic collects.

WordPress’ back-end allows me to remove submitted feedback and associated data from the database. As soon as I read and responded to your feedback, I will delete the feedback.

WordPress.com Stats

I chose WordPress stats over Google Analytics because of the light-weight tracking it does. The tracking is kept at a minimum and uses IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent (your browser/operating system), visiting URL, referring URL, time stamp of event, browser language, country code.

I do not have access to any of this information via this feature. For example, I can see that a specific post has 285 views, but I cannot see which specific users/accounts viewed that post.  Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Activity Tracked: Post and page views, outbound link clicks, referring URLs and search engine terms, and country.

When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that the plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.).


In accordance with EU guidelines, I use a widget by Jetpack to ask permission for cookies. Find more information about the EU Cookie Directive and how to change the cookie settings in your browser by clicking on the links.

If you leave a comment on this site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

I have enabled sharing icons to some social platforms and services: Buffer, Pinterest and Twitter. You can also share via e-mail or print the post if you want to. These sharing icons are part of the site’s theme which is Extra by Elegant Themes.

I have disabled sharing buttons to Facebook and Google-owned services because I can’t check how pervasive it is and I don’t want to expose my readers to it. Feel free to share links on those networks by the old-fashioned copying and pasting, thank you!

Some forms on this site require the use of Google’s reCAPTCHA service before they can be submitted. The purpose of these cookies is to avoid getting challenged every time you want to submit a form. If you consent to use Google’s reCAPTCHA service, a cookie is created that stores your consent. This cookie deletes itself after thirty days.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. Examples of embedded content are the Spotify widget in the side bar and YouTube videos.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. You can disable this kind of tracking in your web browser. The option is called ‘Disable third party cookies’ in most browsers.

Note that blocking these cookies interferes with the embedded content. If you want to watch an embedded video on the site, you need to allow these cookies.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

If you want to use your rights, you can contact me through my contact form. Note that under Dutch law, I have to ask for proper identification before handing over any personal data.

Where I send your data

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

Visitor comments may be checked through an automated spam detection service (Akismet). The information entered in a comment form may also be shared with Gravatar, a global avatar service that connects avatars with email addresses. WordPress, Akismet, Jetpack and Gravatar are all services by Automattic, Inc.

How I protect your data

I try to avoid collecting any unnecessary data and try to keep it to username, email address and IP address. This data lives in this site’s database, which I protect with a security plug-in. The plug-in prevents unauthorized access to your data.

What data breach procedures I have in place

What is on the internet, can be hacked. That’s the core thought in my data breach procedure. Anyone who tries hard enough will be able to hack anything. The only thing a web master can do is make it harder, hoping that hackers try an easier target instead. I have installed a security plug-in for that and make sure I keep the site, the theme and all plug-ins up-to-date.

When I get hacked despite all of this, I will inform anyone who has ever commented by sending them an email. I also will notify the public by a sticky blog post on my site and via my social media channels.

Privacy Policy
Article Name
Privacy Policy
A short overview of which data I collect, what I do with it and what your rights over my collected data are.
Publisher Name
Inge Loots
Publisher Logo