Privacy Policy

by Andrea Hartley
Your data, your rights, our obligations. In plain language.

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Explore Your Garden (“we”, “our”, “us”) collects, uses, stores, shares, and protects personal data of visitors to exploreyourgarden.site. It complies with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA) as amended by the CPRA, the Italian Privacy Code (D.Lgs. 196/2003 as amended), and other applicable privacy frameworks.

For privacy questions or to exercise rights described below, contact us at privacy [at] exploreyourgarden [punto] site.

1. Data Controller

The data controller for personal data processed through this website is Giovanni Picaro, founder and publisher of Explore Your Garden, with operational base in Sofia, Bulgaria. Registered legal correspondence address available on request via the privacy contact address. For all GDPR-related correspondence, please use privacy [at] exploreyourgarden [punto] site.

2. What personal data we collect

We collect the minimum personal data necessary to operate the site and serve its readers:

Data TypeWhen CollectedPurpose
IP address, browser, device, OS, pages visitedEvery visit (server logs)Site operation, security, abuse prevention
Cookie identifiersWhen cookies are accepted (see Cookie Policy)Site functionality, analytics, advertising
Email address, name (optional)When you contact us, comment, or subscribeCommunication, comment management, newsletter delivery
Comment contentWhen you post a commentCommunity discussion, moderation

3. Legal bases for processing

Under GDPR Article 6, we process personal data on the following legal bases:

  • Legitimate interest — for server logs, security monitoring, abuse prevention, and basic site operation.
  • Consent — for non-essential cookies, advertising personalization, and email newsletters. Requested through our cookie banner and any explicit subscription form.
  • Contract performance — if you enter a paid commercial relationship with us (sponsorship, affiliate partnership), processing of your business contact information is necessary.
  • Legal obligation — for accounting records, DMCA documentation, and tax compliance, when applicable.

4. Third parties with whom we share data

We do not sell your personal data. We do share specific data with the following service providers, each governed by its own privacy policy:

  • Hosting provider — Hosting.com (United States). Server logs and the underlying database are stored on Hosting.com infrastructure.
  • Content delivery network and security — Cloudflare (United States). Cloudflare processes traffic for performance and DDoS protection. See Cloudflare’s privacy policy.
  • Analytics — Google Analytics (Google LLC, United States) when enabled, for aggregated traffic analysis. IP addresses are anonymized where technically feasible. See Google’s privacy policy.
  • Advertising — Google AdSense (Google LLC). AdSense serves advertising and uses cookies to measure ad performance. See Google’s ad policies. We may in the future replace or supplement AdSense with another advertising network; this Privacy Policy is updated whenever the network changes.
  • Affiliate networks — Amazon Associates and similar programs (where active) may set cookies to track referrals. See our Affiliate Disclosure.
  • Email and contact handling — Google Workspace (United States) for inbound email delivery and team communication.

Where a third-party service provider is based outside the European Economic Area, we ensure appropriate safeguards under GDPR Article 46.

5. International data transfers

Some service providers process data outside the EEA, primarily in the United States. We rely on the EU-U.S. Data Privacy Framework where applicable, on standard contractual clauses adopted by the European Commission, or on equivalent safeguards. Copies of safeguards are available on request to privacy [at] exploreyourgarden [punto] site.

6. Data retention

  • Server access logs: up to 12 months for security and operational purposes.
  • Cookie identifiers: as set out in the Cookie Policy, typically up to 13 months for analytics and 12 months for advertising consent records.
  • Email correspondence: kept for as long as the conversation is operationally relevant, then deleted; typical retention is 24 months.
  • Comments: kept indefinitely as part of the published site, unless you request removal.
  • Newsletter subscribers: kept until unsubscription or until the newsletter is discontinued.
  • DMCA records: at least seven years from the date of the last related notice.

7. Your rights

Under GDPR and equivalent laws, you have the following rights with respect to your personal data:

  • Right of access — confirmation of whether we hold your data and a copy of it.
  • Right to rectification — correction of inaccurate or incomplete data.
  • Right to erasure — deletion of your data, subject to legal exceptions.
  • Right to restriction of processing — pause processing while a dispute is resolved.
  • Right to data portability — your data in a machine-readable format.
  • Right to object — objection to processing based on legitimate interest, including profiling.
  • Right to withdraw consent — where processing is based on consent, withdrawable at any time.
  • Right to complain — complaint to your national data protection authority. UK readers may complain to the ICO; California residents may contact the California Attorney General; Italian residents may contact the Garante per la Protezione dei Dati Personali.

For California residents, the CCPA grants substantively similar rights including the right to know, the right to delete, the right to correct, and the right to opt out of “sales” of personal information (we do not sell personal information).

8. How to exercise your rights

Send an email to privacy [at] exploreyourgarden [punto] site with a subject line specifying the right you wish to exercise (GDPR Access Request, CCPA Deletion Request, etc.). We respond within 30 days, often sooner. For verification purposes we may ask you to confirm details that match information already in our records.

9. Children

This site is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at privacy [at] exploreyourgarden [punto] site and we will delete it promptly.

10. Security

We apply industry-standard technical and organizational measures to protect personal data: encrypted connections (HTTPS/TLS), restricted administrative access, regular security audits, prompt patching of known vulnerabilities. No system is perfectly secure; we will notify affected users and relevant authorities in the event of a personal data breach as required by law.

11. Changes to this policy

This policy is reviewed at least annually and updated as needed. The “Last updated” date at the top of this page reflects the most recent revision. Material changes are announced on the homepage and, where appropriate, by direct notification to subscribers.

Related pages: Cookie Policy · Terms of Service · Disclaimer · Contact Us · Affiliate Disclosure

Who we are

Suggested text: Our website address is: https://exploreyourgarden.site.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.