Who I am

The Donuts and Dragons blog, its Twitter account, Facebook Page and associated groups are a personal project by me, Inge Loots. The blog is hosted at https://donutsdragons.eu/

For my entire biography, visit my profile page. If you want to contact me, you can through the contact form. For privacy and security reasons, I am not sharing my physical address on-line.

What Personal Data I Collect and Why

By default, WordPress does not collect any personal data about you, and only collects the data from registered users. Some of my plugins do collect data, I’ll explain what they collect and why they collect it below.


When you leave comments on the site I collect the data shown in the comments form, and also the your IP address and information about the browser you are using for spam detection.

After approval of your comment, it will be visible on the website and permanently stored in the database for as long as the site is live. The system uses your information to make sure any following comments won’t be queued for moderation, but posted directly to the site.

Akismet collects information when you comment on this blog using the Akismet anti-spam service. The information they collect typically includes the your IP address, your browser information, if you clicked a link to end up here and any information you fill in on the comment form. The data is collected to distinguish spam from real comments on the site.

Security Logs

Your IP address, the user ID of logged in users, and any usernames used to try to login are logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.


In accordance with EU guidelines, I use a plugin to ask your permission for cookies. Some content (cookies and scripts) will be blocked upon loading the page and need your explicit permission before being displayed.

Find more information about the EU Cookie Directive and how to change the cookie settings in your browser by clicking on the links.

Other Cookies

If you leave a comment on this site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

I have enabled sharing icons to some social platforms and services: Buffer, Pinterest and Twitter. You can also share via e-mail or print the post if you want to. These sharing icons are part of the site’s theme which is Extra by Elegant Themes.

Some forms on this site require the use of Google’s reCAPTCHA service before they can be submitted. The purpose of these cookies is to avoid getting challenged every time you want to submit a form. If you consent to use Google’s reCAPTCHA service, a cookie is created that stores your consent. This cookie deletes itself after thirty days.

Tracking Cookies

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you would visit the other website. Examples of embedded content on this site are the Spotify and Twitter widgets in the side bar and YouTube videos in posts and on pages.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. You can disable this kind of tracking in your web browser. The option is called ‘Disable third party cookies’ in most browsers.

Note that blocking these cookies interferes with the embedded content. If you want to watch an embedded video on the site, or see my tweets, you need to allow these cookies.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I have, including any data you have provided to me. You can also request that I erase any personal data I have. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

If you want to use your rights, you can contact me through my contact form. Note that under Dutch law, I have to ask for proper identification before handing over any personal data and that I can only disclose your personal data to you. I am not allowed to share your data with anyone else without your written permission.

Where I send your data

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. I do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

This site is part of a network of sites that protect against distributed brute force attacks. In order for this protection to work, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

Visitor comments may be checked through an automated spam detection service (Akismet). The information entered in a comment form may also be shared with Gravatar, a global avatar service that connects avatars with email addresses. WordPress, Akismet and Gravatar are all services by Automattic, Inc.

How I protect your data

I try to avoid collecting any unnecessary data and try to keep it to username, email address and IP address. This data lives in this site’s database, which I protect with a security plug-in. The plug-in prevents unauthorized access to your data.

What data breach procedures I have in place

What is on the internet, can be hacked. That’s the core thought in my data breach procedure. Anyone who tries hard enough will be able to hack anything. The only thing a web master can do is make it harder, hoping that hackers try an easier target instead. I have installed a security plug-in for that and make sure I keep the site, the theme and all plug-ins up-to-date.

When I get hacked despite all of this, I will inform anyone who has ever commented by sending them an email. I also will notify the public by a sticky blog post on my site and via my social media channels and notify the Dutch regulator when appropriate.