Questlust logo white

Privacy Policy

Portrait of Ida Josefin Eriksson, founder of the lifestyle and travel blog Questlust.

Privacy Policy

Questlust (“we”, “us”, “our”) values your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you visit https://questlust.com.

This policy is written in accordance with the EU General Data Protection Regulation (GDPR).

Who we are

The website https://questlust.com is operated by:

Questlust
Email: [email protected]
Location: Sweden (EU)

Questlust is a lifestyle and travel blog.

What personal data we collect and why

1. Comments

When visitors leave comments on the site, we collect:

  • The data shown in the comments form (name, email, website if provided)
  • The visitor’s IP address
  • Browser user agent string (for spam detection)

This data is collected to prevent spam and abuse, moderate comments, and maintain site security.

If you use Gravatar, an anonymized hash of your email address may be sent to the Gravatar service. You can read their privacy policy here: https://automattic.com/privacy/.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR).

2. Contact forms

If you contact us via a contact form, we collect:

  • Name
  • Email address
  • Any information you choose to provide

This data is used solely to respond to your inquiry and is not used for marketing unless you explicitly consent.

Legal basis: Legitimate interest or consent (Article 6(1)(a) and (f) GDPR).

3. Media uploads

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS), as visitors may download and extract location data from publicly available images.

Cookies

Comment cookies

If you leave a comment, you may opt-in to saving your name, email address, and website in cookies. These last for one year.

Login cookies

If you visit our login page, a temporary cookie is set to determine whether your browser accepts cookies. It contains no personal data and is discarded when you close your browser.

When logging in:

  • Login cookies last for two days
  • “Remember me” login persists for two weeks
  • Screen option cookies last for one year

Editorial cookies

If you edit or publish an article, a cookie is stored indicating the post ID of the edited article. It expires after one day.

Analytics & tracking

If analytics services (such as Google Analytics) are used, anonymized usage data may be collected, including pages visited, time spent on pages, general geographic location (country level), device type, and browser information.

Where required, consent is obtained before setting non-essential cookies.

Legal basis: Consent (Article 6(1)(a) GDPR).

Embedded content from other websites

Articles on this site may include embedded content (e.g., YouTube videos, Instagram posts). Embedded content behaves as if you visited the third-party website directly. These sites may collect data, use cookies, and track interactions.

Affiliate links

Some articles may contain affiliate links. This means we may earn a commission if you purchase through certain links, at no extra cost to you. Affiliate partners may use tracking cookies to register purchases.

Legal basis: Legitimate interest.

Who we share your data with

We do not sell your personal data. Data may be processed by trusted third-party service providers for hosting, spam detection, analytics, and security purposes.

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

  • Comments and metadata: stored indefinitely
  • Contact form submissions: stored as long as necessary
  • Registered user data (if applicable): stored until deletion

Your rights under GDPR

If you are located in the EU/EEA, you have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact: [email protected]

Where your data is sent

Visitor comments may be checked through automated spam detection services. If third-party services are located outside the EU/EEA, appropriate safeguards are used in accordance with GDPR.

How we protect your data

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Changes to this privacy policy

We may update this privacy policy from time to time. The latest version will always be available on this page.