Begriddled! Privacy Policy

About this privacy policy

I have created this site using WordPress and adapted the WordPress privacy policy template to this.

I’m not keen on using the “royal we” and as this is just me, I’ve changed the suggested “we”s to “I”s, etc. If the “I” becomes a “we” we (as we will then be, of course) will change the pronouns as appropriate.

I’ve also changed some of the “we”s to “the system” because frankly it doesn’t make sense to say something like, for example, “I will set a temporary cookie to determine if your browser accepts cookies” when in reality I have nothing to do with it other than the fact that I’m using a system that, apparently, does that.

I’ve called my puzzle Begriddled, or Begriddled! with an exclamation mark. I like the exclamation mark and refer to this site as the Begriddled (or Begriddled!) website.

This is more than just a personal website because I intend using it for “commercial purposes.”

I am using Google Analytics to get a feel for general usage of the site: numbers of visitors, hopefully whereabouts in the world they are, which pages get visited, and so on. I believe that Google does not save any identifiable data for that.

There are embedded YouTube videos. I know YouTube monitors usage but believe that they record no identifiable data.

I am inviting people to provide their email address for the purpose of sending occasional updates on progress and any information I believe might be of interest to subscribers. This might include offering Begriddled-related services and products and other advertising.

I have forms on the site that invite people to enter data such as their name and email address. The purpose of each form should be clear. The data gets stored in the system and (depending on the purpose of the form) sent to me automatically via email so that I can deal with it.

Who I am

I am Nick Rice and my Begriddled! website address is at:

What personal data is collected and why

Personal data is collected only to properly provide a service. If you are purchasing something, you may need to provide real-world information such as name and address so I can deliver that purchase.
In other cases I might just need an email address.
You do not need to use your main personal address. There are plenty of places where you can get email addresses for free. Examples include, Google’s Gmail, and Microsoft’s Outlook. (Looking at this last one, Outlook,  it isn’t obvious how to create a new email account. Click the SIGN IN WITH MICROSOFT button, which will prompt you to enter your account details or create a new one. Even if you already have an Outlook account you can create another one.)
It can be handy having several email addresses (accounts) for different purposes, though you have to keep track of them and their passwords. It’s best not to use the same password for more than one account.


It is not currently possible for visitors to leave comments. However that might change at any time.

When visitors leave comments on the site the system collects the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available at After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

See above.

Other forms allowing the entry of personal data

Mailing list subscription forms are used to collect data used for those mailing lists.

Data you provide will be held on MailChimp servers and will be removed on request.

See for further information on Mailchimp with respect to GDPR legislation.


If you leave a comment on the site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year, I have been led to believe.

If you have an account and you log in to this site, the system will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

If and when you log in, the system will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

(All this comes automatically with WordPress and my reason for believing it to be true is it’s what I’ve read. If some of it turned out not to be true, it wouldn’t surprise me, and I have absolutely no idea how to check it. I really doubt that it matters, but someone thought all this important enough to include in the template.)

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


I am using Google Analytics and the free (lite) version of Google Analytics for WordPress by MonsterInsights to monitor site usage.

Who we share your data with

TBC. However this is covered by other sections on this page.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so it is possible to recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on the website (if any), the system also stores the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

If you subscribe to a mailing list, then your email address and other information you provide with it will be retained until you unsubscribe, or might be removed for some other reason. If I cease to use the site (not planned but anyone can fall under a bus and I am descended from a host of ancestors who didn’t live forever) and it isn’t passed over to someone to keep it going, then my payments will lapse and data become deleted or no longer accessible by anyone.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data held about you, including any data you have provided to the system. You can also request that I erase any personal data held about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes, such as backups.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your data may be sent to a third party in order to fulfil a service. For example, if you order a product (such as a book of puzzles) through the site, to be sent to you directly by a third party, then the data they need to do that will be sent to them.

Note that the system does not collect any financial data (account numbers, for example) whatsoever. Any payments will be processed by a third party such as PayPal, with your account details (name on the account, account number, password, etc) not passing through the Begriddled site.

As noted elsewhere on this page, I use MailChimp to manage mailing lists, and so data entered into mailing list forms on this site is automatically transferred to them.

Your contact information

As noted elsewhere on this page, I use MailChimp to manage mailing lists, and so data entered into mailing list forms on this site is automatically transferred to them.
You may unsubscribe from any list using the link provided in any email using that list.
Some items will be held for legal and operational reasons. For example, if you purchase something through the site that I put in the post to you, I’ll need your (or the recipient’s) name and address for that. That will be included on any covering letter or invoice included with the item. Copies of this correspondence will be kept.
The data in normal contact and any non-list forms is stored in the system and (generally) emailed automatically to me so I can deal with it.

Additional information


How we protect your data

Your data is protected by standard industry procedures such as having all website data passed over the internet in encrypted form via TLS (SSL), also referred to as HTTPS.
The database containing the data is password protected. I am also using a dedicated virtual server, ie it is not shared with anyone else.
Mailchimp servers are located in the United States. Because Mailchimp certifies to the Privacy Shield framework, they can lawfully receive EU data.
According to Wikipedia, “Email is prone to the disclosure of information. Most emails are currently transmitted in the clear (not encrypted) form. By means of some available tools, persons other than the designated recipients can read the email contents.”
In general it is best not to send sensitive data via email. Of course email addresses themselves are considered personal data, and it is not possible to send an email without an email address any more than it is possible to keep secret the destination of a letter by not writing the address on the envelope.
The web server has firewall protection.

What data breach procedures we have in place

This is a one-person site. I do what I can.

What third parties we receive data from


What automated decision making and/or profiling we do with user data

None. I might use Google, Facebook, or other advertising. I will update this section if and as relevant as I learn more about that if I do so.

Industry regulatory disclosure requirements