Privacy Policy

about this privacy policy

The Family Patch understands that your privacy is important to you and that you care about how your personal data is used and shared online. I respect and value the privacy of everyone who visits this website, (“My Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with the General Data Protection Regulation (GDPR).

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of My Privacy Policy is deemed to occur upon your first use of My Site. If you do not accept and agree with this Privacy Policy, you must stop using My Site immediately.

Definitions and Interpretation

In this Policy, the following terms shall have the following meanings:

“Cookie” means a small text file placed on your computer or device by My Site when you visit certain parts of My Site and/or when you use certain features of My Site. Details of the Cookies used by My Site are set out below;
“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
“personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via My Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and
“I/Me/My” means The Family Patch, a personal blog written by Amanda Shortman.

Who I am

My website address is:

My Site is a personal blog run by Amanda Shortman, who is registered as a Data Controller with the Information Commissioner’s Office (ICO) with the registration number ZA305557.

limitation of this privacy policy

This Privacy Policy applies only to your use of My Site. My Site contains links to other websites. Please note that I have no control over how your data is collected, stored, or used by other websites and I advise you to check the privacy policies of any such websites before providing any data to them.

what is personal data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers (e.g. your IP Address).

What rights you have over your data

Under the GDPR, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown at the end of this privacy policy. There is not normally any charge for a subject access request. However, if your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover My administrative costs in responding.

Your request to erase personal data I hold about you does not include any data I am obliged to keep for administrative, legal, or security purposes.

For more information about My use of your personal data or exercising your rights as outlined above, please read this Privacy Policy in full, or contact me using the details provided at the end of this Privacy Policy.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about My use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

What personal data I collect and why I collect it

Under the GDPR, I must always have a lawful basis for using personal data. This may be because: the data is necessary for My performance of a contract with you; because you have consented to My use of your personal data; or because it is in My legitimate business interests to use it. Your personal data may be used for the following purposes:

  • Communicating with you. This may include responding to comments from you.
  • Supplying you with information by email that you have opted-in to (this currently applies only to subscriptions to blog posts by email, which you can unsubscribe from at any time).
  • Analysing your use of My Site to enable me to continually improve My Site and your user experience.

The personal data I collect is listed in the sections below.


When visitors leave comments on the site I collect the data shown in the comments form (name, email address, and website URL), and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Comments, along with the visitor’s name, are displayed publicly on the blog. I may respond to some comments via the email address given.

Contact forms

As with comments, when visitors use the contact form on the site I collect the data shown in the contact form (name, email address, and website URL), and also the visitor’s IP address and browser user agent string to help spam detection. The contact form is created using the Jetpack plugin, whilst spam detection is run by Akismet, both of which are owned by Automattic.

The actual submission data is stored in the database of Our Site and is emailed directly to Amanda Shortman. This email will include the submitter’s IP address, timestamp, name, email address, website, and message.


If you leave a comment on My Site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

My Site also uses the following plugins and third-party systems:

  • Akismet (an anti-spam plugin provided by Automattic) for the purpose of automatically capturing spam comments.
  • Jetpack (also provided by Automattic) for the purpose of user experience and gathering website analytics. You can find out more in Jetpack’s Cookie Policy
  • Google Analytics (provided by Google) for the purpose of monitoring user demographics. You can find out more about Google Analytics Cookie Usage on Websites here

If you do not wish for My Site to place Cookies on your device, you can disable Cookies within your browser. I have provided links to tutorials for disabling Cookies on the major browsers below:

Embedded content from other websites

Articles on My Site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How and Where I Store or Transfer your Personal Data

Your personal data is stored upon My Site’s database, which is hosted on a UK based server. If you leave a comment or fill in the contact form, it will be shared to Amanda Shortman’s Gmail account. Visitor demographics will be shared with the Jetpack and Askimet plugins (owned by Automattic) and Google Analytics.

How long I retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you use the contact form, your message and contact details will be kept for as long as is deemed necessary. I will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. The following factors will be used to determine how long it is kept:

  • the potential for ongoing or future work with you
  • business needs that require documentation to be retained

Data collected and stored for the purpose of analytics will be stored for the lifetime of this website.

Where I send your data

Visitor comments are checked through an automated spam detection service (Akismet). Analytics are collected by Jetpack. Emails are sent to Gmail.

How i protect your data

In order to keep your data as safe as possible, I use secure passwords to access any place your data may be stored. My laptop and mobile phone are also both password protected.

Within WordPress itself, I have a security plugin installed (Wordfence), which informs me of any potential risks to security, including any attempts to log into WordPress.

What data breach procedures i have in place

In the event of a breach, I will implement the following procedure:

  1. Change all passwords immediately and ensure security is restored
  2. Carry out a complete audit to investigate the breach and how it impacts the personal data I hold
  3. Implement any further security measures highlighted by the audit
  4. Create a report about the breach and steps taken, and inform the ICO within 72 hours of the breach
  5. Follow any guidance provided by the ICO

my contact information

To contact me about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:


Changes to this Privacy Policy

I may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if I change My Business in a way that affects personal data protection.

Any changes will be immediately posted on My Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of My Site following the alterations. I recommend that you check this page regularly to keep up-to-date.