Who are we?
When visitors leave comments on this website, we collect the data shown in the comments form and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your eMail address (also called a hash) may be provided to the Gravatar service to see if you are using it.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you upload images to this website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website may be able to download and extract any location data from images on this website.
If you leave a comment on our website, you may opt-in to save your name, eMail address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies may last for one year.
If you visit our Login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days and screen options cookies last for a year. If you select “Remember Me“, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
How long do we retain your data?
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information that they provide in their user profile. All users can see, edit or delete their personal information at any time, but they cannot change their username. Website administrators can also see and edit that information without prior consent from users due to security purposes.
What rights do you have over your data?
If you have an account on this website or have left any comments, you can request to receive an exported file of the personal data we hold about you, including any data that you have provided to us. You can also request that we erase any personal data that we hold about you. This does not include any data that we are obliged to keep for administrative, legal or security purposes. Please, see our Cookies Policy.
Where do we send your data?
Visitor comments may be checked through an automated spam detection service. If you have an account with us and you request a password reset, your IP address will be included in the reset email.
Legal grounds for processing Personal Data
We rely on one or more of the following processing conditions:
- Our legitimate interests in the effective delivery of information, our products and services to you.
- Any explicit consent that you have given to us through this website or any other electronic form or way.
- Any explicit consent that you have given to us in any written form or way.
Any email address provided to Codexing.Art through either our waiting list, optional email verification or optional notification/recovery email setting in your account is considered personal data.
Such data will only be used to contact you with important notifications, to send you information related to security, to send you an invitation link to create your Codexing.Art account, to verify your Codexing.Art account or to send you password recovery links if you enable the option. We may also inform you about new Codexing.Art products or services in which you might have an interest. You are free, at any given time, to opt-out of those features through the account settings panel.
In order to maintain the integrity of the service, Codexing.Art takes measures to avoid the creation of accounts by spammers and marketeers. This is because if spammers use our email service to send messages, our servers’ IP addresses may become blocked by major email providers such as Gmail, Yahoo, Outlook, etc.
In order to pursue our legitimate interest in preventing the creation of accounts by spambots or human spammers, we use a variety of human verification methods. You may be asked to verify using either reCaptcha, eMail or SMS. IP addresses, email addresses and phone numbers provided are saved temporarily in order to send you a verification code and to determine if you are a spammer.
Data collection is limited to the following:
Visitors & Users: This website uses friendly cookies. All of the cookies used by this website are “strictly necessary“, as you can easily see on our very specific Cookies Policy. Furthermore and for your information, on July 16 of 2020, the Court of Justice of the European Union (CJEU) ruled that any cloud services hosted in the USA, like Google Analytics, no longer comply with the GDPR and EU privacy laws. We do not use Google Analytics or any other WordPress plugin that performs any form of user data analysis but we are protected by CloudFlare and we use its analytics’ data.
Account Creation: It is not necessary to provide personal information in order to create an account, but you have to provide an external email address when creating your account for the invoice delivery and notifications or password recovery purposes. The legal basis for processing is consent and you are free to ask for the removal of that data. Please, be aware that if you choose to remove your external email address from our database, you can NEVER forget your login username and password.
Account Activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject and message sent and received times. We do NOT have access to encrypted message content but unencrypted messages sent from external providers to email@example.com are dutifully scanned for Spam and Viruses to pursue the legitimate interest of the protection of our users. We also have access to the following records of account activity: number of messages sent, amount of storage space used, the total number of messages, last login time.
Communication: Your communications with our organisation, such as support requests, bug reports or features requests may be saved for a limited period of time by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our email service.
IP Logging: By default, we do not keep permanent IP logs. However, IP logs may be kept temporarily to fight abuse and fraud, your IP address may be retained permanently if you are engaged in activities that breach our Terms & Conditions (threatening someone through email, spamming, marketing/transactional email, DDoS attacks against our servers’ infrastructure, brute-force attacks, etc.). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities.
NOTE: Your login IP address might be kept permanently. The legal basis of this processing is your consent. Be aware that If you visit this website while connected to your Google account, it can trace your online activities back to you. Since a VPN changes your virtual location or IP address, it might look like you are accessing this website from a different region, but Google will still be able to determine that it is you. Please visit our FAQ (Frequently Asked Questions) webpage for more information.
See your IP address? Use a VPN or Tor.
Payment Information: Our organisation relies on third parties, such as ECWID.com, Stripe and PayPal, to process Debit & Credit Card, Pre-Paid Card and PayPal transactions, so the Company necessarily must share payment information with those same third parties. Anonymous cash donations are accepted. We do not accept Bitcoin since its transactions can be traced on the blockchain. The legal basis of this processing is the need for the execution and binding of the contract between you and us.
NOTE: You are advised to read the privacy policies of our payment processors, links provided on the above paragraph.
Import Assistant Tool: If you use an Import Assistant Tool to import your emails from another service provider, the credentials of the email account from which the importation is performed may be stored.
Any data that we do have will never be shared except under the circumstances described below. We do NOT do any analysis on the limited data that we possess with 2 exceptions:
- Emails sent unencrypted to Codexing.Art accounts (e.g. Gmail or Yahoo! to Codexing.Art) are scanned automatically pursuing the legitimate interest of detecting spam so that we can block IPs which are sending a lot of spam to our users and place spam messages in a spam directory. Inbound messages are scanned for spam. We do not possess the technical ability to scan messages after they have been encrypted.
- Emails sent by our users to outside (e.g. Yahoo, Gmail) users with encryption disabled are scanned automatically pursuing the legitimate interest of detecting spam in the same manner as incoming email. This is to ensure that a Codexing.Art account that is being used for spamming purposes can be detected and locked so email deliverability for legitimate users is not degraded.
All servers used in connection with the provisioning of the Service are preferably located in non-DMCA countries. Data is not always stored in an encrypted format on our servers. Offline backups may be stored periodically. We do not possess the ability to access any user encrypted message content on either the production servers or in the backups.
Third Party Networks
Your network traffic may go through third party networks which we do not control. This can enable a third party to record your IP address or see that you are using Codexing.Art (the same information that your Internet Service Provider is able to see). These third parties cannot see your actual data, which remains encrypted if you use PGP Keys to encrypt your email messages.
Your Right to Access Data
If your account has been suspended for a breach of our Terms & Conditions and you would like to exercise the rights related to your personal data, you can make a request to our administration team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.
We will only disclose the limited user data that we possess if we are instructed to do so by a fully binding request coming from the competent authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person and provide a formal response.
If a request is made for encrypted message content that we do not possess the ability to decrypt, the fully encrypted message content may be turned over. If permitted by law, we will always contact a user first and before any data disclosure.
We may contest requests if there is a public interest in doing so and we consider it a violation of fundamental Human Rights. In such situations, our organisation will not comply with the request until all legal or other remedies have been exhausted.
“We are committed to ensuring that your privacy is protected. If you provide us with personal information through WordPress.org, you can be assured that it will only be used in accordance with this privacy statement.”