Hi, I'm building a service based on the wordpress.com REST API (https://developer.wordpress.com/docs/api/) which gives access to wordpress.com data, and based on the Gravatar (https://gravatar.com) service from which I download images.
So, when my users will use my service, their IP and HTTP header will go to WordPress.com and to the Gravatar service, and they say the use IPs to make geolocalization.
Under the GDPR, is it enough I explain this in my privacy policy or do I have to store the consent?
Thank you.