Privacy Policy | Medjugorje Blog

Introduction

Medjugorje.blog (“we“, “us“, or “our“) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website Medjugorje.blog (the “Site“). It is designed to comply with major privacy laws, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (UK GDPR), the California Consumer Privacy Act (CCPA) (as amended), Canada’s PIPEDA, Australia’s Privacy Act 1988, and other applicable laws. By using the Site, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please refrain from using the Site.

Data Controller: For the purposes of data protection laws, the data controller is Medjugorje.blog (owned and operated by Jan Binder). If you have any questions or requests regarding your personal data, you can contact us at contact@medjugorje.blog

Effective Date: This Privacy Policy is effective as of June 2, 2025. We may update it from time to time (see “Changes to this Privacy Policy” below).

Information We Collect

We collect only the personal information that is necessary to provide our services and improve the Site. The types of information we may collect include:

Information You Provide to Us: When you sign up for our newsletter, fill out a contact form, or otherwise communicate with us, we collect personal information you choose to provide. This may include your name, email address, and any other information you include in communications. (For example, if you contact us with a question, we will collect your email address and the content of your message in order to respond.)
Automatically Collected Data: When you visit our Site, we automatically collect certain information about your device and usage through cookies and analytics tools. This includes your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of access. We use Google Analytics (and manage it via Google Tag Manager) to help analyze how users use the Site. Google Analytics uses cookies or similar technologies to collect usage data (such as which pages you visit and for how long) and reports to us in aggregate form. This usage data is generally not directly identifiable, and we do not use it to identify individual users.
Cookies and Similar Tracking Technologies: We use cookies and similar tracking technologies to enhance your experience on our Site, perform analytics, and in the future, possibly to serve ads or enable affiliate program tracking. Cookies are small text files placed on your device that allow us and third parties (like Google) to recognize you and make your next visit easier and more useful. We use: (1) Essential cookies needed for the Site to function (e.g., to remember cookie consent preferences); (2) Analytics cookies (from Google Analytics) to understand Site traffic and usage patterns; and (3) Advertising/Affiliate cookies from third parties if we participate in affiliate programs or display ads (these cookies help track referrals and ensure we receive credit for purchases or display relevant advertisements). For more details on cookies, see “Cookies and Tracking Technologies” below.

No Special Categories of Data: We do not intentionally collect any sensitive personal data (such as health information, political opinions, etc.) through the Site. Please avoid submitting such information to us.

How We Use Your Information

We use the collected information for the following purposes, and we ensure that such use is lawful and relevant under applicable privacy laws:

To Provide and Operate the Site: We use information to display content to you and ensure the Site functions correctly. For example, remembering your preferences or optimizing page layouts for your device.
To Manage Newsletter Subscriptions: If you sign up for our newsletter, we will use your email address to send you the requested newsletters or updates about Medjugorje and our Site. We may also use your name (if provided) to personalize communications. You can unsubscribe at any time (each email will include an unsubscribe link or you can contact us to remove your email from our list).
To Respond to Inquiries: If you contact us (for example, via email or a contact form), we will use your email and any other provided information to communicate with you and address your questions or suggestions.
To Analyze and Improve Our Services: We use analytics data (e.g., from Google Analytics) to understand how users interact with our Site, which pages or content are most popular, and to identify areas for improvement. This helps us enhance the content, user experience, and functionality of the Site. For instance, aggregate usage data may inform us about the best times to publish new blog posts or how to structure navigation.
For Affiliate Program Tracking and Advertising (Future Use): If we join affiliate programs or display advertising, we will use information (such as cookie identifiers or page interaction data) to ensure proper functionality of these programs. For example, if we participate in an affiliate program, cookies will track that you clicked an affiliate link on our Site so that we can earn a commission if you make a purchase. Similarly, if we display ads, information about your visits may be used by ad networks to show relevant ads. (We will update this Policy and provide additional notice if and when such features are implemented.)
To Comply with Legal Obligations: We may process your data to fulfill legal requirements, such as maintaining records for tax or accounting purposes, or responding to lawful requests by public authorities.
To Prevent Fraud or Misuse: We may use information (including IP addresses and activity logs) to monitor for and prevent fraudulent, abusive, or unlawful activities on the Site. This includes ensuring the security of our Site, debugging, and protecting against malicious or unauthorized access.

We will not use your personal information for entirely new, unrelated purposes without updating this Privacy Policy or obtaining your consent when required by law.

Cookies and Tracking Technologies

As noted above, we use cookies and similar technologies on our Site. You have choices regarding cookies:

Cookie Consent (for EU/UK users): If you are in the EU, UK, or other regions with cookie consent requirements, you may be presented with a cookie banner or preferences tool when you first visit our Site. By accepting, you agree to our use of non-essential cookies as described. You can adjust your cookie preferences at any time (through our Site’s cookie settings if available, or by clearing cookies in your browser).
Managing Cookies via Browser: Most web browsers allow you to refuse or delete cookies through settings. You can configure your browser to refuse all or some cookies, or to prompt you before accepting. Please note that if you disable essential cookies, some parts of the Site may not function properly.
Google Analytics: Google Analytics sets its own cookies to perform its analysis. You can opt out of Google Analytics across all websites by installing the official Google Analytics Opt-out Browser Add-on, or by adjusting ad/cookie settings in your Google account (for example, by turning off ad personalization).
Third-Party Advertising Cookies: If and when we display advertisements or use affiliate program links, third-party advertisers or partner networks may set cookies or use web beacons. These cookies might be used to provide you with interest-based ads or to track referrals. For instance, if we use Google AdSense or similar ad networks, they may use cookies to serve ads based on your prior visits to our Site or other sites. You can often opt-out of personalized advertising through tools like the NAI Consumer Opt-Out or YourAdChoices, or via settings provided by the particular advertiser (e.g., Google’s Ads Settings).

By continuing to use our Site without disabling cookies, you consent to our use of cookies and similar technologies as described in this Policy. For more detailed information on our use of cookies, you may contact us or refer to future updates of this Policy when we implement new tracking tools.

Legal Bases for Processing (GDPR and Similar Laws)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar laws, we rely on the following legal bases under GDPR (and analogous provisions in other laws) for processing your personal data:

Consent: We process personal data on the basis of your consent in certain situations. For example, we rely on consent for sending you marketing communications (our newsletter) and for using non-essential cookies/analytics. You have the right to withdraw your consent at any time (for example, by unsubscribing from the newsletter or rejecting cookies), which will not affect the lawfulness of processing before withdrawal.
Legitimate Interests: We process certain data as needed for our legitimate interests, provided those are not overridden by your data protection rights. Our legitimate interests include maintaining and improving our Site (analytics), preventing fraud and securing our website, and informing our users about our content. When we rely on this basis, we consider and balance any potential impact on your rights. For instance, when using analytics, we use aggregated data and respect browser privacy controls to mitigate impact on your privacy.
Performance of a Contract or Service: Where we have a direct contractual relationship or you explicitly request a service, we may process data to fulfill our obligations. For example, if you ask us a question via the contact form, we process your data to provide the answer, which is essentially a service you requested.
Legal Obligation: In rare cases, we may need to process data to comply with a legal obligation, such as retaining transaction records for tax purposes or providing information as legally required by a court or regulatory agency.

We will clarify the applicable legal basis whenever required and will obtain your consent when required by law for specific processing.

How We Share Your Information

We value your privacy and do not sell your personal information to third parties. We only share your information in the following circumstances:

Service Providers: We may share personal data with trusted third-party service providers who perform functions on our behalf and under our instructions. This includes:
- Email Service Providers: If we use an email newsletter service (for example, a mailing list management platform), your email address and any name provided will be stored with that service solely for the purpose of sending newsletters. Such providers are contractually obligated to protect your data and use it only for our specified purposes.
- Analytics Providers: We use Google Analytics, which means Google LLC (for users outside the EU) or Google Ireland Ltd (for users in the EU) processes certain usage data on our behalf. Google acts as a data processor in providing this service. We have configured Google Analytics to limit the data collected where feasible (for example, by anonymizing IP addresses, if configured). Google is prohibited from using this data except to provide analytics services to us and is bound by Google’s privacy commitments. Please refer to Google’s Privacy Policy for more details on how it handles information.
- Website Hosting and IT Providers: Our website may be hosted by a third-party hosting company. As a result, any data you provide (including personal information) is stored on their servers. We use reputable hosting providers who implement security measures. These providers may access data only to troubleshoot technical issues or support our Site’s operation.
Affiliate Programs and Advertisers: If we participate in an affiliate marketing program or display advertisements, certain information will be shared with the affiliate network or advertiser when you interact with those links/ads. For example, if you click an affiliate link on our Site, that third-party (such as an e-commerce retailer or affiliate platform) will receive the information that someone (possibly identified by an ID in the link or a cookie) came from our Site. This is necessary to track commissions and is a common practice for online affiliate programs. Similarly, if we display third-party ads, the ad providers may receive cookie information or identifiers for ad targeting. Important: We do not provide your name, contact, or other directly identifying personal data to advertisers or affiliate partners. However, if you click an external link or ad, you will be subject to that third party’s privacy policy and they may collect personal data from you independently.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). We will only share the information necessary and will, if lawful, inform you of such disclosures.
Business Transfers: In the unlikely event that we decide to transfer ownership of the Site or its assets (for example, through a sale, merger, or acquisition), user information (including personal data) may be transferred to the new owner as part of that transaction. If such a transfer occurs, we will ensure the new owner is bound to respect the terms of this Privacy Policy or provide you notice and an opportunity to opt-out or delete your data before the transfer.
Protection of Rights: We may share information as necessary to enforce our Terms of Service, to investigate potential violations, to protect the security or integrity of our Site, or to protect the rights, property, or safety of Medjugorje.blog, our users, or others. This may include exchanging information with other organizations for fraud protection and spam/malware prevention.

We do not sell personal information for monetary or other valuable consideration. In the context of CCPA (California law), we also do not “share” personal information for cross-context behavioral advertising without consent. If in the future we contemplate selling or sharing personal data in a way that falls under CCPA or similar laws, we will update this Policy and provide required notices/opportunities to opt out.

International Data Transfers

Medjugorje.blog is accessible to users around the world. Your data may be transferred to and processed in countries other than your own. Specifically, our servers or service providers (including Google and any email service) may be located in the United States, the European Union, or other countries. If you are located outside of the country where our server or service provider is based, your personal data will be transferred to that country.

When we transfer personal data from individuals in the EEA/UK/Switzerland to countries that may not have the same level of data protection (such as the USA), we take steps to ensure appropriate safeguards. These may include:

Relying on the European Commission’s adequacy decisions (if the destination country is deemed to provide adequate protection).
Utilizing Standard Contractual Clauses (SCCs) or equivalent legal mechanisms in our contracts with service providers to ensure that they protect EU personal data according to EU standards.
In the case of Google Analytics and other large providers, relying on their supplementary measures and compliance frameworks (for example, Google’s commitments under the EU-US Data Privacy Framework or SCCs, as applicable).

By using our Site or submitting information to us, you understand that your personal data may be transferred internationally as described above. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. The retention periods will vary depending on the type of data and the purpose for which we collected it:

Newsletter Information: We retain your email address and any provided contact details for as long as you remain subscribed to our newsletter. If you unsubscribe or ask to be removed, we will promptly remove or anonymize your contact information from our active mailing list. (We may keep a record of your unsubscribe request to ensure we honor it in the future.)
Contact Communications: If you contact us via email or form, we may retain those communications (including your email address and correspondence) for a period necessary to address your inquiry, provide support, and for our records. Typically, this retention will not exceed a few years, but could be longer if necessary for legal purposes (for example, evidence of communications).
Analytics Data: Data collected via Google Analytics is retained as per Google’s settings. We currently abide by Google Analytics’ default data retention settings or such period that we determine (for example, Google Analytics 4 retains certain data for 14 months by default, though aggregated reports may be stored longer). We do not personally identify users in our analytics, and only use aggregated data over time.
Cookies: Cookies have varying lifespans. Some cookies (especially functional/essential ones) may remain on your device until you clear them or they expire (which can range from a few days to a couple of years). Analytics and advertising cookies typically persist for months unless deleted. We honor industry standards and cookie consent choices for retention of those identifiers.
Legal Compliance and Prevention of Fraud: We may retain information for longer periods if necessary to comply with our legal obligations (such as financial records for tax purposes) or to resolve disputes or enforce our agreements. For example, server logs may be kept for a short period for security troubleshooting and then either deleted or anonymized.

When we have no ongoing legitimate need to use or retain your personal information, we will either delete it or anonymize it (so it can no longer be associated with you). If deletion or anonymization is not immediately feasible (for example, because the data is stored in backup archives), we will securely store and isolate the data from any further use until deletion is possible.

Data Security

We take reasonable and appropriate measures to protect your personal information from unauthorized access, loss, misuse, or alteration. These measures include technical, administrative, and physical safeguards such as:

Using secure hosting with firewall and encryption technologies (e.g., HTTPS encryption for data in transit on our Site).
Limiting access to personal data to those who have a legitimate need to know (for example, our site administrator or service providers) and ensuring they are subject to confidentiality obligations.
Keeping software and platforms up to date to protect against security vulnerabilities, and using security monitoring to detect potential threats.

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You share and transmit information to us at your own risk. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

We also encourage you to take precautions when using the internet: use strong passwords, do not share your account or email credentials, and be careful about what information you send via email (since email may not always be encrypted in transit).

Your Rights and Choices

You have certain rights regarding your personal information, which may vary depending on your jurisdiction. We are committed to honoring your rights under applicable law. These rights include:

For individuals in the European Union, UK, and similar jurisdictions (GDPR rights):

Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data and information about how it’s used and with whom it’s shared.
Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal information we hold about you.
Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data, provided that we do not have a compelling legal reason to continue processing it. For example, you can request deletion of your information if it’s no longer necessary for the purposes it was collected, or if you withdraw consent for a specific use.
Right to Restrict Processing: You can ask us to suspend processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data or object to our processing, we will consider requests to restrict use until we resolve your concern.
Right to Data Portability: Where applicable, you have the right to obtain your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible. (This typically applies to data processed by consent or contract, such as if you provided data for an account – note: our Site does not have user accounts, so this may be less relevant.)
Right to Object: You have the right to object to our processing of your personal information when we rely on legitimate interests as the legal basis. You also have the right to object at any time to processing of your personal data for direct marketing purposes. For example, if you no longer wish to receive our newsletter, you can unsubscribe or tell us to stop all marketing emails.
Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For instance, you can withdraw consent for analytics cookies via our cookie management tool or your browser, and you can withdraw consent for newsletters by unsubscribing.
Right to Complain: If you believe your privacy rights have been violated, you have the right to lodge a complaint with a Data Protection Authority (DPA) in the country where you live or work, or where the alleged infringement occurred. We would appreciate the chance to address your concerns first by contacting us, but you are entitled to contact a DPA directly. (For example, EU users can contact their national DPA; UK users can contact the ICO; Irish users can contact the Irish DPC.)

For California residents (CCPA/CPRA rights):

Right to Know: You have the right to request information about the personal information we have collected about you in the past 12 months, including the categories of personal information, the sources of that information, the business purpose for collection, and the categories of third parties with whom we shared it. You may also request the specific pieces of personal information we have collected about you.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (for example, if the information is necessary to complete a transaction you requested, to detect security incidents, for legal compliance, etc.).
Right to Opt-Out of Sale/Sharing: As noted above, we do not sell personal information as defined under the CCPA. If in the future this changes, we will provide a “Do Not Sell or Share My Personal Information” link or other mechanism for you to opt out. Currently, because we do not sell or share your data in this way, this right may not be applicable other than to confirm we honor it by not engaging in such activity.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means, for example, we will not deny you service or provide a different level of service or pricing just because you exercised your privacy rights.
Shine the Light: Separate from CCPA, California’s “Shine the Light” law allows residents to ask for a notice describing what categories of personal information we share with third parties for their direct marketing purposes. However, we do not share personal information with third parties for their own direct marketing use without your consent (and currently have no plans to do so).

For residents of other jurisdictions: We also extend privacy rights and choices to users in other areas:

Canada: If you are in Canada, you have similar rights to access and correct your personal information held by us. We will obtain your consent for collection, use, or disclosure of personal data when required by law. You may withdraw consent as well.
Australia: If you are in Australia, you have the right to access the personal information we hold about you and request corrections if needed, subject to certain exceptions under the Australian Privacy Act. If you have a complaint about how we handle your data, please contact us and we will do our best to resolve it. You also have the right to contact the Office of the Australian Information Commissioner (OAIC) if you are not satisfied with our response.
Other Regions: We aim to respect individual privacy rights globally. Even if you are not in one of the regions mentioned, you can still contact us with any request regarding your data, and we will try to accommodate reasonable requests in line with our legal obligations and the spirit of this Policy.

Exercising Your Rights: To exercise any of your rights, please contact us at jan.binder@zohomail.eu with a description of your request. We may need to verify your identity before fulfilling certain requests (for example, to ensure that it is actually you making the request and not an unauthorized person). Verification might involve confirming ownership of the email address associated with your data or other information we may have on file. For CCPA requests, if you choose to use an authorized agent, we will require proof of the agent’s authority and verification of your identity.

We will respond to your request within the time frame required by law. Under GDPR, that is typically within one month, and under CCPA, within 45 days (with the possibility of a 45-day extension). There is generally no fee for making a request, though manifestly unfounded or excessive requests may, where permitted, incur a reasonable fee or be refused with explanation.

Please note that some rights may not be absolute. There are exceptions or situations where they do not apply. If we cannot comply with a request in whole or in part, we will explain the reasons (for example, if you request deletion of data which we are legally required to keep, we will inform you that we must retain it).

Children’s Privacy

Our Site and services are not intended for children under the age of 13. We do not knowingly solicit or collect personal information from children under 13 years old. If you are under 13, please do not use the Site or provide any information about yourself (such as your name, address, or email). If we learn that we have collected personal data from a child under 13 without verifiable parental consent, we will promptly delete that information.

For teenagers between 13 and 16 years old, if you are in the EU or a jurisdiction where the age of consent for data processing is higher than 13, please ensure that your parent or legal guardian has given consent for your use of the Site and submission of personal information (such as signing up for the newsletter). We encourage parents to supervise their children’s internet usage and to help enforce this Privacy Policy by instructing their children never to provide personal information without permission.

If you are a parent or guardian and you believe we might have any information from or about a child under the relevant minimum age in your jurisdiction, please contact us at jan.binder@zohomail.eu. We will take prompt steps to investigate and remove any such information.

Third-Party Links and Services

Our Site may contain links to third-party websites or embedded content (for example, links to external resources, pilgrimage services, or articles of interest, as well as affiliate links to products or services). This Privacy Policy does not apply to those third-party sites or services, which are governed by their own privacy policies. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites.

When you click on a link to an external site (including affiliate links or ads), the third party may collect data from you independently. For example, if you click an affiliate link to a travel booking site, that site may collect personal information from you for the booking and will have its own privacy and data handling practices. We recommend that you review the privacy policy of every site you visit through external links from our Site.

We are not responsible for the privacy practices or content of third parties. However, if you have feedback about linked sites (for example, if a link is broken or the linked content is inappropriate), feel free to contact us.

Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will post the updated Privacy Policy on this page and update the “Effective Date” at the top. Significant changes may be highlighted on our Site (such as via a notice on the homepage or a direct notification via email if appropriate and feasible).

Your Continued Use Constitutes Acceptance: By continuing to use the Site after those changes become effective, you agree to the revised Privacy Policy. If you do not agree to the changes, you should stop using our Site and services and, if necessary, unsubscribe from our newsletter or request deletion of your data.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If we make a material change to how we treat our users’ personal data, we will take reasonable steps to notify you in advance (for example, by email if you have provided one, or by placing a prominent notice on the Site).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@medjugorje.blog

Contact Person: Jan Binder (Site Owner & Data Controller)

We will do our best to address any issue promptly and fairly. Your privacy is important to us, and we welcome your feedback.