Privacy policy
Our privacy policy below explains what data we collect about you, why we collect it, and how we use it.
Child protection
- In order for people under the age of 16 to join this website, a parent or guardian must approve it. A notice will be sent, by e-mail, to the e-mail address given when a member under the age of 16 joins, which will provide notice on how to approve the membership. This is done for compliance with law across various jurisdictions.
The parent or guardian has the option to agree to the collection and use of the member's information without consenting to the disclosure of the information to third parties.
The parent or guardian can review the member's personal information, ask to have it deleted and refuse to allow any further collection or use of the member's information. This may be done by contacting the staff in the same way as was done to approve the membership originally.
Cookies
We may store the following cookies on your computer…
Name
|
Reason
|
__Host-composrapp_session
|
Identifies your session so that we temporarily can uniquely link your requests together (deleted when your web browser is closed)
|
__Secure-composrapp_member_id & __Secure-composrapp_member_hash
|
The "remember me" feature for passwords
|
__Secure-composrapp_member_id_invisible
|
Whether you logged in into invisible mode
|
cms_autosave_*
|
References to auto-saved incomplete content
|
font_size
|
To remember your font size choice
|
has_cookies
|
To detect whether cookies are enabled, so we know whether to enable/disable features that need it
|
last_chat_msg_*
|
Your most recent non-posted message in a chatroom, so we can prevent data loss if you accidentally reload the page
|
last_visit
|
When you visited the website last, used for tracking what content is new
|
software_chat_prefs
|
Chatroom display preferences
|
tray_*, hide*, og_*
|
Values (yes/no) for remembering what things have been turned off/closed
|
use_wysiwyg
|
Whether the WYSIWYG text editor is enabled
|
Data Breach Procedure
- While users maintain responsibility for their own data (including damages resulting from a data breach), Composr CMS: Your Data, Your Privacy, Your Control will immediately execute the following procedure in the event of a breach being made aware through a credible source:
- Reactive Mitigation: we may temporarily increase the strictness of firewalls / security systems, lock down administrative accounts or the ability to upload files, lock down all authorization (log-in) methods all-together, or take the site offline, depending on the perceived severity. This will typically last until proactive mitigation has been taken.
- Analysis: We will analyse and investigate the scope and severity of the data breach including identifying unauthorised access or use of personal information.
- Proactive Mitigation: Once we have a clear picture of what happened, we will take proactive mitigation as we deem fit. This could include resetting member passwords, banning rogue members and IP addresses, reverting changes or applying patches to software or services, rolling back the site to a stable backup / checkpoint, and/or reporting the breach to law enforcement authorities for additional investigation and prosecution.
- Communication: Once the above steps have been finished, we will communicate the data breach to all members of Composr CMS: Your Data, Your Privacy, Your Control via e-mail (except those who explicitly un-subscribed from e-mails) and via a news article on the site. We will explain what happened, what areas and data were affected, what Composr CMS: Your Data, Your Privacy, Your Control has done to mitigate the breach and prevent it in the future, and what members should do to protect themselves.
General
- We include a mechanism allowing users to unsubscribe from all e-mails sent by our website software. A 'List-Unsubscribe' header is sent in every e-mail delivered from our website, as-is an unsubscribe link in the body of every e-mail. Note that these tools only unsubscribe users from e-mails sent through our website. They do not include other facilities (e.g. direct e-mails from staff or e-mails sent from other software or services).
Action
|
Reason
|
We may occasionally send bulk e-mails about Composr CMS: Your Data, Your Privacy, Your Control, or matters relating to content management systems to our members. We will not send bulk e-mails or allow others to send bulk e-mails, which we believe would be considered spam.
|
To keep you informed, and for sales/marketing activity.
|
We do not have any special handling of the "Do Not Track" header.
|
We do not track individual users for advertising purposes, although third-party services we rely on for unrelated functionality may do so.
|
Information disclosure
- We will not share private details other than what can be seen in your forum profile and content submission, unless for a reason covered in this policy, or legally required to do so.
Action
|
Reason
|
Your online status may be shown publicly. Additionally, your last activity time will be shown publicly.
|
Online status helps foster community communication.
|
Hashed e-mail addresses are shared with gravatar.com, and public gravatars revealed to users.
|
Gravatar is a service to allow you to have a public avatar shared across the web. If you have set up a gravatar, it will show on this site too, and we need to communicate with gravatar.com to establish if you do using a hash of your e-mail address (theoretically your actual address cannot be determined from this unless Gravatar knows who you are already).
|
Some of the information you submitted with your account profile will be displayed publicly. This will not include information that many would consider confidential, but rather basic details such as your Username.
|
This is fundamental to the social networking capabilities of this website.
|
The staff reserve the right to read any Private Topics and posts placed on this website. Any form of conversation made through this website should be considered viewable by staff. All private-posts and posts, unless deleted by specific request, are stored on the server.
|
Information may be reviewed if we feel we have cause for an investigation. Situations involving investigations can be anything at our discretion, for example, to investigate specific incidents of our services being used in violation of our rules.
|
Information disclosure (eCommerce transactions)
Action
|
Reason
|
Address and order data will be sent to our tax partner, unknown.
|
For calculation of taxes.
|
Address and order data will be sent to PayPal at checkout.
|
For PayPal to correctly take and process your payment for Composr CMS: Your Data, Your Privacy, Your Control.
|
Information storage
- Members may choose which profile fields display publicly.
- If you believe data we hold is incorrect and you cannot amend this yourself, you can contact us to request that we make corrections.
- Contact us if you want a copy of all the personal data we have stored on you. We can locate your data by username, e-mail address, IP address, or member ID – specify all that you have so we can maximise deletion. Raw server logs will generally not be included, unless you specifically request it.
- Contact us if you wish to have personal data deleted/anonymised from our database. We can delete/anonymise data by username, e-mail address, IP address, or member ID – specify all that you have so we can maximise deletion.
Exceptions:
- Some raw log data, or data in backups, will remain with us until it is automatically deleted.
- Editorial data, such as content you've submitted, will not be deleted as standard – but you may request that we delete/alter particular content if you specifically identify it.
- Logged security incidents, or bans, from/on your personal data, will generally not be cleared unless there is what we consider a good reason.
- Pending transactions with you, such as outstanding invoices or non-delivered orders, or records of your ongoing earned benefits, will generally not be cleared unless there is what we consider a good reason.
Action
|
Reason
|
User metadata is logged when website activity happens. Metadata may include dates/time, IP address, web browser name, operating system, and account IDs. Log data is automatically deleted on a schedule. Your most recent IP address and visit time will remain a part of your member account.
|
So we can track success and failure, and audit user behaviour for security and stability, and to generally help us maintain a good user experience.
|
Information entered manually into the system, or explicitly authorised, will typically be retained – although you may request removal.
|
This information is key to either material published on the website, or the integrity of user accounts.
|
IP addresses that have been banned will be permanently stored, as will data about suspicious activity.
|
We need to be able to permanently ban IP addresses which appear to be abusing our systems.
|
Use of the shopping cart may cause non-logged-in-user's sessions to stick around for a longer than normal period of time.
|
To keep the contents of the shopping cart from being lost.
|
Personal information will be held in our CRM (Customer Relationship Management) tool, including website access metadata.
|
So we can hold accurate status of our sales and support relationships.
|
Information transfer
Action
|
Reason
|
IP addresses, e-mail address, and usernames, may be checked against the Stop Forum Spam web service, which involves these details being transmitted within a service request. If spam activity is detected then the same details may be reported to the service, and used by the service to produce blocks on other websites.
|
To reduce spam.
|
IP addresses may be checked against multiple block lists, which involves these details being transmitted within a service request.
|
To reduce spam.
|
Web traffic coming to and from Composr CMS: Your Data, Your Privacy, Your Control may be proxied through the Cloudflare web service. Please see the Cloudflare Privacy Policy.
|
Cloudflare may be used for improving the security and performance of the site and web servers.
|
We may use external services to probe IP addresses for geographical location, and for Internet Service Provider names, and other assorted metadata, which may allow the third-party IP-data companies to see what websites you have been active on. Tracking by the companies is not known or intended, but we cannot guarantee it is not happening.
|
For us to learn more about users for marketing, security, and relationship purposes.
|
We embed web code from third-party companies. Tracking by the companies is not known or intended, but we cannot guarantee it is not happening.
|
Web code may be used for many purposes such as displaying non-default fonts or providing interactive page functionality
|
Social networks such as Facebook and Twitter may track your page views.
|
Code from these networks embedded so you can easily share content onto social networks, and in some cases see how many shares have already been made.
|
Contact Us
For any privacy questions, concerns, or requests (such as to download, anonymise, or delete your data), you may:
This policy was last revised on 21st Nov 2024, 2:08 AM. Material changes to this policy will be posted as a news update to Composr CMS: Your Data, Your Privacy, Your Control.