+593.99.961.6166
info@cotacachi.org

Privacy Policy

Privacy Policy for https://cotacachi.org

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our blog, website or app?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information or other details to help you with your experience.

When do we collect information?

We collect information from you when you register on our site, place an order, subscribe to a newsletter, fill out a form or enter information on our site.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.

  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To administer a contest, promotion, survey or other site feature.
  • To quickly process your transactions.
  • To ask for ratings and reviews of services or products
  • To follow up with them after correspondence (live chat, email or phone inquiries)

How do we protect your information?

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

Do we use ‘cookies’?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Help remember and process the items in the shopping cart.
  • Understand and save user’s preferences for future visits.
  • Keep track of advertisements.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
  • We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you turn cookies off, some of the features that make your site experience more efficient may not function properly. Some of the features that make your site experience more efficient and may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We use Google AdSense Advertising on our website.

Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

We have implemented the following:

  • Google Display Network Impression Reporting
  • Demographics and Interests Reporting

We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt out Browser add on.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:

Users can visit our site anonymously. Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website. Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:

  • On our Privacy Policy Page

Can change your personal information:

  • By emailing us
  • By logging in to your account

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

It’s also important to note that we allow third-party behavioral tracking.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We market to: Adults 21 years or older

We do not collect information from children under 13.

Do we let third-parties, including ad networks or plug-ins collect PII from children under 13? No.

In order to remove your child’s information please contact the following personnel:

Administration at: info@cotacachi.org

We adhere to the following COPPA tenants:

  • Parents can review, delete, manage or refuse with whom their child’s information is shared through contacting us directly.

Fair Information Practices 

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

  • We will notify you via email within 7 business days
  • We will notify the users via in-site notification within 7 business days
  • We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN SPAM ACT

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions
  • Process orders and to send information and updates pertaining to orders.
  • Send you additional information related to your product and/or service
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CANSPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.


If at any time you would like to unsubscribe from receiving future emails, you can email us at:
info@cotacachi.org . Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

https://cotacachi.org
PO Box 10-05-165
Cotacachi, Imbabura, Ecuador 100350
info@cotacachi.org

JetPack Cookies Policy
(Cotacachi.org uses JetPack and Akismet)

What are cookies?

Cookies are small pieces of data, stored in text files that are stored on your computer or other devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a session cookie) or for multiple repeat visits (using a persistent cookie). They ensure a consistent and efficient experience for visitors and perform essential functions, such as allowing users to register and remain logged in.

Cookies may be set by the site that you are visiting (known as first party cookies), or by other websites who serve up content on that site (third party cookies).

Cookies set by Jetpack

Cookies are used by Jetpack in a variety of ways. The cookies set will depend on the specific features that are enabled on a site. The cookies are only set when a user interacts with one of these features, or to allow admin functions to be performed from within the site’s dashboard (/wp-admin).

Further details are provided in the following tables, which list the various cookies that are set for visitors and registered users of sites with the Jetpack plugin installed.

Cookies set upon visitor interaction

Jetpack Comments

Cookie Name Duration Purpose
comment_author_{HASH} 347 days Remembers the value entered into the comment form‘s name field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes.
comment_author_email_{HASH} 347 days Remembers the value entered into the comment form‘s email field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes.
comment_author_url_{HASH} 347 days Remembers the value entered into the comment form‘s URL field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes

Mobile Theme

Cookie Name Duration Purpose
akm_mobile 3.5 days Remembers whether or not a user wishes to view the mobile version of a site.

Subscriptions

Cookie Name Duration Purpose
jetpack_comments_subscribe_{HASH} 347 days Remembers the state of the post and comment subscriptioncheckboxes.
jetpack_blog_subscribe_{HASH} 347 days Remembers the state of the post and comment subscriptioncheckboxes.

EU Cookie Law Banner

Cookie Name Duration Purpose
eucookielaw 30 days Remembers the state of visitor acceptance to the EU Cookie Law banner.

Cookies set for registered users / admins

General

Cookie Name Duration Purpose
jetpackState[message] session Stores the state message passed back to the user across requests
regarding module activation.
jetpackState[error] session Stores the state’s error type passed back to the user across requests regarding module activation.
jetpackState[error_description] session Stores the state’s error description passed back to the user across requests regarding module activation.
jetpackState[module] session Stores the state’s module name passed back to the user across requests regarding module activation.
jetpackState[privacy_checks] session Stores modules that may require additional privacy-related verification for private sites so that we can properly communicate these to the user.
jetpackState[php_errors] session Stores any PHP errors found just before PHP shuts down execution.
jetpackState[deactivated_plugins] session Stores the names of any standalone plugins that needed to be deactivated by Jetpack so that these can be communicated back to the user.
jetpackState[network_nag] session Stores a true value if Jetpack is network-activated, and the plugin needs to communicate to the user that they must connect it on each child site of the network.

Jetpack Protect

Cookie Name Duration Purpose
jpp_math_pass 1 day Remembers if a user has successfully completed a math captcha to prove that they’re a real human.

Secure Sign On

Cookie Name Duration Purpose
jetpack_sso_redirect_to 1 hour Allows for redirect URLs to be stored, which is necessary for Secure Sign On to work.
jetpack_sso_remember_me 1 hour Stores me values locally, rather than requiring them to be passed to WordPress.com each time.
jetpack_sso_wpcom_name_{HASH} 1 week or cleared after successful login Remembers the WordPress.com display name to show on login page.
jetpack_sso_wpcom_gravatar_{HASH} 1 week or cleared after successful login Remembers URL of the Gravatar image to show on login page.
jetpack_sso_original_request 1 hour Stores the URL of the original login request.
jetpack_sso_nonce 10 minutes Used for nonce verification.

Stats

Cookie Name Duration Purpose
stnojs 2 days The Stats feature sets this admin-area-only cookie if the user requests to view stats reports without javascript turned on.

Registered on the site, but not connected to WordPress.com

Cookie Name Duration Purpose
tk_ai session Stores a randomly-generated anonymous ID. This is only used within the admin area.

Some Jetpack features make use of third-party applications and services to enhance the experience of visitors. These include social media platforms, such as Facebook and Twitter (via our Sharing feature). As a result, cookies may be set by these third parties, and used by them to track your online activity. We have no direct control over or access to the information that is collected by these cookies.

Additional cookies are set for those using wp-admin, and through the connected WordPress.com account.

Controlling cookies

Visitors may wish to restrict the use of cookies, or completely prevent them from being set. Most browsers provide for ways to control cookie behavior, such as the length of time they are stored — either through built-in functionality or by utilizing third-party plugins.

To find out more about how to manage and delete cookies, visit aboutcookies.org. For more details about advertising cookies, and how to manage them, visit youronlinechoices.eu (EU based), or aboutads.info (US based).

It’s important to note that restricting or disabling the use of cookies can limit the functionality of sites, or prevent them from working correctly.

OMS II Web Measurement and Customization Technologies Required Additions to the Privacy Policy

Use of Web Measurement and Customization Technologies

Office of Management and Budget (OMB) Memorandum 10-22 (M-10-22), “Guidance for Online Use of Web Measurement and Customization Technologies,” authorizes agencies to employ web measurement and customization technologies for the purposes of improving the Federal Government’s services and behavior online. OMB defines web measurement and customization technologies as technologies that are used to remember a customer’s online interactions with a website or online application in order to conduct measurement and analysis of usage or to customize the user’s experience.

OMB M-10-22 delineates the following three “tiers” of web measurement and customization technologies for the purposes of describing their functionality:

  1. Tier 1—Single Session. This tier encompasses any use of single session web measurement and customization technologies.
  2. Tier 2—Multiple Session Without Personally-Identifiable Information (PII). This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected (including when the agency is unable to identify an individual as a result of its use of such technologies).
  3. Tier 3—Multiple Session With PII. This tier encompasses any use of multi-session web measurement and customization technologies when PII is collected (including when the agency is able to identify an individual as a result of its use of such technologies).

Agencies may use Tier 1 and Tier 2 web measurement and customization technologies without formal approval as long as they—(1) otherwise comply with M-10-22 and all other relevant policies; (2) provide clear and conspicuous notice in their online Privacy Policy citing the use of such technologies; and (3) comply with their internal policies governing the use of such technologies.

Proposals to use Tier 3 web measurement and customization technologies, however, must use “opt-in” functionality and are subject to a review and approval process that requires each such proposed use to—(1) be reviewed by the Senior Agency Official for Privacy; (2) be published for a 30-day public notice and comment period, unless exempted by the Chief Information Officer (CIO); (3) be reconsidered in light of any public comments received; and (4) receive explicit written approval from the CIO.

Within the Department of the Treasury, the Assistant Secretary for Management (ASM) serves as the Senior Agency Official for Privacy (SAOP) and the Deputy Assistant Secretary for Information Systems also serves as the Department’s Chief Information Officer. Additionally, under current Department of the Treasury Directive (TD) 81-08, paragraph 2, the authority to approve the use of Tier 2 and Tier 3 web measurement and customization technologies may only be granted by the Secretary of the Treasury. Because M-10-22 no longer requires an agency head to approve such uses, and because the ASM is the promulgating authority for TD 81-01, the ASM currently has the authority to grant an exception that would allow either the ASM or the CIO—rather than the Secretary of the Treasury—to approve the proposed uses herein.

At the time of this notice, the Treasury SAOP has reviewed the proposed uses of Tier 3 web measurement and customization technology.

The purpose of the web measurement and/or customization technology.

The United States Mint is replacing its Integrated Retail Information System, the system it currently uses to manage its numismatic products and services, with the Order Management System II (OMS II). OMS II is a next generation online retail sales and fulfillment system that will allow the United States Mint to continue to conduct its numismatic program in a productive, reliable and secure manner, while at the same time providing the online consumer an experience comparable to electronic commerce (eCommerce) retail industry standards. OMS II will use Tier 2 and 3 web measurement and customization technologies to maximize the marketing capabilities of the OMS II environment and to improve the functionality and shopping experience the United States Mint offers its customers.

The nature of the information collected, tracking Tier, and technology used.

To maximize the marketing capabilities of the OMS II environment and to improve the functionality and shopping experience the United States Mint offers its customers in the online store, OMS II will employ both Tier 2 and Tier 3 web measurement and customization technologies.  There are four types of visitors to the United States Mint’s online store who will encounter OMS II’s web measurement and customization technologies:  (1) Nonregistered Online Visitors; (2) Registered Online Shopping Account Customers; (3) Unregistered Online Single Transaction Customers; and (4) Online Visitors Who Subscribe to Email Communications from the United States Mint. For each type of visitor to the online store discussed below, the following information will be provided:  (a) the nature of the information collected; (b) the web measurement and/or customization technology usage (Tier 2 or 3); and (c) the technology used to track the visitor’s information.

  •  Nonre gistered Online Vi sitors (“Nonregistered Visitors”). These are individuals who visit the United States Mint’s online store, but do not register for an online shopping account, make any purchases or subscribe to receive emails (e.g., newsletters) from the United States Mint.
    • The nature of the information collected.  Certain information is automatically collected from all Nonregistered Visitors to the online store using cookies (files that are placed on a website visitor’s computer to track and collect information).  If Nonregistered Visitors go to the online store (without first disabling first-party cookies) solely to read or download information—and do not, for example, send e-mail to the United States Mint or complete an online form or opt-in to certain data collections and uses (by purchasing online, creating an account or subscribing to a newsletter)—the United States Mint collects and stores only the following information:
      • Networking:  the domain used to access the Internet and connection speed;
      • When/Where:  the date, time, and region from which the online store was accessed;
      • Content:  pages visited and files downloaded in the online store;
  • Referrer: the Internet address of a website that may have referred or linked the visitor to the online store; and
  • Device/Browser:  the user’s browsing and purchasing behaviors while in the online store (but not on the rest of the United States Mint’s website or other sites to which the usernavigates after leaving the online store), and other technical information about the computer or device used to access the online store (e.g., operating system, screen resolution and color, Flash/Java support, language).

When Nonregistered Visitors navigate to the United States Mint online store without first disabling first-party cookies, they are assigned an auto-generated visitor identifier to track their browsing and purchasing behavior while they remain in the online store (the tracking ends if the Nonregistered Visitor leaves the online store and navigates to other parts of the United States Mint site or to other sites).  The United States Mint automatically collects the geo-location data contained in the first six digits of the internet protocol (IP) address (“truncated” [not the full] IP address) and device settings.  IP addresses allow a website (e.g., the United States Mint’s online store) to recognize the device when the device owner visits the site. Because the truncated IP address reveals only broad geo-location data (i.e., a particular region), it is not PII.  This information is collected whether or not an individual who navigates to the online store is a Registered Customer (see below) or has logged into his or her customer profile.

  • The web measurement and/or customization technology usage Tier. Generally, Nonregistered Visitors will only encounter Tier 2 tracking (no PII associated with their browsing and purchasing behavior).  They will not encounter Tier 3 tracking (association of their OMS II stored PII with their browsing and purchasing behavior) unless they opt in to the use of these technologies by becoming Registered Customers, Single Transaction Customers, or Email Subscribers.
  • The technology used to track the visitor’s information. A Tier 2 session cookie will be used to track the Nonregistered Visitor’s information.  This means that as soon as the Nonregistered Visitor leaves the online store to navigate to another website (even other parts of the United States Mint’s website), the tracking ends (and only begins again the next time they visit the online store without first disabling first-party cookies).
  •  Register ed Online Shopping Account Customers (“ Registered Customers”).  The United States Mint provides customers the option of creating a registered account. These Registered Customers are individuals who visit the United States Mint’s online store, register for an account and make purchases online.
    • The nature of the information collected. During registration, Registered Customers must provide:  name (first and last), physical address, phone number, email address, login name, password, product and communication preferences, billing and delivery address (including country, city, county, state and zip code), order history and credit card payment information. In accordance with the online store’s Terms of Service, by providing this PII, the customer is also warranting that he or she is 18 years of age or older.  Registered Customers are also required to select and answer one of many security questions available (the responses to which contain PII).
    • The web measurement and/or customization technology usage Tier. Registered Customers only encounter tier 2 web measurement and customization technologies (not linked to their PII) during their visits to the online store that predate their registration.  If customers wish to register to create an online shopping account, the United States Mint also requires that they explicitly agree (i.e., opt in) to the use of their full IP address (not merely the truncated Geo-loaction version collected for online store Nonregistered Visitors) to track their browsing and purchasing behavior within the online store using a Tier 3 persistent cookie. This Tier 3 cookie is used to associate Registered Customers’ browsing and purchasing behavior with other information they provide to the online store.  The full IP address is PII because it can conceivably be traced to an individual when combined with other information (e.g., information from the Internet service provider regarding the account holder from whom the IP address originated, plus additional information from the owner of the account).
    • The technology used to track the visitor’s information. The Registered Customer’s browsing and purchasing behaviors are tracked using a persistent cookie that associates the customer’s PII (name, billing and shipping address, phone number, email address, payment, birth month (if provided), and credit card information, product and communication preferences and order history) with his or her browsing and purchasing behavior (e.g., pages in the online store visited, products viewed and purchased etc.).
      For United States Mint customers who already have an existing online shopping account when the United States Mint launches OMS II, the United States Mint will invite each of these customers to confirm his or her registration.  During the confirmation process, preexisting customers will be asked to agree to become a Registered Customer in OMS II by explicitly opting in to the use of persistent cookies to monitor their online store browsing and purchasing behavior and have it associated with their other account information.  They will also be required to create a new password to maintain access to their account and account services.  To do this, existing customers will need the answer to their security question that they provided when they first registered for an account on the online store.
  •  Unregistered Online Single Transaction Customers (“ Single Transaction Customers”). Customers do not need to create an online shopping account to make an online purchase.
    • The nature of the information collected. To make an online purchase of any kind (Registered Customer or Single Transaction Customer), the United States Mint requires information such as the customers’ credit card data, telephone number, name, and e-mail and postal addresses for customers or the gift recipient.  In accordance with the online store’s Terms of Service, by providing this PII, the customer is also warranting that he or she is 18 years of age or older.
    • The web measurement and/or customization technology usage Tier. Single Transaction Customers only encounter Tier 2 web measurement and customization technologies (not linked to their PII) during their visits to the online store that predate their making an online store purchase or subscribing to United States Mint email communications.  When Single Transaction Customers make a purchase, they are opting-in to certain collections and uses of their browsing and personal information.  Single Transaction Customers must explicitly agree (i.e., opt in) to have their full IP address (not the truncated version collected for Non- Registered Visitors) and their browsing and purchasing behavior tracked within the online store and associated with other information they provide to the online store.
    • The technology used to track the visitor’s information. Single Transaction Customers’ browsing and purchasing behaviors are tracked using a persistent cookie that associates their PII (First name, last name, telephone number, email address, billing address, shipping address, credit card information, [including expiration date and security code] credit card data) with their browsing and purchasing behavior.  A customer’s browsing and purchasing behavior will be associated with additional types of PII if the Single Transaction Customer also conducts other transactions in the online store (e.g., becomes an Email Subscriber).
  •  Online Visitors W ho Subscribe to Email Communications from United States Mint (“ Email Subscribers”).  Online store visitors have the option of becoming Email Subscribers to receive e- mail communications (promotional/informational newsletters) from the United States Mint with general information about its products and services.  Email Subscribers can (but need not) be customers who purchase products and services from the United States Mint.  Therefore, these visitors can also be Single Transaction Customers or Registered Customers.
    • The nature of the information collected. When an online store visitor becomes an Email Subscriber, the United States Mint collects information including the Email Subscriber’s name, e-mail address, birth month, and browsing and purchasing (if any) behavior. In accordance with the United States Mint online store’s Terms of Service, by providing this PII, the customer is also warranting that he or she is 18 years of age or older.
    • The web measurement and/or customization technology usage Tier. Email Subscribers who are neither Registered Customers nor Single Transaction Customers at the time they subscribe to email communications from United States Mint only encounter Tier 2 web measurement and customization technologies during their visits to the online store that predate their email communication subscription or online registration or purchase.  Email Subscribers must explicitly agree (i.e., opt in) to allow their browsing and purchasing behavior to be tracked using a Tier 3 persistent cookie which is associated with other information they provide to the United States Mint online store.
    • The technology used to track the visitor’s information. Email Subscribers’ browsing and purchasing behavior is tracked using a Tier 3 persistent cookie that associates their PII (name, e-mail address, and birth month) with their browsing and purchasing behavior.  Email Subscribers’ browsing and purchasing behaviors will be associated with additional types of PII if the Email Subscriber also conducts other transactions in the online store (e.g., becomes a Registered Customer or Single Transaction Customer ).

The purpose and use of the information collection.

31 U.S.C. sections 5111(a)(3) and 5136 authorize the Secretary of the Treasury to prepare and distribute numismatic items and establishes the United States Mint Public Enterprise Fund from which the United States Mint may draw funds for the purpose of bureau operations and programs, including the production, administration, distribution, marketing, purchase, sale, and management of coinage and numismatic items.  Information collected by OMS II Tier 2 and Tier 3 web measurement and customization technologies is used to support United States Mint operations and programs and will be used solely for the purposes of such operations and programs.

Information collected through the use of Tier 2 web measurement and customization technologies will provide the United States Mint with insights necessary to enhance online customers’ browsing experiences and effectively focus marketing efforts to optimize customer engagement.  Information collected through the use of Tier 3 web measurement and customization technologies will improve online store navigation for customers who create a registered customer account by allowing them the opportunity to customize website settings based on interests and needs and saving them from having to provide duplicative information each time they make a purchase.  In addition, it will enable the United States Mint to create market segmentation groups and perform marketing analytics that it will use to provide customers with personally-customized marketing recommendations.

Whether and to whom the information will be disclosed.

Information collected by OMS II web measurement and customization technologies will not be shared with external agencies or otherwise except with explicit permission from the individual customer and in accordance with the Privacy Act and the Freedom of Information Act.

The privacy safeguards applied to the information.

The United States Mint applied the principles of “privacy by design” to this system. This means that privacy has been addressed as a requirement throughout OMS II’s acquisition, design, and development lifecycle and will remain a priority during operations. Procurement agreements require that service providers and subcontractors must comply with Federal, Department of the Treasury, and United States Mint privacy and information security policies, regulations and directives.  All contractors and subcontractors working in the development and maintenance of the system and program are required to sign non-disclosure agreements requiring that they use the information related to the program only for United States Mint purposes.  Pursuant to M-10-22 and TD 81-08, the United States Mint will not, under any circumstances, use OMS II web measurement and customization technologies:

  1. to track  individual-level user activity on the Internet outside of the United States Mint online store (i.e., no tracking is even done on other parts of the United States Mint’s website);
  2. to share the data obtained through such technologies, without the user’s explicit consent, with other departments or agencies except pursuant to the routine uses stated in the system of records notice (Treasury/ United States Mint – .009 – Order Management System (OMS), replacing United States Mint .009, “Retail Sales System”);
  3. to cross-reference without the user’s explicit consent, any data gathered from web measurement and customization technologies against PII in a way that will make it possible to identify a particular individual with their online browsing and purchasing behavior;
  4. to collect PII without the user’s explicit consent in any fashion.

In addition to the privacy by design requirements incorporated throughout the procurement and development process, United States Mint employee and contractor employee access to OMS II information will be restricted to the least amount required to accomplish their assigned duties.  Further, all such employees are required to complete annual security and privacy awareness training and sign the IT System User Rules of Behavior.  The Rules of Behavior outline the appropriate and mandatory behavior of all those using United States Mint’s IT systems or systems operated on behalf of the United States Mint.

Information maintained by OMS II will be safeguarded and retained in accordance with all Federal, Department of the Treasury, and United States Mint security and privacy regulations, directives, and guidelines.  For additional information about the specific privacy safeguards applied to OMS II, review the OMS II privacy impact assessment:  Treasury/ United States Mint – .009 – Order Management System (OMS), replacing United States Mint .009, “Retail Sales System.”

The data retention policy for the information.

Electronic information in OMS II is being evaluated to establish the proper maintenance and disposition of records contained in the system.  Information will be maintained in a secure environment to ensure that no records are destroyed until a retention schedule is officially approved by the Archivist of the United States.

Whether the technology is enabled by default or not and why.

OMS II Tier 2 web measurement and customization technologies are enabled by default and gather aggregate and anonymous data for analytical and marketing purposes.  Pursuant to M-10-22, only Tier 3 web measurement and customization technologies require opt-in functionality.

OMS II Tier 3 web measurement and customization technologies are not enabled by default; they are only enabled after a Nonregistered Visitor explicitly opts in to become a Registered Customer, Single Transaction Customer, and/or Email SubscriberNonregistered Visitors are notified at the time they create a registered customer account, make a purchase, or subscribe to receive United States Mint marketing information via email that they are opting-in to the use of Tier 3 web measurement and customization technologies.  The notification includes notices that their browsing and purchasing behavior will be tracked and that information collected will be associated with their customer profile and the email address provided.

How to opt-out of the web measurement and/or customization technology.

While OMS II Tier 2 web measurement and customization technologies are enabled by default, all visitors to the United States Mint’s online store (whether they previously opted in or not) may disable first-party browser cookies to prevent their browsing and purchasing behavior from being associated with any particular customer, IP address, or other PII during their visit to the online store. Registered Customer, Single Transaction Customer, and/or Email Subscribers, however, must enable first-party browser cookies before making a purchase in the online store (after which, they are free to, once again, disable first-party cookies until they wish to make another purchase).

In addition to disabling browser cookies before visiting the online store, visitors may opt-out of OMS II uses of Tier 3 web measurement and customization technologies by not creating a registered customer account, canceling an existing account, subscribing to newsletters and notification services, and/or refraining from using the online store to purchase United States Mint numismatic products.

Statement that opting-out still permits customers to access comparable information or services.

Declining to opt-in to OMS II Tier 3 web measurement and customization technologies will not prevent a customer from accessing information on the United States Mint’s online store.  Declining to opt-in, however, will prevent customers from using the online store to place orders for United States Mint numismatic products.  As an alternative to the bureau’s online store, customers who choose not to opt-in may place orders for United States Mint numismatic products by using the United States Mint’s toll-free customer service line (800-872-6468 or TTY 888-321-6468), placing a mail order (United States Mint, PO Box 71191, Philadelphia, PA 19176-6191), or visiting a United States Mint point of sale (i.e., in person) location.

The identities of all third-party vendors involved in the measurement and customization process.

OMS II is a turn-key system developed, provided, and maintained by PFSweb, Inc.  Procurement agreements require PFSweb, Inc. and subcontractors to comply with Federal, Department of the Treasury, and United States Mint privacy and information security policies, regulations and directives. While PFSweb, Inc. is responsible for the development and maintenance of the OMS II environment, other third-party vendor applications support OMS II web measurement and customization processes. Those third-party vendors are as follows:  AgilOne, Demandware, IBM Digital Analytics, and Google Analytics.  For detailed information about how each of these third-party vendors supports OMS II web measurement and customization processes, please review the OMS II privacy impact assessment entitled: eCommerce End-to-End Solution: Order Management System II (OMS II), available at http://www.treasury.gov/open/Pages/open-notices.aspx

Fancy Facebook Comments, Heateor Social Comments, Sassy Social Share, Super Socializer WordPress

GDPR and Our Plugins

From http://support.heateor.com/gdpr-and-our-plugins/ on December 25, 2019

Our plugins and add-ons are compatible with GDPR. Below are the common questions related to GDPR.

Do your plugins track any data?

We do not track any user data via our plugins. But if our plugin depends on any third party service, they might track user data. This can happen in following two ways:

1. Embedded Widgets

Some of our plugins have features to integrate embedded widgets as is, from third party services (like Facebook Like, Facebook Recommend, Twitter Tweet official buttons). You can include relevant text in the privacy policy of your website as mentioned below.

2. Third-party APIs/Connections

Our plugins send request to third party APIs via website-visitor’s web browser to fetch information (like social shares, social comment count). This request made by web browser may include IP address, which can then be seen by the third-party that it’s being requested from. This API request doesn’t include any personal data of the website user other than the IP address.  To make your users aware of this,  you can include relevant snippets in your website’s privacy policy.

Where is the data collected by your plugins stored?

We do not store any data fetched by our plugins on our servers, neither we share that data with any third party. Our plugins run absolutely on your website and store the data in the database of your website.

Do your plugins load any external scripts?

As mentioned before, our plugins run absolutely from your website and hence load the scripts too from your website with exception of third-party embedded widgets (like Facebook Like/Recommend official button, Twitter tweet official button, Facebook Comments) which require our plugin to load scripts from the servers of relevant service. You can include relevant snippets in the Privacy Policy of your website stating how these services handle privacy of your users.

GDPR Privacy Policy Snippets

Below are a collection of snippets that you can include in your website’s privacy policy, depending on which plugin and features you are using.

Super Socializer – Social Login

If you are using social login feature of our Super Socializer plugin, you can add following in the privacy policy of your website:

We collect your public profile data only from your consent that you grant before initiating Social Login, from the social network used to login at our website. This data includes your first name, last name, email address, link to your social media profile, unique identifier, link to social profile avatar. This data is used to create your user profile at our website. You can revoke this consent at any time by sending us an email.

Heateor Login

If you are using Heateor Login plugin, you can add following in the privacy policy of your website:

We collect your public profile data only from your consent that you grant before initiating Facebook Login, from the social network used to login at our website. This data includes your first name, last name, email address, unique identifier, link to social profile avatar. This data is used to create your user profile at our website. You can revoke this consent at any time by sending us an email.

Facebook Comments

If you are using Facebook Comments feature of any of our plugin, you can add following in the privacy policy of your website:

We embed Facebook Comments plugin to allow you to leave comment at our website using your Facebook account. This plugin may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the commenting interface, including correlating your Facebook account with whatever action you take within the interface (such as “liking” someone’s comment, replying to other comments), if you are logged into Facebook. For more information about how this data may be used, please see Facebook’s data privacy policy: https://www.facebook.com/about/privacy/update

GooglePlus Comments

If you are using GooglePlus Comments feature of any of our plugin, you can add following in the privacy policy of your website:

We use GooglePlus Comments widget at our website for you to be able to comment at our webpages using your GooglePlus account. From this interaction Google automatically collects and store certain information in server logs like IP address, device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request, in accordance with their data privacy policy: https://policies.google.com/privacy

Disqus Comments

If you are using Disqus Comments feature of any of our plugin, you can add following in the privacy policy of your website:

We use Disqus Comments widget at our website for you to be able to comment at our webpages using Disqus commenting system. Disqus may collect information about you when you register for and use the Service. Such information may include “Personally Identifiable Information” which means information that identifies you as an individual, such information may include, but is not limited to, your name, email address, telephone number, username or account ID, and “Non-Personally Identifiable Information” which means information that does not identify you as an individual. Non-Personally Identifiable Information may include, but is not limited to, information about your browser, your IP address, device ID, what pages you visit on our Partner Sites, which website you came from, what advertisements you clicked on, whether on our Partner Websites, the Service or other third party websites, and other information about your online activity that does not identify you as an individual, in accordance with their data privacy policy: https://help.disqus.com/terms-and-policies/disqus-privacy-policy

Fancy Facebook Comments Pro

If you are using Fancy Facebook Comments Pro plugin at your website and you have saved Facebook App ID and Facebook App Secret in the Moderation section, you can add following in the privacy policy of your website after enabling the GDPR opt-in from GDPR section:

We collect the data related to the Facebook Comment you post, only from  your consent that you grant before posting Facebook Comment at our website. This data includes your Facebook account name, unique Facebook account identifier, unique identifier associated to the posted Facebook comment, unique open graph object identifier of the webpage at which you posted the comment, unique identifier associated to the parent comment if you reply to an existing comment. This data is used to show recent Facebook Comments made all over our website. You can revoke this consent at any time by unchecking the opt-in displayed above comment box

If you have enabled email notification from the Notification section, you can add following in the privacy policy of your website after enabling the GDPR opt-in from GDPR section:

We send the Facebook Comment you post, to page/post author and/or website administrator via automated email, only from your consent that you grant before posting Facebook Comment at our website. This data includes just the  Facebook comment posted by you. You can revoke this consent at any time by unchecking the opt-in displayed above comment box

Facebook Comments Moderation

If you are using Facebook Comments Moderation add-on at your website and you have saved Facebook App ID and Facebook App Secret, you can add following in the privacy policy of your website after enabling the GDPR opt-in from GDPR section at add-on options page:

We collect the data related to the Facebook Comment you post, only from  your consent that you grant before posting Facebook Comment at our website. This data includes your Facebook account name, unique Facebook account identifier, unique identifier associated to the posted Facebook comment, unique open graph object identifier of the webpage at which you posted the comment, unique identifier associated to the parent comment if you reply to an existing comment. This data is used to show recent Facebook Comments made all over our website. You can revoke this consent at any time by unchecking the opt-in displayed above comment box

Facebook Comments Notifier

If you are using our Facebook Comments Notifier add-on at your website, you can add following in the privacy policy of your website after enabling the GDPR opt-in from GDPR section at add-on options page:

We send the Facebook Comment you post, to page/post author and/or website administrator via automated email, only from your consent that you grant before posting Facebook Comment at our website. This data includes just the  Facebook comment posted by you. You can revoke this consent at any time by unchecking the opt-in displayed above comment box

Social Analytics for Sharing 

If you are using our Social Analytics for Sharing add-on at your website, you can add following in the privacy policy of your website:

We use Google Analytics to track social shares made at our website. Google automatically collect and store certain information in their server logs which includes device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL, cookies that may uniquely identify your browser or your Google Account, in accordance with their data privacy policy: https://policies.google.com/privacy

Facebook Like, Facebook Recommend, Facebook Share official buttons

Facebook Like

If you are using social sharing feature of our plugins and you have enabled any of these official buttons, you can add following in the privacy policy of your website:

We embed a Facebook widget to allow you to see number of likes/shares/recommends and “like/share/recommend” our webpages. This widget may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the widget, including correlating your Facebook account with whatever action you take within the widget (such as “liking/sharing/recommending” our webpage), if you are logged in to Facebook. For more information about how this data may be used, please see Facebook’s data privacy policy: https://www.facebook.com/about/privacy/update

Twitter Tweet official button

Twitter Tweet

If you are using social sharing feature of our plugins and you have enabled Twitter Tweet official button, you can add following in the privacy policy of your website:

We use a Twitter Tweet widget at our website. As a result, our website makes requests to Twitter’s servers for you to be able to tweet our webpages using your Twitter account. These requests make your IP address visible to Twitter, who may use it in accordance with their data privacy policy: https://twitter.com/en/privacy#update

GooglePlus, GooglePlus Share official buttons

GooglePlus Share

If you are using social sharing feature of our plugins and you have enabled any of these official buttons, you can add following in the privacy policy of your website:

We use a GooglePlus widget at our website. As a result, our website makes requests to Google’s servers for you to be able to share our webpages using your GooglePlus account. These requests make your IP address visible to Google, who may use it in accordance with their data privacy policy: https://policies.google.com/privacy

Linkedin Share official button

Linkedin Share

If you are using social sharing feature of our plugins and you have enabled Linkedin Share official button, you can add following in the privacy policy of your website:

We use a Linkedin Share widget at our website to allow you to share our webpages on Linkedin. These requests may track your IP address in accordance with their data privacy policy: https://www.linkedin.com/legal/privacy-policy

Pinterest Save official button

Pinterest Save

If you are using social sharing feature of our plugins and you have enabled Pinterest Save official button, you can add following in the privacy policy of your website:

We use Pinterest Save widget at our website to allow you to pin images to Pinterest from our webpages. These requests may track your IP address in accordance with their data privacy policy: https://policy.pinterest.com/en/privacy-policy

Buffer official button

Buffer Share

If you are using social sharing feature of our plugins and you have enabled Buffer official button, you can add following in the privacy policy of your website:

We use Buffer widget at our website to allow you to add our webpages to your Buffer account, which collects log data from your browser. This Log Data may include information such as your IP address, browser type or the domain at which you are interacting with the widget, in accordance with their privacy policy: https://buffer.com/privacy

Xing Share official button

Xing Share

If you are using social sharing feature of our plugins and you have enabled Xing Share official button, you can add following in the privacy policy of your website:

We use Xing Share widget at our website to allow you to share our webpages on Xing and this let Xing collate data about you automatically by means of tracking, in accordance with their privacy policy: https://privacy.xing.com/en/privacy-policy

Reddit Badge official button

Reddit Badge

If you are using social sharing feature of our plugins and you have enabled Reddit Badge official button, you can add following in the privacy policy of your website:

We use Reddit Badge widget at our website which may log information when you interact with the widget. This may include your IP address, user-agent string, browser type, operating system, referral URLs, device information (e.g., device IDs), pages visited, links clicked, user interactions (e.g., voting data), the requested URL and hardware settings, in accordance with their privacy policy: https://www.redditinc.com/policies/privacy-policy

StumbleUpon Badge official button

StumbleUpon

If you are using social sharing feature of our plugins and you have enabled StumbleUpon Badge official button, you can add following in the privacy policy of your website:

We use StumbleUpon Badge widget at our website which may log information when you interact with the widget. Log Data is a form of Non-Identifying Information, in accordance with their privacy policy: http://www.stumbleupon.com/privacy

Note: If you are using just the round, square social share icons that can be customized from the Theme Selection section at social share options page, you don’t need to include any privacy policy snippet regarding these in the privacy policy of your website

Last Edited on 2020/01/08