Privacy Policy

Due to the E.U. government “across the pond” mandating all their jursidiction’s websites include a Privacy Policy page, now it’s strongly suggested to have such a page for people the world over that run websites. Even the little old lady genealogist and website owner who only drives it to church on Sundays and only deals with cookies at the church bake sale.

I found a template, but changed the wording “we” to “I” since it’s just me. I also changed statements into questions in some places, so I can answer the questions as I go along…

Who am I?

I’m still wondering that, myself. But my website address is:

What personal data do I collect and why I collect it?

I’m a genealogist, what do you expect?? 😛  But I guess here, the question is what data I collect from visitors to this site, not data from pouring through old census records.

When I had my old html website, my site was just “out there.” The only data I got from it were through entries from a linked third-party guestbook and from anyone emailing me. Now that I’ve migrated the site to WordPress format, with more bells and whistles than I know what to do with or even know what they’re for, cookie data seem to be collected automatically. So, as a disclaimer, since it makes my site collect data, whether I use them or not, somewhere in my site there may be some data I’m not aware of it collecting.


When visitors leave comments on the site, because WordPress automatically works this way, it collects the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Hmm…so that’s what those numbers are after your name in my Administrator panel: an IP address!!  I though it was a coincidence everyone had been serving time and still went by their prisoner number. Since I don’t care for spam — my mom used to buy it when I was a kid, but now it grosses me out…especially the recipes I see for it online — it’s good to detect if anyone is bringing spam to this site.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

Huh?? I guess that means if you upload an image of yourself as an avatar and go through a third party to do it, that third party will have that info you used to sign up with them and display your avatar/Gravatar image on my site when you use it to make a comment?? Of course they would, duh!

I have generic avatars on this site. So what avatars happen on this site, stay on this site. Unless you go through a third-party Gravatar. Or if you use an avatar of your ancestor’s gravestone, which would then be a Grave-atar.  😛


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

And if you upload any ancestor photos with such embedded location data, it may result in something similar to the TZ 1964 episode Night Call, and lead to where that elusive ancestor is buried.  

Contact forms

This is my contact form. If you contact me through it, I will use your provided email address data to write you back. Duh!


If you leave a comment on my site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Golly, Sarge, I didn’t know that!

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.


When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

The only way I’ve had cookies last for a year is if I put some in the freezer after baking. But usually they’d only last a few months, because I like cookies. Especially the oatmeal raisin ones.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Since it’s just one cookie, no wonder it wouldn’t last more than a day. Especially if it’s oatmeal raisin accompanied by a glass of cold milk.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

Duh! Of course.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

So I guess that means you’ll have to visit those sites to read their Privacy Policy, too. Bet they won’t be as interesting as mine. And they probably don’t have oatmeal raisin cookies.


I’ve heard of Google Analytics but not sure what it does, other than maybe doing what WordPress and its JetPack plugin does (see further below). Whatever it does, I don’t have it.

With whom do I share your data?

Most of the data that WordPress automatically collects I don’t even know how to use or have any need to use. Now if you’re from the Martin Loy (to America 1741) branch and I get an email or comment post from you and I don’t already have you in my (offline) records that I keep in OpenOffice Writer (a free program that does same as Microsoft Word), then I’ll update your family line with your info. As for “sharing your data,” if you’re also from the Martin Loy (to America 1741) branch and you contact me or post where I see your name, I might tell my older sister that I heard from a new distant cousin. But most times she’s not interested, and the other times (probably just to be polite) does acknowledge my comment. Kind of like how I’m polite (but not really interested) when she goes into detail about dog stories she’s read on the internet.

If you’re closely related to someone else on my correspondents list, I might mention your name to see if that person has corresponded with you. Nearly two decades ago, a distant cousin told me of a Loy family that had contacted her. The man had been raised in foster homes and wanted to learn about his biological Loy family. Learning his father’s name, I knew the father was Grandma’s 3rd cousin. I got the man in contact with his paternal aunt I’d written before. Not long after, I was contacted by a lady who, come to find out, was an older half sister, sharing same father. She’d been searching for this half-brother for a long time. I was able to connect them to each other. Then, some time after, I came across another brother, a full brother to this sister, thanks to a post on my site. So I got him connected as well.

All this was through email and a guestbook post, not cookie data. But thought I’d cover all bases here because Big Brother and the Internet Police might be that inquisitive.

How long do I retain your data?

Being a senior now, I’m not as good at retaining data as I used to be…

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

That is something I do know I have on this site. Once you make a post and I approve it, then your next posts will be automatically posted…as long as you use the same account/email address.  

For users that register on my website (if any), personal information they provide is stored in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

But that would only be one person, because I’m the sole website administrator.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

But if you do ask for an exported file, please tell me how to make one, because I don’t have the slightest idea how that works. If it requires extra postage to email it to you, please remit extra email postage. And what are administrative, legal, or security purposes??

Where do I send your data?

Visitor comments may be checked through an automated spam detection service.

I think that’s done through a WordPress feature. A robot somewhere in WordPressland does a TSA patdown on all your comments, mainly checking to see that you’re not smuggling contraband advertising for some Nigerian business scheme. Or wanting to enhance some part of me that’s not anatomically possible.

Where do I send your contact information?

I don’t send it anywhere. If you’re someone I’ve contacted before, or will contact in reply to something you’ve contacted me about, or if I recognize your name and want to say “hey” because we’re related…the email I send you will also have a copy in my “sent” email folder and in the remembered addresses for my email account. That’s basically it.

How do I protect your data?

I have a big safe, several guard dogs, rifles, and two canons. (That’s not a typo:  I have an AE-1 and a Powershot.)  I also have WordPress features and site hosting features that are supposed to protect the site from being compromised. So if anything happens, blame them.

What data breach procedures do I have in place?

If anything bad happens, first I’ll cry. Then contact the five people that have accounts on this site and let them know a data breacher from Nigeria might be impersonating their ancestry to get into SAR/DAR.

From what third parties do I receive data?

That I know of, I don’t receive data from any third parties. There is one feature I don’t know if it’s from a third party or not, because it gives me statistics on my site. These are through WordPress and its JetPack plugin (both free) that tell me how many people have visited my site each day, which of my pages were visited, the search terms (I’ve only seen it as “unknown” so I don’t know exactly what “search terms” would be), referrer (usually “Google” search), authors (I’m the only one, so it’s same as which of my pages were visited), clicks (so far, nobody has clicked on any of my sponsor links, despite how much I need the incentives 🙁 ), and countries.

The countries stats are kind of cool. It gives a count (just by number, no personal info) of visitors from different countries, by day, month, year, all time. Now, I imagine some of these may be bots — unless there really are Loy researchers living in places like Ghana and the Middle East. Most of the questionable ones only show one “all time” visit. But then there are countries with multiple visits. I’ve known (over 20 years) one researcher who lives and works in Japan, descended from 1700s-to-America Loy immigrant. Each time I see a site visit from Japan, I’ve wondered if he might have been the one who stopped by to visit that day.

What automated decision making and/or profiling do I do with user data?

It wasn’t an automated decision, but one benefit to everyone with this new statistics setup (mentioned above), shortly after migrating my html site to WordPress, I saw some site visitors accessed the site from Canada and U.K.  As a result, the next day I converted the old html page on one Loy/Ley immigrant to Canada and added it to the new WordPress format, for visitors’ easier finding. Not long after, I additionally compiled information together on certain Loys of Westmorland County, England that came to America in 1856, in case the U.K. visitors might benefit from this information.

Other than above instance, there is no automated decision making and/or profiling with user data.

Industry regulatory disclosure requirements

I don’t have the slightest idea what that means. Since I’m not an industry, I guess I don’t have to worry about industry disclosures.

Additional Notes on Cookies (not part of Privacy Policy requirement)

When you click on an affiliate advertising link on this site, you’ll get a cookie that will keep for a limited time, depending on advertiser, about a few days. That way, if you complete your order within few days after clicking, I’ll still get incentive for the sale, that will enable me to pay the “rent” for my site. If you decide to order later than a few days, the cookie will be gone and I won’t get credit unless you come back here and re-click my link to the advertiser.

There are three ways of cleaning cookies so they won’t be on your computer for days, weeks, months, or even up to a year until expiration. First, you can go into your browser settings at regular intervals and delete any cookies you don’t want. The second way is by using your browser’s “Private” (Safari, Firefox, Opera), “InPrivate” (Edge), or “Incognito” (Google) window mode, which doesn’t allow any cookies or tracking to be kept as long as you use that window. The downside to this, at least for me, is that I have to manually log in to sites that would otherwise have “remembered” me with cookies. Even my username is forgotten. And when I log in, I always have to fill out those Captcha hurdles, clicking on images of cars, etc., before I can get completely logged in. So, sometimes cookies are good. (Especially the oatmeal raisin ones!)

The third way, much more convenient, is by installing a free program such as CCleaner. But during setup, before clicking final install button, watch out for automatic opt-in for a certain malware protection software program. You have to uncheck (“untick” for you Brits) that opt-in option, or that program will download, too!! These programs, such as CCleaner, allow you to set rules as to what websites you wish to keep cookies and delete the others at each cleaning. These rules will apply to all your browsers so, if you’re like me and use various browsers, all will be covered in one process.