Destin Fishing Rodeo Privacy Policy

Effective date: 5-14-2026

Plain‑English note: This template is designed for WordPress sites and maps to major privacy laws including GDPR/UK GDPR, ePrivacy/cookies, and U.S. state laws (CA CPRA, CO CPA, CTDPA, UT UCPA, VA VCDPA, OR OCPA, TX TDPSA, FL DBR, MT CDPA, etc.). Replace bracketed items and remove anything that doesn’t apply. This is not legal advice.

1) Who we are

Website: https://destinfishingrodeo.org/

Legal entity/controller: Destin Fishing Rodeo

Registered address: 103 Stahlman Ave, Destin, FL 32541

Contact for privacy requests: fishing@destifishingrodeo.org • 850.837.6734

EU/UK representatives (if applicable): none

Data Protection Officer (if applicable): Amber

2) Scope

This policy applies to destinfishingrodeo.org and related subdomains. It covers personal data collected online via this website, including through WordPress core, themes, plugins, and embeds.

3) Key terms

Short definitions of personal data, processing, controller, processor, sell/share (CPRA), targeted advertising (state laws), sensitive personal information, cookies & similar technologies, profiling/automated decision‑making.

4) What we collect

We collect information in three ways:

A. Information you provide to us

Account & profile data (registration, comments)

Contact form submissions & support requests

Orders & subscriptions (WooCommerce/EDD), payment details processed by [payment processor] (we do not store full card numbers)

Newsletter sign‑ups and marketing preferences

User‑generated content (posts, reviews, media uploads)

B. Information collected automatically

Technical data: IP address, device/OS, browser, pages viewed, referring URLs, timestamps

Usage data & analytics: page interactions, scroll/click events, session metadata

Approximate location (derived from IP)

Cookies & similar tech (see §8)

C. Information from third parties

Social logins (e.g., Google, Facebook)

Anti‑spam & security (e.g., Akismet, Wordfence)

Ad/marketing partners and analytics providers

5) WordPress‑specific disclosures

Make this section accurate for your site.

Comments: When visitors leave comments, we collect the data shown in the comments form, and also the visitor’s IP address and browser user‑agent to help spam detection. An anonymized string (hash) may be sent to Gravatar to check if you use it. After approval, your profile picture is visible with your comment.

Media uploads: If you upload images, avoid uploading images with embedded location data (EXIF GPS). Visitors can download and extract location data from images on the site.

Contact forms: We keep form submissions for [retention period] for [customer service/analytics] and do /do not use the information for marketing.

Cookies created by this site: See §8 for a current list. WordPress may set cookies for login, preferences, and comments. WooCommerce and similar plugins set cookies to track cart contents and sessions.

Embedded content from other websites: Articles/pages may include embedded content (e.g., YouTube, Vimeo, social posts, maps, fonts). Embedded content behaves as if the visitor has visited the other website, which may collect data, use cookies, or embed third‑party tracking.

Security & spam protection: We use [plugin/service] which may process IP addresses, request URLs, and headers for security/spam prevention.

Performance/CDN: We use [CDN] which may cache content and log IP addresses to deliver the site efficiently.

Backups & hosting: Backups and server logs (including IP addresses) are stored by [host/backup service] for [retention period].

6) Purposes and legal bases (GDPR/UK GDPR)

We process personal data for:

Provide the site and services (WordPress functionality, accounts, orders) — legal bases: contract performance; legitimate interests

Customer support & communications — contract; legitimate interests; consent where required

Analytics, site improvement, and debugging — legitimate interests; consent where required (ePrivacy/cookies)

Marketing & advertising — consent where required; legitimate interests; opt‑out rights apply for targeted ads in U.S. states

Security, fraud prevention, and spam detection — legitimate interests; legal obligations

Legal compliance — legal obligations; establishment, exercise, or defense of legal claims

If you rely on legitimate interests, state the interest and offer an opt‑out mechanism where applicable.

7) Selling/sharing & targeted advertising (U.S. state laws)

We do/do not “sell” or “share” personal information as defined under California law.

We do/do not engage in targeted advertising as defined under CO/CT/OR/TX/VA, etc.

You can opt out via:

“Do Not Sell or Share My Personal Information” link: [URL]

Opt Out of Targeted Advertising link: [URL]

We honor the Global Privacy Control (GPC) signal for California and other applicable laws. See §13 for how to use GPC.

8) Cookies & similar technologies

We use cookies, pixels, local storage, and scripts for essential operations, analytics, personalization, and advertising.

Consent banner: We display a consent banner where required by law. You can update your preferences at any time here: [Open Preferences Link/Button].

Cookie table (example; replace with your live inventory):

Essential: wp_* (session), woocommerce_* (cart/session), elementor, security tokens

Analytics: _ga*, _gid (Google Analytics 4), hj* (Hotjar), jetpack* (Jetpack stats)

Advertising/marketing: _fbp (Meta), IDE (Google Ads), _tt_enable_cookie (TikTok)

Functionality: comment_author_*, pll_language, cookie to remember preferences

Retention periods vary by cookie; see your consent tool for details.

9) How we use analytics & ads

Analytics providers: [Google Analytics 4 / Jetpack / Matomo / other]

Advertising/retargeting: [Meta, Google Ads, TikTok, etc.] — may set identifiers and receive limited data to measure ads and reach audiences. Opt‑out/consent options apply (see §§7–8, 13).

10) Sensitive personal information

We do/do not intentionally collect sensitive data (e.g., precise geolocation, government IDs, health data). If such data is processed, state the limited purpose, legal basis, and whether you use it for inferring characteristics (we do not).

11) Data sharing & recipients

We share personal data with:

Service providers/processors: hosting, CDN, security, email delivery, CRM, payment processors, analytics, customer support, backup, cloud storage

Business partners (if any): [names]

Legal & compliance: regulators, law enforcement, or to protect rights

We require processors to handle data under written agreements and keep it secure.

12) Transfers outside your region

If you are in the EEA/UK, data may be transferred outside your region using appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum). Copies of relevant safeguards are available upon request.

13) Your privacy choices & rights

A. Consent & cookies

Manage cookies via our banner/preferences center [link]. You can also configure your browser to send the Global Privacy Control (GPC) signal; we treat GPC as a valid request to opt out of sale/sharing where applicable. You may also enable “Do Not Track,” though it may not be honored by all services.

B. U.S. States (CA, CO, CT, FL, MT, OR, TX, UT, VA, etc.)

Rights may include access/know, correct, delete, opt‑out of sale/sharing/targeted advertising, limit use/disclosure of sensitive personal information (CA), and appeal a decision.

Exercise your rights via: [webform URL] • [email] • [toll‑free number if CA] • “Do Not Sell or Share” link

We will verify your request (and, where allowed, agent requests) and respond within the required timeframe. You may appeal within [45] days if you disagree with our decision.

C. EEA/UK (GDPR/UK GDPR)

Rights include access, rectification, erasure, restriction, portability, objection, and withdraw consent.

You may also lodge a complaint with your local supervisory authority (e.g., ICO in the UK, DPA in your EEA country).

14) Children

Our services are not directed to children under 13 and we do not knowingly collect children’s personal information. If you believe a child has provided personal data, contact us to delete it. If we must rely on consent and your country requires parental consent, we may require a parent’s consent.

15) Data retention

We keep personal data only as long as necessary for the purposes described or as required by law. Examples:

Account data: kept while your account is active + [X] years

Order/transaction data: [X] years for tax/audit

Analytics data: [X] months (set in your analytics tool)

Server logs/security data: [X] days/months

Backups: rolling [X] days/months

16) Security

We use administrative, technical, and physical safeguards appropriate to the risk (HTTPS/TLS, access controls, encryption at rest where available, firewalls/WAF, regular updates, least‑privilege access). No method is 100% secure.

17) Automated decision‑making & profiling

We do/do not use automated decision‑making that produces legal or similarly significant effects. If used, describe logic, significance, and consequences, and specify your rights to request human review/appeal.

18) International visitors

If you access the site from outside [country], note that your data may be processed in countries with different data protection laws. Where required, we implement transfer safeguards (see §12).

19) Changes to this policy

We may update this policy from time to time. We will post the new date at the top and, where appropriate, provide additional notice. Continued use of the site after changes means you accept the updated policy.

20) Contact us

Email: fishing@desstinfishingrodeo.org

Mailing address: P.O. Box 296, Destin, FL 32540

WordPress Admin Checklist (keep private)

Use this checklist to fill in the policy accurately.

Core & Hosting

Host name, locations, and log retention

Backups provider & retention

CDN/performance provider(s)

WAF/security & spam protection

Users & Comments

Registration enabled? Roles?

Comments enabled? No

Grav