In today’s highly interconnected environment, computer and internet security and privacy are critically important. This page informs you of our site security and privacy policies regarding the collection, use, and disclosure of personal information when you use YMCA Camp Coniston’s services. We will not use or share your information with anyone except as described in this policy.
We use your personal information for providing and improving our communications with the Coniston Community. By using our services, you agree to the collection and use of information in accordance with this policy.
The role of a web site hosted on a web server is to return content to the user’s web browser according to how it is requested. In addition, web sites can provide various forms of interactivity (forms to fill in, dynamic content that changes based on input, user-specific content, etc.
Overall, the Coniston web site is VERY “static” which reduces exposure to security issues.
The Coniston web site does NOT have any user customization or user log-in features (with the exception of the CampMinder features – see that section)
The Coniston web site has very few forms that collect user information, and those few collect a minimum amount of date required to accomplish the goal.
The Coniston web site, based at the domain and server level, utilized industry-standard TLS/SSL encryption. This means that all content returned to the users’ browser is encrypted (i.e. scrambled and not human-readable) while being transmitted to the browser. This means that browsing activity and any data passed back & forth is secured against interception. A user can confirm the secure nature of the site by verifying that the “lock” icon is displayed in their browser’s UI.
Users who request content from the site using an “unencrypted” request (eg: http://www.coniston.org/) will be redirected to the SECURE version of the site (https://www.coniston.org). This helps ensure that security and privacy are preserved.
It would be nice, but untrue, to say our site does NOT use web cookies to store “state” information about the user.
Cookies are used by browsers and web sites to allow sites to maintain some form of “state” and “persistence” between browsing sessions. Cookies allow sites to make the browsing experience better for the user and remove the requirement that users “start from scratch” every time they visit a site. Cookies are what allow us to visit site without having to log in again every time.
To be clear, the Coniston web site does NOT require or offer any “log in” feature (again, with the exception of the CampMinder pages). We have not employed cookies for any site “features” that we offer. Across the site, we do not maintain any “state” related to the user. All users have access to the same pages and features.
Our “normal” web site user should not have any cookies written by WordPress to their systems.
It should also be noted that when our site is visited by referrals from sites like Facebook and Google, cookies WILL be associated with our site.
With only a few exceptions, noted below, we do not collect or store any user data from the web site. Again, we do not have a site “login” required to access the site.
Here are the ways we do or have in the past collected user data:
Coniston uses CampMinder (https://campminder.com/) for the following:
We use an Event Calendar plug-in (inside WordPress) to manage camp event and present a listing of events on various web pages on the site. As part of this event management, we currently offer event registration. For this we collect the following information:
This data is then, when submitted by the user, immediately emailed to an email address at the camp (Lindsey’s at this point). Beyond that email being sent, the data is NOT stored (in a database or spreadsheet) on or by the web site. In other words, there is no data available to be “stolen” or breached related to this function.
NOTE: Having this kind of form on the site (to submit registration for an event) COULD be abused (i.e. we could get flooded with bogus emails) but we haven’t seen that happen and could quickly turn the feature off if needed.
Keep Coniston on the Map
During the summer of 2020 we ran the “Keep Coniston on the Map” fundraiser. As part of that, we had two web pages (one the “map” version, and one the same functionality but using a “list” of things people could donate to.
Because the Coniston web site is publicly available on the internet, it is possible that it could be the target of a hacking event or denial of service attack. The exposure is low, however, and we have mitigation steps in place:
A large part of ensuring user privacy protections is to protect user data. And since we don’t really capture any data (again, outside of CampMinder), there isn’t any user data to protect as private.
However, there are a few things to note:
CampMinder / Camp-In-Touch
CampMinder is a third-party service that Coniston uses for a number of things:
The camp’s web site offers links “through” to the CampMinder pages that provide these capabilities. The CampMinder team uses our site formatting to “replicate” the look and feel of our pages, so it may not be obvious to our users that they “leave” our site for these purposes. But this also means the CampMinder is fully in control and responsible for the security and data collection used on those pages.
See the Data Collection section above for more details.
The camp has a presence on most of the major social media platforms. There is often cross-linking (eg: a Facebook “event” posting may link back the event page on our web site), but in general there is no “deep” integration with these platforms. For example, we do not query or make use of any users’ Facebook profile or “logged in” status.
The site offers navigation links to the camp’s pages on these social media platforms, but they are “pure” hyperlinks, we do not embed any custom parameters or security tokens with the links.