Privacy and Cookies Policy | Polisi Preifatrwydd a Cwcis

Dewiswch o’r blwch i gyfieithu.

The Simple Version


This website will only collect, process and store information that has been openly collected from you and with your consent, in accordance with data protection laws. Your details will not be made available to any third party.


If you contact us by posting a comment or via the contact form, please be aware there is no guarantee of the security of the message during transit. Your email address will be passed on to us as part of the message in order for us to be able to reply. Once received, email information will be stored according to data protection law.


Cookies are used in some areas of this website to identify your computer. This is a WordPress site with additional WordPress third party plugins. We haven’t consciously chosen to save any cookies or have any knowing control over them. A cookie will record the areas visited by the computer in question and for how long. This information is aggregated, rather than identifying individuals, and is used to monitor traffic to the site. This site should not be collecting any data that could be used to target advertising or marketing.

If you are concerned about cookies you can change the settings on your computer to refuse them. However, this may mean some sections of the site will not work properly.

The popup box requesting email subscription adds a cookie to prevent it appearing again once you have closed it, so save that annoyance. If you switch off cookies it will stay.

For information on how to turn off cookies:


This website is using the monitoring statistics provided by the WordPress Jetpack plugin. It is not knowingly using Google Analytics. The email subscription box pop up from Popup Maker anonymously tracks popup views and conversions.

The Much Longer GDPR Version

By continuing to use this website you are implicitly agreeing to the terms and conditions of the site.

Who we are

This is the Privacy and Cookies Policy of St John’s Hall Gallery, and We are a small artist led gallery in Wales.

What personal data we collect and why we collect it

Email adddresses

There are three reasons we may have your email address to sent you:
1 An email newsletter sent to our emailing list – once or twice month.
2 An automated email with any update to the website as they are posted.
3 A reply to an email that you have sent us either via the contact form on this website or direct to

Our emailing list

We only collect email addresses from people who have given them to us for us to send email newsletter of what events and things we have going on at the gallery. These are mostly manually added to the list from information that is added by hand to the visitors book.

If at any time you wish to be removed from our emailing list, you can send a message with the title unsubscribe. We will still keep your email address on an unsubscribed list so that it doesn’t inadvertently become re-added to the list.

We do not pass on your email address to any third parties.

Email addresses and names are kept in a spreadsheet that is only accessible to 2 people. We do not use any third party software for our mailing other than a normal email programme. We also have a small number of additional fields on the spreadsheet to indicate how we know the people on the list – eg from visitor’s book or attended a course or have exhibited.

Please be aware that as the visitor’s book is in a public place, other people can read what you have put including your email address. If you wish to be on the list without putting a comment in the visitor’s book, please give your email address to someone working in the gallery, or send an email to

Subscribing to updates of the website

Since 25th May 2018 we are using the Jetpack plugin service from Automattic to manage email subscriptions via a small form in the side bar on a desktop and wide mobile device and below the main content on a small mobile device.

When you subscribe, you receive an email asking you to confirm your email address, then another email confirming that you are subscribed with details of how to manage your subscription. There is an unsubscribe option at the end of every email that you receive via this service. This service is not adding you to our emailing list just a service that automatically sends you the message when a new item is posted.

For more detailed information about the Jetpack plugin see the sections below.

Replying to emails sent to us

If we reply to an email that we receive the email address is automatically added to the auto-fill part of the email programme and the address book within the email programme.


When visitors leave comments on this site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact Form

This site uses a third party plugin contact form. When you submit a message via the contact form your IP address, user agent, name, email address, website, and message is submitted to a third party for the sole purpose of spam checking. The actual submission data is stored in the database of this website site and is emailed directly to the us. This email will include your IP address, timestamp, name, email address, website, and message.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

There is one popup encouraging people to subscribe to blog updates by email. We use anonymous cookies to prevent users from seeing the same popup repetitively in an attempt to make our users’ experience more pleasant while still delivering time sensitive messaging.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

The most likely embedded content on this site is from (a service covered by Google’s Privacy Policy) or


This website is using the monitoring statistics provided by the WordPress Jetpack plugin. It is not knowingly using Google Analytics. For more detail see the section about Stats below. The email subscription box pop up from Popup Maker anonymously tracks popup views and conversions.

Who we share your data with

We do not share your data with any third parties.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

Subscriber information is retained in the local database indefinitely for analytic tracking purposes and for future export.

What rights you have over your data

If you have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Our contact information

St John’s Hall Gallery, St Johns Hill, Barmouth, Gwynedd, Wales/Cymru, UK, LL42 1AF


Longer Version Relating to Jetpack Plugin

The following relates to the features of the WordPress Jetpack plugin and has been copied from the Jetpack Privacy Policy Helper:

Comment Likes

This feature is only accessible to users logged in to

Data Used: In order to process a comment like, the following information is used: user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment. If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.

Activity Tracked: Comment likes.

Gravatar Hovercards

Data Used: This feature will send a hash of the user’s email address (if logged in to the site or — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.

Infinite Scroll

Data Used: In order to record page views via Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, user ID (if logged in), username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.

Jetpack Comments

Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a IFrame receives the following data: blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. If Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.

Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.

Data Synced (?): All data and metadata (see above) associated with comments. This includes the status of the comment and, if Akismet is enabled on the site, whether or not it was classified as spam by Akismet.


This feature is only accessible to users logged in to

Data Used: In order to process a post like action, the following information is used: IP address, user ID, username, site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.

Activity Tracked: Post likes.


Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.


Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription. Stats

Data Used: IP address, user ID (if logged in), username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Activity Tracked: Post and page views, outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honoured.

This page was updated on 28th May 2018.