We use the "Privacy by Design" approach. This means that we think of privacy implication before building a new feature, we don't ask for information we don't need, and we protect the information we have. We take pride in treating our users' privacy the way we'd like to be treated by a website like ours, as individuals.
What personal data we collect and why we collect it
We collect anonymous data from every visitor of the website to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.
What services collect data and how long that data is retained is outlined under the section “Where data collection occurs and how long we retain that data” below.
You are able to view, change and remove your data associated with your profile. Should you choose to delete your account, please Contact Us and we will follow up with such a request as soon as possible. Even if you do not have an profile with us, you are able to view, change, and remove any data we have on you, via your email address. If you would like to make any of these requests you are able to by emailing us at any time.
Minors and children should not use the Grates Cove Studios website. By using the website, you represent that you have the legal capacity to enter into a binding agreement.
Use of the Data
We only use your personal information to provide you Grates Cove Studios services or to communicate with you about the services or the website.
With respect to any documents you may choose to upload to Grates Cove Studios, we take the privacy and confidentiality of such documents seriously. We encrypt all documents, and permanently delete any redacted edits you make to documents. If you choose to make a document public, we recommend you redact any and all references to people and addresses, as we can't protect public data and we are not responsible for any violation of privacy law you may be liable for.
We employ industry standard techniques to protect against unauthorized access of data about you that we store, including personal information.
We do not share personal information you have provided to us without your consent, unless:
- doing so is appropriate to carry out your own request;
- we believe that is legally required;
- we believe it's needed to detect, prevent or address fraud, security or technical issues;
- to otherwise protect our property, legal rights, or that of others.
Grates Cove Studios is operated from Canada. If you are visiting the website from outside Canada, you agree to any processing of any personal information you provide us according to this policy.
Grates Cove Studios may contact you, by email, or other means. For example, we may send you promotional emails relating to Grates Cove Studios, or communicate with you about your use of the Grates Cove Studios website. Grates Cove Studios may also use technology to alert us via a confirmation email when you open an email from us. You can modify your email notification preferences by clicking the appropriate link included in the footer of email notifications. If you do not want to receive email from Grates Cove Studios, please opt out of receiving emails at the bottom of any of our emails or by editing your profile preferences.
You can find more specific information on the methods we collect and use your data below.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Our contact form stores a record of all form submissions. Your data may be deleted by the site administrator. You may request a report of saved data related to your email address at any time.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
- _ga | 2 years | Used to distinguish users.
- _gid | 24 hours | Used to distinguish users.
- _gat | 1 minute | Used to throttle request rate.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Sharing of Data
We don't share your personal information with third parties. Only aggregated, anonymized data is periodically transmitted to external services to help us improve the Grates Cove Studios website and service. We listed below what data these third parties extract exactly. Feel free to check out their own Privacy Policies to find out more.
- Google Analytics: anonymous (ad serving domains, browser type, demographics, language settings, page views, time/date), pseudonymous (IP address)
- KeyCDN: Anonymized IP's stored temporarily in real time logging only, no logs are retained. Uses your IP to approximate physical location to best serve you the website files.
We also use social buttons provided by services like Twitter, Google+, LinkedIn and Facebook. Your use of these third party services is entirely optional. We are not responsible for the privacy policies and/or practices of these third party services, and you are responsible for reading and understanding those third party services’ privacy policies.
We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.
We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal information as set forth in this policy.
Where data collection occurs and how long we retain that data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). website administrators can also see and edit that information.
Other cases of data collection and retention are:
- Analytics: Anonymized, aggregated user data relating to website performance and how the website is used. Retention: Indefinite*.
- Content Delivery Network (CDN): Anonymized IP's stored temporarily in real time logging for troubleshooting purposes. Retention: None.
- Hosting: Backups of the server occur daily. They will contain any information that you may have requested be removed or edited. In the unlikely event of using a server wide restore, any requests will be re-run to ensure your data is properly removed or edited. Retention: 4 weeks.
- Application Security: Logs malicious IPs of users/bots trying to access the administrative area of the website or otherwise disrupt the website. Retention: Indefinite.
- Contact Forms: Logs any message sent through the websites contact form. This data is linked to your email address and as such, can be viewed, edited, and deleted per user request. Retention: Indefinite.
- Application Backups: Application level backups occur daily. They will contain any information that you may have requested be removed or edited. Any requests will be re-run to ensure your data is properly removed or edited if such a backup is used. Retention: 2 weeks.
* Link for information on keeping data for historic/analytical purposes: How Long can Data be Kept?
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can find how to start this process below under “How to view, edit, or delete your information”.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Server backups through our hosting provider are stored in top level access on the websites server and are not accessible except through the administrative account.
Application backups (the “Website”) are encrypted and stored in the Webmasters secure cloud storage account.
How to view, edit, or delete your information
If you wish to enact your rights to view, edit, or delete any information we may have on you, please use this page to notify our Webmaster who will start the process as soon as reasonably possible: Contact. Please use the subject [ATTN: Webmaster] to help with a quick resolution.
How we protect your data and what data breach procedures we have in place
We employ a “Secure by Design” philosophy.
We limit access to all administrative accounts to one user, use secure passwords, and have application level monitoring that report any website logins.
All application backups are encrypted and stored in the cloud.
We employ strict firewall rules with nearly immediate IP level bans for any malicious attacks or failed login attempts.
We have a “A” rating with Security Headers, a company project by SOPHOS that details the overall protection a website has enabled through headers.
Should you have any questions or concerns, please Contact Us.
Last updated: July 3rd, 2018