Effective September 5, 2019
What data does ComeWander.ca collect?
Anonymous visitors can browse publicly accessible content without providing any personal information. Users must provide an email address and optionally, their first and last name, to subscribe to our newsletter.
We do not use personal information for purposes other than those for which it was collected, except with an individual’s consent or as required by law. Once personal information is no longer required to fulfill the identified purposes or other legal requirements, it will be destroyed, deleted or made anonymous. Personal information is retained only as long as necessary for the fulfillment of the purposes stated in this policy.
We do not share any personal information with third parties.
Our website does not address anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.
Data collected automatically
We collect a variety of data in order to improve our website and service to our users. This data is collected automatically.
- Server logs. As a web application, ComeWander collects and stores information in web server logs. This information includes the time and date of the request, the requester’s IP address, and device information such as Operating System and browser version.
- Crash logs. When the website experiences a malfunction (crash), an automated notification may be sent to the engineering team with details about the crash. Crash logs do not include personally identifiable information and contain only the information needed for the engineering team to be able to reproduce and troubleshoot the error.
- The website uses Smartlook to capture screen recordings of some visitors chosen at random. The purpose of these recordings is to understand how visitors interact with our site and to make improvements to the user experience. No user input data is recorded.
Data collected by third party services
Our website includes social media programs and features, such as the Facebook Like button and widgets, and the AddThis social media sharing button. If you choose to use these features, they may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the feature to function properly. The social media programs, features, and widgets we use are either hosted by a third-party or hosted directly on our Website. Your interactions with these features are governed by the privacy notice of the company providing the feature(s).
Data supplied by users
The website may host user-generated content (UGC). This UGC may include stories written or photos taken and sent to us by people non-affiliated with OHTO, or content published publicly to social media platforms and republished on the ComeWander website. Some of the UGC may be collected and managed through CrowdRiff. CrowdRiff may collect additional information in relation to you or may store one or more cookies on your computer. The collection and handling of this information is governed by CrowdRiff’s policies found on the CrowdRiff website.
Why we collect this data
We collect data to:
- Make sure users are human.We may use third-party services to help keep automated bots from using the site. For example, we may use Google reCaptcha in conjunction with third-party maintained known spammer lists to prevent automated bots from signing up for the newsletter.
- Ensure acceptable use. Access to IP addresses gives us the ability to perform intrusion detection analysis to ensure the safety of our users. In the event of a denial of service attack IP address information may be used to mitigate the attack in order to maintain service levels.
- Improve the user experience. We use information about the type of wanderer a user is, the website’s most popular content, the time users spent on pages or the documents they download. We may also use information on whether participants received, opened and clicked on links contained in emails. We use this kind of information to determine which areas of the user experience should be improved. For example, we analyse patterns of website activity to improve the experience of visitors.
Your privacy controls
Some actions on the information such as deleting information or withdrawing consent may need to be performed by website administrators. Users who wish to perform actions on their information not available through the website’s user interface may contact us to request that such action be performed. All requests may be subject to verifying the requester’s identity and may be refused if in direct conflict with the law.
Obtain and transfer information. Users can request their information and can choose to transfer such information to another service.
Withdraw consent. After having provided consent, users have the right to withdraw consent at any time by contacting us and providing reasonable notice. Users can ask for their information to be deleted.
Unsubscribing from notifications. ComeWander complies with the CAN-SPAM Act that requires that users provide explicit consent to receive electronic messages by opting in. Users who have opted in to receive these messages can opt-out using a one-click unsubscribe method provided with every communication.
How your information is shared
We will never sell, rent or trade your data with anyone except as required by law and as described in this section.
With law enforcement. Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). We may disclose user information in the good faith belief that such action is necessary to:
- comply with a legal obligation
- protect and defend the rights or property of OHTO or its clients
- prevent or investigate possible wrongdoing in connection with OHTO
- protect the personal safety of users of OHTO or the public
- protect against legal liability
Retention and safety of information
Retention of personal information. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, enforce our legal agreements and policies, and only for as long as is necessary for the purposes set out in this policy.
Security of data. Personal information, whatever its form, will be protected by security safeguards appropriate to the sensitivity of the information. The safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. A detailed description of these measures can be requested by contacting us. Note that given the sensitivity of this information we may be required to verify your identity and we may choose not to share this information if we believe that it may compromise the efficacy of the measures they describe.
Where is information stored
Datacentres. ComeWander is hosted on Canadian datacentres. Datacentres store the database and server logs.
Cookies. A cookie is a small piece of information that is sent to a user’s computer when he or she accesses a website. ComeWander stores cookies on users’ computers in order to make the experience of using the site friendlier to these users. ComeWander does not, however, store or collect information from users for advertising or any other commercial purposes. Users can instruct their browsers to refuse all cookies or to indicate when a cookie is being sent. However, if users don’t accept cookies, they may not be able to use some functionality of the website. Below is a description of the two common cookies used by ComeWander and for which cookies are stored:
- AddThis. The AddThis social sharing widget stores the __atuvc and __atuvs cookies to stores an updated page share count.
- Cloudflare. ComeWander uses CloudFlare to provide DDoS protection and improve the overall speed of the application by leveraging a Content Delivery Network. The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
- ComeWander personaID. The ComeWander website presents first-time website visitors with a game designed to identify what kind of wanderer a user is. This is done by asking the user to choose a series of images that most closely represent the user’s interests. At the end of the game, a persona is assigned to the user. This persona is stored in the personaID cookie, so next time the same user visits the website, the website will take them directly to the wanderer page for their persona.
- CrowdRiff. The _gat_crowdriff cookie is used by CrowdRiff to enable the embedding of CrowdRiff galleries.
- Google AdSense. Google AdSense stores the _gcl_au cookie to measure advertisement efficiency across websites using Google’s services.
- Google Analytics. Google Analytics stores cookies in order to determine that two distinct hits belong to the same user. The _gat cookie is used to limit the number of requests that have to be made to doubleclick.net in order to enable demographics and interests reporting in Google Analytics. The _ga and _gid cookies are used to distinguish unique users by assigning a randomly generated number as a client identifier. These cookies are included in each page request and used to calculate visitor, session and campaign data for the sites analytics reports.
- Facebook. Facebook stores the fbp cookie to deliver a series of advertisement products such as real time bidding from third party advertisers. The main purpose of this cookie is targeting and advertising.
- Smartlook. Smartlook stores cookies to associate recordings with our Smartlook client ID project key, to identify each individual session and to identify each visitor. No personal information is stored. Smartlook also may use a cookie to route traffic to a specific portion of a load-balanced infrastructure.
Analytics data. Google Analytics data is stored on Google’s servers. While we strive to anonymize all data transmitted to Google, there may be edge cases on which some personal information may be transmitted. We are not aware of any such case and should cases become known, we will eliminate them or update this policy if elimination isn’t feasible.
Email delivery data. Email delivery data including email address and email subject may be stored in third-party services that we may use to facilitate the delivery of email. User information, including personal information, may be transferred to—and stored on—systems located outside of a user’s state, province, country or other governmental jurisdiction where the data protection laws may differ than those from the user’s jurisdiction.
About this policy
If you have any questions or concerns about this policy or our practices with regards to your personal information, please contact us via email at [email protected]