Effective date: 28 December 2025

Welcome — this page explains how Percura (“I”, “me”, “the blog”) collects, uses, stores and protects information on this website: https://percura.hamdtel.co.uk.

Important: I am a secondary-school student running this blog for educational and informational purposes. This is not medical advice. Always consult a qualified healthcare professional for medical concerns. This privacy policy explains how the site handles personal data.

1. Who is responsible for your personal data?

Data controller: Hamd Waseem

Contact:

If you are under 13 (the UK age threshold for online consent), please do not submit personal information via the site unless you have permission from a parent or guardian. I do not intentionally collect information from children under 13.

2. Personal data I may collect

Depending on how you interact with the site, I may collect the following types of personal data:

  • Contact details: name, email address (via contact form, newsletter sign-up, or comments if provided).
  • Content you provide: comments, forum posts, form submissions, profile information if you register on the site.
  • Technical & usage data: IP address, browser type, device information, operating system, pages visited, time on site, referrer — collected via analytics and server logs.
  • Spam- & security-related data: information used by anti-spam and security plugins to detect and block malicious activity (e.g. attempted IPs, messages marked as spam).

I do not collect sensitive health data on purpose. If you volunteer specific medical details in a comment or form, that is personal data — avoid sharing anything sensitive or identifiable you would not like stored online.

3. How I collect data (plugins & features)

This site uses the following WordPress plugins and services which may collect or process data. I’ve listed what each does so you can see how your information is used:

  • MonsterInsights / Site Kit by Google (Google Analytics): collects analytics data (pages visited, session duration, anonymised or full IP depending on settings). Used to understand site usage. Google may store and process data in the USA and other countries — see Google’s privacy policy for details.
  • Jetpack & Jetpack Protect: performance, site stats and security features. May send site data to Automattic for service provision and security.
  • WPForms Lite + Database for WPForms: contact forms store submitted information (e.g. name, email, message) in the WordPress database. Database for WPForms saves form entries locally so I can respond to messages.
  • MailPoet: newsletter sign-ups and email delivery. MailPoet stores subscriber emails and sends newsletters from the website or via MailPoet’s sending service (depending on settings). You will be asked to confirm opt-in where required and can unsubscribe at any time.
  • WP Mail SMTP: used to send emails from the website (contact form replies, admin notifications). Emails are routed via the chosen mail provider (SMTP2GO). That provider may process email addresses and message metadata.
  • Akismet & WPBruiser: anti-spam plugins that check comments and form submissions against spam databases. They may send comment content and IPs to third-party services to determine spam probabilities.
  • WP Statistics: if enabled, provides on-site analytics that can be configured to be more privacy-friendly (data stored locally). It may still collect IPs and usage data.
  • Feeds for YouTube (Smash Balloon): embedding YouTube content may cause Google/YouTube to collect data about visitors and set cookies when the embedded content loads.
  • UpdraftPlus / All-in-One WP Migration: backups and site migration plugins. Backups may contain user-submitted data and are stored where configured (local server, cloud storage). I keep backups secure but they may include parts of the database and media.
  • Other plugins (Yoast SEO, W3 Total Cache, Limit Login Attempts, WP 2FA, WPS Hide Login, Password Protected): mainly used for SEO, performance and security; they do not usually collect visitor personal data beyond normal logs, but security plugins may log suspicious activity (IP addresses, timestamps).

If a plugin’s settings change how data is processed (for example enabling external tracking), I will update this policy.

4. Legal basis for processing

Under the UK GDPR and data protection law, I process personal data on these bases:

  • Consent: where you actively opt in (e.g. newsletter sign-up, cookie consent for analytics).
  • Legitimate interests: to maintain and secure the site, prevent spam, and analyse site performance in a way that does not override your privacy rights.
  • Contractual necessity: when processing is necessary to provide a service you asked for (e.g. contact form replies).

5. How I use your data

I use personal data to:

  • Reply to contact form enquiries and comments.
  • Send newsletters if you subscribe (only with your consent).
  • Prevent spam and abuse.
  • Analyse and improve the website (via analytics).
  • Maintain backups and site security.

I will never sell your personal data.

6. Sharing data with third parties

I may share personal data with third parties only when necessary and limited to the purposes above. Examples:

  • Service providers: email sending services, analytics providers, anti-spam services, and backup storage providers.
  • Legal requests: if required by law or to respond to a lawful government request or court order.

When third parties process data on my behalf, I aim to use reputable suppliers and require them to protect your data appropriately.

7. International transfers

Some services (e.g. Google, MailPoet, Jetpack) may transfer data outside the UK/EEA. I will take steps to ensure appropriate safeguards are in place (standard contractual clauses or reliance on provider assurances). For details, check the third party’s privacy policies.

8. Data retention

  • Form submissions, comments and messages: kept until you request deletion or until they are no longer needed for the purpose they were collected (default: 12 months).
  • Backups: retained according to my backup policy (may contain personal data) — please contact me if you need backup data removed.
  • Analytics data: retained according to the analytics plugin settings.

If you want data removed sooner, contact me (details above) and I will delete what I can from the site and backups where technically feasible.

9. Cookies & similar technologies

This site uses cookies and similar technologies to provide functionality, remember preferences and run analytics. Typical categories:

  • Essential cookies: required for site operation (login, form handling).
  • Performance & analytics cookies: used by Google Analytics / MonsterInsights or WP Statistics to understand how visitors use the site.
  • Embed cookies: from third-parties such as YouTube when embedded content is loaded.

You can control cookies via your browser settings and via any cookie banner or preference centre on the site. Blocking certain cookies may affect site functionality.

10. Comments and community features

If you leave a comment or register on this site, the comment and its metadata may be retained indefinitely to help identify and approve follow-up comments. Commenters should avoid posting personal or sensitive medical details. If you post medical experiences, those contributions may become publicly visible and stored in the site database.

11. Your rights

Under data protection law you have the right to:

  • Request access to the personal data I hold about you.
  • Request correction of inaccurate data.
  • Request deletion (where not prevented by legal or technical reasons).
  • Request restriction of processing.
  • Object to processing (including direct marketing or profiling based on legitimate interests).
  • Request portability of data you provided.
  • Withdraw consent at any time where processing is based on consent.

To exercise any right, please contact me by email at: hamd.waseem@hamdtel.co.uk. As this is a student‑run website, I will respond as promptly as possible and, where necessary, may seek appropriate guidance to ensure requests are handled correctly. If you are unhappy with how I handle your personal data you can complain to the Information Commissioner’s Office (ICO) in the UK: https://ico.org.uk/.

12. Security

I implement reasonable technical and organisational measures to protect personal data (secure hosting, SSL/TLS, security plugins, two-factor authentication for admin accounts, regular updates and backups). However, no system is completely secure; if a data breach occurs that poses a risk to your rights and freedoms, I will notify affected individuals and the ICO where required.

13. Third-party links

This site may contain links to external websites. I am not responsible for the privacy practices of other websites; please read their privacy policies before submitting personal data to them.

14. Changes to this policy

I may update this policy from time to time. The latest version will be posted on this page with an updated effective date. Significant changes will be highlighted where appropriate.

15. More information / contact

If you have questions, want to exercise your rights, or request deletion of your data, please contact:

Hamd Waseem

WordPress Plugins Summary

  • Analytics: MonsterInsights / Site Kit (Google Analytics) — third-party analytics, may use cookies and collect IPs.
  • Forms & emails: WPForms, Database for WPForms, MailPoet, WP Mail SMTP — store and send contact/newsletter data.
  • Spam & security: Akismet, WPBruiser, Jetpack Protect — check content against spam databases and log suspicious activity.
  • Backups & migration: UpdraftPlus, All-in-One WP Migration — backups may include user data and are stored where configured.
  • Embeds: Feeds for YouTube — embedded YouTube content may set cookies and transfer data to Google.