1. Who We Are (Controller Identity)
The website PolishMom.com (“Site”, “we”, “us”) is a food and lifestyle blog operated by:
Site Owner / Data Controller:
[Your Full Name]
[Your Address, City, Postal Code, Poland]
Email: [email protected]
VAT EU: [Your NIP if applicable]
If you are in the EU/EEA, we are the data controller for the personal data described in this policy. We do not have a formal DPO obligation (small operator), but you may reach us at the email above for all data inquiries.
2. What Data We Collect and Why
| Category | Data Collected | Legal Basis (GDPR) | Purpose |
|---|---|---|---|
| Usage / Analytics | IP address (anonymized), pages visited, time on site, browser/device type, referral source | Consent (Art. 6(1)(a)) | Google Analytics — understanding traffic and content performance |
| Advertising | Cookies, device identifiers, browsing behavior on our site | Consent (Art. 6(1)(a)) | Google AdSense — displaying relevant ads, measuring ad performance |
| Comments | Name, email, website URL, comment text, IP address | Consent (Art. 6(1)(a)) | Facilitating user comments on posts |
| Newsletter | Email address, first name, subscription date, IP | Consent (Art. 6(1)(a)) | Sending recipe/blog newsletters |
| Contact Forms | Name, email, message content | Legitimate interest / Contract (Art. 6(1)(b/f)) | Responding to inquiries |
| Technical logs | Server logs: IP, timestamps, URLs requested | Legitimate interest (Art. 6(1)(f)) | Security, preventing abuse |
3. Cookies
We use cookies. A cookie is a small text file placed on your device. You can control cookies via our Cookie Consent Banner (shown on first visit) or your browser settings.
| Cookie Name / Provider | Type | Duration | Purpose |
|---|---|---|---|
| _ga, _ga_XXXXXXXX | Analytics (Google) | 2 years | Google Analytics visitor tracking |
| _gid | Analytics (Google) | 24 hours | Google Analytics session distinction |
| _gat | Analytics (Google) | 1 minute | Throttle request rate |
| google_adsense, IDE, NID, DSID | Advertising (Google) | Up to 2 years | AdSense ad personalization |
| cookieconsent_status | Functional (First party) | 1 year | Storing your consent choice |
| wordpress_*, wp-settings-* | Functional (First party) | Session / 1 year | WordPress CMS functionality (admin only) |
| comment_author_* | Functional (First party) | 1 year | Remembering commenter info |
We obtain your prior consent before placing non-essential cookies, in compliance with the Polish Telecommunications Act (Art. 173 Prawo telekomunikacyjne) and the EU ePrivacy Directive.
4. Google Analytics
We use Google Analytics 4 (GA4) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have enabled IP anonymization, meaning IP addresses are truncated before any processing. We have signed a Data Processing Amendment with Google. Data may be transferred to the USA under Google’s Standard Contractual Clauses.
You can opt out of Google Analytics by installing: Google Analytics Opt-out Browser Add-on.
5. Google AdSense
We display advertisements via Google AdSense, provided by Google LLC. AdSense uses cookies and similar technologies to show you ads based on your interests. We participate in the Google EU User Consent Policy and collect consent via a Certified CMP (Consent Management Platform) before serving personalized ads to EU/EEA users.
Google’s privacy policy: policies.google.com/privacy. You can manage ad personalization at: adssettings.google.com.
6. Third-Party Services
Our site may include content from or links to third parties such as YouTube (video embeds), Pinterest (sharing widgets), and social media platforms. These third parties have their own privacy policies and may collect data independently when you interact with their content.
7. Data Retention
- Google Analytics data: 14 months (set in GA4 settings)
- Comments: retained as long as the post exists; deleted upon request
- Newsletter subscribers: until you unsubscribe
- Contact form submissions: 12 months from last contact
- Server logs: 30 days
8. Data Transfers Outside the EEA
Some of our third-party providers (Google, Mailchimp, etc.) are based in or transfer data to the USA. Such transfers are made under the EU–US Data Privacy Framework and/or Standard Contractual Clauses as safeguards required by GDPR Chapter V.
9. Your Rights (EU/EEA / Poland — GDPR)
Under the GDPR and Polish Act on Personal Data Protection (UODO), you have the right to:
- Access — request a copy of your personal data (Art. 15)
- Rectification — correct inaccurate data (Art. 16)
- Erasure (“right to be forgotten”) — delete your data (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time (Art. 7(3)) — without affecting prior processing
- Lodge a complaint with the Polish supervisory authority: UODO (Urząd Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl
To exercise any right, contact us at: [email protected]. We will respond within 30 days.
10. California Residents — CCPA/CPRA Rights
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:
- Right to Know — what personal information we collect, use, disclose, or sell
- Right to Delete — request deletion of your personal information
- Right to Correct — request correction of inaccurate personal information
- Right to Opt-Out — we do not sell your personal information; we do allow Google to use cookies for advertising (see “Do Not Sell or Share My Personal Information” link in footer)
- Right to Non-Discrimination — we will not discriminate against you for exercising your rights
To submit a California privacy request, email us at [email protected] with subject “CCPA Request.”
11. Children’s Privacy (COPPA)
PolishMom.com is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it. We comply with the U.S. Children’s Online Privacy Protection Act (COPPA).
12. Security
We implement appropriate technical and organizational measures to protect your data, including SSL/TLS encryption, limited access controls, and regular security reviews. However, no internet transmission is 100% secure.
13. Changes to This Policy
We may update this policy. The “Last updated” date at the top reflects the most recent revision. We encourage you to revie