Automattic is committed to helping our customers run their sites and online businesses in a manner that complies with the GDPR’s data protection and data transfer laws.
One way we are fulfilling our commitment is by providing a Data Processing Agreement, which is a contract that documents Automattic’s compliance with the GDPR requirements that apply to us as a data processor for your site. The Agreement also satisfies the requirement for standard model clauses that govern the transfer of your data to Automattic and its subsidiaries.
The Data Processing Agreement is an amendment to our Terms of Service and is available to all WordPress.com site owners.
Having a DPA does not change any of our privacy and security practices for site visitors. Everyone using our service gets the same high standards of privacy and security.
In this guide
Have a question?
Ask our AI assistantIf you would like to sign a Data Processing Agreement with us, take the following steps
- Visit your WordPress.com account at https://wordpress.com/me/
- Click on the Privacy option from the sidebar menu.
- Scroll down to the “Data processing addendum” section.
- Click the “Request a DPA” button.
This will automatically send a DPA to your account’s email address which you can sign and return to privacypolicyupdates@automattic.com for processing.
The data you share with Automattic, about yourself, is covered by our Privacy Policy, which outlines Automattic’s commitments on handling your data, in line with the GDPR. Some users – mostly businesses – use their site in a way that involves sharing data about other people with Automattic.
For example, a site owner might have a store on WordPress.com that collects and stores other people’s names and addresses, and uses that information to ship packages to them.
For this type of information, the site owner (usually a business) is acting as a “Data Controller” – under GDPR, if the controller is handling data on EU residents, he or she should have a contract in place that applies to this controlled data and includes some additional commitments, above and beyond our standard policies. This “Data Processing Agreement” is a business to business agreement and is not relevant or needed for the typical free site owner or hobbyists.
If you are acting as a data controller in this way or have specific concerns about getting an Agreement to cover your use of WordPress.com please get in touch and we will work with you to help.
