We want to provide you with clear and complete information about which personal data the WPML plugin and wpml.org site gather and how you can view and control its handling.
On 25th May 2018, a new regulation came into effect in the European Union, called General Data Protection Regulation, with additional changes and updates since. It provides strict and specific guidelines on how personal data is gathered and handled. This also affects companies and individuals that reside outside of the EU but collect data from EU citizens.
Table of contents
- Who we are
- What personal data we collect and why we collect it
- Who we share your data with
- Who can see my personal information
- How long we retain your data
- How we protect your data and what data breach procedures we have in place
- What rights you have over your data
- Email Communications You Might Receive From Us
- Additional Information
Who we are
We are the OnTheGoSystems Ltd. company, makers of the WPML plugin and owners of the wpml.org website.
You can find more information about us, including our full address, on our company website.
What personal data we collect and why we collect it
When you leave comments on the site we collect the data shown in the comments form, and also your IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Information submitted through the contact forms on our site are sent to our company email, hosted by Gmail. Google adheres to the EU “Privacy Shield” policy and you can find more information about this here.
While we keep these submissions for customer service purposes they are never used for marketing purposes or shared with third parties.
Our site uses the following cookies:
- Google Analytics cookies – these are set for monitoring and tracking visitors behavior on the site.
- WordPress logged-in cookies – these are used by WordPress to authenticate logged-in visitors, password authentication, and user verification.
- WPML cookies – these are used by our WPML plugin to identify the preferred user’s language as our site is multilingual. You can find detailed information about this on our page about browser cookies stored by WPML.
- WooCommerce cookies – these are used by the WooCommerce plugin to track visitors and their purchased items in the cart.
- W3 Total Cache cookies – these are used by W3 Total Cache plugin to monitor referrer and user identification for caching purposes.
- WP Polls cookies – these are used by WP Polls plugin to provide proper polls functionality based on user identification.
- ICL-MPP Affiliate cookies – this is used by our system to monitor and identify affiliates for the purpose of performance monitoring and payments.
- bbPress cookies – this used by the bbPress plugin to provide proper forum functionality based on user status and profile.
- Toolset plugin cookies – this is used by our Toolset plugin (Toolset Types, Module Manager, and Toolset Forms) to properly provide functionality based on user status.
- 2checkout WooCommerce cookies – this is used by the WooCommerce extension 2checkout for verifying user payment and checkout status.
- WP Postratings cookies – this is used by the WP Post rating plugin to provide proper rating functionality based on user status.
- Limit Login Attempts cookies – this is used by the Limit login attempts plugin to provide brute force security in logins by monitoring user cookies.
- CMS Tree Page View cookies – this is used by the CMS Tree Page View to provide correct functionality based on user behavior.
Embedded content from other websites
Articles on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.
In addition to Google Analytics, we are using the following statistics on our site for performance and monitoring:
- Affiliate performance statistics – statistics regarding our affiliates
- Installer statistics – statistics regarding the number of plugin installations of our products in clients, also includes the site info like PHP version, WordPress version used, etc.
- Support statistics – statistics regarding our supporters and clients about how many tickets created, resolved, pending, etc.
- WooCommerce statistics – statistics regarding our sales, conversion rates, refunds, etc.
- Reference sites statistics – statistics regarding our clients reference sites installation.
- Compatibility plugin statistics – statistics regarding our clients compatible/incompatible themes/plugins with our products.
Professional Translation Services
WPML allows you to send the content of your site for translation to third-party translation services of your own choice. This involves sending the content data, calculating the commissions for translations, and communication between the involved systems.
Only data that is required to send and receive site contents for the translation is shared with the selected translation services. In short, it is not possible to use professional translation through WPML without sharing the information needed for the translation to happen.
All communication between WPML and translation services is encrypted.
Data shared with our support
Sometimes, to help our support debug a WPML-related issue on your site, we might ask you to share a copy of your site with us. Since this is your site, you are the one responsible for its data and we strongly encourage you to remove any personal information from the database before sharing it with us.
That being said, here are some important points about what happens with the site duplicates and data that is shared with our support:
- When a debug or setting check is needed, we ask for access to the site or even a full copy of the site.
- We use that access/duplicates strictly for debugging.
- We do not share that data with anyone outside of the company.
- We might need to share the duplicates with OnTheGoSystems supporters and developers when the case requires it.
- We destroy this information after we finish debugging and resolve your issue.
- Our forum is public but any outside URL is automatically masked and any private information is shared only in private comment seen only by the supporters and the client that reported the issue.
- Again, we strongly encourage you to remove any personal/sensitive information they might hold before sharing access/duplication if they are concerned about it.
- We cannot be held responsible for any loss of private information from databases if that should occur. In other words, you should have a fully working backup of whatever site you share with us.
Data collected by the WPML plugin and add-ons you use
The WPML plugin is fully compliant with GDPR.
If you give it explicit consent, the only data it can collect is which theme and plugins your site is using. This information is used only for providing you with faster and better support. WPML will prompt you and require explicit action, asking you if you want to share with us this information. If you decline, it will not collect any data whatsoever.
WPML add-on plugins that we provide, like Gravity Forms Multilingual, for example, allow WPML to work with certain plugins. However, they do not perform any explicit duties of these plugins. They will not even work without the main plugin activated on the site. So, for example, Gravity Forms Multilingual does not in any way send or receive data – this is still done through the main Gravity Forms plugin.
You will have to contact the authors of these third-party plugins and themes for information about who they deal with GDPR and similar regulations.
WPML Translation Management add-on plugin
WPML provides a separate add-on plugin called Translation Management. It helps you manage your content’s translation better and offers you multiple tools for sending content for translation.
Because of the service this plugin provides, it has to send your contents off-site. Specifically, Translation Management add-on plugin can:
- Send to wpml.org the names and emails of the site’s admin, Translation Managers, and translators.
- Send to wpml.org and its sub-domains content of the site, for the purpose of translating that content.
- Send to translation services, which the users select themselves, the content for translation.
It goes without saying that the data sent by Translation Management is sent in an automatic and secure manner and used exclusively for providing you the translation services. None of it is shared or used for any other purposes or shared with any third-party besides the translators.
If you decide to use the Translation Management add-on, the sending of this information is not optional, it is simply part of the service. Therefore, if you do not wish to share this information for translation purposes, you should not use WPML Translation Management add-on.
Who we share your data with
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. However, some data is transferred and/or stored with third-party services we use, like cloud-based services and payment processors. This is done as a way to provide you with a better overall service and user experience.
Here are the services we use to make our own service better for you:
- Active Trail – we store our client contact details for newsletters, announcements, and usability testing invite purposes. They can opt-out of these at any time.
- PayPal – we use Paypal as one of our payment processor. During checkout, a client will provide login information and credit card info. This information is processed directly within this gateway payment and we do not save it on our sites.
- Stripe – we use Stripe as one of our payment processor. During checkout, a client will provide credit card info. These are all stored in the Stripe site.
- 2Checkout – we use this as one of our payment processor. During checkout, a client will provide credit card info. These are all stored in the 2checkout site. These are shared for future checkouts and account renewals.
- Amazon SES – we use this services to manage mailing campaigns to our clients. What is shared are client contact details (name and client email).
Who can see my personal information
If you are not a registered client in our site, there is no personal information we have or can see about you.
If you are a client with a WPML account, your personal information can be accessed by:
- Our System administrator
- Our supporters when they need to (in order to provide support) get the information about the client accounts and access.
How long we retain your data
When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation.
If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.
How we protect your data and what data breach procedures we have in place
We protect customer data with the following site features:
- We are entirely using SSL/HTTPS throughout all our sites. This encrypts our user communications with the servers so personal identifiable information is never captured by third parties without authorization.
- Databases are sanitized (actual user personal details are removed) before deploying to development or testing environment.
In case of a data breach, System administrators will immediately go through affected users and will attempt to reset passwords if needed after informing the user.
What rights you have over your data
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being our customer (i.e. basic account information like an email address).
For these requests, please use this form.
Email Communications You Might Receive From Us
We send our clients occasional newsletters with important product updates. To new clients, we might also send a very limited (low) number of emails for getting started with using WPML. You can easily unsubscribe from all these emails by clicking the unsubscribe link at their bottom.
From time to time you might also receive special, “one-off” emails from us about very specific topics. For example, we might ask you to participate in a survey about specific features or join one of our feedback calls. Please note that these emails are sent to specific groups of our clients and will not try to sell you anything. Instead, they’re meant as a way to improve our products and services based on direct feedback from our clients.
You can find additional information about related topics on the following pages: