Last updated December 10, 2020.
Personal information we collect
When you visit the GRC Website and GRC Project Sites, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the GRC Website and GRC Project Sites, we collect information about the individual web pages that you view, what websites, social networks, or search terms referred you there, and information about how you interact with them. We refer to this as personal information.
We collect personal information using the following technologies:
“Cookies”, which are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit allaboutcookies.org.
“Log files”, which track actions occurring on the GRC Website and GRC Project Sites, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons,” “tags,” and “pixels”, which are electronic files used to record information about how you browse the Site.
How do we use and share your personal information?
We use the information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize the GRC Website and GRC Project Sites. For example, to assess the success of our outreach campaigns or to determine which of our content is most popular.
In order to do this, we share your information with third parties. For example, we use Google Analytics to help us understand how our visitors use the GRC Website and GRC Project Sites. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We also use the following WordPress plugins that share your personal information:
Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (
jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
When you contact us via our contact forms, your contact information is captured and stored on a shared web server located in Toronto, Ontario, Canada. We only use this information to reply to your query. We do not share or sell information provided through the contact forms to any third party. Your information is retained on our server unless you contact us and ask that we remove it.
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
In addition to the plugins mentioned above, you should also be aware of the following:
We may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
‘Do Not Track’
Please note that we do not alter our data collection and use practices when we see a Do Not Track signal from your browser. There are however free applications and web browser extensions available that automatically block data collection from most sites, including ours, such as DuckDuckGo, which is available at duckduckgo.com/app.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org or by mail using the details provided below:
Global Reporting Centre
University of British Columbia
6388 Crescent Road
Vancouver, BC, Canada