Privacy Policy

UCS Active Website Privacy 

We never rent, or sell access to your data to anyone else, nor do we make use of it ourselves for any purpose other than to provide our services or if required to so do by law.

 

Server Security:

The UCS Active Website is hosted on a Digitalocean droplet in London  in the European Economic Area (EEA).

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. We use industry standard encryption between your browser and the server which is signified by the https in the browser url bar and the green “Secure” bag next to the url.

Digitalocean servers located in London are certified for 

  • SOC 1 Type II
  • SOC 2 Type II
  • ISO/IEC 27001:2013
  • PCI-DSS

 

Digital Ocean: Physical Security

Our datacenters are co-located in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by our datacenter facilities includes but is not limited to:

  • 24/7 Physical security guard services
  • Physical entry restrictions to the property and the facility
  • Physical entry restrictions to our co-located datacenter within the facility
  • Full CCTV coverage externally and internally for the facility
  • Biometric readers with two-factor authentication
  • Facilities are unmarked as to not draw attention from the outside
  • Battery and generator backup
  • Generator fuel carrier redundancy
  • Secure loading zones for delivery of equipment

 

Infrastructure Security

DigitalOcean's infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

 

Access Logging

Systems controlling the management network at DigitalOcean log to our centralized logging environment to allow for performance and security monitoring. Our logging includes system actions as well as the logins and commands issued by our system administrators.

 

Security Monitoring

DigitalOcean's Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.

 

Droplet Security & Employee Access

The security and data integrity of customer Droplets is of the utmost importance at DigitalOcean. As a result, our technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.

 

Snapshot and Backup Security

Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within our datacenters for security and compliance purposes.

 

First Party Cookies

 

While using our website, the following cookies may be placed on your computer:

Cookie names:

  • _ga
  • _gat_gtag_UA_xxxxxxxxx_x
  • _gid
  • _gmb_ga_test
  • __utma
  • __utmb
  • __utmc
  • __utmz
  • __utmx
  • __utmxx



Purpose:
These cookies are for Google Analytics.

We use Google Analytics to help us understand how our website is used by visitors. We evaluate and report, and use this anonymous information to make improvements to the website.

Google Analytics is a service provided by Google, Inc. Google Analytics is widely used across the web and all data is anonymised meaning the cookies carry no personally identifiable information.

If you would like to opt-out of Google Analytics monitoring your behaviour on our sites please use this link (https://tools.google.com/dlpage/gaoptout/)

For more information on Google Analytics cookies please see:
https://support.google.com/analytics/answer/6004245

 

 

Cookie Names:

  • SID
  • SSID
  • IDE
  • DSID
  • NID
  • SAPISID
  • CONSENT
  • APISID
  • 1P_JAR
  • HSID

 

Purpose:
These cookies are for Google Adwords Remarketing.

We using Google Adwords Remarketing to show appropriate ads to people who have visited our website on Google’s Display Network. Google uses their doubleclick.net service to do this. These cookies themselves contain no personally identifiable information. 

FInd out more about doubleclick’s cookies here:

https://support.google.com/dfp_premium/answer/2839090?hl=en

 

Cookie names:

  • exp_expiration
  • exp_cookies_allowed
  • exp_last_visit
  • exp_last_activity
  • exp_sessionid


Purpose:

We use ExpressionEngine to power our website. ExpressionEngine cookies are used to track a user's recent activity, last visit and general site movements. Like the Google Analytics cookies, these contain no personally identifiable information. These cookies will only be used if you log in to the website. UCS Active members on the whole are not required to log in to the site.

Declining First Party cookies will have an impact on the performance of our site;

 

 

Third Party Cookies


In addition to the above cookies, the following sites may set their own cookies whilst browsing our site.

Twitter
Facebook


These cookies will generally only be set if you are signed in to (or have been signed into) a matching account and are generally linked to the use of the Social Media buttons on our site and many others throughout the web.  The use of these cookies is likely to have been detailed in each of these sites' Terms and Conditions or Privacy Policies. Please see links below for further details:

Facebook Privacy Policy

http://www.facebook.com/about/privacy/


Twitter Privacy Policy

https://twitter.com/privacy


Declining Third Party cookies will have little to no impact on the performance of our site;
 

Cookies

Although we believe that cookies pose little threat to your privacy, we understand that you may still want to turn them off. Whilst we would encourage you to keep our first party cookies enabled (so that we can make your on-site experience better), the following links provide guidance on how to manage cookie permissions through your browser's settings. This includes instructions on how to delete existing cookies and block them from being set in the future:

Firefox: Enable and disable cookies that websites use to track your preferences
http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirectlocale=en-US&redirectslug=Enabling+and+disabling+cookies


Safari: Managing Cookies
http://support.apple.com/kb/index?page=search&fac=all&q=cookies%20safari


Google Chrome: Manage cookies

http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647



Opera: Security & Privacy in Opera

http://www.opera.com/browser/tutorials/security/privacy/

Internet Explorer: How to manage cookies in Internet Explorer 9, 

http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9

 

How to delete cookie files in Internet Explorer

http://support.microsoft.com/kb/278835

 

More information about cookies, including how to block them or delete them, can be found at www.allaboutcookies.org
 

Forms Data

We have a number of forms on the UCS Active website to allow members and potential members to contact and make enquiries to UCS Active. 

 

These forms allow with their associated data are:

 

Book A Visit:

We use this form for members to arrange a tour of the club.

  • Name - So we can use your name when you come in and in all contact with you
  • Address - So we can check your eligibility for membership*
  • Postcode  - So we can check your eligibility for membership*
  • Contact Number - So we can call you to arrange a suitable time
  • Email Address - So we can email to arrange a suitable time
  • D.O.B - So we can check for eligibility and so we arrange a suitable tour and membership
  • Enquiry Message - So you can let us know any enquiry specifics
  • IP Address - Taken when a user submits the enquiry and is used for audit and spam management 
  • Time and Date - Taken when a user submits the enquiry and used to make sure we reply in a timely manner.

 

 

Class Bookings

We use this form for booking on to classes. 

  • Name - So we can use your name when you come in and in all contact with you
  • Member or Non Member - We limit availability for non members
  • Contact Number - So we can reply to your enquiry
  • Email Address - so we can reply to your enquiry
  • Class - the class you are enquiring about so we can reply appropriately
  • Enquiry Message - So you can let us know any enquiry specifics
  • IP Address - Taken when a user submits the enquiry and is used for audit and spam management 
  • Time and Date - Taken when a user submits the enquiry and used to make sure we reply in a timely manner.

 

 

Email Sign Up

We use this form to allow people to subscribe to our UCS Active club newsletter.

  • Email Address - so we can subscribe you.
  • IP Address - Taken when you subscribe and is used for audit and spam management 
  • Time and Date - Taken when you subscribe

All newsletters have an unsubscribe link in them, but you can also unsubscribe at any time by emailing as info@ucsactive.org.uk and the subject of “Please Unsubscribe me from the Newsletter”.

 

General Enquiry Form

Used for all general enquiries

  • Name - So we can use your name when you come in and in all contact with you
  • Contact Number - So we can reply to your enquiry
  • Email Address - so we can reply to your enquiry
  • Enquiry Message - So you can let us know any enquiry specifics
  • IP Address - Taken when a user submits the enquiry and is used for audit and spam management 
  • Time and Date - Taken when a user submits the enquiry and used to make sure we reply in a timely manner.

 

Club Hub Feedback

We use this form to receive feedback on the Club facilities

  • Our Staff - Rating of 0-5 stars 
  • What we offer - Rating of 0-5 stars
  • Maintenance & Cleanliness - Rating of 0-5 stars
  • Our facilities - Rating of 0-5 stars
  • Your Feedback - Open text allowing for a user to offer feedback on the Club
  • Name - So we can contact you for further details and to discuss your feedback 
  • IP Address - Taken when a user submits the enquiry and is used for audit and spam management 
  • Time and Date - Taken when a user submits the enquiry and used to make sure we reply in a timely manner.

 

Kids Active Dance Enquiry

This form is used for users to enquiry about the Kids Active Dance classes

  • Name - So we can use your name when you come in and in all contact with you
  • Contact Number - So we can reply to your enquiry
  • Email Address - so we can reply to your enquiry
  • Member or Non Member - We limit availability for non members
  • Enquiry Message - So you can let us know any enquiry specifics
  • IP Address - Taken when a user submits the enquiry and is used for audit and spam management 
  • Time and Date - Taken when a user submits the enquiry and used to make sure we reply in a timely manner.

 

Membership Enquiry

We use this form to allow people to enquire about join UCS Active

  • Name - So we can use your name when you come in and in all contact with you
  • Address - So we can check your eligibility for membership*
  • Postcode  - So we can check your eligibility for membership*
  • Contact Number - So we can call you to arrange a suitable time
  • Email Address - So we can email to arrange a suitable time
  • D.O.B - So we can check for eligibility and so we arrange a suitable tour and membership
  • Connection to UCS - So we can check for eligibility and membership type
  • How did you hear about us - So we can audit our marketing and processes
  • Enquiry Message - So you can let us know any enquiry specifics

All form data that is submitted is cleared after 6 months with the exception of Hub Feedback which is annomanised. 

We keep the Hub feedback data for audit purposes.

*UCS Active membership eligibility is subject to place of residence, and the discretion of the management.

 

Website Members Data

If you have a website account on the UCS Active site we store the following details about you.

This is the core membership data ExpressionEngine keeps on each member.

  • Member_id - This is unique id number to identify you across the website
  • Group_id - This determines the permissions the logged in user has.
  • Username - This is used for the member to sign in to the site
  • Screen_name - This is used as the public name of the logged in user
  • Password - This is a Hashed version of the users password. We do not keep the user’s password in plain text nor can we restore it back to plain text.
  • Unique_id - a unique identifier for the member.
  • Crypt_key - the Key used to create the password hash.
  • Email - the users email address
  • Ip_address - the ip address the user last used
  • Join_date -the date the user account was created
  • Last_visit - the date the user last logged in to the account
  • Last_activity - the date the user last edited content or settings
  • Total_entries - the total number of entries the user has created on the website
  • Total_comments - the total number of comments the user has written on the website
  • Last_entry_date - the date the user last created an entry
  • Language - the language the user uses ExpressionEngine with
  • Timezone - the time zone ExpressioneEngine shows dates in
  • Time_format - the format time is shown in ExpressionEngine
  • Include_seconds - Whether or not the user likes to see seconds on dates inside ExpressionEngine
  • Date_format - the format dates are shown in ExpressionEngine for that user
  • Salt - the salt used for creating their password

 

Email Marketing 

We use Create & Send to send our Club newsletters. We only send to people who have signed up for the newsletter and UCS Active members. You may unsubscribe at any point using the unsubscribe link which appears in each newsletter or by emailing info@ucsactive.org.uk with the subject “Please unsubscribe me from the UCS Active Newsletter”.

Click here to find out more about how Create & Send store your data.

https://help.createsend.com/how-we-keep-your-data-private-and-secure

 

 

Membership Management Software 

We use the club management system EZ Runner to manage all membership records and operational requirements.  

Click here to find out more about how EZ Runner stores your data.

http://www.ez-runner.com/index.php/en/2-uncategorised/17-privacy-policy